---------- Forwarded Message ----------
Subject: BOUNCE [EMAIL PROTECTED]: Non-member submission from [Richard Vander Reyden <[EMAIL PROTECTED]>] Date: Mon, 20 Jan 2003 12:33:19 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Mon Jan 20 12:33:19 2003 Received: from mx.ext.ip.net.au (mx.ext.ip.net.au [203.32.160.15]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id h0KIXIx10173 for <[EMAIL PROTECTED]>; Mon, 20 Jan 2003 12:33:18 -0600 Received: from zircon.zircon.com.au (fext.zircon.com.au [203.32.163.2] (may be forged)) by mx.ext.ip.net.au (8.11.6/8.11.6) with ESMTP id h0KNKsH01650 for <[EMAIL PROTECTED]>; Tue, 21 Jan 2003 10:20:54 +1100 Message-ID: <038ACCAA87C2D31191C8009027CC66C50220F51F@SYDSERVER04> From: Richard Vander Reyden <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Cc: Richard Vander Reyden <[EMAIL PROTECTED]> Subject: Proxy RADIUS problem Date: Tue, 21 Jan 2003 10:33:27 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Hi, I am currently having a problem with authentication of VPDN PPP sessions from a Cisco 7206 router. When I send this directly to the authentication radius server the authenication works fine. But when I try and proxy this via another server the authentication gets rejected with bad password. The proxy servers are working fine when proxying Lucent TNT ppp calls. It appears as though the proxy servers are changing the User-Password somehow. Below are the relevant configuration of both the authentication and proxy radius servers, as well as trace 4 logs. At the bottom is also a password log (with the passwords changed) but as you can see the second line (which is the proxyed one) has garbled decode of the password. Do you know what may be causing this? The proxy radius server is running Radiator 3.4 and the authentication radius server is running Radiator 3.4 Thanks Richard Relevent bits of Authentication RADIUS Server <Client 203.76.13.132> Identifier ConnectADSL NasType CiscoVPDN Secret secret IdenticalClients 203.76.0.129 </Client> <Client 203.32.160.9> Identifier ConnectADSL IdenticalClients 203.32.166.111 Secret secret NasType Ascend </Client> <Handler Realm=zircon.com.au, Client-Identifier=ConnectADSL> <AuthBy FILE> Filename /usr/local/etc/radius/data/users Nocache </AuthBy> AcctLogFileName /var/log/radius/adsltesting.acct PasswordLogFileName /var/log/radius/adslpassword </Handler> Relevent config bits of Proxy RADIUS Server Trace 1 Foreground AuthPort 1812 AcctPort 1813 DbDir /usr/local/etc/radius/raddb LogDir /var/log/radius DictionaryFile %D/dictionary <Client 203.76.0.129> Identifier ADSL NasType CiscoVPDN Secret secret </Client> <Handler Realm=zircon.com.au, Client-Identifier=ADSL> # RewriteUsername s/^([^@]+).*/$1/ AuthBy STAFF AcctLogFileName /var/log/radius/adsltesting.acct </Handler> <AuthBy RADIUS> Identifier STAFF Host staff.syd.ip.net.au AuthPort 1812 AcctPort 1813 RetryTimeout 15 Retries 0 Secret secret </AuthBy> Direct Authentication Logfile Tue Jan 21 09:25:52 2003: DEBUG: Packet dump: *** Received from 203.76.0.129 port 1645 .... Code: Access-Request Identifier: 174 Authentic: <213><240><23>h<<192><172>I<217><11><152><245><222>M<167><159> Attributes: NAS-IP-Address = 203.76.0.129 NAS-Port = 1 Cisco-NAS-Port = "Virtual-Access1" NAS-Port-Type = Virtual User-Name = "[EMAIL PROTECTED]" Calling-Station-Id = "nkt112100600855" User-Password = "<247><16>)HZ=<222><214><162><182>7V<236>f<252><217>" Service-Type = Framed-User Framed-Protocol = PPP Tue Jan 21 09:25:52 2003: DEBUG: Handling request with Handler 'Realm=zircon.com.au, Client-Identifier=ConnectADSL' Tue Jan 21 09:25:52 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 203.76.0.129, 1 Tue Jan 21 09:25:52 2003: DEBUG: Handling with Radius::AuthFILE: Tue Jan 21 09:25:52 2003: DEBUG: Reading users file /usr/local/etc/radius/data/users Tue Jan 21 09:25:52 2003: DEBUG: Radius::AuthFILE looks for match with [EMAIL PROTECTED] Tue Jan 21 09:25:52 2003: DEBUG: Radius::AuthFILE ACCEPT: Tue Jan 21 09:25:52 2003: DEBUG: Access accepted for [EMAIL PROTECTED] Tue Jan 21 09:25:52 2003: DEBUG: Packet dump: *** Sending to 203.76.0.129 port 1645 .... Code: Access-Accept Identifier: 174 Authentic: <213><240><23>h<<192><172>I<217><11><152><245><222>M<167><159> Attributes: Framed-IP-Address = 203.76.9.174 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-Route = "203.76.9.128/29 203.76.9.174 1" Port-Limit = 2 Idle-Timeout = 60 Session-Timeout = 1200 Via Proxy Server PROXY Server LOGFILE Tue Jan 21 09:35:29 2003: DEBUG: Packet dump: *** Received from 203.76.0.129 port 1645 .... Code: Access-Request Identifier: 195 Authentic: <19><153><164>>:<211><129>e<159><191><249><208>/<135><227><15> Attributes: NAS-IP-Address = 203.76.0.129 NAS-Port = 1 Cisco-NAS-Port = "Virtual-Access1" NAS-Port-Type = Virtual User-Name = "[EMAIL PROTECTED]" Calling-Station-Id = "nkt112100600855" User-Password = "Ekp<229><187>O<142><170>a<169><25><189><170><185><20><145>" Service-Type = Framed-User Framed-Protocol = PPP Tue Jan 21 09:35:29 2003: DEBUG: Handling request with Handler 'Realm=zircon.com.au, Client-Identifier=ADSL' Tue Jan 21 09:35:29 2003: DEBUG: SDB1 Deleting session for [EMAIL PROTECTED], 203.76.0.129, 1 Tue Jan 21 09:35:29 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.76.0.129' and NASPORT=1 Tue Jan 21 09:35:29 2003: DEBUG: Handling with Radius::AuthRADIUS Tue Jan 21 09:35:29 2003: DEBUG: Packet dump: *** Sending to 203.32.166.18 port 1812 .... Code: Access-Request Identifier: 1 Authentic: <19><153><164>>:<211><129>e<159><191><249><208>/<135><227><15> Attributes: NAS-IP-Address = 203.76.0.129 NAS-Port = 1 Cisco-NAS-Port = "Virtual-Access1" NAS-Port-Type = Virtual User-Name = "[EMAIL PROTECTED]" Calling-Station-Id = "nkt112100600855" User-Password = "Ekp<229><187>O<142><170>a<169><25><189><170><185><20><145><251><135><241><1 31>DBM<184>W6<197><244><165><206><204><243>" Service-Type = Framed-User Framed-Protocol = PPP Tue Jan 21 09:35:30 2003: DEBUG: Packet dump: *** Received from 203.32.166.18 port 1812 .... Code: Access-Reject Identifier: 1 Authentic: n|<202><227><168>v<246>e<183><219><174><222><241><178><190>6 Attributes: Reply-Message = "Request Denied" Tue Jan 21 09:35:30 2003: DEBUG: Received reply in AuthRADIUS for req 1 from 203.32.166.18:1812 Tue Jan 21 09:35:30 2003: INFO: Access rejected for [EMAIL PROTECTED]: Proxied Tue Jan 21 09:35:30 2003: DEBUG: Packet dump: *** Sending to 203.76.0.129 port 1645 .... Code: Access-Reject Identifier: 195 Authentic: <19><153><164>>:<211><129>e<159><191><249><208>/<135><227><15> Attributes: Reply-Message = "Request Denied" Reply-Message = "Request Denied" Logfile from Authenticating RADIUS Server Tue Jan 21 09:35:29 2003: DEBUG: Packet dump: *** Received from 203.32.160.9 port 1124 .... Code: Access-Request Identifier: 1 Authentic: <19><153><164>>:<211><129>e<159><191><249><208>/<135><227><15> Attributes: NAS-IP-Address = 203.76.0.129 NAS-Port = 1 Cisco-NAS-Port = "Virtual-Access1" NAS-Port-Type = Virtual User-Name = "[EMAIL PROTECTED]" Calling-Station-Id = "nkt112100600855" User-Password = "Ekp<229><187>O<142><170>a<169><25><189><170><185><20><145><251><135><241><1 31>DBM<184>W6<197><244><165><206><204><243>" Service-Type = Framed-User Framed-Protocol = PPP Tue Jan 21 09:35:30 2003: DEBUG: Handling request with Handler 'Realm=zircon.com.au, Client-Identifier=ConnectADSL' Tue Jan 21 09:35:30 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 203.76.0.129, 1 Tue Jan 21 09:35:30 2003: DEBUG: Handling with Radius::AuthFILE: Tue Jan 21 09:35:30 2003: DEBUG: Reading users file /usr/local/etc/radius/data/users Tue Jan 21 09:35:30 2003: DEBUG: Radius::AuthFILE looks for match with [EMAIL PROTECTED] Tue Jan 21 09:35:30 2003: DEBUG: Radius::AuthFILE REJECT: Bad Password Tue Jan 21 09:35:30 2003: DEBUG: Reading users file /usr/local/etc/radius/data/users Tue Jan 21 09:35:30 2003: INFO: Access rejected for [EMAIL PROTECTED]: Bad Password Tue Jan 21 09:35:30 2003: DEBUG: Packet dump: *** Sending to 203.32.160.9 port 1124 .... Code: Access-Reject Identifier: 1 Authentic: <19><153><164>>:<211><129>e<159><191><249><208>/<135><227><15> Attributes: Reply-Message = "Request Denied" PASSWORD LOGFILE Tue Jan 21 09:25:52 2003:1043101552:[EMAIL PROTECTED]:correctpassword:correctpassword:PASS Tue Jan 21 09:35:30 2003:1043102130:[EMAIL PROTECTED]:(¯þbbǽX"æu3:correctpassword:FAIL Richard Vander Reyden E: [EMAIL PROTECTED] Network & Product Engineer P: +61 2 8304 9300 Zircon Systems Pty Ltd F: +61 2 9669 2912 ------------------------------------------------------- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.