(RADIATOR) Using UseExtendedId

[Martin Edge]

Title: Message



Hey 
Guys,

Having a few issues 
after implementing UseExtendedId in ournetwork, much like your 
documentation suggests, it all works fine except when we have a customer that 
doesn't support it within their RADIUS system. 

Do you know whether 
UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont 
use, 1 for use it? 

ThanksMartin



Martin 
Edge 
Senior Applications 
Engineer
[EMAIL PROTECTED]
KBS Internet Pty 
Ltd
Phone: 1300 302 134 

Phone: +61 3 9868 

Fax: +61 3 9868 
9900
www.kbs.net.au

  
  

  

  Level 9
  432 St Kilda RdMelbourne VIC 
  3004NOTICE - This message contains information 
intended only for the use of the addressee named above. It may also be 
confidential and/or privileged. If you are not the intended recipient of this 
message you are hereby notified that you must not disseminate, copy or take any 
action in reliance on it. If you have received this message in error please 
notify. 

Re: (RADIATOR) Using UseExtendedId

[Hugh Irvine]

Hello Martin -

I am curious to know what the problem is with these customers? What exactly do they not support?

I have copied Mike on this mail so he can answer the per-host use of UseExtendedId.

regards

Hugh


On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote:

Hey Guys,
 
Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system.
 
Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it?
 
Thanks
Martin
 

Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868 
Fax: +61 3 9868 9900
www.kbs.net.au
image.tiff>
NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify.
 


 
 


NB: have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

Re: (RADIATOR) Using UseExtendedId

[Mike McCauley]

Hello Martin,


On Thu, 19 Jun 2003 04:38 pm, Hugh Irvine wrote:
 Hello Martin -

 I am curious to know what the problem is with these customers? What
 exactly do they not support?

 I have copied Mike on this mail so he can answer the per-host use of
 UseExtendedId.

Yes, that should work OK as you described it.

Cheers.


 regards

 Hugh


 On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge

 wrote:
  Hey Guys,
   
  Having a few issues after implementing UseExtendedId in our network,
  much like your documentation suggests, it all works fine except when
  we have a customer that doesn't support it within their RADIUS system.
   
  Do you know whether UseExtendedId will work as a row returned within
  SQLRADIUS? 0 or blank for dont use, 1 for use it?
   
  Thanks
  Martin
   
  
  Martin Edge
  Senior Applications Engineer
  [EMAIL PROTECTED]
  KBS Internet Pty Ltd
  Phone: 1300 302 134
  Phone: +61 3 9868 
  Fax: +61 3 9868 9900
  www.kbs.net.au

 image.tiff

  NOTICE - This message contains information intended only for the use
  of the addressee named above. It may also be confidential and/or
  privileged. If you are not the intended recipient of this message you
  are hereby notified that you must not disseminate, copy or take any
  action in reliance on it. If you have received this message in error
  please notify.
   
 
 
   
   

 NB: have you included a copy of your configuration file (no secrets),
 together with a trace 4 debug showing what is happening?

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Using UseExtendedId

[Martin Edge]

Hi Hugh,

It appears they are not responding with the Proxy-State attribute,
therefore our RADIUS system is coming up unknown reply to packet. 

For instance:
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS
for request 239 from 203.30.19.248:1846
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS
for request 240 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS
for request 241 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS
for request 241 from 202.71.168.62:1846
Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS
for request 242 from 202.71.168.62:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS
for request 242 from 203.30.19.248:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS
for request 243 from 202.71.168.62:1846
Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS
for request 243 from 203.30.19.248:1846
Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS
for request 244 from 203.30.19.248:1846

*** Sending to 202.4.30.2 port 1646 
Code:   Accounting-Request
Identifier: 74
Authentic:  
Attributes:
Acct-Session-Id = 2F85
Framed-Protocol = PPP
Framed-IP-Address = 203.194.16.52
Ascend-Connect-Progress = prLanSessionUp
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Calling-Station-Id = XXX
Called-Station-Id = XXX
NAS-Port-Type = Async
NAS-Port = 7393
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.8
Ascend-Session-Svr-Key = XXX
NAS-Identifier = ACC08-XX
Acct-Delay-Time = 0
User-Name = X
Timestamp = 1056005873
Proxy-State = OSC-Extended-Id=330

Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted

Thu Jun 19 16:57:53 2003: DEBUG: Packet dump:
*** Received from 202.4.30.2 port 1646 
Code:   Accounting-Response
Identifier: 74
Authentic:  181156NP130;{`21226+{U1331406
Attributes:

Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS
for request 74 from 202.4.30.2:1646

Thanks
Martin



Martin Edge 
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134 
Phone: +61 3 9868 
Fax: +61 3 9868 9900
www.kbs.net.au

Level 9
432 St Kilda Rd
Melbourne VIC 3004

NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify. 





-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 19 June 2003 4:38 PM
To: Martin Edge; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId



Hello Martin -

I am curious to know what the problem is with these customers? What
exactly do they not support?

I have copied Mike on this mail so he can answer the per-host use of
UseExtendedId.

regards

Hugh


On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge
wrote:


Hey Guys,
 
Having a few issues after implementing UseExtendedId in our network,
much like your documentation suggests, it all works fine except when we
have a customer that doesn't support it within their RADIUS system.
 
Do you know whether UseExtendedId will work as a row returned within
SQLRADIUS? 0 or blank for dont use, 1 for use it?
 
Thanks
Martin
 

Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868 
Fax: +61 3 9868 9900
www.kbs.net.au

image.tiff


NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify.
 


 
 



NB: have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Using UseExtendedId

[Martin Edge]

Thanks, I'll give it a bash..

Martin 

-Original Message-
From: Mike McCauley [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 19 June 2003 4:57 PM
To: Hugh Irvine; Martin Edge
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId


Hello Martin,


On Thu, 19 Jun 2003 04:38 pm, Hugh Irvine wrote:
 Hello Martin -

 I am curious to know what the problem is with these customers? What 
 exactly do they not support?

 I have copied Mike on this mail so he can answer the per-host use of 
 UseExtendedId.

Yes, that should work OK as you described it.

Cheers.


 regards

 Hugh


 On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge

 wrote:
  Hey Guys,
   
  Having a few issues after implementing UseExtendedId in our network,

  much like your documentation suggests, it all works fine except when

  we have a customer that doesn't support it within their RADIUS 
  system.
   
  Do you know whether UseExtendedId will work as a row returned within

  SQLRADIUS? 0 or blank for dont use, 1 for use it?
   
  Thanks
  Martin
   
  
  Martin Edge
  Senior Applications Engineer
  [EMAIL PROTECTED]
  KBS Internet Pty Ltd
  Phone: 1300 302 134
  Phone: +61 3 9868 
  Fax: +61 3 9868 9900
  www.kbs.net.au

 image.tiff

  NOTICE - This message contains information intended only for the use

  of the addressee named above. It may also be confidential and/or 
  privileged. If you are not the intended recipient of this message 
  you are hereby notified that you must not disseminate, copy or take 
  any action in reliance on it. If you have received this message in 
  error please notify.
   
 
 
   
   

 NB: have you included a copy of your configuration file (no secrets), 
 together with a trace 4 debug showing what is happening?

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Using UseExtendedId

[Hugh Irvine]

Hello Martin -

Not returning a Proxy-State attribute is quite broken behaviour.

regards

Hugh

On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge 
wrote:

Hi Hugh,

It appears they are not responding with the Proxy-State attribute,
therefore our RADIUS system is coming up unknown reply to packet.
For instance:
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS
for request 239 from 203.30.19.248:1846
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS
for request 240 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS
for request 241 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS
for request 241 from 202.71.168.62:1846
Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS
for request 242 from 202.71.168.62:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS
for request 242 from 203.30.19.248:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS
for request 243 from 202.71.168.62:1846
Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS
for request 243 from 203.30.19.248:1846
Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS
for request 244 from 203.30.19.248:1846
*** Sending to 202.4.30.2 port 1646 
Code:   Accounting-Request
Identifier: 74
Authentic:  
Attributes:
Acct-Session-Id = 2F85
Framed-Protocol = PPP
Framed-IP-Address = 203.194.16.52
Ascend-Connect-Progress = prLanSessionUp
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Calling-Station-Id = XXX
Called-Station-Id = XXX
NAS-Port-Type = Async
NAS-Port = 7393
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.8
Ascend-Session-Svr-Key = XXX
NAS-Identifier = ACC08-XX
Acct-Delay-Time = 0
User-Name = X
Timestamp = 1056005873
Proxy-State = OSC-Extended-Id=330
Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted

Thu Jun 19 16:57:53 2003: DEBUG: Packet dump:
*** Received from 202.4.30.2 port 1646 
Code:   Accounting-Response
Identifier: 74
Authentic:  181156NP130;{`21226+{U1331406
Attributes:
Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS
for request 74 from 202.4.30.2:1646
Thanks
Martin

Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868 
Fax: +61 3 9868 9900
www.kbs.net.au
Level 9
432 St Kilda Rd
Melbourne VIC 3004
NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify.




-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent: Thursday, 19 June 2003 4:38 PM
To: Martin Edge; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId


Hello Martin -

I am curious to know what the problem is with these customers? What
exactly do they not support?
I have copied Mike on this mail so he can answer the per-host use of
UseExtendedId.
regards

Hugh

On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge
wrote:
Hey Guys,

Having a few issues after implementing UseExtendedId in our network,
much like your documentation suggests, it all works fine except when we
have a customer that doesn't support it within their RADIUS system.
Do you know whether UseExtendedId will work as a row returned within
SQLRADIUS? 0 or blank for dont use, 1 for use it?
Thanks
Martin

Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868 
Fax: +61 3 9868 9900
www.kbs.net.au
image.tiff

NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify.






NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

NB: have you included a copy of your configuration file (no secrets),
together with a 

RE: (RADIATOR) Using UseExtendedId

[Martin Edge]

Hi guys,

Looks like it doesn't work as expected. Not seeing any Proxy-State
values being implemented when relying on SQL RADIUS, have confirmed my
database is coming up with a '1' to say use it, as soon as I readd
'UseExtendedIds' to the AuthBy the stuff below sits, it works fine
again.

Within SQLRADIUS :

HostColumnDef 0, Host
HostColumnDef 1, Secret
HostColumnDef 2, AuthPort
HostColumnDef 3, AcctPort
HostColumnDef 4, Retries
HostColumnDef 5, RetryTimeout
HostColumnDef 6, FailureBackoffTime
HostColumnDef 7, FailurePolicy
HostColumnDef 8, AddToReply
HostColumnDef 9, StripFromReply
HostColumnDef 10, AllowInReply
HostColumnDef 11, AddToReplyIfNotExist
HostColumnDef 12, DefaultReply
HostColumnDef 13, AddToRequest
HostColumnDef 14, StripFromRequset
HostColumnDef 15, AddToRequestIfNotExist
HostColumnDef 16, UseOldAscendPasswords
HostColumnDef 17, ServerHasBrokenPortNumbers
HostColumnDef 18, ServerHasBrokenAddresses
HostColumnDef 19, IgnoreReplySignature
HostColumnDef 20, UseExtendedIds

Is this because I am still using depreciated fields, UseOldAs.. And
ServerHasBr.. ? 

Thanks
Martin

 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Martin Edge
Sent: Thursday, 19 June 2003 5:02 PM
To: 'Mike McCauley'; 'Hugh Irvine'
Cc: [EMAIL PROTECTED]
Subject: RE: (RADIATOR) Using UseExtendedId


Thanks, I'll give it a bash..

Martin 

-Original Message-
From: Mike McCauley [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 19 June 2003 4:57 PM
To: Hugh Irvine; Martin Edge
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId


Hello Martin,


On Thu, 19 Jun 2003 04:38 pm, Hugh Irvine wrote:
 Hello Martin -

 I am curious to know what the problem is with these customers? What
 exactly do they not support?

 I have copied Mike on this mail so he can answer the per-host use of
 UseExtendedId.

Yes, that should work OK as you described it.

Cheers.


 regards

 Hugh


 On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge

 wrote:
  Hey Guys,
   
  Having a few issues after implementing UseExtendedId in our network,

  much like your documentation suggests, it all works fine except when

  we have a customer that doesn't support it within their RADIUS
  system.
   
  Do you know whether UseExtendedId will work as a row returned within

  SQLRADIUS? 0 or blank for dont use, 1 for use it?
   
  Thanks
  Martin
   
  
  Martin Edge
  Senior Applications Engineer
  [EMAIL PROTECTED]
  KBS Internet Pty Ltd
  Phone: 1300 302 134
  Phone: +61 3 9868 
  Fax: +61 3 9868 9900
  www.kbs.net.au

 image.tiff

  NOTICE - This message contains information intended only for the use

  of the addressee named above. It may also be confidential and/or
  privileged. If you are not the intended recipient of this message 
  you are hereby notified that you must not disseminate, copy or take 
  any action in reliance on it. If you have received this message in 
  error please notify.
   
 
 
   
   

 NB: have you included a copy of your configuration file (no secrets),
 together with a trace 4 debug showing what is happening?

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Using UseExtendedId

[Martin Edge]

I'll see I can find out which products these customers are using..

(pretty sure it's not Radiator)

Thanks
Martin


Martin Edge 
Senior Applications Engineer 
[EMAIL PROTECTED] 
KBS Internet Pty Ltd 
Phone: 1300 302 134 
Phone: +61 3 9868  
Fax: +61 3 9868 9900 
www.kbs.net.au 

Level 9
432 St Kilda Rd
Melbourne VIC 3004 


NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify. 
 


 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Hugh Irvine
Sent: Thursday, 19 June 2003 5:12 PM
To: Martin Edge
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId



Hello Martin -

Not returning a Proxy-State attribute is quite broken behaviour.

regards

Hugh


On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge 
wrote:

 Hi Hugh,

 It appears they are not responding with the Proxy-State attribute,
 therefore our RADIUS system is coming up unknown reply to packet.

 For instance:
 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 239 from 203.30.19.248:1846
 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 240 from 203.30.19.248:1846
 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 241 from 203.30.19.248:1846
 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 241 from 202.71.168.62:1846
 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 242 from 202.71.168.62:1846
 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 242 from 203.30.19.248:1846
 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 243 from 202.71.168.62:1846
 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 243 from 203.30.19.248:1846
 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 244 from 203.30.19.248:1846

 *** Sending to 202.4.30.2 port 1646 
 Code:   Accounting-Request
 Identifier: 74
 Authentic:  
 Attributes:
 Acct-Session-Id = 2F85
 Framed-Protocol = PPP
 Framed-IP-Address = 203.194.16.52
 Ascend-Connect-Progress = prLanSessionUp
 Acct-Authentic = RADIUS
 Acct-Status-Type = Start
 Calling-Station-Id = XXX
 Called-Station-Id = XXX
 NAS-Port-Type = Async
 NAS-Port = 7393
 Service-Type = Framed-User
 NAS-IP-Address = 203.194.30.8
 Ascend-Session-Svr-Key = XXX
 NAS-Identifier = ACC08-XX
 Acct-Delay-Time = 0
 User-Name = X
 Timestamp = 1056005873
 Proxy-State = OSC-Extended-Id=330

 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted

 Thu Jun 19 16:57:53 2003: DEBUG: Packet dump:
 *** Received from 202.4.30.2 port 1646 
 Code:   Accounting-Response
 Identifier: 74
 Authentic:  181156NP130;{`21226+{U1331406
 Attributes:

 Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 74 from 202.4.30.2:1646

 Thanks
 Martin


 
 Martin Edge
 Senior Applications Engineer
 [EMAIL PROTECTED]
 KBS Internet Pty Ltd
 Phone: 1300 302 134
 Phone: +61 3 9868 
 Fax: +61 3 9868 9900
 www.kbs.net.au

 Level 9
 432 St Kilda Rd
 Melbourne VIC 3004

 NOTICE - This message contains information intended only for the use
of
 the addressee named above. It may also be confidential and/or
 privileged. If you are not the intended recipient of this message you
 are hereby notified that you must not disseminate, copy or take any
 action in reliance on it. If you have received this message in error
 please notify.





 -Original Message-
 From: Hugh Irvine [mailto:[EMAIL PROTECTED]
 Sent: Thursday, 19 June 2003 4:38 PM
 To: Martin Edge; [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: Re: (RADIATOR) Using UseExtendedId



 Hello Martin -

 I am curious to know what the problem is with these customers? What
 exactly do they not support?

 I have copied Mike on this mail so he can answer the per-host use of
 UseExtendedId.

 regards

 Hugh


 On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge
 wrote:


 Hey Guys,

 Having a few issues after implementing UseExtendedId in our network,
 much like your documentation suggests, it all works fine except when
we
 have a customer that doesn't support it within their RADIUS system.

 Do you know whether UseExtendedId will work as a row returned 

RE: (RADIATOR) Radiator Error Logging

[Ingvar Berg (EAB)]

It might also be an option to copy the caller ID to the user ID. Assuming that no 
other part of your system gets confused, of course.

/Ingvar

  -Original Message-
 From: Hugh Irvine [mailto:[EMAIL PROTECTED] 
 Sent: den 19 juni 2003 07:47
 To:   Harrison Ng
 Cc:   '[EMAIL PROTECTED]'
 Subject:  Re: (RADIATOR) Radiator Error Logging
 
 
 
 Hello Harrison - 
 
 The only way I can think of to do this is to write a NoReplyHook and have it log 
 whatever message you require. 
 
 There are some example hooks in the file goodies/hooks.txt. 
 
 regards 
 
 Hugh 
 
 
 
 On Thursday, Jun 19, 2003, at 13:04 Australia/Melbourne, Harrison Ng wrote: 
 
 
 Dear Sir, 
 
 Our radiator generates following messages: 
 INFO: AuthRADIUS: No reply after 0 retransmissions to 123.123.123.123:1813 for void  
 (54) 
 
 Since our customer doesn't need to enter his username, remote access server sends 
 out 'void' for default. 
 Can we customize the message so that it includes Calling-Station-Id attribute? 
 We need to identify which record doesn't arrive remote accounting server. 
 
 The new message will look like this: 
 INFO: AuthRADIUS: No reply after 0 retransmissions to 123.123.123.123:1813 for void 
 (85291234567) (54) 
 
 **where (85291234567) represents Calling-Station-Id attribute 
 
 Thanks for your help in advance! 
 
 Regards, 
 Harrison 
 
 InterScan_Disclaimer.txt 
 
 
 NB: have you included a copy of your configuration file (no secrets),  
 together with a trace 4 debug showing what is happening? 
 
 --  
 Radiator: the most portable, flexible and configurable RADIUS server 
 anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. 
 - 
 Nets: internetwork inventory and management - graphical, extensible, 
 flexible with hardware, software, platform and database independence. 
 
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Using UseExtendedId

[Martin Edge]

Have 1 instance of MacRadius, one of ICRadius 0.18, one X-Radius 1.2.1
which I've never heard of.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Martin Edge
Sent: Thursday, 19 June 2003 5:31 PM
To: 'Hugh Irvine'
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: (RADIATOR) Using UseExtendedId


I'll see I can find out which products these customers are using..

(pretty sure it's not Radiator)

Thanks
Martin


Martin Edge 
Senior Applications Engineer 
[EMAIL PROTECTED] 
KBS Internet Pty Ltd 
Phone: 1300 302 134 
Phone: +61 3 9868  
Fax: +61 3 9868 9900 
www.kbs.net.au 

Level 9
432 St Kilda Rd
Melbourne VIC 3004 


NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify. 
 


 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Hugh Irvine
Sent: Thursday, 19 June 2003 5:12 PM
To: Martin Edge
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId



Hello Martin -

Not returning a Proxy-State attribute is quite broken behaviour.

regards

Hugh


On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge 
wrote:

 Hi Hugh,

 It appears they are not responding with the Proxy-State attribute, 
 therefore our RADIUS system is coming up unknown reply to packet.

 For instance:
 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 239 from 203.30.19.248:1846
 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 240 from 203.30.19.248:1846
 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 241 from 203.30.19.248:1846
 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 241 from 202.71.168.62:1846
 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 242 from 202.71.168.62:1846
 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 242 from 203.30.19.248:1846
 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 243 from 202.71.168.62:1846
 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 243 from 203.30.19.248:1846
 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 244 from 203.30.19.248:1846

 *** Sending to 202.4.30.2 port 1646 
 Code:   Accounting-Request
 Identifier: 74
 Authentic:  
 Attributes:
 Acct-Session-Id = 2F85
 Framed-Protocol = PPP
 Framed-IP-Address = 203.194.16.52
 Ascend-Connect-Progress = prLanSessionUp
 Acct-Authentic = RADIUS
 Acct-Status-Type = Start
 Calling-Station-Id = XXX
 Called-Station-Id = XXX
 NAS-Port-Type = Async
 NAS-Port = 7393
 Service-Type = Framed-User
 NAS-IP-Address = 203.194.30.8
 Ascend-Session-Svr-Key = XXX
 NAS-Identifier = ACC08-XX
 Acct-Delay-Time = 0
 User-Name = X
 Timestamp = 1056005873
 Proxy-State = OSC-Extended-Id=330

 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted

 Thu Jun 19 16:57:53 2003: DEBUG: Packet dump:
 *** Received from 202.4.30.2 port 1646 
 Code:   Accounting-Response
 Identifier: 74
 Authentic:  181156NP130;{`21226+{U1331406
 Attributes:

 Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 74 from 202.4.30.2:1646

 Thanks
 Martin


 
 Martin Edge
 Senior Applications Engineer
 [EMAIL PROTECTED]
 KBS Internet Pty Ltd
 Phone: 1300 302 134
 Phone: +61 3 9868 
 Fax: +61 3 9868 9900
 www.kbs.net.au

 Level 9
 432 St Kilda Rd
 Melbourne VIC 3004

 NOTICE - This message contains information intended only for the use
of
 the addressee named above. It may also be confidential and/or 
 privileged. If you are not the intended recipient of this message you 
 are hereby notified that you must not disseminate, copy or take any 
 action in reliance on it. If you have received this message in error 
 please notify.





 -Original Message-
 From: Hugh Irvine [mailto:[EMAIL PROTECTED]
 Sent: Thursday, 19 June 2003 4:38 PM
 To: Martin Edge; [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: Re: (RADIATOR) Using UseExtendedId



 Hello Martin -

 I am curious to know what the problem is with these customers? What 
 exactly do they not support?

 I have copied Mike on this mail so he can answer the per-host use of 
 UseExtendedId.

 regards

 Hugh


 On Thursday, Jun 

RE: (RADIATOR) Using UseExtendedId

[h . zuidema]

Hello Martin,

RFC 2865 clearly specifies the behaviour in case a request contains
Proxy-State. So not returning Proxy-State correctly is a violation of the
RFC. Sometimes things go wrong when requests are proxied twice with each
proxy adding Proxy-State. But the RFC covers this as well.

Met vriendelijke groet,
Hylke Zuidema
Developmentmanager
KPN - Internet Operator
Tel: +31 70 451 33 70

-Oorspronkelijk bericht-
Van: Martin Edge [mailto:[EMAIL PROTECTED]
Verzonden: donderdag 19 juni 2003 10:14
Aan: 'Hugh Irvine'
CC: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Onderwerp: RE: (RADIATOR) Using UseExtendedId


Have 1 instance of MacRadius, one of ICRadius 0.18, one X-Radius 1.2.1
which I've never heard of.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Martin Edge
Sent: Thursday, 19 June 2003 5:31 PM
To: 'Hugh Irvine'
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: (RADIATOR) Using UseExtendedId


I'll see I can find out which products these customers are using..

(pretty sure it's not Radiator)

Thanks
Martin


Martin Edge 
Senior Applications Engineer 
[EMAIL PROTECTED] 
KBS Internet Pty Ltd 
Phone: 1300 302 134 
Phone: +61 3 9868  
Fax: +61 3 9868 9900 
www.kbs.net.au 

Level 9
432 St Kilda Rd
Melbourne VIC 3004 


NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify. 
 


 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Hugh Irvine
Sent: Thursday, 19 June 2003 5:12 PM
To: Martin Edge
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId



Hello Martin -

Not returning a Proxy-State attribute is quite broken behaviour.

regards

Hugh


On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge 
wrote:

 Hi Hugh,

 It appears they are not responding with the Proxy-State attribute, 
 therefore our RADIUS system is coming up unknown reply to packet.

 For instance:
 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 239 from 203.30.19.248:1846
 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 240 from 203.30.19.248:1846
 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 241 from 203.30.19.248:1846
 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 241 from 202.71.168.62:1846
 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 242 from 202.71.168.62:1846
 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 242 from 203.30.19.248:1846
 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 243 from 202.71.168.62:1846
 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 243 from 203.30.19.248:1846
 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 244 from 203.30.19.248:1846

 *** Sending to 202.4.30.2 port 1646 
 Code:   Accounting-Request
 Identifier: 74
 Authentic:  
 Attributes:
 Acct-Session-Id = 2F85
 Framed-Protocol = PPP
 Framed-IP-Address = 203.194.16.52
 Ascend-Connect-Progress = prLanSessionUp
 Acct-Authentic = RADIUS
 Acct-Status-Type = Start
 Calling-Station-Id = XXX
 Called-Station-Id = XXX
 NAS-Port-Type = Async
 NAS-Port = 7393
 Service-Type = Framed-User
 NAS-IP-Address = 203.194.30.8
 Ascend-Session-Svr-Key = XXX
 NAS-Identifier = ACC08-XX
 Acct-Delay-Time = 0
 User-Name = X
 Timestamp = 1056005873
 Proxy-State = OSC-Extended-Id=330

 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted

 Thu Jun 19 16:57:53 2003: DEBUG: Packet dump:
 *** Received from 202.4.30.2 port 1646 
 Code:   Accounting-Response
 Identifier: 74
 Authentic:  181156NP130;{`21226+{U1331406
 Attributes:

 Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in
AuthRADIUS
 for request 74 from 202.4.30.2:1646

 Thanks
 Martin


 
 Martin Edge
 Senior Applications Engineer
 [EMAIL PROTECTED]
 KBS Internet Pty Ltd
 Phone: 1300 302 134
 Phone: +61 3 9868 
 Fax: +61 3 9868 9900
 www.kbs.net.au

 Level 9
 432 St Kilda Rd
 Melbourne VIC 3004

 NOTICE - This message contains information intended only for the use
of
 the addressee named above. It may also be confidential and/or 
 privileged. If you are not the intended recipient of this message you 
 are 

Re: (RADIATOR) Wireless Access Points that can do Radius Authentication

[Hugh Irvine]

Hello Brian -

This is a quickly moving target, so it is probably best to ask your 
favourite vendors and/or do a Google search.

Any published list is going to be out of date within days.

You should also be a bit careful with vendor spec sheets, as they often 
don't reflect reality particularily well. And although many wireless 
access points claim to implement radius, it is our experience that this 
is oftentimes limited to authentication only.

As is usually the case, you should test everything yourself to verify 
vendor claims.

YMMV

regards

Hugh



On Thursday, Jun 19, 2003, at 10:22 Australia/Melbourne, Brian Morris 
wrote:

Hi All,

Has anyone compiled a list of wireless access points that do radius
authentication?
If so, would they like to share it??

If not, can anyone offer some advice as to those that do and work with
Radiator.
Thanks in advance,

Brian.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Wireless Access Points that can do Radius Authentication

[Bon sy]

Brian and Mike,

I will add Linksys WRT51AB with official spec at
(http://www.linksys.com/products/product.asp?prid=476grid= )

I have not tried this but it claims to support 802.1x and it is
the least inexpensive one in the U.S. (retail less than $200).

I will also suggest to check against the Wi-Fi certified product
list at http://www.wi-fi.org/OpenSection/certified_products.asp?TID=2
to avoid compatibility issues with cross vendor products. For example, I
did not find Lancom 3050 that Mike mentioned in the list. 

As new standards like 802.11g and WPA that are emerging
frequently, I will suggest the listing, either here or elsewhere, to get
into more specifics and user experience. For example, what client
supplicants works with what AP through (radiator or other) radius under
what version of driver/firmware, and any problems when using it as we have
encountered. In either case, I will repost this to
http://www.qcwireless.net/ 

I will also try to update when warranted via the site that we
maintain at http://www.qcwireless.net/ where it devoted itself to only
wireless related discussion. I hope this coould help to complement this
site that devotes specifically only to radiator issues.

Bon


On Thu, 19 Jun 2003, Mike McCauley wrote:

 Hello Brian,
 
 You will find a list of the ones we know about at 
 http://www.open.com.au/radiator/technical.html, see also below.
 
 If anyone can list others that are known to work with Radiator, we will update 
 the list:
 
 Cisco Aironet AP340, 350, 1200
 3Com SR AP 8000
 LanCom 3050
 D-Link DWL-900AP+
 Orinoco/Proxim AP-2000, 2500
 
 
 
 
 
 
 On Thu, 19 Jun 2003 10:22 am, Brian Morris wrote:
  Hi All,
 
  Has anyone compiled a list of wireless access points that do radius
  authentication?
 
  If so, would they like to share it??
 
  If not, can anyone offer some advice as to those that do and work with
  Radiator.
 
  Thanks in advance,
 
  Brian.
 
  ===
  Archive at http://www.open.com.au/archives/radiator/
  Announcements on [EMAIL PROTECTED]
  To unsubscribe, email '[EMAIL PROTECTED]' with
  'unsubscribe radiator' in the body of the message.
 
 -- 
 Mike McCauley   [EMAIL PROTECTED]
 Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
 Phone +61 3 9598-0985   Fax   +61 3 9598-0955
 
 Radiator: the most portable, flexible and configurable RADIUS server 
 anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
 Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
 TTLS, PEAP etc on Unix, Windows, MacOS etc.
 
 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.
 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Radiator Error Logging

[Hugh Irvine]

Hello Ingvar -

This is a good idea and is easy to do in a PreClientHook (see 
goodies/hooks.txt).

You may also be able to use an AddToRequest in the Client clause.

regards

Hugh

On Thursday, Jun 19, 2003, at 17:52 Australia/Melbourne, Ingvar Berg 
(EAB) wrote:

It might also be an option to copy the caller ID to the user ID. 
Assuming that no other part of your system gets confused, of course.

/Ingvar

 -Original Message-
From:   Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent:   den 19 juni 2003 07:47
To: Harrison Ng
Cc: '[EMAIL PROTECTED]'
Subject:Re: (RADIATOR) Radiator Error Logging


Hello Harrison -

The only way I can think of to do this is to write a NoReplyHook and 
have it log whatever message you require.

There are some example hooks in the file goodies/hooks.txt.

regards

Hugh



On Thursday, Jun 19, 2003, at 13:04 Australia/Melbourne, Harrison Ng 
wrote:

Dear Sir,

Our radiator generates following messages:
INFO: AuthRADIUS: No reply after 0 retransmissions to 
123.123.123.123:1813 for void  (54)

Since our customer doesn't need to enter his username, remote access 
server sends out 'void' for default.
Can we customize the message so that it includes Calling-Station-Id 
attribute?
We need to identify which record doesn't arrive remote accounting 
server.

The new message will look like this:
INFO: AuthRADIUS: No reply after 0 retransmissions to 
123.123.123.123:1813 for void (85291234567) (54)

**where (85291234567) represents Calling-Station-Id attribute

Thanks for your help in advance!

Regards,
Harrison
InterScan_Disclaimer.txt

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--  
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.



NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Using UseExtendedId

[Hugh Irvine]

Hello Martin -

Sounds like three potential customers to me.

:-)

regards

Hugh

On Thursday, Jun 19, 2003, at 18:14 Australia/Melbourne, Martin Edge 
wrote:

Have 1 instance of MacRadius, one of ICRadius 0.18, one X-Radius 1.2.1
which I've never heard of.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Martin Edge
Sent: Thursday, 19 June 2003 5:31 PM
To: 'Hugh Irvine'
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: (RADIATOR) Using UseExtendedId
I'll see I can find out which products these customers are using..

(pretty sure it's not Radiator)

Thanks
Martin

Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868 
Fax: +61 3 9868 9900
www.kbs.net.au

Level 9
432 St Kilda Rd
Melbourne VIC 3004

NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify.




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Hugh Irvine
Sent: Thursday, 19 June 2003 5:12 PM
To: Martin Edge
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId


Hello Martin -

Not returning a Proxy-State attribute is quite broken behaviour.

regards

Hugh

On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge
wrote:
Hi Hugh,

It appears they are not responding with the Proxy-State attribute,
therefore our RADIUS system is coming up unknown reply to packet.
For instance:
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 239 from 203.30.19.248:1846
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 240 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 241 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 241 from 202.71.168.62:1846
Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 242 from 202.71.168.62:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 242 from 203.30.19.248:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 243 from 202.71.168.62:1846
Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 243 from 203.30.19.248:1846
Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 244 from 203.30.19.248:1846

*** Sending to 202.4.30.2 port 1646 
Code:   Accounting-Request
Identifier: 74
Authentic:  
Attributes:
Acct-Session-Id = 2F85
Framed-Protocol = PPP
Framed-IP-Address = 203.194.16.52
Ascend-Connect-Progress = prLanSessionUp
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Calling-Station-Id = XXX
Called-Station-Id = XXX
NAS-Port-Type = Async
NAS-Port = 7393
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.8
Ascend-Session-Svr-Key = XXX
NAS-Identifier = ACC08-XX
Acct-Delay-Time = 0
User-Name = X
Timestamp = 1056005873
Proxy-State = OSC-Extended-Id=330
Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted

Thu Jun 19 16:57:53 2003: DEBUG: Packet dump:
*** Received from 202.4.30.2 port 1646 
Code:   Accounting-Response
Identifier: 74
Authentic:  181156NP130;{`21226+{U1331406
Attributes:
Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 74 from 202.4.30.2:1646

Thanks
Martin

Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868 
Fax: +61 3 9868 9900
www.kbs.net.au
Level 9
432 St Kilda Rd
Melbourne VIC 3004
NOTICE - This message contains information intended only for the use
of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify.




-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent: Thursday, 19 June 2003 4:38 PM
To: Martin Edge; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId


Hello Martin -

I am curious to know what the problem is with these customers? What
exactly do they not support?
I have copied Mike on this mail so he can answer the per-host use of
UseExtendedId.

Re: (RADIATOR) Wireless Access Points that can do Radius Authentication

[Bon sy]

Hugh, Brian, and who else is interested,

The whole point of going to a centralized site like wi-fi.org is
to have trustworthy/(semi)credible entities to conduct the test and to
post the results. First off, I have no relationship with wi-fi.org if
anyone wonders, and I do not embrace just one entity. Rather, it makes
sense for me to embrace whatever entity providing good and useful
services.

We all know the problems of subjective tests and biased
statements. As Hugh has pointed out, radius support is _not_ the same as
radius full support on AAA or 802.1x. So, approaching vendor or googling,
in my opinion, bears more or less the same risk if one is not applying own
judgement and/or if there is a lack of trustworthy/(semi)credible entity
doing so.

I still feel some sort of (semi)official entities that can provide
some sort of a validation lab service could be a great service to the
technology users, wireless or not. If nothing else, one can have a
shortlist to start, and perhaps if nothing works, resort it back to
googling or staying on a phone for 45 mins to wait for tech support to
answer a simple question. 

About the time lag issue, it is unavoidable. The question really
is the response time issue. For myself, if I never commit myself within a
month of a new product release, and if whatever (semi)official entity can
have the valuable validation infor/testing/results available within a
month of a new product release, I can live perfectly happy with it. 

In addition, it also has to do with time-to-market strategy and
balance between potential liability on a company's reputation (if a
product has a problem) vs the level of completeness in the
testing/validation phase of a new product. For example, if a company is
reputable and conservative on conducting thorough test before releasing
a product, or if I know the company/organization is not just speculative
on gaining market share, I may be willing to jump into it sooner. 

Hugh, Brian, and perhaps whoever is interested, I wonder anyone
cares to offer your viewpoint on the acceptable lag time for a product
review/test/validation, and what's your viewpoint on having such 
(semi)official entities? 

Either case, I think this could be a great discussion and I am
going to re-post this for our students and colleagues here (at Queens
College). Your inputs will certainly help folks in this community as well
as those in the Queens College community to understand this issue better.

Thanks in advance!

Bon



On Thu, 19 Jun 2003, Hugh Irvine wrote:

 
 Hello Brian -
 
 This is a quickly moving target, so it is probably best to ask your 
 favourite vendors and/or do a Google search.
 
 Any published list is going to be out of date within days.
 
 You should also be a bit careful with vendor spec sheets, as they often 
 don't reflect reality particularily well. And although many wireless 
 access points claim to implement radius, it is our experience that this 
 is oftentimes limited to authentication only.
 
 As is usually the case, you should test everything yourself to verify 
 vendor claims.
 
 YMMV
 
 regards
 
 Hugh
 
 
 
 On Thursday, Jun 19, 2003, at 10:22 Australia/Melbourne, Brian Morris 
 wrote:
 
  Hi All,
 
  Has anyone compiled a list of wireless access points that do radius
  authentication?
 
  If so, would they like to share it??
 
  If not, can anyone offer some advice as to those that do and work with
  Radiator.
 
  Thanks in advance,
 
  Brian.
 
  ===
  Archive at http://www.open.com.au/archives/radiator/
  Announcements on [EMAIL PROTECTED]
  To unsubscribe, email '[EMAIL PROTECTED]' with
  'unsubscribe radiator' in the body of the message.
 
 
 
 NB: have you included a copy of your configuration file (no secrets),
 together with a trace 4 debug showing what is happening?
 
 -- 
 Radiator: the most portable, flexible and configurable RADIUS server
 anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
 -
 Nets: internetwork inventory and management - graphical, extensible,
 flexible with hardware, software, platform and database independence.
 
 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.
 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Can't get PEAP to work, need help.

[Jerome Fleury]

Here is the test config:

Client: Cisco Aironet/Orinoco
802.1X client: 2000+hotfix/Funk Odyssey
AP: Cisco Aironet 1100

I use the test config from goodies/eap_peap.cfg with this modification:

 Filename %D/users-wifi

(is there any special entry to put in this file ? anonymous user ?)

As soon as I enter my credentials (802.1X identification window from Windows 2000 
appears), the
radius request launches from the AP:

.Jun 19 13:42:01.250: dot11_dot1x_run_rfsm: current state CLIENT_WAIT, received 
CLIENT_REPLY,
mac: 0060.1df0.3503
.Jun 19 13:42:01.250: dot11_dot1x_send_response_to_server: Sending client data to 
server
.Jun 19 13:42:01.251: RADIUS/ENCODE(3489): acct_session_id: 13473
.Jun 19 13:42:01.251: RADIUS(3489): sending
.Jun 19 13:42:01.252: RADIUS: Send to unknown id 44 172.30.19.3:1812, Access-Request, 
len 128
.Jun 19 13:42:01.252: RADIUS:  authenticator 52 44 49 1C E4 86 B3 78 - E9 F8 87 6C B1 
59 CA FF
.Jun 19 13:42:01.252: RADIUS:  User-Name   [1]   5   ben
.Jun 19 13:42:01.252: RADIUS:  Framed-MTU  [12]  6   1400  
.Jun 19 13:42:01.252: RADIUS:  Called-Station-Id   [30]  16  0002.8a5b.400f
.Jun 19 13:42:01.252: RADIUS:  Calling-Station-Id  [31]  16  0060.1df0.3503
.Jun 19 13:42:01.252: RADIUS:  NAS-Port-Type   [61]  6   802.11 wireless   
[19]
.Jun 19 13:42:01.252: RADIUS:  Message-Authenticato[80]  18  *
.Jun 19 13:42:01.252: RADIUS:  EAP-Message [79]  8   
.Jun 19 13:42:01.253: RADIUS:   02 03 00 06  []
.Jun 19 13:42:01.253: RADIUS:  NAS-Port-Type   [61]  6   Virtual   
[5]
.Jun 19 13:42:01.253: RADIUS:  NAS-Port[5]   6   159   
.Jun 19 13:42:01.253: RADIUS:  Service-Type[6]   6   Login 
[1]
.Jun 19 13:42:01.254: RADIUS:  NAS-IP-Address  [4]   6   172.30.24.10  
.Jun 19 13:42:01.254: RADIUS:  Nas-Identifier  [32]  9   ap2.gre
.Jun 19 13:42:06.253: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44
.Jun 19 13:42:12.056: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44
.Jun 19 13:42:17.057: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44
.Jun 19 13:42:21.899: dot11_dot1x_parse_client_pak: Received EAPOL packet from 
0060.1df0.3503
.Jun 19 13:42:21.899: EAPOL pak dump rx
.Jun 19 13:42:21.899: EAPOL Version: 0x1  type: 0x1  length: 0x
00E126C0:  0101
.Jun 19 13:42:21.899: dot11_dot1x_run_rfsm: current state SERVER_WAIT, received 
EAP_START, mac:
0060.1df0.3503
.Jun 19 13:42:21.900: dot11_dot1x_ignore_event: Ignore event: do nothing
.Jun 19 13:42:22.188: RADIUS: Tried all servers.
.Jun 19 13:42:22.188: RADIUS: No valid server found. Trying any viable server
.Jun 19 13:42:22.188: RADIUS: Tried all servers.
.Jun 19 13:42:22.188: RADIUS: No response from (172.30.19.3:1812,1813) for id 44
.Jun 19 13:42:22.188: RADIUS/DECODE: parse response no app start; FAIL
.Jun 19 13:42:22.188: RADIUS/DECODE: parse response; FAIL


As you can see, the Radius server seems not to respond, and AP retransmits. 

Here are the logs on Radiator:

Code:   Access-Request
Identifier: 44
Authentic:  RDI28228134179x233248135l177Y202255
Attributes:
User-Name = ben
Framed-MTU = 1400
Called-Station-Id = 0002.8a5b.400f
Calling-Station-Id = 0060.1df0.3503
NAS-Port-Type = 19
Signature = 14184;197Q12;219Y5209240179%181184
EAP-Message = 230625
NAS-Port-Type = Virtual
NAS-Port = 159
Service-Type = Login-User
NAS-IP-Address = 172.30.24.10
NAS-Identifier = ap2.gre

Thu Jun 19 15:42:17 2003: DEBUG: Handling request with Handler ''
Thu Jun 19 15:42:17 2003: DEBUG:  Deleting session for ben, 172.30.24.10, 159
Thu Jun 19 15:42:17 2003: DEBUG: Handling with Radius::AuthFILE: 
Thu Jun 19 15:42:17 2003: DEBUG: Handling with EAP: code 2, 3, 6
Thu Jun 19 15:42:17 2003: DEBUG: Response type 25

and that's pretty all. No error to help me out.

Has anybody any clue about that ?

Thanks.
--
Jerome Fleury
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Wireless Access Points that can do Radius Authentication

[Ken Wolstencroft]

I have tested the following access points with Radiator (802.1x, remote MAC
or both):

Proxim AP600
Proxim AP2500
Netgear ME103
Apple Airport Base station

All the best,
Ken

- Original Message - 
From: Hugh Irvine [EMAIL PROTECTED]
To: Brian Morris [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, June 19, 2003 12:03 PM
Subject: Re: (RADIATOR) Wireless Access Points that can do Radius
Authentication



 Hello Brian -

 This is a quickly moving target, so it is probably best to ask your
 favourite vendors and/or do a Google search.

 Any published list is going to be out of date within days.

 You should also be a bit careful with vendor spec sheets, as they often
 don't reflect reality particularily well. And although many wireless
 access points claim to implement radius, it is our experience that this
 is oftentimes limited to authentication only.

 As is usually the case, you should test everything yourself to verify
 vendor claims.

 YMMV

 regards

 Hugh



 On Thursday, Jun 19, 2003, at 10:22 Australia/Melbourne, Brian Morris
 wrote:

  Hi All,
 
  Has anyone compiled a list of wireless access points that do radius
  authentication?
 
  If so, would they like to share it??
 
  If not, can anyone offer some advice as to those that do and work with
  Radiator.
 
  Thanks in advance,
 
  Brian.
 
  ===
  Archive at http://www.open.com.au/archives/radiator/
  Announcements on [EMAIL PROTECTED]
  To unsubscribe, email '[EMAIL PROTECTED]' with
  'unsubscribe radiator' in the body of the message.
 
 

 NB: have you included a copy of your configuration file (no secrets),
 together with a trace 4 debug showing what is happening?

 -- 
 Radiator: the most portable, flexible and configurable RADIUS server
 anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
 -
 Nets: internetwork inventory and management - graphical, extensible,
 flexible with hardware, software, platform and database independence.

 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.490 / Virus Database: 289 - Release Date: 6/16/2003

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Wireless Access Points that can do Radius Authentication

[Bon sy]

Hi Ken,

When you use Proxim AP600 and Proxim AP2500, I wonder you can
share your experience on the acocunting, and specificially with
Radiator radius. Also, how much are these AP sold for in UK?

Thanks in advance!

Bon


On Thu, 19 Jun 2003, Ken Wolstencroft wrote:

 I have tested the following access points with Radiator (802.1x, remote MAC
 or both):
 
 Proxim AP600
 Proxim AP2500
 Netgear ME103
 Apple Airport Base station
 
 All the best,
 Ken
 
 - Original Message - 
 From: Hugh Irvine [EMAIL PROTECTED]
 To: Brian Morris [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Sent: Thursday, June 19, 2003 12:03 PM
 Subject: Re: (RADIATOR) Wireless Access Points that can do Radius
 Authentication
 
 
 
  Hello Brian -
 
  This is a quickly moving target, so it is probably best to ask your
  favourite vendors and/or do a Google search.
 
  Any published list is going to be out of date within days.
 
  You should also be a bit careful with vendor spec sheets, as they often
  don't reflect reality particularily well. And although many wireless
  access points claim to implement radius, it is our experience that this
  is oftentimes limited to authentication only.
 
  As is usually the case, you should test everything yourself to verify
  vendor claims.
 
  YMMV
 
  regards
 
  Hugh
 
 
 
  On Thursday, Jun 19, 2003, at 10:22 Australia/Melbourne, Brian Morris
  wrote:
 
   Hi All,
  
   Has anyone compiled a list of wireless access points that do radius
   authentication?
  
   If so, would they like to share it??
  
   If not, can anyone offer some advice as to those that do and work with
   Radiator.
  
   Thanks in advance,
  
   Brian.
  
   ===
   Archive at http://www.open.com.au/archives/radiator/
   Announcements on [EMAIL PROTECTED]
   To unsubscribe, email '[EMAIL PROTECTED]' with
   'unsubscribe radiator' in the body of the message.
  
  
 
  NB: have you included a copy of your configuration file (no secrets),
  together with a trace 4 debug showing what is happening?
 
  -- 
  Radiator: the most portable, flexible and configurable RADIUS server
  anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
  -
  Nets: internetwork inventory and management - graphical, extensible,
  flexible with hardware, software, platform and database independence.
 
  ===
  Archive at http://www.open.com.au/archives/radiator/
  Announcements on [EMAIL PROTECTED]
  To unsubscribe, email '[EMAIL PROTECTED]' with
  'unsubscribe radiator' in the body of the message.
 
 
 ---
 Outgoing mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.490 / Virus Database: 289 - Release Date: 6/16/2003
 
 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.
 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Can't get PEAP to work, need help.

[Bon sy]

Jerome,

It seems like the request did not reach the server, or the server dropped
the request. We have similar problems at one point with Windows 2000
when using the Windows 2000 built-in client with Cisco 350. It turned out
we needed zero configuration, Service pack 3 and 802.11b authentication
patch on the client side. We have not tried Funk Odyssey. But if
our environment setup infor may be useful to you, you may want to check
out:

http://bonnet2.geol.qc.edu/wireless/wirelessEap-2.htm

which is our How-To for PEAP auth in our environment.

Good luck!


Bon



On Thu, 19 Jun 2003, Jerome Fleury wrote:

 Here is the test config:
 
 Client: Cisco Aironet/Orinoco
 802.1X client: 2000+hotfix/Funk Odyssey
 AP: Cisco Aironet 1100
 
 I use the test config from goodies/eap_peap.cfg with this modification:
 
  Filename %D/users-wifi
 
 (is there any special entry to put in this file ? anonymous user ?)
 
 As soon as I enter my credentials (802.1X identification window from Windows 2000 
 appears), the
 radius request launches from the AP:
 
 .Jun 19 13:42:01.250: dot11_dot1x_run_rfsm: current state CLIENT_WAIT, received 
 CLIENT_REPLY,
 mac: 0060.1df0.3503
 .Jun 19 13:42:01.250: dot11_dot1x_send_response_to_server: Sending client data to 
 server
 .Jun 19 13:42:01.251: RADIUS/ENCODE(3489): acct_session_id: 13473
 .Jun 19 13:42:01.251: RADIUS(3489): sending
 .Jun 19 13:42:01.252: RADIUS: Send to unknown id 44 172.30.19.3:1812, 
 Access-Request, len 128
 .Jun 19 13:42:01.252: RADIUS:  authenticator 52 44 49 1C E4 86 B3 78 - E9 F8 87 6C 
 B1 59 CA FF
 .Jun 19 13:42:01.252: RADIUS:  User-Name   [1]   5   ben
 .Jun 19 13:42:01.252: RADIUS:  Framed-MTU  [12]  6   1400
   
 .Jun 19 13:42:01.252: RADIUS:  Called-Station-Id   [30]  16  0002.8a5b.400f
 .Jun 19 13:42:01.252: RADIUS:  Calling-Station-Id  [31]  16  0060.1df0.3503
 .Jun 19 13:42:01.252: RADIUS:  NAS-Port-Type   [61]  6   802.11 wireless 
   [19]
 .Jun 19 13:42:01.252: RADIUS:  Message-Authenticato[80]  18  *
 .Jun 19 13:42:01.252: RADIUS:  EAP-Message [79]  8   
 .Jun 19 13:42:01.253: RADIUS:   02 03 00 06  
 []
 .Jun 19 13:42:01.253: RADIUS:  NAS-Port-Type   [61]  6   Virtual 
   [5]
 .Jun 19 13:42:01.253: RADIUS:  NAS-Port[5]   6   159 
   
 .Jun 19 13:42:01.253: RADIUS:  Service-Type[6]   6   Login   
   [1]
 .Jun 19 13:42:01.254: RADIUS:  NAS-IP-Address  [4]   6   172.30.24.10
   
 .Jun 19 13:42:01.254: RADIUS:  Nas-Identifier  [32]  9   ap2.gre
 .Jun 19 13:42:06.253: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44
 .Jun 19 13:42:12.056: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44
 .Jun 19 13:42:17.057: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44
 .Jun 19 13:42:21.899: dot11_dot1x_parse_client_pak: Received EAPOL packet from 
 0060.1df0.3503
 .Jun 19 13:42:21.899: EAPOL pak dump rx
 .Jun 19 13:42:21.899: EAPOL Version: 0x1  type: 0x1  length: 0x
 00E126C0:  0101
 .Jun 19 13:42:21.899: dot11_dot1x_run_rfsm: current state SERVER_WAIT, received 
 EAP_START, mac:
 0060.1df0.3503
 .Jun 19 13:42:21.900: dot11_dot1x_ignore_event: Ignore event: do nothing
 .Jun 19 13:42:22.188: RADIUS: Tried all servers.
 .Jun 19 13:42:22.188: RADIUS: No valid server found. Trying any viable server
 .Jun 19 13:42:22.188: RADIUS: Tried all servers.
 .Jun 19 13:42:22.188: RADIUS: No response from (172.30.19.3:1812,1813) for id 44
 .Jun 19 13:42:22.188: RADIUS/DECODE: parse response no app start; FAIL
 .Jun 19 13:42:22.188: RADIUS/DECODE: parse response; FAIL
 
 
 As you can see, the Radius server seems not to respond, and AP retransmits. 
 
 Here are the logs on Radiator:
 
 Code:   Access-Request
 Identifier: 44
 Authentic:  RDI28228134179x233248135l177Y202255
 Attributes:
 User-Name = ben
 Framed-MTU = 1400
 Called-Station-Id = 0002.8a5b.400f
 Calling-Station-Id = 0060.1df0.3503
 NAS-Port-Type = 19
 Signature = 14184;197Q12;219Y5209240179%181184
 EAP-Message = 230625
 NAS-Port-Type = Virtual
 NAS-Port = 159
 Service-Type = Login-User
 NAS-IP-Address = 172.30.24.10
 NAS-Identifier = ap2.gre
 
 Thu Jun 19 15:42:17 2003: DEBUG: Handling request with Handler ''
 Thu Jun 19 15:42:17 2003: DEBUG:  Deleting session for ben, 172.30.24.10, 159
 Thu Jun 19 15:42:17 2003: DEBUG: Handling with Radius::AuthFILE: 
 Thu Jun 19 15:42:17 2003: DEBUG: Handling with EAP: code 2, 3, 6
 Thu Jun 19 15:42:17 2003: DEBUG: Response type 25
 
 and that's pretty all. No error to help me out.
 
 Has anybody any clue about that ?
 
 Thanks.
 --
 Jerome Fleury
 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the 

(RADIATOR) Radiator freezing intermitantly

[Brian Fisk]

I have been running radiator on the same server for the last 3 years and it
worked perfect.  I am now setting up radiator 3.6 on another server using
the old config file which was version 2.18.1

I am noticing that radiator will just freeze up for a period of 5 minutes or
so.  Is there any incompatabilities between the versions for the config
file, or can someone suggest a way of logging to diagnose the problem?

I am running Redhat 8.0 Linux server1 2.4.18-24.8.0smp #1 SMP Fri Jan 31
06:03:47 EST 2003 i686 i686 i386 GNU/Linux)


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Wireless Access Points that can do Radius Authentication

[Bret Jordan]

The ones we would suggest getting are the Proxim AP 2000..  Not only do 
they work will with an 802.1x deployment but they are willing to work 
with us to get Linux support.   They are trying to get us hardware docs 
right now so that we can write the linux drivers for 802.11a and thus 
release that driver to everyone..

All the tools that we are going to write (we have just started writing 
the tools and have not started the drivers) will be hosted at 
http://utahgeeks.sourceforge.net/

Bret

Brian Morris wrote:

Hi All,

Has anyone compiled a list of wireless access points that do radius
authentication?
If so, would they like to share it??

If not, can anyone offer some advice as to those that do and work with
Radiator.
Thanks in advance,

Brian.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
 

--
~~~
Bret Jordan   Dean's Office
Computer Administrator   College of Engineering
801.585.3765 University of Utah
   [EMAIL PROTECTED]
~~~


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Radiator Radar conflict

[Herman verschooten]

Hi,

I have noticed that 
keeping Radar open all the time on debug-logging sometimes freezes Radiator... 
Has anyone else noticed this? Just closing Radar start everything up 
again.

Herman

RE: (RADIATOR) Radiator Radar conflict

[Dave Birkbeck]

Ive noticed the same problem.
Sometimes it will crash within just a couple minutes of debugging and other
times it takes longer.





Dave





-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Herman verschooten
Sent: Thursday, June 19, 2003
11:18 AM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Radiator 
Radar conflict





Hi,











I have noticed that keeping Radar
open all the time on debug-logging sometimes freezes Radiator... Has anyone
else noticed this? Just closing Radar start everything up again.











Herman

Re: (RADIATOR) Radiator Radar conflict

[Hugh Irvine]

Hello Dave, Hello Herman -

Could you both please send us more details including Radiator version hardware/software platform, Perl version and any other debugging information that you have available. The output from Perl when the crash occurs would also be very helpful.

I have copied Mike on this mail as we would like to fix whatever is wrong.	
thanks and regards

Hugh


On Friday, Jun 20, 2003, at 07:19 Australia/Melbourne, Dave Birkbeck wrote:

Ive noticed the same problem. Sometimes it will crash within just a couple minutes of debugging and other times it takes longer.

?

Dave

?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf OfHerman verschooten
Sent: Thursday, June 19, 2003 11:18 AM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Radiator  Radar conflict

?

Hi,

?

I have noticed that keeping Radar open all the time on debug-logging sometimes freezes Radiator... Has anyone else noticed this?? Just closing Radar start everything up again.

?

Herman



NB: have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

Re: (RADIATOR) Radiator freezing intermitantly

[Hugh Irvine]

Hello Brian -

I will need to see a copy of the configuration file (no secrets) 
together with a trace 4 debug from Radiator showing what is happening.

There is also a FAQ item regarding Redhat 8 here:

	http://www.open.com.au/radiator/faq.html#127

regards

Hugh

On Friday, Jun 20, 2003, at 02:20 Australia/Melbourne, Brian Fisk wrote:

I have been running radiator on the same server for the last 3 years 
and it
worked perfect.  I am now setting up radiator 3.6 on another server 
using
the old config file which was version 2.18.1

I am noticing that radiator will just freeze up for a period of 5 
minutes or
so.  Is there any incompatabilities between the versions for the config
file, or can someone suggest a way of logging to diagnose the problem?

I am running Redhat 8.0 Linux server1 2.4.18-24.8.0smp #1 SMP Fri Jan 
31
06:03:47 EST 2003 i686 i686 i386 GNU/Linux)

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Can't get PEAP to work, need help.

[Hugh Irvine]

Salut Jerome -

It looks like Radiator is crashing if the log stops as shown. You will 
need to look at the Perl output to see what the error is, but it is 
usually a missing module that has not been loaded. The easiest way to 
see what is happening is to run radiusd from the command line like this:

	perl radiusd -foreground -log_stdout -trace 4 -config_file .

where  is the name of your configuration file.

Note the list of prerequisite modules that are listed in the comment 
block at the top of the eap_peap.cfg file.

regards

Hugh

On Thursday, Jun 19, 2003, at 23:49 Australia/Melbourne, Jerome Fleury 
wrote:

Here is the test config:

Client: Cisco Aironet/Orinoco
802.1X client: 2000+hotfix/Funk Odyssey
AP: Cisco Aironet 1100
I use the test config from goodies/eap_peap.cfg with this modification:

 Filename %D/users-wifi

(is there any special entry to put in this file ? anonymous user ?)

As soon as I enter my credentials (802.1X identification window from 
Windows 2000 appears), the
radius request launches from the AP:

.Jun 19 13:42:01.250: dot11_dot1x_run_rfsm: current state CLIENT_WAIT, 
received CLIENT_REPLY,
mac: 0060.1df0.3503
.Jun 19 13:42:01.250: dot11_dot1x_send_response_to_server: Sending 
client data to server
.Jun 19 13:42:01.251: RADIUS/ENCODE(3489): acct_session_id: 13473
.Jun 19 13:42:01.251: RADIUS(3489): sending
.Jun 19 13:42:01.252: RADIUS: Send to unknown id 44 172.30.19.3:1812, 
Access-Request, len 128
.Jun 19 13:42:01.252: RADIUS:  authenticator 52 44 49 1C E4 86 B3 78 - 
E9 F8 87 6C B1 59 CA FF
.Jun 19 13:42:01.252: RADIUS:  User-Name   [1]   5   ben
.Jun 19 13:42:01.252: RADIUS:  Framed-MTU  [12]  6   1400
.Jun 19 13:42:01.252: RADIUS:  Called-Station-Id   [30]  16  
0002.8a5b.400f
.Jun 19 13:42:01.252: RADIUS:  Calling-Station-Id  [31]  16  
0060.1df0.3503
.Jun 19 13:42:01.252: RADIUS:  NAS-Port-Type   [61]  6   802.11 
wireless   [19]
.Jun 19 13:42:01.252: RADIUS:  Message-Authenticato[80]  18  *
.Jun 19 13:42:01.252: RADIUS:  EAP-Message [79]  8
.Jun 19 13:42:01.253: RADIUS:   02 03 00 06
  []
.Jun 19 13:42:01.253: RADIUS:  NAS-Port-Type   [61]  6   Virtual   
[5]
.Jun 19 13:42:01.253: RADIUS:  NAS-Port[5]   6   159
.Jun 19 13:42:01.253: RADIUS:  Service-Type[6]   6   Login 
[1]
.Jun 19 13:42:01.254: RADIUS:  NAS-IP-Address  [4]   6   
172.30.24.10
.Jun 19 13:42:01.254: RADIUS:  Nas-Identifier  [32]  9   ap2.gre
.Jun 19 13:42:06.253: RADIUS: Retransmit to (172.30.19.3:1812,1813) 
for id 44
.Jun 19 13:42:12.056: RADIUS: Retransmit to (172.30.19.3:1812,1813) 
for id 44
.Jun 19 13:42:17.057: RADIUS: Retransmit to (172.30.19.3:1812,1813) 
for id 44
.Jun 19 13:42:21.899: dot11_dot1x_parse_client_pak: Received EAPOL 
packet from 0060.1df0.3503
.Jun 19 13:42:21.899: EAPOL pak dump rx
.Jun 19 13:42:21.899: EAPOL Version: 0x1  type: 0x1  length: 0x
00E126C0:  0101
.Jun 19 13:42:21.899: dot11_dot1x_run_rfsm: current state SERVER_WAIT, 
received EAP_START, mac:
0060.1df0.3503
.Jun 19 13:42:21.900: dot11_dot1x_ignore_event: Ignore event: do 
nothing
.Jun 19 13:42:22.188: RADIUS: Tried all servers.
.Jun 19 13:42:22.188: RADIUS: No valid server found. Trying any viable 
server
.Jun 19 13:42:22.188: RADIUS: Tried all servers.
.Jun 19 13:42:22.188: RADIUS: No response from (172.30.19.3:1812,1813) 
for id 44
.Jun 19 13:42:22.188: RADIUS/DECODE: parse response no app start; FAIL
.Jun 19 13:42:22.188: RADIUS/DECODE: parse response; FAIL

As you can see, the Radius server seems not to respond, and AP 
retransmits.

Here are the logs on Radiator:

Code:   Access-Request
Identifier: 44
Authentic:  RDI28228134179x233248135l177Y202255
Attributes:
User-Name = ben
Framed-MTU = 1400
Called-Station-Id = 0002.8a5b.400f
Calling-Station-Id = 0060.1df0.3503
NAS-Port-Type = 19
Signature = 
14184;197Q12;219Y5209240179%181184
EAP-Message = 230625
NAS-Port-Type = Virtual
NAS-Port = 159
Service-Type = Login-User
NAS-IP-Address = 172.30.24.10
NAS-Identifier = ap2.gre

Thu Jun 19 15:42:17 2003: DEBUG: Handling request with Handler ''
Thu Jun 19 15:42:17 2003: DEBUG:  Deleting session for ben, 
172.30.24.10, 159
Thu Jun 19 15:42:17 2003: DEBUG: Handling with Radius::AuthFILE:
Thu Jun 19 15:42:17 2003: DEBUG: Handling with EAP: code 2, 3, 6
Thu Jun 19 15:42:17 2003: DEBUG: Response type 25

and that's pretty all. No error to help me out.

Has anybody any clue about that ?

Thanks.
--
Jerome Fleury
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--

(RADIATOR) Testing Problem

[iin]

Dear Sir,

I have installed radiator successfully in Win2k.
But ...
I get a problem when i test my radiator.
the problem is :

DEBUG: Creating authentication port 0.0.0.0:1645
Could not bind authentication socket: Unknown error at c:\perl\bin\radiusd 
line
463.

Please advice us.


Thanks
Iin Nurhidayat


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) What does this mean?

[Craig Gittens]

Jun 19 17:48:50 2003: ERR: Error in PreHandlerHook(): Can't use string
(vpr) as a subroutine ref while strict refs in use at
C:/Perl/site/lib/Radius/Configurable.pm line 460.


This is the vpr file: (Thanks to Robert Blayzor!)

sub {
${$_[0]}-delete_attr('NAS-Port-Type');
${$_[0]}-add_attr('NAS-Port-Type', 'Virtual');
}

and I am using a database with the field Prehandlerhook set to vpr

ThanksIA,

Craig Gittens
Internet Infrastructure  Support Manager
Sunbeach Communications Inc.
San Remo
Belmont Road, St. Michael, Barbados
Voice: (246) 430-1569
Fax: (246) 228-6330


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) What does this mean?

[Hugh Irvine]

Hello Craig -

I suspect what you show below is in a file called vpr?

If so, the correct configuration file syntax is this:

	PreHandlerHook file:%D/vpr

assuming that you have copied the vpr file to your DbDir directory 
(%D).

This instructs Radiator to load the hook code from the file vpr in 
the DbDir directory.

regards

Hugh

On Friday, Jun 20, 2003, at 14:50 Australia/Melbourne, Craig Gittens 
wrote:

Jun 19 17:48:50 2003: ERR: Error in PreHandlerHook(): Can't use string
(vpr) as a subroutine ref while strict refs in use at
C:/Perl/site/lib/Radius/Configurable.pm line 460.
This is the vpr file: (Thanks to Robert Blayzor!)

sub {
${$_[0]}-delete_attr('NAS-Port-Type');
${$_[0]}-add_attr('NAS-Port-Type', 'Virtual');
}
and I am using a database with the field Prehandlerhook set to vpr

ThanksIA,

Craig Gittens
Internet Infrastructure  Support Manager
Sunbeach Communications Inc.
San Remo
Belmont Road, St. Michael, Barbados
Voice: (246) 430-1569
Fax: (246) 228-6330
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.