Re: (RADIATOR) decrypt problems

2002-10-03 Thread Miro Majcen 

Attaching the requested files..


Thanks,

Miro




- Original Message -
From: Hugh Irvine
To: Miro Majcen
Cc: [EMAIL PROTECTED]
Sent: Thursday, October 03, 2002 1:09 AM
Subject: Re: (RADIATOR) decrypt problems



Hello Miro -

The Cisco debug log shows Authentication failure - but to say any more I
will need to see a copy of your configuration file (no secrets) together
with a trace 4 debug from Radiator showing what is happening in both cases.

regards

Hugh


On Wednesday, October 2, 2002, at 11:13 PM, Miro Majcen wrote:


hello,

i have been trying to get my cisco 3640 to authenticate via radiator. While
the exact config works on 26xx , it doesn't work with 3600 Software
(C3640-I-M), Version 12.2(5), RELEASE SOFTWARE (fc1)

here is the debug log, any idea what could be causing this ?

1d05h: ISDN BR2/0: RX - SETUP pd = 8  callref = 0x01
1d05h: Sending Complete
1d05h: Bearer Capability i = 0x8890
1d05h: Channel ID i = 0x89
1d05h: Calling Party Number i = 0x01, 0x83, '354', Plan:ISDN,
Type:Unknown
1d05h: Called Party Number i = 0x80, '374', Plan:Unknown,
Type:Unknown
1d05h: ISDN BR2/0: Event: Received a DATA call from 354 on B1 at 64 Kb/s
1d05h: ISDN BR2/0: Event: Accepting the call id 0x22
1d05h: %LINK-3-UPDOWN: Interface BRI2/0:1, changed state to up
1d05h: BR2/0:1 PPP: Treating connection as a callin
1d05h: ISDN BR2/0: TX - CALL_PROC pd = 8  callref = 0x81
1d05h: Channel ID i = 0x89
1d05h: ISDN BR2/0: TX - CONNECT pd = 8  callref = 0x81
1d05h: ISDN BR2/0: RX - CONNECT_ACK pd = 8  callref = 0x01
1d05h: BR2/0:1 CHAP: O CHALLENGE id 32 len 27 from Router
1d05h: BR2/0:1 CHAP: I RESPONSE id 32 len 25 from miro
1d05h: RADIUS: ustruct sharecount=2
1d05h: Radius: radius_port_info() success=1 radius_nas_port=1
1d05h: RADIUS: Initial Transmit BRI2/0:1 id 31 10.10.5.200:1645,
Access-Request, len 85
1d05h: Attribute 4 6 0A0A6794
1d05h: Attribute 5 6 7531
1d05h: Attribute 61 6 0002
1d05h: Attribute 1 6 6D69726F
1d05h: Attribute 30 5 3337341F
1d05h: Attribute 31 5 33353403
1d05h: Attribute 3 19 2061901F
1d05h: Attribute 6 6 0002
1d05h: Attribute 7 6 0001
1d05h: RADIUS: Received from id 31 10.10.5.200:1645, Access-Accept, len 74
1d05h: Attribute 8 6 0A0A0302
1d05h: Attribute 7 6 0001
1d05h: Attribute 6 6 0002
1d05h: Attribute 7 6 0001
1d05h: Attribute 9 6 
1d05h: Attribute 10 6 
1d05h: Attribute 12 6 05DC
1d05h: Attribute 13 6 0001
1d05h: Attribute 28 6 0384
1d05h: RADIUS: Response (31) failed decrypt
1d05h: RADIUS: Reply for 31 fails decrypt
1d05h: BR2/0:1 CHAP: Unable to validate Response.  Username miro:
Authentication failure
1d05h: BR2/0:1 CHAP: O FAILURE id 32 len 26 msg is Authentication failure
1d05h: ISDN BR2/0: RX - DISCONNECT pd = 8  callref = 0x01
1d05h: Cause i = 0x8090 - Normal call clearing
1d05h: %ISDN-6-CONNECT: Interface BRI2/0:1 is now connected to 354 1a8e01
1d05h: %LINK-3-UPDOWN: Interface BRI2/0:1, changed state to down
1d05h: ISDN BR2/0: TX - RELEASE pd = 8  callref = 0x81
1d05h: Cause i = 0x8090 - Normal call clearing
1d05h: ISDN BR2/0: RX - RELEASE_COMP pd = 8  callref = 0x01


Thanks

Miro






NB: I am travelling this week, so there may be delays in our correspondence.

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.



Foreground
LogStdout
LogDir  /logi1
DbDir   .

# User a lower trace level in production systems:
Trace   5

#DictionaryFile  dictionary.cisco
DictionaryFile  %D/dictionary
AuthPort 1645
AcctPort 1646
BindAddress 10.10.5.200

# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
Client 10.10.103.148
Secret test
DupInterval 0
FramedGroupBaseAddress 10.10.3.1
FramedGroupPortOffset 3


#PasswordLogFileName %L/password.log
/Client
PreClientHook file:%D/alterNASPort



Realm DEFAULT
StripFromRequest NAS-IP-Address,NAS-Port
AuthByPolicy ContinueWhileAccept
AuthBy FILE
Filename ./baza.txt
AddToReply Service-Type = Framed-User, \
Framed-Group = 0, \
Framed-Protocol = PPP, \
Framed-IP-Netmask = 255.255.255.255, \
Framed-Routing = None, \
Framed-MTU = 1500, \
Framed-Compression = Van-Jacobson-TCP-IP, \
Idle-Timeout = 900

/AuthBy


# Log accounting to a detail file
#AcctLogFileName./detail
#PasswordLogFileName %L/password.log

# Log authentication success and failure to the a file

/Realm

Monitor

Re: (RADIATOR) decrypt problems

2002-10-03 Thread Hugh Irvine 


Hello Miro -

This looks like a problem with the shared secrets.

regards

Hugh


On Thursday, October 3, 2002, at 04:46 PM, Miro Majcen wrote:

 Attaching the requested files..


 Thanks,

 Miro




 - Original Message -
 From: Hugh Irvine
 To: Miro Majcen
 Cc: [EMAIL PROTECTED]
 Sent: Thursday, October 03, 2002 1:09 AM
 Subject: Re: (RADIATOR) decrypt problems



 Hello Miro -

 The Cisco debug log shows Authentication failure - but to say any 
 more I
 will need to see a copy of your configuration file (no secrets) 
 together
 with a trace 4 debug from Radiator showing what is happening in both 
 cases.

 regards

 Hugh


 On Wednesday, October 2, 2002, at 11:13 PM, Miro Majcen wrote:


 hello,

 i have been trying to get my cisco 3640 to authenticate via radiator. 
 While
 the exact config works on 26xx , it doesn't work with 3600 Software
 (C3640-I-M), Version 12.2(5), RELEASE SOFTWARE (fc1)

 here is the debug log, any idea what could be causing this ?

 1d05h: ISDN BR2/0: RX - SETUP pd = 8  callref = 0x01
 1d05h: Sending Complete
 1d05h: Bearer Capability i = 0x8890
 1d05h: Channel ID i = 0x89
 1d05h: Calling Party Number i = 0x01, 0x83, '354', Plan:ISDN,
 Type:Unknown
 1d05h: Called Party Number i = 0x80, '374', Plan:Unknown,
 Type:Unknown
 1d05h: ISDN BR2/0: Event: Received a DATA call from 354 on B1 at 64 
 Kb/s
 1d05h: ISDN BR2/0: Event: Accepting the call id 0x22
 1d05h: %LINK-3-UPDOWN: Interface BRI2/0:1, changed state to up
 1d05h: BR2/0:1 PPP: Treating connection as a callin
 1d05h: ISDN BR2/0: TX - CALL_PROC pd = 8  callref = 0x81
 1d05h: Channel ID i = 0x89
 1d05h: ISDN BR2/0: TX - CONNECT pd = 8  callref = 0x81
 1d05h: ISDN BR2/0: RX - CONNECT_ACK pd = 8  callref = 0x01
 1d05h: BR2/0:1 CHAP: O CHALLENGE id 32 len 27 from Router
 1d05h: BR2/0:1 CHAP: I RESPONSE id 32 len 25 from miro
 1d05h: RADIUS: ustruct sharecount=2
 1d05h: Radius: radius_port_info() success=1 radius_nas_port=1
 1d05h: RADIUS: Initial Transmit BRI2/0:1 id 31 10.10.5.200:1645,
 Access-Request, len 85
 1d05h: Attribute 4 6 0A0A6794
 1d05h: Attribute 5 6 7531
 1d05h: Attribute 61 6 0002
 1d05h: Attribute 1 6 6D69726F
 1d05h: Attribute 30 5 3337341F
 1d05h: Attribute 31 5 33353403
 1d05h: Attribute 3 19 2061901F
 1d05h: Attribute 6 6 0002
 1d05h: Attribute 7 6 0001
 1d05h: RADIUS: Received from id 31 10.10.5.200:1645, Access-Accept, 
 len 74
 1d05h: Attribute 8 6 0A0A0302
 1d05h: Attribute 7 6 0001
 1d05h: Attribute 6 6 0002
 1d05h: Attribute 7 6 0001
 1d05h: Attribute 9 6 
 1d05h: Attribute 10 6 
 1d05h: Attribute 12 6 05DC
 1d05h: Attribute 13 6 0001
 1d05h: Attribute 28 6 0384
 1d05h: RADIUS: Response (31) failed decrypt
 1d05h: RADIUS: Reply for 31 fails decrypt
 1d05h: BR2/0:1 CHAP: Unable to validate Response.  Username miro:
 Authentication failure
 1d05h: BR2/0:1 CHAP: O FAILURE id 32 len 26 msg is Authentication 
 failure
 1d05h: ISDN BR2/0: RX - DISCONNECT pd = 8  callref = 0x01
 1d05h: Cause i = 0x8090 - Normal call clearing
 1d05h: %ISDN-6-CONNECT: Interface BRI2/0:1 is now connected to 354 
 1a8e01
 1d05h: %LINK-3-UPDOWN: Interface BRI2/0:1, changed state to down
 1d05h: ISDN BR2/0: TX - RELEASE pd = 8  callref = 0x81
 1d05h: Cause i = 0x8090 - Normal call clearing
 1d05h: ISDN BR2/0: RX - RELEASE_COMP pd = 8  callref = 0x01


 Thanks

 Miro






 NB: I am travelling this week, so there may be delays in our 
 correspondence.

 --
 Radiator: the most portable, flexible and configurable RADIUS server
 anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
 -
 Nets: internetwork inventory and management - graphical, extensible,
 flexible with hardware, software, platform and database independence.
 decryptproblems.txt

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) EAP_TTLS

2002-10-03 Thread Steve Caporossi 

Mike,

I downloaded and applied the patches as you recommended.  That fixed the 
problem.  I guess I had an earlier patch set.

Thanks for all your help.  Radiator support Rules!

Steve

Mike McCauley wrote:
 Hi Steve,
 
 thanks for your note and the suggestion of your colleague, but I suspect this 
 problem is occurring because you dont have (or arent running) the 
 AuthGeneric.pm from the 3.3.1 patches. The latest AuthGeneric.pm defines 
 EAPType as an array, not as a scalar. Perhaps you have an earlier patch set?
 
 Pls let me know how you go.
 
 
 
 On Tue, 1 Oct 2002 22:36, Steve Caporossi wrote:
 
Mike and Hugh,

I downloaded, and installed the patches but got the same results...A
colleague of mine, Chris Dufala, looked at the code in EAP.pm...tweaked
it a bit and now it is working.  You should have an received an email
from him as well.  However, since you are more familiar with all the
code, maybe this was just a temporary fix for our problem, and may
introduce problems later?

His email is below

I am an associate of Steve Caporrossi's at the Medical University of
South Carolina.

Steve had notified you, regarding a problem using EAP-TTLS with the
3.3.1 version
of Radiator with patches applied.  While looking through the EAP.pm
module, I located
a small syntax error in the code that was preventing a sucessful
connection using the
Odyssey Client :

Error Message :

Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't
   use string (TTLS) as an ARRAY ref while strict refs in use at
   /usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117.

Resolution :  (lines 117  118)

Current :
# my $defaulttype = $eap_name_to_type{$self-{EAPType}[0]}
#|| return ($main::REJECT, Unknown default EAP type
$self-{EAPType}[0]);

Change to :
my $defaulttype = $eap_name_to_type{$self-{EAPType}}

|| return ($main::REJECT, Unknown default EAP type

$self-{EAPType});


I hope this helps :

-Chris

Thanks,

Steve

Mike McCauley wrote:

Hello Steve,

On Tue, 1 Oct 2002 08:27, Hugh Irvine wrote:

Hello Steve -

I have copied this mail to Mike, as he has been doing quite a bit of
work on this code recently.

You should download the latest patches from the web site and install
them.

Mike will be able to answer any questions.

Yes, as Hugh suggests, you should collect the latest patches from
www.open.com.au/radiator/downloads/patches-3.3.1 and then let me know
what you see.

Cheers.


regards

Hugh

On Tuesday, October 1, 2002, at 03:20 AM, Steve Caporossi wrote:

Hugh-

Can you tell me what this means?  I looked through the EAP.pm
butdo not understand alot of it.

Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't
use string (TTLS) as an ARRAY ref while strict refs in use at
/usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117.

I recently upgraded to 3.3.1, from 3.2, since then, I have been
getting this error when trying to use EAP_TTLS and the Odyssey client.
The config file is the same that I had in version 3.2.

Thanks,

Steve

***
**

My logs show the following...

Mon Sep 30 12:44:25 2002: DEBUG: Packet dump:
*** Received from x.x.x.135 port 1030 
Code:   Access-Request
Identifier: 3
Authentic:  ^2362124315342032252324.R150u16221
Attributes:
   User-Name = username
   NAS-IP-Address = x.x.x.135
   Called-Station-Id = 004096439873
   Calling-Station-Id = 00078592640e
   NAS-Identifier = usb3ap1
   NAS-Port = 37
   Framed-MTU = 1400
   NAS-Port-Type = 19
   EAP-Message = 200131username
   Message-Authenticator =
1271@26194180230203189138(188214h23

Mon Sep 30 12:44:25 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Sep 30 12:44:25 2002: DEBUG:  Deleting session for username,
x.x.x.135, 37
Mon Sep 30 12:44:25 2002: DEBUG: Handling with Radius::AuthSQL
Mon Sep 30 12:44:25 2002: DEBUG: Handling with Radius::AuthUNIX:
Mon Sep 30 12:44:25 2002: DEBUG: Radius::AuthUNIX looks for match with
username
Mon Sep 30 12:44:25 2002: DEBUG: Handling with EAP
Mon Sep 30 12:44:25 2002: DEBUG: EAP code 2, 0, 13
Mon Sep 30 12:44:25 2002: DEBUG: Response type 1
Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't
use string (TTLS) as an ARRAY ref while strict refs in use at
/usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117.

Mon Sep 30 12:44:25 2002: DEBUG: Radius::AuthUNIX REJECT: Could not
handle an EAP request
Mon Sep 30 12:44:25 2002: INFO: Access rejected for username: Could
not handle an EAP request
Mon Sep 30 12:44:25 2002: DEBUG: Packet dump:
*** Sending to x.x.x.135 port 1030 
Code:   Access-Reject
Identifier: 3
Authentic:  ^2362124315342032252324.R150u16221
Attributes:
   Reply-Message = Request Denied


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

NB: I am travelling

(RADIATOR) dictionary problem

2002-10-03 Thread Chris M 

I keep getting this error message:

Attribute number 151 is not defined in your dictionary

But it does appear to be in the dictionary file:

# grep 151 dic*
dictionary:VALUE Ascend-Disconnect-Cause localAdmin 
  151

Any ideas what I should be looking for to find this issue?  This is a 
Radiator 2.19 installation.

Thanks,
Chris


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) dnis:086

2002-10-03 Thread Mike McCauley 



--  Forwarded Message  --

Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Chandana 
Bandara [EMAIL PROTECTED]]
Date: Thu, 3 Oct 2002 03:48:09 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]

From [EMAIL PROTECTED] Thu Oct  3 03:48:09 2002
Received: from mtnmail.dialogsl.net (mtnmail.dialogsl.net [202.69.192.3])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g938m7C10342
for [EMAIL PROTECTED]; Thu, 3 Oct 2002 03:48:07 -0500
Received: from chandanawinxp ([192.168.30.13]) by
  mtnmail.dialogsl.net (Netscape Messaging Server 4.15) with SMTP
  id H3ERLV00.8WL for [EMAIL PROTECTED]; Thu, 3 Oct 2002
  19:46:43 +0600
Message-ID: 000b01c26ae2$5334fd50$0d1ea8c0@chandanawinxp
Reply-To: Chandana Bandara [EMAIL PROTECTED]
From: Chandana Bandara [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: dnis:086
Date: Thu, 3 Oct 2002 19:39:35 +0600
Organization: MTN Networks ( Pvt ) Ltd
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary==_NextPart_000_0008_01C26B14.9AAA1170
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.

This is a multi-part message in MIME format.

--=_NextPart_000_0008_01C26B14.9AAA1170
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

HI ,=20

I try to configure radius server. I configured Cisco AS5300 router and =
conected a E1 for that also , those r working properly.=20
But when i dial in by using a modem that radius log will show me =
dnis:086 as the error.
what is this .pl shelp me=20

chandana

--=_NextPart_000_0008_01C26B14.9AAA1170
Content-Type: text/html;
charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
HTMLHEAD
META http-equiv=3DContent-Type content=3Dtext/html; =
charset=3Diso-8859-1
META content=3DMSHTML 6.00.2600.0 name=3DGENERATOR
STYLE/STYLE
/HEAD
BODY bgColor=3D#ff
DIVFONT face=3DArial size=3D2HI , /FONT/DIV
DIVFONT face=3DArial size=3D2/FONTnbsp;/DIV
DIVFONT face=3DArial size=3D2I try to configure radius server. I =
configured=20
Cisco AS5300 router and conected a E1 for that also , those r working =
properly.=20
/FONT/DIV
DIVFONT face=3DArial size=3D2But when i dial in by using a modem =
that radius log=20
will show me dnis:086 as the error./FONT/DIV
DIVFONT face=3DArial size=3D2what is this .pl shelp me =
/FONT/DIV
DIVFONT face=3DArial size=3D2/FONTnbsp;/DIV
DIVFONT face=3DArial size=3D2chandana/FONT/DIV/BODY/HTML

--=_NextPart_000_0008_01C26B14.9AAA1170--

---

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.