Re: (RADIATOR) decrypt problems
Attaching the requested files.. Thanks, Miro - Original Message - From: Hugh Irvine To: Miro Majcen Cc: [EMAIL PROTECTED] Sent: Thursday, October 03, 2002 1:09 AM Subject: Re: (RADIATOR) decrypt problems Hello Miro - The Cisco debug log shows Authentication failure - but to say any more I will need to see a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening in both cases. regards Hugh On Wednesday, October 2, 2002, at 11:13 PM, Miro Majcen wrote: hello, i have been trying to get my cisco 3640 to authenticate via radiator. While the exact config works on 26xx , it doesn't work with 3600 Software (C3640-I-M), Version 12.2(5), RELEASE SOFTWARE (fc1) here is the debug log, any idea what could be causing this ? 1d05h: ISDN BR2/0: RX - SETUP pd = 8 callref = 0x01 1d05h: Sending Complete 1d05h: Bearer Capability i = 0x8890 1d05h: Channel ID i = 0x89 1d05h: Calling Party Number i = 0x01, 0x83, '354', Plan:ISDN, Type:Unknown 1d05h: Called Party Number i = 0x80, '374', Plan:Unknown, Type:Unknown 1d05h: ISDN BR2/0: Event: Received a DATA call from 354 on B1 at 64 Kb/s 1d05h: ISDN BR2/0: Event: Accepting the call id 0x22 1d05h: %LINK-3-UPDOWN: Interface BRI2/0:1, changed state to up 1d05h: BR2/0:1 PPP: Treating connection as a callin 1d05h: ISDN BR2/0: TX - CALL_PROC pd = 8 callref = 0x81 1d05h: Channel ID i = 0x89 1d05h: ISDN BR2/0: TX - CONNECT pd = 8 callref = 0x81 1d05h: ISDN BR2/0: RX - CONNECT_ACK pd = 8 callref = 0x01 1d05h: BR2/0:1 CHAP: O CHALLENGE id 32 len 27 from Router 1d05h: BR2/0:1 CHAP: I RESPONSE id 32 len 25 from miro 1d05h: RADIUS: ustruct sharecount=2 1d05h: Radius: radius_port_info() success=1 radius_nas_port=1 1d05h: RADIUS: Initial Transmit BRI2/0:1 id 31 10.10.5.200:1645, Access-Request, len 85 1d05h: Attribute 4 6 0A0A6794 1d05h: Attribute 5 6 7531 1d05h: Attribute 61 6 0002 1d05h: Attribute 1 6 6D69726F 1d05h: Attribute 30 5 3337341F 1d05h: Attribute 31 5 33353403 1d05h: Attribute 3 19 2061901F 1d05h: Attribute 6 6 0002 1d05h: Attribute 7 6 0001 1d05h: RADIUS: Received from id 31 10.10.5.200:1645, Access-Accept, len 74 1d05h: Attribute 8 6 0A0A0302 1d05h: Attribute 7 6 0001 1d05h: Attribute 6 6 0002 1d05h: Attribute 7 6 0001 1d05h: Attribute 9 6 1d05h: Attribute 10 6 1d05h: Attribute 12 6 05DC 1d05h: Attribute 13 6 0001 1d05h: Attribute 28 6 0384 1d05h: RADIUS: Response (31) failed decrypt 1d05h: RADIUS: Reply for 31 fails decrypt 1d05h: BR2/0:1 CHAP: Unable to validate Response. Username miro: Authentication failure 1d05h: BR2/0:1 CHAP: O FAILURE id 32 len 26 msg is Authentication failure 1d05h: ISDN BR2/0: RX - DISCONNECT pd = 8 callref = 0x01 1d05h: Cause i = 0x8090 - Normal call clearing 1d05h: %ISDN-6-CONNECT: Interface BRI2/0:1 is now connected to 354 1a8e01 1d05h: %LINK-3-UPDOWN: Interface BRI2/0:1, changed state to down 1d05h: ISDN BR2/0: TX - RELEASE pd = 8 callref = 0x81 1d05h: Cause i = 0x8090 - Normal call clearing 1d05h: ISDN BR2/0: RX - RELEASE_COMP pd = 8 callref = 0x01 Thanks Miro NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. Foreground LogStdout LogDir /logi1 DbDir . # User a lower trace level in production systems: Trace 5 #DictionaryFile dictionary.cisco DictionaryFile %D/dictionary AuthPort 1645 AcctPort 1646 BindAddress 10.10.5.200 # You will probably want to add other Clients to suit your site, # one for each NAS you want to work with Client 10.10.103.148 Secret test DupInterval 0 FramedGroupBaseAddress 10.10.3.1 FramedGroupPortOffset 3 #PasswordLogFileName %L/password.log /Client PreClientHook file:%D/alterNASPort Realm DEFAULT StripFromRequest NAS-IP-Address,NAS-Port AuthByPolicy ContinueWhileAccept AuthBy FILE Filename ./baza.txt AddToReply Service-Type = Framed-User, \ Framed-Group = 0, \ Framed-Protocol = PPP, \ Framed-IP-Netmask = 255.255.255.255, \ Framed-Routing = None, \ Framed-MTU = 1500, \ Framed-Compression = Van-Jacobson-TCP-IP, \ Idle-Timeout = 900 /AuthBy # Log accounting to a detail file #AcctLogFileName./detail #PasswordLogFileName %L/password.log # Log authentication success and failure to the a file /Realm Monitor
Re: (RADIATOR) decrypt problems
Hello Miro - This looks like a problem with the shared secrets. regards Hugh On Thursday, October 3, 2002, at 04:46 PM, Miro Majcen wrote: Attaching the requested files.. Thanks, Miro - Original Message - From: Hugh Irvine To: Miro Majcen Cc: [EMAIL PROTECTED] Sent: Thursday, October 03, 2002 1:09 AM Subject: Re: (RADIATOR) decrypt problems Hello Miro - The Cisco debug log shows Authentication failure - but to say any more I will need to see a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening in both cases. regards Hugh On Wednesday, October 2, 2002, at 11:13 PM, Miro Majcen wrote: hello, i have been trying to get my cisco 3640 to authenticate via radiator. While the exact config works on 26xx , it doesn't work with 3600 Software (C3640-I-M), Version 12.2(5), RELEASE SOFTWARE (fc1) here is the debug log, any idea what could be causing this ? 1d05h: ISDN BR2/0: RX - SETUP pd = 8 callref = 0x01 1d05h: Sending Complete 1d05h: Bearer Capability i = 0x8890 1d05h: Channel ID i = 0x89 1d05h: Calling Party Number i = 0x01, 0x83, '354', Plan:ISDN, Type:Unknown 1d05h: Called Party Number i = 0x80, '374', Plan:Unknown, Type:Unknown 1d05h: ISDN BR2/0: Event: Received a DATA call from 354 on B1 at 64 Kb/s 1d05h: ISDN BR2/0: Event: Accepting the call id 0x22 1d05h: %LINK-3-UPDOWN: Interface BRI2/0:1, changed state to up 1d05h: BR2/0:1 PPP: Treating connection as a callin 1d05h: ISDN BR2/0: TX - CALL_PROC pd = 8 callref = 0x81 1d05h: Channel ID i = 0x89 1d05h: ISDN BR2/0: TX - CONNECT pd = 8 callref = 0x81 1d05h: ISDN BR2/0: RX - CONNECT_ACK pd = 8 callref = 0x01 1d05h: BR2/0:1 CHAP: O CHALLENGE id 32 len 27 from Router 1d05h: BR2/0:1 CHAP: I RESPONSE id 32 len 25 from miro 1d05h: RADIUS: ustruct sharecount=2 1d05h: Radius: radius_port_info() success=1 radius_nas_port=1 1d05h: RADIUS: Initial Transmit BRI2/0:1 id 31 10.10.5.200:1645, Access-Request, len 85 1d05h: Attribute 4 6 0A0A6794 1d05h: Attribute 5 6 7531 1d05h: Attribute 61 6 0002 1d05h: Attribute 1 6 6D69726F 1d05h: Attribute 30 5 3337341F 1d05h: Attribute 31 5 33353403 1d05h: Attribute 3 19 2061901F 1d05h: Attribute 6 6 0002 1d05h: Attribute 7 6 0001 1d05h: RADIUS: Received from id 31 10.10.5.200:1645, Access-Accept, len 74 1d05h: Attribute 8 6 0A0A0302 1d05h: Attribute 7 6 0001 1d05h: Attribute 6 6 0002 1d05h: Attribute 7 6 0001 1d05h: Attribute 9 6 1d05h: Attribute 10 6 1d05h: Attribute 12 6 05DC 1d05h: Attribute 13 6 0001 1d05h: Attribute 28 6 0384 1d05h: RADIUS: Response (31) failed decrypt 1d05h: RADIUS: Reply for 31 fails decrypt 1d05h: BR2/0:1 CHAP: Unable to validate Response. Username miro: Authentication failure 1d05h: BR2/0:1 CHAP: O FAILURE id 32 len 26 msg is Authentication failure 1d05h: ISDN BR2/0: RX - DISCONNECT pd = 8 callref = 0x01 1d05h: Cause i = 0x8090 - Normal call clearing 1d05h: %ISDN-6-CONNECT: Interface BRI2/0:1 is now connected to 354 1a8e01 1d05h: %LINK-3-UPDOWN: Interface BRI2/0:1, changed state to down 1d05h: ISDN BR2/0: TX - RELEASE pd = 8 callref = 0x81 1d05h: Cause i = 0x8090 - Normal call clearing 1d05h: ISDN BR2/0: RX - RELEASE_COMP pd = 8 callref = 0x01 Thanks Miro NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. decryptproblems.txt NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) EAP_TTLS
Mike, I downloaded and applied the patches as you recommended. That fixed the problem. I guess I had an earlier patch set. Thanks for all your help. Radiator support Rules! Steve Mike McCauley wrote: Hi Steve, thanks for your note and the suggestion of your colleague, but I suspect this problem is occurring because you dont have (or arent running) the AuthGeneric.pm from the 3.3.1 patches. The latest AuthGeneric.pm defines EAPType as an array, not as a scalar. Perhaps you have an earlier patch set? Pls let me know how you go. On Tue, 1 Oct 2002 22:36, Steve Caporossi wrote: Mike and Hugh, I downloaded, and installed the patches but got the same results...A colleague of mine, Chris Dufala, looked at the code in EAP.pm...tweaked it a bit and now it is working. You should have an received an email from him as well. However, since you are more familiar with all the code, maybe this was just a temporary fix for our problem, and may introduce problems later? His email is below I am an associate of Steve Caporrossi's at the Medical University of South Carolina. Steve had notified you, regarding a problem using EAP-TTLS with the 3.3.1 version of Radiator with patches applied. While looking through the EAP.pm module, I located a small syntax error in the code that was preventing a sucessful connection using the Odyssey Client : Error Message : Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't use string (TTLS) as an ARRAY ref while strict refs in use at /usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117. Resolution : (lines 117 118) Current : # my $defaulttype = $eap_name_to_type{$self-{EAPType}[0]} #|| return ($main::REJECT, Unknown default EAP type $self-{EAPType}[0]); Change to : my $defaulttype = $eap_name_to_type{$self-{EAPType}} || return ($main::REJECT, Unknown default EAP type $self-{EAPType}); I hope this helps : -Chris Thanks, Steve Mike McCauley wrote: Hello Steve, On Tue, 1 Oct 2002 08:27, Hugh Irvine wrote: Hello Steve - I have copied this mail to Mike, as he has been doing quite a bit of work on this code recently. You should download the latest patches from the web site and install them. Mike will be able to answer any questions. Yes, as Hugh suggests, you should collect the latest patches from www.open.com.au/radiator/downloads/patches-3.3.1 and then let me know what you see. Cheers. regards Hugh On Tuesday, October 1, 2002, at 03:20 AM, Steve Caporossi wrote: Hugh- Can you tell me what this means? I looked through the EAP.pm butdo not understand alot of it. Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't use string (TTLS) as an ARRAY ref while strict refs in use at /usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117. I recently upgraded to 3.3.1, from 3.2, since then, I have been getting this error when trying to use EAP_TTLS and the Odyssey client. The config file is the same that I had in version 3.2. Thanks, Steve *** ** My logs show the following... Mon Sep 30 12:44:25 2002: DEBUG: Packet dump: *** Received from x.x.x.135 port 1030 Code: Access-Request Identifier: 3 Authentic: ^2362124315342032252324.R150u16221 Attributes: User-Name = username NAS-IP-Address = x.x.x.135 Called-Station-Id = 004096439873 Calling-Station-Id = 00078592640e NAS-Identifier = usb3ap1 NAS-Port = 37 Framed-MTU = 1400 NAS-Port-Type = 19 EAP-Message = 200131username Message-Authenticator = 1271@26194180230203189138(188214h23 Mon Sep 30 12:44:25 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT' Mon Sep 30 12:44:25 2002: DEBUG: Deleting session for username, x.x.x.135, 37 Mon Sep 30 12:44:25 2002: DEBUG: Handling with Radius::AuthSQL Mon Sep 30 12:44:25 2002: DEBUG: Handling with Radius::AuthUNIX: Mon Sep 30 12:44:25 2002: DEBUG: Radius::AuthUNIX looks for match with username Mon Sep 30 12:44:25 2002: DEBUG: Handling with EAP Mon Sep 30 12:44:25 2002: DEBUG: EAP code 2, 0, 13 Mon Sep 30 12:44:25 2002: DEBUG: Response type 1 Mon Sep 30 12:44:25 2002: ERR: Could not handle an EAP request: Can't use string (TTLS) as an ARRAY ref while strict refs in use at /usr/lib/perl5/site_perl/5.6.1/Radius/EAP.pm line 117. Mon Sep 30 12:44:25 2002: DEBUG: Radius::AuthUNIX REJECT: Could not handle an EAP request Mon Sep 30 12:44:25 2002: INFO: Access rejected for username: Could not handle an EAP request Mon Sep 30 12:44:25 2002: DEBUG: Packet dump: *** Sending to x.x.x.135 port 1030 Code: Access-Reject Identifier: 3 Authentic: ^2362124315342032252324.R150u16221 Attributes: Reply-Message = Request Denied === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling
(RADIATOR) dictionary problem
I keep getting this error message: Attribute number 151 is not defined in your dictionary But it does appear to be in the dictionary file: # grep 151 dic* dictionary:VALUE Ascend-Disconnect-Cause localAdmin 151 Any ideas what I should be looking for to find this issue? This is a Radiator 2.19 installation. Thanks, Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) dnis:086
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Chandana Bandara [EMAIL PROTECTED]] Date: Thu, 3 Oct 2002 03:48:09 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Thu Oct 3 03:48:09 2002 Received: from mtnmail.dialogsl.net (mtnmail.dialogsl.net [202.69.192.3]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g938m7C10342 for [EMAIL PROTECTED]; Thu, 3 Oct 2002 03:48:07 -0500 Received: from chandanawinxp ([192.168.30.13]) by mtnmail.dialogsl.net (Netscape Messaging Server 4.15) with SMTP id H3ERLV00.8WL for [EMAIL PROTECTED]; Thu, 3 Oct 2002 19:46:43 +0600 Message-ID: 000b01c26ae2$5334fd50$0d1ea8c0@chandanawinxp Reply-To: Chandana Bandara [EMAIL PROTECTED] From: Chandana Bandara [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: dnis:086 Date: Thu, 3 Oct 2002 19:39:35 +0600 Organization: MTN Networks ( Pvt ) Ltd MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0008_01C26B14.9AAA1170 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. This is a multi-part message in MIME format. --=_NextPart_000_0008_01C26B14.9AAA1170 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable HI ,=20 I try to configure radius server. I configured Cisco AS5300 router and = conected a E1 for that also , those r working properly.=20 But when i dial in by using a modem that radius log will show me = dnis:086 as the error. what is this .pl shelp me=20 chandana --=_NextPart_000_0008_01C26B14.9AAA1170 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; = charset=3Diso-8859-1 META content=3DMSHTML 6.00.2600.0 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVFONT face=3DArial size=3D2HI , /FONT/DIV DIVFONT face=3DArial size=3D2/FONTnbsp;/DIV DIVFONT face=3DArial size=3D2I try to configure radius server. I = configured=20 Cisco AS5300 router and conected a E1 for that also , those r working = properly.=20 /FONT/DIV DIVFONT face=3DArial size=3D2But when i dial in by using a modem = that radius log=20 will show me dnis:086 as the error./FONT/DIV DIVFONT face=3DArial size=3D2what is this .pl shelp me = /FONT/DIV DIVFONT face=3DArial size=3D2/FONTnbsp;/DIV DIVFONT face=3DArial size=3D2chandana/FONT/DIV/BODY/HTML --=_NextPart_000_0008_01C26B14.9AAA1170-- --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.