(RADIATOR) Problems with radius authentication

Hugh Irvine hugh at open.com.au
Tue Mar 4 16:43:19 CST 2008 

Hello Francisco -

 From your description it sounds like one or more incorrect shared  
secrets.

However to say any more will require a copy of your Radiator  
configuration file (no secrets) together with a trace 4 debug showing  
what is happening.

The undefined attributes shown below are all in the latest Radiator  
4.1 dictionary.

regards

Hugh


On 5 Mar 2008, at 04:27, Francisco Rodrigo Cortinas Maseda wrote:

> Hello everybody,
>
> my name is Francisco, and i had a problem with the authentication  
> of part of my network. We inserted a new radius server on the net,  
> and this radius begun serving requests to clients.
>
> Some hours later, some clients call the callcenter saying the  
> service was unavailable. The NOC people undo the changes, passing  
> the traffic through the old server, and all starts functioning again.
>
> Doing some investigation, we saw that some people could  
> authenticate, and some not (nothing common between them). We dont  
> know what the problem was, but seeing the radius servers upstream,  
> we saw the following error:
>
> Mon Mar  3 18:48:58 2008 369177: ERR: Attribute number 59 (vendor  
> 2011) is not defined in your dictionary
> Mon Mar  3 18:48:58 2008 369528: ERR: Attribute number 60 (vendor  
> 2011) is not defined in your dictionary
> Mon Mar  3 18:48:58 2008 369711: ERR: Attribute number 26 (vendor  
> 2011) is not defined in your dictionary
> Mon Mar  3 18:48:58 2008 369881: ERR: Attribute number 254 (vendor  
> 2011) is not defined in your dictionary
>
> I supose that what the error is saying is that an attribute coming  
> from the NAS is not being correctly interpreted by the upstream  
> radius (where the traces where found). The question is:
>
> Is a must that the attributes that the radius is marking as unknown  
> where defined in the dictionary in order to process the request?
>
> Thanks everybody.
> Antes de imprimir este e-mail piense bien si es necesario hacerlo.
>
> Este mensaje es privado y CONFIDENCIAL y se dirige exclusivamente a  
> su destinatario. Si usted ha recibido este mensaje por error, no  
> debe revelar, copiar, distribuir o usarlo en ningun sentido. Le  
> rogamos lo comunique al remitente y borre dicho mensaje y cualquier  
> documento adjunto que pudiera contener. El correo electronico via  
> Internet no permite asegurar la confidencialidad de los mensajes  
> que se transmiten ni su integridad o correcta recepcion. JAZZTEL no  
> asume responsabilidad por estas circunstancias. Si el destinatario  
> de este mensaje no consintiera la utilizacion del correo  
> electronico via Internet y la grabacion de los mensajes, rogamos lo  
> ponga en nuestro conocimiento de forma inmediata.Cualquier opinion  
> expresada en este mensaje pertenece unicamente al autor remitente,  
> y no representa necesariamente la opinion de JAZZTEL, a no ser que  
> expresamente se diga y el remitente este autorizado para hacerlo.
>
>
> This message is private and CONFIDENTIAL and it is intended  
> exclusively for its addressee. If you receive this message in  
> error, you should not disclose, copy, distribute this e-mail or use  
> it in any other way. Please inform the sender and delete the  
> message and attachments from your system.Internet e-mail neither  
> guarantees the confidentiality nor the integrity or proper receipt  
> of the messages sent. JAZZTEL does not assume any liability for  
> those circumstances. If the addressee of this message does not  
> consent to the use of Internet e-mail and message recording, please  
> notify us immediately.Any views or opinions contained in this  
> message are solely those of the author, and do not necessarily  
> represent those of JAZZTEL, unless otherwise specifically stated  
> and the sender is authorised to do so.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list