Re: (RADIATOR) Alcatel SMC proxy radius -->Radiator issue (fwd)
Indeed, it works smoothly. Radiator is incredibly adaptative to cover a lot of possible situations Thanks Hugh for your fine support as always. Best regards --Abel On Fri, 17 Jan 2003, Hugh Irvine wrote: > > Hello Abel - > > Your problem is due to your use of "DefaultReply" which only adds the > attributes if there are *none* there already. > > You should use "AddToReply" instead. > > >Identifier DBcustomer >Filename %D/db/users-customer > >AddToReply Service-Type=Framed-User,Framed-Protocol=PPP > >RejectEmptyPassword >DefaultSimultaneousUse 1 > > > > regards > > Hugh > > > On Thursday, Jan 16, 2003, at 23:37 Australia/Melbourne, Abel Lucano > wrote: > > > > > Hi all, > > I'm trying to debug the following: > > One proxy-radius (Alcatel-SMC) that forwarding radius authentication > > and > > accounting packets to Radiator. > > > > The whole conversation is configured to use 1645/1646 ports. > > > > When Alcatel-SMC's proxy radius send access-request to Radiator > > this latter sees the packet coming from 1800 or 4248 port(?); radiator > > return this request from 1645 to 1800 or 4248 port. > > > > The SMC side claims that they just are receiving from Radiator the > > Proxy-State (33 binary) attribute but they cannot see basic attributes > > 6 and > > 7 (Service-Type and Framed-Protocol), and then the ppp connnection > > drops. > > > > The basic includes "DefaultReply" too and the rest is very > > basic > > working configuration talking with other systems > > > > > > Identifier DBcustomer > > Filename %D/db/users-customer > > DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP > > RejectEmptyPassword > > DefaultSimultaneousUse 1 > > > > > > > > Somebody has seen this kind of problems? (I've not found it searching > > the > > list archives ) > > > > > > I'm including a tcpdump extract of the basic conversation > > (sorry for the XXs, YYs and ZZs; i'm doing a consulting job to others > > and > > they've not authorized me to show their data) > > > > > > 19:04:46.311731 200.XX.XX.XX.4248 > 200.YY.YY.YY.1645: rad-access-req > > 129 > > [id 11] Attr[ Proxy_state{} NAS_ipaddr{200.ZZ.ZZ.ZZ} NAS_port{65} > > NAS_port_type{Sync} User{prueba} [|radius] > > > > 19:04:46.381731 200.YY.YY.YY.1645 > 200.XX.XX.XX.4248: > > rad-access-accept 26 > > [id 11] Attr[ Proxy_state{} ] (DF) > > > > 19:05:43.641731 200.XX.XX.XX.4248 > 200.YY.YY.YY.1645: rad-access-req > > 127 > > [id 12] Attr[ Proxy_state{} NAS_ipaddr{200.ZZ.ZZ.ZZ} NAS_port{66} > > NAS_port_type{Sync} User{prueba} [|radius] > > > > 19:05:44.351731 200.YY.YY.YY.1645 > 200.XX.XX.XX.4248: > > rad-access-accept 26 > > [id 12] Attr[ Proxy_state{} ] (DF) > > > > Thanks in advance, > > Best regards > > > > > > --- > > - > > Abel Lucano > > DECODE SA > > Av Independencia 1355 2B > > TE/FAX +5411 4383 1161 > > [EMAIL PROTECTED] > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > > > > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Alcatel SMC proxy radius -->Radiator issue (fwd)
Hello Abel - Your problem is due to your use of "DefaultReply" which only adds the attributes if there are *none* there already. You should use "AddToReply" instead. Identifier DBcustomer Filename %D/db/users-customer AddToReply Service-Type=Framed-User,Framed-Protocol=PPP RejectEmptyPassword DefaultSimultaneousUse 1 regards Hugh On Thursday, Jan 16, 2003, at 23:37 Australia/Melbourne, Abel Lucano wrote: Hi all, I'm trying to debug the following: One proxy-radius (Alcatel-SMC) that forwarding radius authentication and accounting packets to Radiator. The whole conversation is configured to use 1645/1646 ports. When Alcatel-SMC's proxy radius send access-request to Radiator this latter sees the packet coming from 1800 or 4248 port(?); radiator return this request from 1645 to 1800 or 4248 port. The SMC side claims that they just are receiving from Radiator the Proxy-State (33 binary) attribute but they cannot see basic attributes 6 and 7 (Service-Type and Framed-Protocol), and then the ppp connnection drops. The basic includes "DefaultReply" too and the rest is very basic working configuration talking with other systems Identifier DBcustomer Filename %D/db/users-customer DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP RejectEmptyPassword DefaultSimultaneousUse 1 Somebody has seen this kind of problems? (I've not found it searching the list archives ) I'm including a tcpdump extract of the basic conversation (sorry for the XXs, YYs and ZZs; i'm doing a consulting job to others and they've not authorized me to show their data) 19:04:46.311731 200.XX.XX.XX.4248 > 200.YY.YY.YY.1645: rad-access-req 129 [id 11] Attr[ Proxy_state{} NAS_ipaddr{200.ZZ.ZZ.ZZ} NAS_port{65} NAS_port_type{Sync} User{prueba} [|radius] 19:04:46.381731 200.YY.YY.YY.1645 > 200.XX.XX.XX.4248: rad-access-accept 26 [id 11] Attr[ Proxy_state{} ] (DF) 19:05:43.641731 200.XX.XX.XX.4248 > 200.YY.YY.YY.1645: rad-access-req 127 [id 12] Attr[ Proxy_state{} NAS_ipaddr{200.ZZ.ZZ.ZZ} NAS_port{66} NAS_port_type{Sync} User{prueba} [|radius] 19:05:44.351731 200.YY.YY.YY.1645 > 200.XX.XX.XX.4248: rad-access-accept 26 [id 12] Attr[ Proxy_state{} ] (DF) Thanks in advance, Best regards --- - Abel Lucano DECODE SA Av Independencia 1355 2B TE/FAX +5411 4383 1161 [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Alcatel SMC proxy radius -->Radiator issue (fwd)
Hi all, I'm trying to debug the following: One proxy-radius (Alcatel-SMC) that forwarding radius authentication and accounting packets to Radiator. The whole conversation is configured to use 1645/1646 ports. When Alcatel-SMC's proxy radius send access-request to Radiator this latter sees the packet coming from 1800 or 4248 port(?); radiator return this request from 1645 to 1800 or 4248 port. The SMC side claims that they just are receiving from Radiator the Proxy-State (33 binary) attribute but they cannot see basic attributes 6 and 7 (Service-Type and Framed-Protocol), and then the ppp connnection drops. The basic includes "DefaultReply" too and the rest is very basic working configuration talking with other systems Identifier DBcustomer Filename %D/db/users-customer DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP RejectEmptyPassword DefaultSimultaneousUse 1 Somebody has seen this kind of problems? (I've not found it searching the list archives ) I'm including a tcpdump extract of the basic conversation (sorry for the XXs, YYs and ZZs; i'm doing a consulting job to others and they've not authorized me to show their data) 19:04:46.311731 200.XX.XX.XX.4248 > 200.YY.YY.YY.1645: rad-access-req 129 [id 11] Attr[ Proxy_state{} NAS_ipaddr{200.ZZ.ZZ.ZZ} NAS_port{65} NAS_port_type{Sync} User{prueba} [|radius] 19:04:46.381731 200.YY.YY.YY.1645 > 200.XX.XX.XX.4248: rad-access-accept 26 [id 11] Attr[ Proxy_state{} ] (DF) 19:05:43.641731 200.XX.XX.XX.4248 > 200.YY.YY.YY.1645: rad-access-req 127 [id 12] Attr[ Proxy_state{} NAS_ipaddr{200.ZZ.ZZ.ZZ} NAS_port{66} NAS_port_type{Sync} User{prueba} [|radius] 19:05:44.351731 200.YY.YY.YY.1645 > 200.XX.XX.XX.4248: rad-access-accept 26 [id 12] Attr[ Proxy_state{} ] (DF) Thanks in advance, Best regards Abel Lucano DECODE SA Av Independencia 1355 2B TE/FAX +5411 4383 1161 [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.