Re: AW: FreeRADIUS on a Solaris platform

2002-04-22 Thread Alan DeKok 

Sinnwell Wolfgang EXT <[EMAIL PROTECTED]> wrote:
> please see below for detailed data.

  OK.  I've found a logic bug in src/lib/radius.c.  It was
incrementing the length of the tunnel attribute, even when it wasn't
putting a tag in the attribute.

  Grab the CVS snapshot from tonight, or from anonymous CVS now, and
it should work.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

AW: FreeRADIUS on a Solaris platform

2002-04-22 Thread Sinnwell Wolfgang EXT 

Hello Alan,
please see below for detailed data.

Regards
Wolfgang

"users" data:

[EMAIL PROTECTED]   Auth-Type := Local, User-Password == "l2tp"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-Routing = None,
Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = None,
Tunnel-Type:0 = 3,
Tunnel-Medium-Type:0 = 1,
Tunnel-Client-Endpoint:0 = 153.92.29.2,
Tunnel-Server-Endpoint:0 = 153.92.28.17,
Tunnel-Client-Auth-Id:0 = olli,
Tunnel-Server-Auth-Id:0 = raclet.l2tp.com,
Tunnel-Assignment-Id:0 = 200

freeradius server trace:

--- Walking the entire request list ---
Cleaning up request 3 ID 3 with timestamp 3cc3f7ef
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 153.92.29.2:1812, id=4, length=111
User-Password = "\323\246$\331(y\rSOhi\370\362?B"
User-Name = "[EMAIL PROTECTED]"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Virtual
NAS-Identifier = "MAC address"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm l2tp.com for User-Name = "[EMAIL PROTECTED]"
rlm_realm: No such realm l2tp.com
  modcall[authorize]: module "suffix" returns noop
users: Matched [EMAIL PROTECTED] at 93
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 4 to 153.92.29.2:1812
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-Routing = None
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = None
Tunnel-Type:0 = L2TP
Tunnel-Medium-Type:0 = IP
Tunnel-Client-Endpoint:0 = "153.92.29.2"
Tunnel-Server-Endpoint:0 = "153.92.28.17"
Tunnel-Client-Auth-Id:0 = "olli"
Tunnel-Server-Auth-Id:0 = "raclet.l2tp.com"
Tunnel-Assignment-Id:0 = "200"
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 4 with timestamp 3cc3f7fa
Nothing to do.  Sleeping until we see a request.

ethereal packet dump:

User Datagram Protocol, Src Port: radius (1812), Dst Port: radius (1812)
Source port: radius (1812)
Destination port: radius (1812)
Length: 145
Checksum: 0xba2d (correct)
Radius Protocol
Code: Access Accept (2)
Packet identifier: 0x1 (1)
Length: 137
Authenticator
Attribute value pairs
t:Service Type(6) l:6, Value:Framed
t:Framed Protocol(7) l:6, Value:PPP
t:Framed IP Address(8) l:6, Value:255.255.255.254
t:Framed Routing(10) l:6, Value:None
t:Filter Id(11) l:9, Value:"std.ppp"
t:Framed MTU(12) l:6, Value:1500
t:Framed Compression(13) l:6, Value:None
t:Tunnel Type(64) l:6, Value:L2TP
t:Tunnel Medium Type(65) l:6, Value:IPv4
t:Tunnel Client Endpoint(66) l:14, Value:"153.92.29.2C"
t:Login Service(15) l:49, Value:Undefined (892546617)

  08 00 3e ff ff 85 08 00 20 f0 b1 77 08 00 45 00   ..>. ..w..E. 
0010  00 a5 e2 71 40 00 ff 11 2d 18 99 5c 1c 03 99 5c   ...q@...-..\...\ 
0020  1d 02 07 14 07 14 00 91 ba 2d 02 01 00 89 fb 35   .-.5 
0030  38 8b 0b 17 8a 7a 66 43 d8 ea cb 4e e0 20 06 06   8zfC...N. .. 
0040  00 00 00 02 07 06 00 00 00 01 08 06 ff ff ff fe    
0050  0a 06 00 00 00 00 0b 09 73 74 64 2e 70 70 70 0c   std.ppp. 
0060  06 00 00 05 dc 0d 06 00 00 00 00 40 06 00 00 00   ...@ 
0070  03 41 06 00 00 00 01 42 0e 31 35 33 2e 39 32 2e   .A.B.153.92.   
< 42 0e 32 35 ... --> 0e is wrong  
0080  32 39 2e 32 43 0f 31 35 33 2e 39 32 2e 32 38 2e   29.2C.153.92.28. < 
43 0f 32 35 ... --> 0f is wrong  
0090  31 37 5a 07 6f 6c 6c 69 5b 12 72 61 63 6c 65 74   17Z.olli[.raclet 
00a0  2e 6c 32 74 70 2e 63 6f 6d 52 06 32 30 30 ff 1b   .l2tp.comR.200.. 
00b0  9a 30 7f  .0.  

> -Ursprüngliche Nachricht-
> Von:  Alan DeKok [SMTP:[EMAIL PROTECTED]]
> Gesendet am:  Freitag, 19. April 2002 19:40
> An:   [EMAIL PROTECTED]
> Betreff:  Re: FreeRADIUS on a Solaris platform 
> 
> Sinnwell Wolfgang EXT <[EMAIL PROTECTED]> wrote:
> > I have a similar problem with malformed Access-Accept on Solaris when
> > using specific tunnel attributes like Tunnel-Client-Endpoint.
> > The attribute length is wrong.
> 
>   Do you have sample packets/config to reproduce this