Hello Alan,
please see below for detailed data.
Regards
Wolfgang
"users" data:
[EMAIL PROTECTED] Auth-Type := Local, User-Password == "l2tp"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-Routing = None,
Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = None,
Tunnel-Type:0 = 3,
Tunnel-Medium-Type:0 = 1,
Tunnel-Client-Endpoint:0 = 153.92.29.2,
Tunnel-Server-Endpoint:0 = 153.92.28.17,
Tunnel-Client-Auth-Id:0 = olli,
Tunnel-Server-Auth-Id:0 = raclet.l2tp.com,
Tunnel-Assignment-Id:0 = 200
freeradius server trace:
--- Walking the entire request list ---
Cleaning up request 3 ID 3 with timestamp 3cc3f7ef
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 153.92.29.2:1812, id=4, length=111
User-Password = "\323\246$\331(y\rSOhi\370\362?B"
User-Name = "[EMAIL PROTECTED]"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Virtual
NAS-Identifier = "MAC address"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm l2tp.com for User-Name = "[EMAIL PROTECTED]"
rlm_realm: No such realm l2tp.com
modcall[authorize]: module "suffix" returns noop
users: Matched [EMAIL PROTECTED] at 93
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 4 to 153.92.29.2:1812
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-Routing = None
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = None
Tunnel-Type:0 = L2TP
Tunnel-Medium-Type:0 = IP
Tunnel-Client-Endpoint:0 = "153.92.29.2"
Tunnel-Server-Endpoint:0 = "153.92.28.17"
Tunnel-Client-Auth-Id:0 = "olli"
Tunnel-Server-Auth-Id:0 = "raclet.l2tp.com"
Tunnel-Assignment-Id:0 = "200"
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 4 with timestamp 3cc3f7fa
Nothing to do. Sleeping until we see a request.
ethereal packet dump:
User Datagram Protocol, Src Port: radius (1812), Dst Port: radius (1812)
Source port: radius (1812)
Destination port: radius (1812)
Length: 145
Checksum: 0xba2d (correct)
Radius Protocol
Code: Access Accept (2)
Packet identifier: 0x1 (1)
Length: 137
Authenticator
Attribute value pairs
t:Service Type(6) l:6, Value:Framed
t:Framed Protocol(7) l:6, Value:PPP
t:Framed IP Address(8) l:6, Value:255.255.255.254
t:Framed Routing(10) l:6, Value:None
t:Filter Id(11) l:9, Value:"std.ppp"
t:Framed MTU(12) l:6, Value:1500
t:Framed Compression(13) l:6, Value:None
t:Tunnel Type(64) l:6, Value:L2TP
t:Tunnel Medium Type(65) l:6, Value:IPv4
t:Tunnel Client Endpoint(66) l:14, Value:"153.92.29.2C"
t:Login Service(15) l:49, Value:Undefined (892546617)
08 00 3e ff ff 85 08 00 20 f0 b1 77 08 00 45 00 ..>. ..w..E.
0010 00 a5 e2 71 40 00 ff 11 2d 18 99 5c 1c 03 99 5c ...q@...-..\...\
0020 1d 02 07 14 07 14 00 91 ba 2d 02 01 00 89 fb 35 .-.5
0030 38 8b 0b 17 8a 7a 66 43 d8 ea cb 4e e0 20 06 06 8zfC...N. ..
0040 00 00 00 02 07 06 00 00 00 01 08 06 ff ff ff fe
0050 0a 06 00 00 00 00 0b 09 73 74 64 2e 70 70 70 0c std.ppp.
0060 06 00 00 05 dc 0d 06 00 00 00 00 40 06 00 00 00 ...@
0070 03 41 06 00 00 00 01 42 0e 31 35 33 2e 39 32 2e .A.B.153.92.
< 42 0e 32 35 ... --> 0e is wrong
0080 32 39 2e 32 43 0f 31 35 33 2e 39 32 2e 32 38 2e 29.2C.153.92.28. <
43 0f 32 35 ... --> 0f is wrong
0090 31 37 5a 07 6f 6c 6c 69 5b 12 72 61 63 6c 65 74 17Z.olli[.raclet
00a0 2e 6c 32 74 70 2e 63 6f 6d 52 06 32 30 30 ff 1b .l2tp.comR.200..
00b0 9a 30 7f .0.
> -Ursprüngliche Nachricht-
> Von: Alan DeKok [SMTP:[EMAIL PROTECTED]]
> Gesendet am: Freitag, 19. April 2002 19:40
> An: [EMAIL PROTECTED]
> Betreff: Re: FreeRADIUS on a Solaris platform
>
> Sinnwell Wolfgang EXT <[EMAIL PROTECTED]> wrote:
> > I have a similar problem with malformed Access-Accept on Solaris when
> > using specific tunnel attributes like Tunnel-Client-Endpoint.
> > The attribute length is wrong.
>
> Do you have sample packets/config to reproduce this