[RADIATOR] Attribute number (vendor 8744) is not defined

Hugh Irvine hugh at open.com.au
Fri Oct 3 23:47:29 CDT 2008 

Salut Pascal -

It would be very helpful to see a more complete trace 4 debug showing  
the whole packet exchange sequence.

I would also like to see the complete configuration file.

The ERR: Attribute .... messages shown below relate to undefined  
attributes in the Radiator dictionary.

Vendor 8744 is Colubris, and if you can get the RADIUS vendor- 
specific attribute definitions from them I will be happy to add them  
to the standard dictionary.

BTW - what does a debug on the client show as the problem?

regards

Hugh


On 4 Oct 2008, at 04:59, Pascal Beauregard wrote:

> Hi,
>
> here is what I got in the log file after an attempt to connect to  
> our wireless network with EAP-TTLS and the client configured to  
> verify server certificate. Even if the log tells an access-accept  
> is sent, my client is still trying to connect without success.
>
> Code:       Access-Accept
> Identifier: UNDEF
> Authentic:   
> <162><215><229><129>da<195>T<27><133><30><13><158><239>c<222>
> Attributes:
>
> Fri Oct  3 14:41:25 2008: DEBUG: EAP result: 0, EAP TTLS inner  
> authentication redespatched to a Handler
> Fri Oct  3 14:41:25 2008: DEBUG: AuthBy DBFILE result: ACCEPT, EAP  
> TTLS inner authentication redespatched to a Handler
> Fri Oct  3 14:41:25 2008: DEBUG: Access accepted for anonymous
> Fri Oct  3 14:41:25 2008: DEBUG: Packet dump:
> *** Sending to 10.40.2.32 port 32768 ....
> Code:       Access-Accept
> Identifier: 138
> Authentic:  <245>OW<6>f&<211><0><202><24>Uup<222>'<236>
> Attributes:
>         MS-MPPE-Send-Key = (<17>Z$] 
> <175><243>.<154>jU<130><31><129><24><191><182><4><21><146><202>) 
> <224><242><243><23><133><132><158><253><180><210>
>         MS-MPPE-Recv-Key = 7<189>04Y<139>Y<247><130>% 
> <31>4<226><254> <225><157>| 
> o<152><248>tY1<10><156><216><253><182><15><25>.
>         EAP-Message = <3><26><0><4>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Fri Oct  3 14:41:25 2008: ERR: Attribute number 250 (vendor 8744)  
> is not defined in your dictionary
> Fri Oct  3 14:41:25 2008: ERR: Attribute number 249 (vendor 8744)  
> is not defined in your dictionary
> Fri Oct  3 14:41:25 2008: DEBUG: Packet dump:
>
> If I don't verify the server certificate, I connect no problem. I  
> have just installed fresh Thawte certificate.
>
> Here is the handler that match my request.
>
> #radius_aeriusemploye.cfg
>
> # SSID - AERIUS_EMPLOYE
> # ===---------------------------------------------
> <Handler Colubris-AVPAIR = "ssid=AeriusEmploye" >
>         WtmpFileName %L/wtmp
>         AcctLogFileName %L/accounting
>         <AuthBy DBFILE>
>                 Filename /etc/radiator/eapusers/eapanonymoususer.db
>                 #type de EAP supporte
>                 EAPType TTLS,PEAP
>                 #l'emplacemenet du certificat CA
>                 EAPTLS_CAFile /etc/radiator/Certs/ 
> radius.usherbrooke.ca.pem
>                 #l'emplacement du certificat du serveur
>                 EAPTLS_CertificateFile /etc/radiator/Certs/ 
> radius.usherbrooke.ca.pem
>                 EAPTLS_CertificateType PEM
>                 #l'emplacement du fichier de cle privee du serveur
>                 EAPTLS_PrivateKeyFile /etc/radiator/Certs/ 
> radius.usherbrooke.ca.key
>                 EAPTLS_PrivateKeyPassword aeriusemploye
>                 EAPTLS_MaxFragmentSize 1000
>                 EAPTLS_PEAPBrokenV1Label
>                 AutoMPPEKeys
>                 SSLeayTrace 4
>         </AuthBy>
>         AuthLog Defaut
> </Handler>
>
>
> Pascal Beauregard
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list