Re: FreeRADIUS Proxy and MS IAS

[Dimitar Peikov]

On Wed, 10 Jul 2002 12:25:31 -0400
"Alan DeKok" <[EMAIL PROTECTED]> wrote:

> Dimitar Peikov <[EMAIL PROTECTED]> wrote:
> > In this case NAS is MS RAS on 2k Server.
> > 
> > This is explanation of error event 'A malformed request was received from=
> >  client . The data is the packet.'
> 
>   OK, it may be bugs in tunnelling code, which was fixed in 0.6.  If
> you're running an earlier version, you should upgrade.
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Unfortunately I made proxy request but only PAP authentication succeed. When using 
CHAP complain is about bad password! As I see CHAP-Challenge and CHAP-Password are the 
same (perhaps secret key is the same, but the client differs).

User 'mitko' is 'ASP' domain member.

Event Viewer log:

User mitko was denied access.
 Fully-Qualified-User-Name = ASP\mitko
 NAS-IP-Address = 192.168.202.163
 NAS-Identifier = 
 Called-Station-Identifier = 
 Calling-Station-Identifier = 192.168.202.114
 Client-Friendly-Name = 192.168.202.57
 Client-IP-Address = 192.168.202.57
 NAS-Port-Type = Virtual
 NAS-Port = 6
 Policy-Name = 
 Authentication-Type = 
 EAP-Type = 
 Reason-Code = 16
 Reason = There was an authentication failure because of an unknown user name or a bad 
password.




FreeRADIUS log :
rad_recv: Access-Request packet from host 192.168.202.163:4803, id=51, length=176
NAS-IP-Address = 192.168.202.163
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 6
MS-RAS-Vendor = 311
MS-RAS-Version = "MSRASV5.00"
NAS-Port-Type = Virtual
Tunnel-Type:0 = PPTP
Tunnel-Medium-Type:0 = IP
Calling-Station-Id = "192.168.202.114"
Tunnel-Client-Endpoint:0 = "192.168.202.114"
User-Name = "mitko@ASP"
CHAP-Challenge = ";\2108\244\203G\016\317\250\255m\342\256(\302\001"
CHAP-Password = 0x007a52b3ed135b71ce9357b7d05589a781

Sending Access-Request of id 7 to 192.168.202.163:1645
User-Name = "mitko"
NAS-IP-Address = 192.168.202.163
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 6
MS-RAS-Vendor = 311
MS-RAS-Version = "MSRASV5.00"
NAS-Port-Type = Virtual
Tunnel-Type:0 = PPTP
Tunnel-Medium-Type:0 = IP
Calling-Station-Id = "192.168.202.114"
Tunnel-Client-Endpoint:0 = "192.168.202.114"
CHAP-Challenge = ";\2108\244\203G\016\317\250\255m\342\256(\302\001"
CHAP-Password = 0x007a52b3ed135b71ce9357b7d05589a781
    Proxy-State = "51"
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Reject packet from host 192.168.202.163:1645, id=7, length=24
Proxy-State = 0x3531





-- 
Dimitar Peikov
Programmer Analyst
Globalization Group
"We Build e-Business"  

RILA Solutions  
27 Building, Acad.G.Bonchev Str.  
1113 Sofia, Bulgaria  

phone: (+359 2) 9797320 
phone: (+359 2) 9797300 
fax:   (+359 2) 9733355  
http://www.rila.com 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS Proxy and MS IAS

[Dimitar Peikov]

On Wed, 10 Jul 2002 12:00:18 -0400
"Alan DeKok" <[EMAIL PROTECTED]> wrote:

> Dimitar Peikov <[EMAIL PROTECTED]> wrote:
> > If I point directly from NAS to either FreeRADIUS ot MS IAS
> > authentication goes alright but when try to proxy MS IAS via
> > FreeRADIUS I get errors on MS Event viewer.
> 
>   Which are...?
> 
>   Alan DeKok.

In this case NAS is MS RAS on 2k Server.

This is explanation of error event 'A malformed request was received from client . 
The data is the packet.'

: 01 02 00 de 98 a2 95 68   ...Þ?¢?h
0008: a3 97 e3 ae 06 c3 0a 42   £?ã®.Ã.B
0010: 0b d8 74 bc 01 07 6d 69   .Øt¼..mi
0018: 74 6b 6f 04 06 c0 a8 ca   tko..À¨Ê
0020: a3 06 06 00 00 00 02 07   £...
0028: 06 00 00 00 01 05 06 00   
0030: 00 00 06 1a 0c 00 00 01   
0038: 37 09 06 00 00 01 37 1a   7.7.
0040: 12 00 00 01 37 12 0c 4d   7..M
0048: 53 52 41 53 56 35 2e 30   SRASV5.0
0050: 30 3d 06 00 00 00 05 40   0=.@
0058: 06 00 00 00 01 41 06 00   .A..
0060: 00 00 01 1f 12 31 39 32   .192
0068: 2e 31 36 38 2e 32 30 32   .168.202
0070: 2e 31 31 34 00 42 13 31   .114.B.1
0078: 39 32 2e 31 36 38 2e 32   92.168.2
0080: 30 32 2e 31 31 34 00 1a   02.114..
0088: 18 00 00 01 37 0b 12 59   7..Y
0090: 09 16 03 a3 41 a4 f8 9a   ...£A¤ø?
0098: 7a c0 6f 5a 18 07 bf 1a   zÀoZ..¿.
00a0: 3a 00 00 01 37 19 34 00   :...7.4.
00a8: 00 20 b0 02 54 7f e1 b7   . °.Tá·
00b0: 32 63 fc a4 8e 23 ca cd   2cü¤?#ÊÍ
00b8: 6c 00 00 00 00 00 00 00   l...
00c0: 00 98 98 d9 06 11 36 60   .??Ù..6`
00c8: cf ab be 91 9e ed a5 1f   Ï«¾??í¥.
00d0: b5 0a 32 02 48 49 69 35   µ.2.HIi5
00d8: a0 21 04 34 31 00  !.41.  


-- 
Dimitar Peikov
Programmer Analyst
Globalization Group
"We Build e-Business"  

RILA Solutions  
27 Building, Acad.G.Bonchev Str.  
1113 Sofia, Bulgaria  

phone: (+359 2) 9797320 
phone: (+359 2) 9797300 
fax:   (+359 2) 9733355  
http://www.rila.com 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRADIUS Proxy and MS IAS

[Dimitar Peikov]

Hi,

Did someone tryed to proxy to MS IAS on 2K Server? I've got bad success
about that and need some help, or example on this. If I point directly
from NAS to either FreeRADIUS ot MS IAS authentication goes alright but
when try to proxy MS IAS via FreeRADIUS I get errors on MS Event viewer.

Any thoughts can be useful.

10x

-- 
Dimitar Peikov
Programmer Analyst
Globalization Group
"We Build e-Business"  

RILA Solutions  
27 Building, Acad.G.Bonchev Str.  
1113 Sofia, Bulgaria  

phone: (+359 2) 9797320 
phone: (+359 2) 9797300 
fax:   (+359 2) 9733355  
http://www.rila.com 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html