[RADIATOR] Problem Using Radiator to Authenticate Huawei Broadband RAS Users

Hugh Irvine hugh at open.com.au
Wed Nov 12 02:40:13 CST 2008


Hello Anwar -

As far as I can see there is nothing wrong with the access accept that  
you are returning with the Framed-Route attribute.

The errors that you are seeing are undefined attributes in your  
dictionary when you receive access requests.

Vendor 2011 is Huawei and all of these attributes are defined in the  
latest Radiator 4.3.1 dictionary.

I will send you a copy of the dictionary in a separate mail.

regards

Hugh


On 12 Nov 2008, at 15:57, Chairul Anwar wrote:

>
>
>
> Hi,
> I'm using radiator 3.13
> I have problems authenticating users.
> The remote access using Huawei.
>
> The problems only appear when I define Framed Route reply attribute  
> in radiator users.
> If the attribute is not define, there is no problem authenticating  
> users.
>
> I have debug the radiator and found this error in my logfile:
> Please help.
>
> Code:       Access-Accept
> Identifier: 224
> Authentic:  A*<253><227><254>[<146><222><176><185><214>/<8><24><2>)
> Attributes:
>        Framed-IP-Address = 202.155.27.133
>        Framed-Route = "202.155.27.252/30"
>        Framed-IP-Netmask = 255.255.255.255
>
> Wed Nov 12 10:12:12 2008: ERR: Attribute number 60 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:12 2008: ERR: Attribute number 26 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:12 2008: ERR: Attribute number 254 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:12 2008: ERR: Attribute number 255 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:12 2008: ERR: Attribute number 138 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:12 2008: DEBUG: Packet dump:
> *** Received from 172.16.203.24 port 1812 ....
>
> Packet length = 309
> 01 df 01 35 03 60 61 c4 56 5c c5 6d 07 79 09 24
> 32 e7 16 8b 01 20 32 32 32 37 31 35 32 32 30 30
> 30 32 40 73 69 73 74 65 6c 69 6e 64 6f 2e 6e 65
> 74 2e 69 64 03 13 01 fe 81 20 39 16 29 23 50 22
> 2b c5 c2 1f 39 4b d1 3c 12 03 60 61 c4 56 5c c5
> 6d 07 79 09 24 32 e7 16 8b 05 06 01 00 16 57 04
> 06 ac 10 cb 18 06 06 00 00 00 02 07 06 00 00 00
> 01 1f 13 30 30 3a 31 61 3a 37 30 3a 39 35 3a 61
> 38 3a 61 66 20 0d 42 52 41 53 2d 44 32 2d 53 4d
> 32 3d 06 00 00 00 0f 57 22 44 53 4c 41 4d 30 30
> 2d 44 32 2d 53 4d 32 20 61 74 6d 20 30 2f 31 31
> 2f 30 2f 32 3a 30 2e 33 35 2c 22 42 52 41 53 2d
> 44 32 30 31 30 30 31 30 30 30 30 30 31 36 32 33
> 39 62 37 31 61 36 36 32 33 32 39 1a 5a 00 00 07
> db 3c 23 32 35 35 2e 32 35 35 2e 32 35 35 2e 32
> 35 35 20 30 30 3a 31 61 3a 37 30 3a 39 35 3a 61
> 38 3a 61 66 1a 06 00 00 f3 79 fe 10 48 75 61 77
> 65 69 20 4d 41 35 32 30 30 47 ff 08 4d 41 35 32
> 30 30 8a 13 73 69 73 74 65 6c 69 6e 64 6f 2e 6e
> 65 74 2e 69 64
> Code:       Access-Request
> Identifier: 223
> Authentic:  <3>`a<196>V\<197>m<7>y<9>$2<231><22><139>
> Attributes:
>        User-Name = "222715220002 at sis.com"
>        CHAP-Password = <1><254><129> 9<22>)#P"+<197><194><31>9K<209>
>        CHAP-Challenge = <3>`a<196>V\<197>m<7>y<9>$2<231><22><139>
>        NAS-Port = 16782935
>        NAS-IP-Address = 172.16.203.24
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        Calling-Station-Id = "00:1a:70:95:a8:af"
>        NAS-Identifier = "BRAS-D2-SM2"
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "DSLAM00-D2-SM2 atm 0/11/0/2:0.35"
>        Acct-Session-Id = "BRAS-D2010010000016239b71a662329"
>
> Wed Nov 12 10:12:12 2008: DEBUG: Handling request with Handler  
> 'Realm=sistelindo
> .net.id'
> Wed Nov 12 10:12:12 2008: DEBUG: Rewrote user name to 222715220002
> Wed Nov 12 10:12:12 2008: DEBUG:  Deleting session for 222715220002 at sistelindo.n
> et.id, 172.16.203.24, 16782935
> Wed Nov 12 10:12:12 2008: DEBUG: do query is: 'delete from RADONLINE  
> where NASID
> ENTIFIER='172.16.203.24' and NASPORT=016782935':
> Wed Nov 12 10:12:12 2008: DEBUG: Handling with Radius::AuthRADMIN
> Wed Nov 12 10:12:12 2008: DEBUG: Handling with Radius::AuthRADMIN:
> Wed Nov 12 10:12:12 2008: DEBUG: Query is: 'select PASS_WORD from  
> RADUSERS where
> USERNAME='222715220002'':
> Wed Nov 12 10:12:12 2008: DEBUG: Query is: 'select ATTR_ID,  
> VENDOR_ID, IVALUE, S
> VALUE, ITEM_TYPE from RADCONFIG where NAME='222715220002' order by  
> ITEM_TYPE':
> Wed Nov 12 10:12:12 2008: DEBUG: Radius::AuthRADMIN looks for match  
> with 2227152
> 20002
> Wed Nov 12 10:12:12 2008: DEBUG: do query is: 'update RADUSERS set  
> BADLOGINS=0 w
> here USERNAME='222715220002'':
> Wed Nov 12 10:12:12 2008: DEBUG: AuthBy RADMIN result: ACCEPT,
> Wed Nov 12 10:12:12 2008: DEBUG: Access accepted for 222715220002
> Wed Nov 12 10:12:12 2008: DEBUG: do query is: 'insert into  
> RADAUTHLOG (TIME_STAM
> P, USERNAME, TYPE) values (1226459532, '222715220002', 1)':
> Wed Nov 12 10:12:12 2008: DEBUG: Packet dump:
> *** Sending to 172.16.203.24 port 1812 ....
>
> Packet length = 51
> 02 df 00 33 6b aa 35 af 45 63 d3 28 3b 69 be 02
> 52 66 36 bf 08 06 ca 99 1b 85 16 13 32 30 32 2e
> 31 35 33 2e 32 37 2e 32 35 32 2f 33 30 09 06 ff
> ff ff ff
> Code:       Access-Accept
> Identifier: 223
> Authentic:  <3>`a<196>V\<197>m<7>y<9>$2<231><22><139>
> Attributes:
>        Framed-IP-Address = 202.155.27.133
>        Framed-Route = "202.155.27.252/30"
>        Framed-IP-Netmask = 255.255.255.255
>
> Wed Nov 12 10:12:23 2008: ERR: Attribute number 60 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:23 2008: ERR: Attribute number 26 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:23 2008: ERR: Attribute number 254 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:23 2008: ERR: Attribute number 255 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:23 2008: ERR: Attribute number 138 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:23 2008: DEBUG: Packet dump:
> *** Received from 172.16.203.24 port 1812 ....
>
> Packet length = 309
> 01 e1 01 35 23 35 4b f7 5d e9 d4 da 95 98 06 e6
> 2e 45 82 1b 01 20 32 32 32 37 31 35 32 32 30 30
> 30 32 40 73 69 73 74 65 6c 69 6e 64 6f 2e 6e 65
> 74 2e 69 64 03 13 01 25 48 28 55 62 cc 68 1b 32
> 42 29 90 bd 57 f6 a8 3c 12 23 35 4b f7 5d e9 d4
> da 95 98 06 e6 2e 45 82 1b 05 06 01 00 16 57 04
> 06 ac 10 cb 18 06 06 00 00 00 02 07 06 00 00 00
> 01 1f 13 30 30 3a 31 61 3a 37 30 3a 39 35 3a 61
> 38 3a 61 66 20 0d 42 52 41 53 2d 44 32 2d 53 4d
> 32 3d 06 00 00 00 0f 57 22 44 53 4c 41 4d 30 30
> 2d 44 32 2d 53 4d 32 20 61 74 6d 20 30 2f 31 31
> 2f 30 2f 32 3a 30 2e 33 35 2c 22 42 52 41 53 2d
> 44 32 30 31 30 30 31 30 30 30 30 30 31 36 32 33
> 34 30 38 38 38 36 35 31 33 31 31 1a 5a 00 00 07
> db 3c 23 32 35 35 2e 32 35 35 2e 32 35 35 2e 32
> 35 35 20 30 30 3a 31 61 3a 37 30 3a 39 35 3a 61
> 38 3a 61 66 1a 06 00 00 c8 6f fe 10 48 75 61 77
> 65 69 20 4d 41 35 32 30 30 47 ff 08 4d 41 35 32
> 30 30 8a 13 73 69 73 74 65 6c 69 6e 64 6f 2e 6e
> 65 74 2e 69 64
> Code:       Access-Request
> Identifier: 225
> Authentic:  #5K<247>]<233><212><218><149><152><6><230>.E<130><27>
> Attributes:
>        User-Name = "222715220002 at sis.com"
>        CHAP-Password = <1>%H(Ub<204>h<27>2B)<144><189>W<246><168>
>        CHAP-Challenge =  
> #5K<247>]<233><212><218><149><152><6><230>.E<130><27>
>        NAS-Port = 16782935
>        NAS-IP-Address = 172.16.203.24
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        Calling-Station-Id = "00:1a:70:95:a8:af"
>        NAS-Identifier = "BRAS-D2-SM2"
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "DSLAM00-D2-SM2 atm 0/11/0/2:0.35"
>        Acct-Session-Id = "BRAS-D20100100000162340888651311"
>
> Wed Nov 12 10:12:23 2008: DEBUG: Handling request with Handler  
> 'Realm=sistelindo
> .net.id'
> Wed Nov 12 10:12:23 2008: DEBUG: Rewrote user name to 222715220002
> Wed Nov 12 10:12:23 2008: DEBUG:  Deleting session for 222715220002 at sistelindo.n
> et.id, 172.16.203.24, 16782935
> Wed Nov 12 10:12:23 2008: DEBUG: do query is: 'delete from RADONLINE  
> where NASID
> ENTIFIER='172.16.203.24' and NASPORT=016782935':
> Wed Nov 12 10:12:23 2008: DEBUG: Handling with Radius::AuthRADMIN
> Wed Nov 12 10:12:23 2008: DEBUG: Handling with Radius::AuthRADMIN:
> Wed Nov 12 10:12:23 2008: DEBUG: Query is: 'select PASS_WORD from  
> RADUSERS where
> USERNAME='222715220002'':
> Wed Nov 12 10:12:23 2008: DEBUG: Query is: 'select ATTR_ID,  
> VENDOR_ID, IVALUE, S
> VALUE, ITEM_TYPE from RADCONFIG where NAME='222715220002' order by  
> ITEM_TYPE':
> Wed Nov 12 10:12:23 2008: DEBUG: Radius::AuthRADMIN looks for match  
> with 2227152
> 20002
> Wed Nov 12 10:12:23 2008: DEBUG: do query is: 'update RADUSERS set  
> BADLOGINS=0 w
> here USERNAME='222715220002'':
> Wed Nov 12 10:12:23 2008: DEBUG: AuthBy RADMIN result: ACCEPT,
> Wed Nov 12 10:12:23 2008: DEBUG: Access accepted for 222715220002
> Wed Nov 12 10:12:23 2008: DEBUG: do query is: 'insert into  
> RADAUTHLOG (TIME_STAM
> P, USERNAME, TYPE) values (1226459543, '222715220002', 1)':
> Wed Nov 12 10:12:23 2008: DEBUG: Packet dump:
> *** Sending to 172.16.203.24 port 1812 ....
>
> Packet length = 51
> 02 e1 00 33 d3 de a7 69 19 df ea 90 ca 45 e5 94
> d3 3e 8c 66 08 06 ca 99 1b 85 16 13 32 30 32 2e
> 31 35 33 2e 32 37 2e 32 35 32 2f 33 30 09 06 ff
> ff ff ff
> Code:       Access-Accept
> Identifier: 225
> Authentic:  #5K<247>]<233><212><218><149><152><6><230>.E<130><27>
> Attributes:
>        Framed-IP-Address = 202.155.27.133
>        Framed-Route = "202.155.27.252/30"
>        Framed-IP-Netmask = 255.255.255.255
>
> Wed Nov 12 10:12:24 2008: ERR: Attribute number 60 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:24 2008: ERR: Attribute number 1 (vendor 2011) is  
> not defined i
> n your dictionary
> Wed Nov 12 10:12:24 2008: ERR: Attribute number 2 (vendor 2011) is  
> not defined i
> n your dictionary
> Wed Nov 12 10:12:24 2008: ERR: Attribute number 4 (vendor 2011) is  
> not defined i
> n your dictionary
> Wed Nov 12 10:12:24 2008: ERR: Attribute number 5 (vendor 2011) is  
> not defined i
> n your dictionary
> Wed Nov 12 10:12:24 2008: ERR: Attribute number 22 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:24 2008: ERR: Attribute number 26 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:24 2008: ERR: Attribute number 138 (vendor 2011) is  
> not defined
> in your dictionary
> Wed Nov 12 10:12:24 2008: DEBUG: Packet dump:
> *** Received from 172.20.91.30 port 1812 ....
>
>
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.




More information about the radiator mailing list