Bug#451363: ppp: radius plugin stops talking to radius server
Package: ppp Version: 2.4.4rel-8 Severity: normal I am having problems with the radius plugin supplied with ppp (I am using this to authenticate users of my (poptop) pptp vpn. Here are the logs from a failed login :- Nov 14 11:26:12 nassrv3 pppd[15621]: sent [LCP ConfReq id=0x1 asyncmap 0x0 auth chap MS-v2 magic 0xa7836037 pcomp accomp] Nov 14 11:26:12 nassrv3 pppd[15621]: rcvd [LCP ConfAck id=0x1 asyncmap 0x0 auth chap MS-v2 magic 0xa7836037 pcomp accomp] Nov 14 11:26:12 nassrv3 pppd[15621]: sent [LCP EchoReq id=0x0 magic=0xa7836037] Nov 14 11:26:12 nassrv3 pppd[15621]: sent [CHAP Challenge id=0x9 f426157bf1a8cd0fbc8d2276a48e731a, name = pptpd] Nov 14 11:26:12 nassrv3 pptpd[15620]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Nov 14 11:26:12 nassrv3 pppd[15621]: rcvd [LCP Ident id=0x2 magic=0x76cf2fdd MSRASV5.10] Nov 14 11:26:12 nassrv3 pppd[15621]: rcvd [LCP Ident id=0x3 magic=0x76cf2fdd MSRAS-0-ANNA] Nov 14 11:26:12 nassrv3 pppd[15621]: rcvd [LCP EchoRep id=0x0 magic=0x76cf2fdd] Nov 14 11:26:12 nassrv3 pppd[15621]: rcvd [CHAP Response id=0x9 4166d4713ef8cec048e88644889a7fbcadcaef9a0709f7576bad0ce28f82ed7e5fb6e8c193a192bb00, name = ozw1] Nov 14 11:26:12 nassrv3 pppd[15621]: rc_check_reply: received RADIUS server response with invalid length Nov 14 11:26:12 nassrv3 pppd[15621]: rc_avpair_gen: received attribute with invalid length Nov 14 11:26:12 nassrv3 pppd[15621]: Peer ozw1 failed CHAP authentication Nov 14 11:26:12 nassrv3 pppd[15621]: sent [CHAP Failure id=0x9 ] Nov 14 11:26:12 nassrv3 pppd[15621]: sent [LCP TermReq id=0x2 Authentication failed] Nov 14 11:26:12 nassrv3 pppd[15621]: rcvd [LCP TermAck id=0x2 Authentication failed] Nov 14 11:26:12 nassrv3 pppd[15621]: Connection terminated. Nov 14 11:26:12 nassrv3 pppd[15621]: Exit. Nov 14 11:26:12 nassrv3 pptpd[15620]: GRE: read(fd=6,buffer=5109c0,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs Nov 14 11:26:12 nassrv3 pptpd[15620]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) Nov 14 11:26:12 nassrv3 pptpd[15620]: CTRL: Reaping child PPP[15621] Nov 14 11:26:12 nassrv3 pptpd[15620]: CTRL: Client 81.132.112.97 control connection finished Here is a packet capture of the conversation with the RADIUS server :- 11:26:12.567346 IP vpn.york.ac.uk.33286 nasaaa2.york.ac.uk.radius: RADIUS, Access Request (1), id: 0xc1 length: 140 11:26:12.568107 IP nasaaa2.york.ac.uk.radius vpn.york.ac.uk.33286: RADIUS, Access Accept (2), id: 0xc1 length: 179 11:26:12.568122 IP vpn.york.ac.uk nasaaa2.york.ac.uk: ICMP vpn.york.ac.uk udp port 33286 unreachable, length 215 It looks like the radius client sends a packet, and then stops listening for a response. There is no firewall running on the VPN server so I can't explain the port unreachable response. For me this is a serious problem so please let me know if you need any more info. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-amd64 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages ppp depends on: ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libpam-modules 0.79-4Pluggable Authentication Modules f ii libpam-runtime 0.79-4Runtime support for the PAM librar ii libpam0g 0.79-4Pluggable Authentication Modules l ii libpcap0.8 0.9.5-1 System interface for user-level pa ii netbase4.29 Basic TCP/IP networking system ii procps 1:3.2.7-3 /proc file system utilities ppp recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427812: Please include Sangoma patches
On Wed, Jun 06, 2007 at 07:13:53PM +0300, Tzafrir Cohen wrote: The Sangoma driver includes a little patch for Zaptel. An old version of it is included in Zaptel, but not applied. I'm not exactly sure if it needs to be applied: this needs some further review (and the patch needs updating). Then there's the matter of building the actual drivers. Not a small feat. There used to be a wanpipe package in Debian (it was in potato - 2.2, but abandoned later). Those drivers have a crazy build system (e.g: it insists on patching the kernel sources). If someone with the hardware would like to work with me on such a package, I'm willing to help. Maybe even on integrating this within Zaptel. But I really cannot promise something that will actually work. Thanks for the info. I have done my best to explain all this to the people at Sangoma in the hope that they will step forward and help you out with this. They did tell me that they are going to support hardware HDLC without patching zaptel which may improve things. One more thing that seems to be confusing me is that the Debian Linux kernel images already contain a file called wanrouter.ko? -- Ben Thompson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#427812: Please include Sangoma patches
Package: zaptel-source Version: 1.2.11.dfsg-1 Severity: wishlist Please could you include the patches needed to allow the Sangoma Wanpipe drivers to interoperate with Zaptel. We chose Sangoma interface cards because they are cheaper than Diguim and they are available in low profile PCI-Express options, which Digium do not offer. However they do require that extra modules are installed and there is a shell script provided by Sangoma which attempts to patch and reinstall the zaptel modules. The script is tries to help debian users by providing an option to build a deb package for the Wanpipe drivers. This does not play nicely with the module-assistant way of doing things and it would be so much easier for Debian users if the patches where already included. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406339: arpfetch - snmpwalk command and output format both incorrect
Package: arpwatch Version: 2.1a13-2 The arpfetch shell script included with the arpwatch package needed a few tweaks before I could get it to work. Here are my changes in diff format :- --- /usr/sbin/arpfetch 2004-09-15 14:55:10.0 +0100 +++ /usr/sbin/arpfetch2 2007-01-10 14:10:39.0 + @@ -1,6 +1,6 @@ #!/bin/sh # -# arpfetch - collect arp data from a cisco using snmpwalk +# arpfetch - collect arp data from a switch using snmpwalk # if test $# -ne 2; then echo usage: $0 host cname @@ -11,29 +11,28 @@ cname=$2 temp=`tempfile -p arpft -s .temp.tmp` errs=`tempfile -p arpft -s .errs.tmp` -what=ip.ipnettomediatable.ipnettomediaentry.ipnettomediaphysaddress +oid=1.3.6.1.2.1.4.22.1.2 # # Get the data # -snmpwalk -v 1 $host $cname $what | 21 tr A-Z a-z $temp +snmpwalk -v2c $host -c $cname -t 10 -On $oid | 21 tr A-Z a-z $temp # # Try to make up for the fact that snmpwalk doesn't write errors to stderr # -grep -v $what $temp $errs +grep -v $oid $temp $errs if test -s $errs; then cat $errs 12 rm -f $temp $errs exit 1 fi # -# Convert the results +# Convert the results to MAC AddresstabIP Address format # sed -e 's/[][ ]*/ /g' \ -e 's/ = hex: /=/' \ -e 's/ $//' \ -e 's/ /:/g' \ --e 's/^.*\.\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\)=\(.*\)/\2\1/' \ --e 's/:0/:/g' \ --e 's/^0//' $temp +-e 's/^.*\.\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\):=:string::\(.*\)/\2\t\1/g' $temp # rm -f $temp $errs + -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]