I have added a client clause for every nas, and every proxy. I still get the same results. Is there anyway to verify that the shared secrets indeed do no match?
The radpwtst from localhost returns an OK for the user.... Thanks, Chris ----- Original Message ----- From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "chris" <[EMAIL PROTECTED]> Sent: Monday, July 01, 2002 4:18 PM Subject: Re: (RADIATOR) Authentication via proxy > > Hello Chris - > > I am still quite sure that the problem is shared secrets. > > You should probably add a Client clause for the proxy: > > # define Client clause for proxy > > <Client 64.66.192.32> > Secret ...... > ..... > </Client> > > It is fairly easy to verify this by using radpwtst locally against the > <Client localhost> to make sure the user record is checked correctly. > > regards > > Hugh > > > On Tue, 2 Jul 2002 04:00, chris wrote: > > I have verified shared secret, even tried setting to a simple number like > > 11 to rule out CaSe issues. > > I am still having the same issues > > > > I am not sure how much it matters, but the setup is like this...... > > Our clients dial into PacWest NAS(Cisco)...Thier NAS talks to thier radius > > proxy that hands off to us. > > > > > > ----- Original Message ----- > > From: "Hugh Irvine" <[EMAIL PROTECTED]> > > To: "chris" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Monday, June 24, 2002 4:21 PM > > Subject: Re: (RADIATOR) Authentication via proxy > > > > > Hello Chris - > > > > > > This is almost always due to incorrect shared secrets. > > > > > > If you still have problems, please send me a copy of your configuration > > > > file > > > > > and a copy of the user record from the users file, as well as a trace 4 > > > > debug. > > > > > regards > > > > > > Hugh > > > > > > On Tue, 25 Jun 2002 03:51, chris wrote: > > > > I am trying to setup a managed modem system with a local clec. They > > > > answer > > > > > > the calls and proxy to > > > > my radius. I am trying to figgure our where the problem is in > > > > authentication. It brings the username over ok, but the password is > > > > garbled > > > > > > into non-printables.... > > > > > > > > Here is a L5trace of one such session, am I overlooking something > > > > obvious? > > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Packet dump: > > > > *** Received from 64.66.192.33 port 34998 .... > > > > > > > > Packet length = 100 > > > > 01 07 00 64 5f c1 33 73 46 7c 65 72 b8 3f fe 5d > > > > a5 ff 6d 50 01 08 74 65 73 74 6d 65 02 12 e8 02 > > > > 83 a4 a8 71 f9 3c 13 59 36 62 c5 29 e3 da 04 06 > > > > 3f 5d 39 23 05 06 00 00 48 d6 06 06 00 00 00 02 > > > > 07 06 00 00 00 01 1e 0c 37 30 32 34 34 31 30 30 > > > > 36 33 1f 0c 32 30 39 39 32 36 33 36 37 37 3d 06 > > > > 00 00 00 00 > > > > Code: Access-Request > > > > Identifier: 7 > > > > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP > > > > Attributes: > > > > User-Name = "testme" > > > > Password = > > > > "<232><2><131><164><168>q<249><<19>Y6b<197>)<227><218>" > > > > NAS-IP-Address = 63.93.57.35 > > > > NAS-Port = 18646 > > > > Service-Type = Framed-User > > > > Framed-Protocol = PPP > > > > Called-Station-Id = "7024410063" > > > > Calling-Station-Id = "2099263677" > > > > NAS-Port-Type = Async > > > > NAS-Port-Type = Async > > > > > > > > Mon Jun 24 10:18:35 2002: DEBUG: Handling request with Handler > > > > 'Realm=DEFAULT' > > > > Mon Jun 24 10:18:35 2002: DEBUG: Rewrote user name to testme > > > > Mon Jun 24 10:18:35 2002: DEBUG: Deleting session for testme, > > > > 63.93.57.35, 1864 > > > > 6 > > > > Mon Jun 24 10:18:35 2002: DEBUG: Handling with Radius::AuthFILE > > > > Mon Jun 24 10:18:35 2002: DEBUG: Reading users file > > > > /usr/local/etc/raddb/users > > > > Mon Jun 24 10:18:35 2002: DEBUG: Radius::AuthFILE looks for match with > > > > testme > > > > Mon Jun 24 10:18:36 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password > > > > Mon Jun 24 10:18:36 2002: INFO: Access rejected for testme: Bad > > > > Password > > > > Mon Jun 24 10:18:36 2002: DEBUG: Packet dump: > > > > *** Sending to 64.66.192.33 port 34998 .... > > > > Code: Access-Reject > > > > Identifier: 7 > > > > Authentic: _<193>3sF|er<184>?<254>]<165><255>mP > > > > Attributes: > > > > Reply-Message = "Request Denied" > > > > Reply-Message = "Bad Password" > > > > > > > > > > > > Thanks, > > > > Chris > > > > > > > > > > > > === > > > > Archive at http://www.open.com.au/archives/radiator/ > > > > Announcements on [EMAIL PROTECTED] > > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > > 'unsubscribe radiator' in the body of the message. > > > > > > -- > > > Radiator: the most portable, flexible and configurable RADIUS server > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > > - > > > Nets: internetwork inventory and management - graphical, extensible, > > > flexible with hardware, software, platform and database independence. > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.