[RADIATOR] No Framed-IP in reply
Corey Gray
corey at tsa.com.au
Sun Mar 28 23:58:08 CDT 2010
High Hugh,
Sorry for the lateness of the reply. The Framed IP address was me trying to give the client an IP Address manually through Radiator. I have sorted out the two Service-Type = Framed-User, Framed-Protocol = PPP i wasn't stripping these before adding them. (Still not sure why they don't show up without that in the config).
Basically what i am trying to do is have people log onto the 'wireless' network using AD logins. Authentication is working perfectly, but there is no accounting requests sent, and also the AP (Cisco WRT310N) wont issue an IP address to the client after access-accept, I have tried to do this with our main DHCP server and having the AP issue but no luck.
I have heard that Cisco in particular is very picky about what reply attributes are needed, so with the config file below is there anything i am missing or could this just be an AP issue
Thanks alot for your time Hugh, you've been a great help
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Wednesday, 24 March 2010 8:39 AM
To: Corey Gray
Cc: Radiator at open.com.au
Subject: Re: [RADIATOR] No Framed-IP in reply
Hello Corey -
The important line of the debug is this:
> Wed Mar 24 07:59:35 2010: ERR: Bad attribute=value pair: Framed-IP-Address
but it is not clear to me where this is coming from?
Also, there are two Service-Type = Framed-User, Framed-Protocol = PPP in your reply?
Can you give me a bit more detail on what you are doing?
regards
Hugh
On 24 Mar 2010, at 08:55, Corey Gray wrote:
> Hi,
> Im currently running Radiator 4.6 using AuthByNTLM everything seems to work correctly but there is No Framed-IP in the reply field
>
> Here is the config
>
>
> <Handler Client-Identifier=TSA>
> RewriteUsername s/^(.*)\\(.*)/$2/
> <AuthBy NTLM>
> Domain TSA
> EAPType PEAP TTLS MSCHAP-V2
> #TSA Certificates
> EAPTLS_CAPath /etc/radiator/certificates
> EAPTLS_CertificateFile /etc/radiator/certificates/tsa_server.crt
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile /etc/radiator/certificates/tsa_priv.key
> EAPTLS_PrivateKeyPassword tsasoft12
> EAPTLS_MaxFragmentSize 1000
> UsernameMatchesWithoutRealm
> EAPType MSCHAP-V2
> AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
> </AuthBy>
> </Handler>
>
>
> Here is the last reply from radiator
>
> Wed Mar 24 07:59:35 2010: DEBUG: Handling request with Handler 'Client-Identifier=TSA'
> Wed Mar 24 07:59:35 2010: DEBUG: Rewrote user name to corey
> Wed Mar 24 07:59:35 2010: DEBUG: Deleting session for corey, 192.168.201.74, 59
> Wed Mar 24 07:59:35 2010: DEBUG: Handling with Radius::AuthNTLM:
> Wed Mar 24 07:59:35 2010: DEBUG: Handling with EAP: code 2, 9, 43, 25
> Wed Mar 24 07:59:35 2010: DEBUG: Response type 25
> Wed Mar 24 07:59:35 2010: ERR: Bad attribute=value pair: Framed-IP-Address
> Wed Mar 24 07:59:35 2010: DEBUG: EAP result: 0,
> Wed Mar 24 07:59:35 2010: DEBUG: AuthBy NTLM result: ACCEPT,
> Wed Mar 24 07:59:35 2010: DEBUG: Access accepted for corey
> Wed Mar 24 07:59:35 2010: DEBUG: Packet dump:
> *** Sending to 192.168.201.74 port 1025 ....
> Code: Access-Accept
> Identifier: 0
> Authentic: <17><215>L<174>K*<28>y<192><253>hG<183><193>wk
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> EAP-Message = <3><9><0><4>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Service-Type = Framed-User
> Framed-Protocol = PPP
>
> Im using a Cisco / Linksys NAS if that makes any difference. Any help would be greatly appreciated
>
>
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list