Re: strange packets from Patton
that warning is correct. If we start decoding the packet, and get to the vendor specific attribute: Thanks for the analysis - I will contact the vendor, and inform You of the results Cheers Marcin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: strange packets from Patton
Puneet B [EMAIL PROTECTED] wrote: I have not decoded the other packet, but apparently Patton packs their Vendor Specific Attributes in a manner that is different from what the RFC recommends. Exactly. It's nonsense. Unfortunately the RFC does not mandate, just recommends a format, and implementors are free to choose their own. And the implementors that don't want to interoperate choose a stupid format. It's not rocket science, for crying out loud... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: strange packets from Patton
Which doesn't contain any vendor specific attributes.
OK - I might have got the wrong packet. Here are two, with the lines from
radius.log:
14:33:10.241889 10.10.20.52.who radius.radius-acct: rad-account-req 196
[id 10] Attr[ Acct_session_id{08350D00056F}
Acct_multi_session_id{08350D00056F} NAS_id{Patton} NAS_port{0}
NAS_port_type{#26}
Vendor_specific{..q~..6Nk.q~..6N.iq~..6N.Fq~..6N..q~...N...~..CN...~..CN
x..~..CN..~..CN...~...N.7N.7N.7N.7N.7N4} ]
0x 4500 00e0 1e5f 4011 1e69 0a0a 1434[EMAIL PROTECTED]
0x0010 0a0a 14fe 0201 0715 00cc 040a 00c4
0x0020 3c4a 8e9b 4477 bae8 8428 3442 a531 59abJ..Dw...(4B.1Y.
0x0030 2c0e 3038 3335 3044 3030 3035 3646 320e,.08350D00056F2.
0x0040 3038 3335 3044 3030 3035 3646 2008 506108350D00056F..Pa
0x0050 7474 6f6e 0506 3d06 tton..=.
0x0060 1a80 06e8 0014 717e e200 364e 6bd8q~..6Nk.
0x0070 717e e200 364e b069 717e e200 364e 0046q~..6N.iq~..6N.F
0x0080 717e e200 364e 0c1e 717e e200 024e q~..6N..q~...N..
0x0090 947e e200 434e 0200 947e e200 434e 780b.~..CN...~..CNx.
0x00a0 947e e200 434e 80ba 947e e200 434e 0700.~..CN...~..CN..
0x00b0 947e e200 014e f380 e200 374e .~...N..7N..
0x00c0 f380 e200 374e d18c f380 e200 374e f1ff7N..7N..
0x00d0 f380 e200 374e 0400 f380 e200 374e 80347N..7N.4
Vendor specific attribute has invalid length -2
14:55:22.123901 10.10.20.52.who radius.radius-acct: rad-account-req 196
[id 113] Attr[ Acct_session_id{08350D00057E}
Acct_multi_session_id{08350D00057E} NAS_id{Patton} NAS_port{0}
NAS_port_type{#26}
Vendor_specific{..pv...N..pv...N..pv...N..pv...N...|...N...|...N...|...N
...|...N...N...N...N...N...N...N...N..} ]
0x 4500 00e0 7410 4011 c8b7 0a0a 1434[EMAIL PROTECTED]
0x0010 0a0a 14fe 0201 0715 00cc 0471 00c4.q..
0x0020 acda 9009 35d0 a124 b3c5 e04e a0a3 67725..$...N..gr
0x0030 2c0e 3038 3335 3044 3030 3035 3745 320e,.08350D00057E2.
0x0040 3038 3335 3044 3030 3035 3745 2008 506108350D00057E..Pa
0x0050 7474 6f6e 0506 3d06 tton..=.
0x0060 1a80 06e8 011b 7076 e400 0a4e 0600pv...N..
0x0070 7076 e400 094e 0600 7076 e400 0c4e 0500pv...N..pv...N..
0x0080 7076 e400 0b4e 0500 a57c e400 0a4e 0600pv...N...|...N..
0x0090 a57c e400 094e 0600 a57c e400 0c4e 0500.|...N...|...N..
0x00a0 a57c e400 0b4e 0500 da82 e400 0a4e 0600.|...N...N..
0x00b0 da82 e400 094e 0600 da82 e400 0c4e 0500.N...N..
0x00c0 da82 e400 0b4e 0500 0f89 e400 0a4e 0600.N...N..
0x00d0 0f89 e400 094e 0600 0f89 e400 0c4e 0500.N...N..
Vendor specific attributes do not exactly fill Vendor-Specific
None of these contain Acct-Status-Type , what does piss off freeradius.
I have also such packets:
14:55:28.120846 10.10.20.52.who radius.radius-acct: rad-account-req 68
[id 113] Attr[ Acct_session_id{08350D00057E}
Acct_multi_session_id{08350D00057E} NAS_id{Patton} NAS_port{0}
NAS_port_type{#182} ]
0x 4500 0060 758d 4011 c7ba 0a0a 1434[EMAIL PROTECTED]
0x0010 0a0a 14fe 0201 0715 004c 0471 0044.L...q.D
0x0020 d906 bc70 d961 7c32 172f 4e14 6a09 ad13...p.a|2./N.j...
0x0030 2c0e 3038 3335 3044 3030 3035 3745 320e,.08350D00057E2.
0x0040 3038 3335 3044 3030 3035 3745 2008 506108350D00057E..Pa
0x0050 7474 6f6e 0506 3d06 tton..=.
These do not contain the vendor-specific part, but they also don`t contain
Accounting-Status-Type . What is the poin for NAS to send such packets?
The Vendor-Specific attribute never gets logged in radacct.
Any ideas for a quick fix? If You know, what info is in this vendor-specific
part, it would also be much help.
Cheers
Marcin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: strange packets from Patton
I might have got the wrong packet. Here are two, with the lines from radius.log: 0x 4500 00e0 1e5f 4011 1e69 0a0a 1434[EMAIL PROTECTED] 0x0010 0a0a 14fe 0201 0715 00cc 040a 00c4 0x0020 3c4a 8e9b 4477 bae8 8428 3442 a531 59abJ..Dw...(4B.1Y. 0x0030 2c0e 3038 3335 3044 3030 3035 3646 320e,.08350D00056F2. 0x0040 3038 3335 3044 3030 3035 3646 2008 506108350D00056F..Pa 0x0050 7474 6f6e 0506 3d06 tton..=. 0x0060 1a80 06e8 0014 717e e200 364e 6bd8q~..6Nk. 0x0070 717e e200 364e b069 717e e200 364e 0046q~..6N.iq~..6N.F 0x0080 717e e200 364e 0c1e 717e e200 024e q~..6N..q~...N.. 0x0090 947e e200 434e 0200 947e e200 434e 780b.~..CN...~..CNx. 0x00a0 947e e200 434e 80ba 947e e200 434e 0700.~..CN...~..CN.. 0x00b0 947e e200 014e f380 e200 374e .~...N..7N.. 0x00c0 f380 e200 374e d18c f380 e200 374e f1ff7N..7N.. 0x00d0 f380 e200 374e 0400 f380 e200 374e 80347N..7N.4 Vendor specific attribute has invalid length -2 that warning is correct. If we start decoding the packet, and get to the vendor specific attribute: 1a 80 - tag indicating its a VSA, and the length 06e8 - vendor ID (1768) which is assigned to Patton Electronics Company 00 14 - ID=0 and 0x14 (20) bytes attribute, meaning 20 byte attribute, with 18 bytes data 717e e200 364e 6bd8 717e e200 364e b069 717e e2 00 - the attribute tag is 0xE2, but the length is 0 bytes??? This is the problem. The length has to be atleast 2 (for the tag and length) size of data = length-2, which in this case turns out to be -2. This is where freeRadius would complain. 364e 0046 717e e200 364e 0c1e 717e e200 024e 947e e200 434e 0200 947e e200 434e 780b 947e e200 434e 80ba 947e e200 434e 0700 947e e200 014e f380 e200 374e f380 e200 374e d18c f380 e200 374e f1ff f380 e200 374e 0400 f380 e200 374e 8034 I have not decoded the other packet, but apparently Patton packs their Vendor Specific Attributes in a manner that is different from what the RFC recommends. Unfortunately the RFC does not mandate, just recommends a format, and implementors are free to choose their own. None of these contain Acct-Status-Type , what does piss off freeradius I think you need to check with your NAS/RAS vendor (Patton) why invalid accounting packets (without the Acct-Status-Type) are being sent by them. Puneet ___ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: strange packets from Patton
--- On Thu 07/03, Oliver Graf [EMAIL PROTECTED] wrote: NAS-IP and Client-IP are added by freeradius if they are missing. Timestamp is a pure freeradius added attribute IMHO. Thanks for clarifying that! Puneet ___ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: strange packets from Patton
The RFC recommends a particular format for the way Vendor-Specific attributes are to be packed, and AFAIK freeRadius would print this message if that format is not followed by the NAS/RAS. Can you post a tcpdump or ethereal capture of the contents of this accounting record? Also, did you load all the relevant dictionaries? I am quite new to freeradius . I guess all the dictionaries loaded by default are loaded - in the file 'dictionary' are included all other dictionaries (dictionary.*). This is a dump of such packet: 0x 4500 0060 ae86 4011 8ec1 0a0a 1434[EMAIL PROTECTED] 0x0010 0a0a 14fe 0201 0715 004c 0415 0044.L.D 0x0020 ea2a 7f7d acdb 604f 3df8 dafb 6dc3 95b8.*.}..`O=...m... 0x0030 2c0e 3038 3335 3044 3030 3033 3133 320e,.08350D0003132. 0x0040 3038 3335 3044 3030 3033 3133 2008 506108350D000313..Pa 0x0050 7474 6f6e 0506 3d06 tton..=. Can you help? Greetings Marcin Mank - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: strange packets from Patton
Marcin Mank [EMAIL PROTECTED] wrote: This is a dump of such packet: 0x 4500 0060 ae86 4011 8ec1 0a0a 1434[EMAIL PROTECTED] 0x0010 0a0a 14fe 0201 0715 004c 0415 0044.L.D 0x0020 ea2a 7f7d acdb 604f 3df8 dafb 6dc3 95b8.*.}..`O=...m... 0x0030 2c0e 3038 3335 3044 3030 3033 3133 320e,.08350D0003132. 0x0040 3038 3335 3044 3030 3033 3133 2008 506108350D000313..Pa 0x0050 7474 6f6e 0506 3d06 tton..=. Which doesn't contain any vendor specific attributes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: strange packets from Patton
This is a dump of such packet: 0x 4500 0060 ae86 4011 8ec1 0a0a 1434[EMAIL PROTECTED] 0x0010 0a0a 14fe 0201 0715 004c 0415 0044.L.D 0x0020 ea2a 7f7d acdb 604f 3df8 dafb 6dc3 95b8.*.}..`O=...m... 0x0030 2c0e 3038 3335 3044 3030 3033 3133 320e,.08350D0003132. 0x0040 3038 3335 3044 3030 3033 3133 2008 506108350D000313..Pa 0x0050 7474 6f6e 0506 3d06 tton..=. Which doesn't contain any vendor specific attributes. yes, as Alan has pointed out there is no vendor specific attribute in this packet. Also, this packet is a correctly encoded Radius packet (not malformed, with the only exception that the Acct-Status-Type attribute which is mandatory for Accounting Requests is missing). This packet has only the Acct-SessionId, Acct-Multi-Link-session-ID, NAS Identifier, Nas port and NAS-Port-Type attributes. The other attributes you had mentioned in your first post, such as the NAS-IP, Client-IP, Timestamp etc are missing. Has some configuration on your NAS/RAS changed since then? Did freeRadius print an error message regarding Vendor-Specific attributes on receiving this packet? Puneet ___ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
strange packets from Patton
Hello. We recieve strange packets from our Patton since software upgrade: Acct-Session-Id = 08350C002E1D Acct-Multi-Session-Id = 08350C002E1D NAS-Identifier = Patton NAS-Port = 0 NAS-Port-Type = Async NAS-IP-Address = 10.10.20.52 Client-IP-Address = 10.10.20.52 Acct-Unique-Session-Id = 0e946f85022471a1 Timestamp = 1057075743 and in radius.log: Error: Accounting: no Accounting-Status-Type record. Vendor specific attributes do not exactly fill Vendor-Specific We had xtradius until today morning, we switched to freeradius. Xtradius has shown an additional line in the detail log: Vendor-Specific = V1768:T1:L18:\203:B\004\234N\014\000\203:B\004\242N\000\002:T131:L58:B\004\ 243N\020\000\221:B\004\240N\001\000 (the value changes). Please advise on what these messages mean, and how to get rid of them - they flood our log files. Greetngs Marcin Mak - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: strange packets from Patton
We recieve strange packets from our Patton since software upgrade: Acct-Session-Id = 08350C002E1D Acct-Multi-Session-Id = 08350C002E1D NAS-Identifier = Patton NAS-Port = 0 NAS-Port-Type = Async NAS-IP-Address = 10.10.20.52 Client-IP-Address = 10.10.20.52 Acct-Unique-Session-Id = 0e946f85022471a1 Timestamp = 1057075743 and in radius.log: Error: Accounting: no Accounting-Status-Type record. An Accounting Request MUST have an Acct-Status-Type attribute. So this Accounting Request is not being created correctly by your NAS/RAS. Vendor specific attributes do not exactly fill Vendor-Specific The RFC recommends a particular format for the way Vendor-Specific attributes are to be packed, and AFAIK freeRadius would print this message if that format is not followed by the NAS/RAS. Can you post a tcpdump or ethereal capture of the contents of this accounting record? Also, did you load all the relevant dictionaries? Puneet ___ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
