(RADIATOR) Using UseExtendedId
Title: Message Hey Guys, Having a few issues after implementing UseExtendedId in ournetwork, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? ThanksMartin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda RdMelbourne VIC 3004NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify.
Re: (RADIATOR) Using UseExtendedId
Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au image.tiff> NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Using UseExtendedId
Hello Martin, On Thu, 19 Jun 2003 04:38 pm, Hugh Irvine wrote: Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. Yes, that should work OK as you described it. Cheers. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au image.tiff NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Using UseExtendedId
Hi Hugh, It appears they are not responding with the Proxy-State attribute, therefore our RADIUS system is coming up unknown reply to packet. For instance: Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 239 from 203.30.19.248:1846 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 240 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 202.71.168.62:1846 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 202.71.168.62:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 203.30.19.248:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 202.71.168.62:1846 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 203.30.19.248:1846 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS for request 244 from 203.30.19.248:1846 *** Sending to 202.4.30.2 port 1646 Code: Accounting-Request Identifier: 74 Authentic: Attributes: Acct-Session-Id = 2F85 Framed-Protocol = PPP Framed-IP-Address = 203.194.16.52 Ascend-Connect-Progress = prLanSessionUp Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = XXX Called-Station-Id = XXX NAS-Port-Type = Async NAS-Port = 7393 Service-Type = Framed-User NAS-IP-Address = 203.194.30.8 Ascend-Session-Svr-Key = XXX NAS-Identifier = ACC08-XX Acct-Delay-Time = 0 User-Name = X Timestamp = 1056005873 Proxy-State = OSC-Extended-Id=330 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted Thu Jun 19 16:57:53 2003: DEBUG: Packet dump: *** Received from 202.4.30.2 port 1646 Code: Accounting-Response Identifier: 74 Authentic: 181156NP130;{`21226+{U1331406 Attributes: Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 74 from 202.4.30.2:1646 Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:38 PM To: Martin Edge; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au image.tiff NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Using UseExtendedId
Thanks, I'll give it a bash.. Martin -Original Message- From: Mike McCauley [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:57 PM To: Hugh Irvine; Martin Edge Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin, On Thu, 19 Jun 2003 04:38 pm, Hugh Irvine wrote: Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. Yes, that should work OK as you described it. Cheers. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au image.tiff NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using UseExtendedId
Hello Martin - Not returning a Proxy-State attribute is quite broken behaviour. regards Hugh On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge wrote: Hi Hugh, It appears they are not responding with the Proxy-State attribute, therefore our RADIUS system is coming up unknown reply to packet. For instance: Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 239 from 203.30.19.248:1846 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 240 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 202.71.168.62:1846 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 202.71.168.62:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 203.30.19.248:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 202.71.168.62:1846 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 203.30.19.248:1846 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS for request 244 from 203.30.19.248:1846 *** Sending to 202.4.30.2 port 1646 Code: Accounting-Request Identifier: 74 Authentic: Attributes: Acct-Session-Id = 2F85 Framed-Protocol = PPP Framed-IP-Address = 203.194.16.52 Ascend-Connect-Progress = prLanSessionUp Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = XXX Called-Station-Id = XXX NAS-Port-Type = Async NAS-Port = 7393 Service-Type = Framed-User NAS-IP-Address = 203.194.30.8 Ascend-Session-Svr-Key = XXX NAS-Identifier = ACC08-XX Acct-Delay-Time = 0 User-Name = X Timestamp = 1056005873 Proxy-State = OSC-Extended-Id=330 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted Thu Jun 19 16:57:53 2003: DEBUG: Packet dump: *** Received from 202.4.30.2 port 1646 Code: Accounting-Response Identifier: 74 Authentic: 181156NP130;{`21226+{U1331406 Attributes: Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 74 from 202.4.30.2:1646 Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:38 PM To: Martin Edge; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au image.tiff NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. NB: have you included a copy of your configuration file (no secrets), together with a
RE: (RADIATOR) Using UseExtendedId
Hi guys, Looks like it doesn't work as expected. Not seeing any Proxy-State values being implemented when relying on SQL RADIUS, have confirmed my database is coming up with a '1' to say use it, as soon as I readd 'UseExtendedIds' to the AuthBy the stuff below sits, it works fine again. Within SQLRADIUS : HostColumnDef 0, Host HostColumnDef 1, Secret HostColumnDef 2, AuthPort HostColumnDef 3, AcctPort HostColumnDef 4, Retries HostColumnDef 5, RetryTimeout HostColumnDef 6, FailureBackoffTime HostColumnDef 7, FailurePolicy HostColumnDef 8, AddToReply HostColumnDef 9, StripFromReply HostColumnDef 10, AllowInReply HostColumnDef 11, AddToReplyIfNotExist HostColumnDef 12, DefaultReply HostColumnDef 13, AddToRequest HostColumnDef 14, StripFromRequset HostColumnDef 15, AddToRequestIfNotExist HostColumnDef 16, UseOldAscendPasswords HostColumnDef 17, ServerHasBrokenPortNumbers HostColumnDef 18, ServerHasBrokenAddresses HostColumnDef 19, IgnoreReplySignature HostColumnDef 20, UseExtendedIds Is this because I am still using depreciated fields, UseOldAs.. And ServerHasBr.. ? Thanks Martin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Edge Sent: Thursday, 19 June 2003 5:02 PM To: 'Mike McCauley'; 'Hugh Irvine' Cc: [EMAIL PROTECTED] Subject: RE: (RADIATOR) Using UseExtendedId Thanks, I'll give it a bash.. Martin -Original Message- From: Mike McCauley [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:57 PM To: Hugh Irvine; Martin Edge Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin, On Thu, 19 Jun 2003 04:38 pm, Hugh Irvine wrote: Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. Yes, that should work OK as you described it. Cheers. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au image.tiff NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Using UseExtendedId
I'll see I can find out which products these customers are using.. (pretty sure it's not Radiator) Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Thursday, 19 June 2003 5:12 PM To: Martin Edge Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - Not returning a Proxy-State attribute is quite broken behaviour. regards Hugh On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge wrote: Hi Hugh, It appears they are not responding with the Proxy-State attribute, therefore our RADIUS system is coming up unknown reply to packet. For instance: Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 239 from 203.30.19.248:1846 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 240 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 202.71.168.62:1846 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 202.71.168.62:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 203.30.19.248:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 202.71.168.62:1846 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 203.30.19.248:1846 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS for request 244 from 203.30.19.248:1846 *** Sending to 202.4.30.2 port 1646 Code: Accounting-Request Identifier: 74 Authentic: Attributes: Acct-Session-Id = 2F85 Framed-Protocol = PPP Framed-IP-Address = 203.194.16.52 Ascend-Connect-Progress = prLanSessionUp Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = XXX Called-Station-Id = XXX NAS-Port-Type = Async NAS-Port = 7393 Service-Type = Framed-User NAS-IP-Address = 203.194.30.8 Ascend-Session-Svr-Key = XXX NAS-Identifier = ACC08-XX Acct-Delay-Time = 0 User-Name = X Timestamp = 1056005873 Proxy-State = OSC-Extended-Id=330 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted Thu Jun 19 16:57:53 2003: DEBUG: Packet dump: *** Received from 202.4.30.2 port 1646 Code: Accounting-Response Identifier: 74 Authentic: 181156NP130;{`21226+{U1331406 Attributes: Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 74 from 202.4.30.2:1646 Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:38 PM To: Martin Edge; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned
RE: (RADIATOR) Radiator Error Logging
It might also be an option to copy the caller ID to the user ID. Assuming that no other part of your system gets confused, of course. /Ingvar -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: den 19 juni 2003 07:47 To: Harrison Ng Cc: '[EMAIL PROTECTED]' Subject: Re: (RADIATOR) Radiator Error Logging Hello Harrison - The only way I can think of to do this is to write a NoReplyHook and have it log whatever message you require. There are some example hooks in the file goodies/hooks.txt. regards Hugh On Thursday, Jun 19, 2003, at 13:04 Australia/Melbourne, Harrison Ng wrote: Dear Sir, Our radiator generates following messages: INFO: AuthRADIUS: No reply after 0 retransmissions to 123.123.123.123:1813 for void (54) Since our customer doesn't need to enter his username, remote access server sends out 'void' for default. Can we customize the message so that it includes Calling-Station-Id attribute? We need to identify which record doesn't arrive remote accounting server. The new message will look like this: INFO: AuthRADIUS: No reply after 0 retransmissions to 123.123.123.123:1813 for void (85291234567) (54) **where (85291234567) represents Calling-Station-Id attribute Thanks for your help in advance! Regards, Harrison InterScan_Disclaimer.txt NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Using UseExtendedId
Have 1 instance of MacRadius, one of ICRadius 0.18, one X-Radius 1.2.1 which I've never heard of. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Edge Sent: Thursday, 19 June 2003 5:31 PM To: 'Hugh Irvine' Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: (RADIATOR) Using UseExtendedId I'll see I can find out which products these customers are using.. (pretty sure it's not Radiator) Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Thursday, 19 June 2003 5:12 PM To: Martin Edge Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - Not returning a Proxy-State attribute is quite broken behaviour. regards Hugh On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge wrote: Hi Hugh, It appears they are not responding with the Proxy-State attribute, therefore our RADIUS system is coming up unknown reply to packet. For instance: Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 239 from 203.30.19.248:1846 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 240 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 202.71.168.62:1846 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 202.71.168.62:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 203.30.19.248:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 202.71.168.62:1846 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 203.30.19.248:1846 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS for request 244 from 203.30.19.248:1846 *** Sending to 202.4.30.2 port 1646 Code: Accounting-Request Identifier: 74 Authentic: Attributes: Acct-Session-Id = 2F85 Framed-Protocol = PPP Framed-IP-Address = 203.194.16.52 Ascend-Connect-Progress = prLanSessionUp Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = XXX Called-Station-Id = XXX NAS-Port-Type = Async NAS-Port = 7393 Service-Type = Framed-User NAS-IP-Address = 203.194.30.8 Ascend-Session-Svr-Key = XXX NAS-Identifier = ACC08-XX Acct-Delay-Time = 0 User-Name = X Timestamp = 1056005873 Proxy-State = OSC-Extended-Id=330 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted Thu Jun 19 16:57:53 2003: DEBUG: Packet dump: *** Received from 202.4.30.2 port 1646 Code: Accounting-Response Identifier: 74 Authentic: 181156NP130;{`21226+{U1331406 Attributes: Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 74 from 202.4.30.2:1646 Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:38 PM To: Martin Edge; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. regards Hugh On Thursday, Jun
RE: (RADIATOR) Using UseExtendedId
Hello Martin, RFC 2865 clearly specifies the behaviour in case a request contains Proxy-State. So not returning Proxy-State correctly is a violation of the RFC. Sometimes things go wrong when requests are proxied twice with each proxy adding Proxy-State. But the RFC covers this as well. Met vriendelijke groet, Hylke Zuidema Developmentmanager KPN - Internet Operator Tel: +31 70 451 33 70 -Oorspronkelijk bericht- Van: Martin Edge [mailto:[EMAIL PROTECTED] Verzonden: donderdag 19 juni 2003 10:14 Aan: 'Hugh Irvine' CC: [EMAIL PROTECTED]; [EMAIL PROTECTED] Onderwerp: RE: (RADIATOR) Using UseExtendedId Have 1 instance of MacRadius, one of ICRadius 0.18, one X-Radius 1.2.1 which I've never heard of. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Edge Sent: Thursday, 19 June 2003 5:31 PM To: 'Hugh Irvine' Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: (RADIATOR) Using UseExtendedId I'll see I can find out which products these customers are using.. (pretty sure it's not Radiator) Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Thursday, 19 June 2003 5:12 PM To: Martin Edge Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - Not returning a Proxy-State attribute is quite broken behaviour. regards Hugh On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge wrote: Hi Hugh, It appears they are not responding with the Proxy-State attribute, therefore our RADIUS system is coming up unknown reply to packet. For instance: Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 239 from 203.30.19.248:1846 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 240 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 202.71.168.62:1846 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 202.71.168.62:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 203.30.19.248:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 202.71.168.62:1846 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 203.30.19.248:1846 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS for request 244 from 203.30.19.248:1846 *** Sending to 202.4.30.2 port 1646 Code: Accounting-Request Identifier: 74 Authentic: Attributes: Acct-Session-Id = 2F85 Framed-Protocol = PPP Framed-IP-Address = 203.194.16.52 Ascend-Connect-Progress = prLanSessionUp Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = XXX Called-Station-Id = XXX NAS-Port-Type = Async NAS-Port = 7393 Service-Type = Framed-User NAS-IP-Address = 203.194.30.8 Ascend-Session-Svr-Key = XXX NAS-Identifier = ACC08-XX Acct-Delay-Time = 0 User-Name = X Timestamp = 1056005873 Proxy-State = OSC-Extended-Id=330 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted Thu Jun 19 16:57:53 2003: DEBUG: Packet dump: *** Received from 202.4.30.2 port 1646 Code: Accounting-Response Identifier: 74 Authentic: 181156NP130;{`21226+{U1331406 Attributes: Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 74 from 202.4.30.2:1646 Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are
Re: (RADIATOR) Wireless Access Points that can do Radius Authentication
Hello Brian - This is a quickly moving target, so it is probably best to ask your favourite vendors and/or do a Google search. Any published list is going to be out of date within days. You should also be a bit careful with vendor spec sheets, as they often don't reflect reality particularily well. And although many wireless access points claim to implement radius, it is our experience that this is oftentimes limited to authentication only. As is usually the case, you should test everything yourself to verify vendor claims. YMMV regards Hugh On Thursday, Jun 19, 2003, at 10:22 Australia/Melbourne, Brian Morris wrote: Hi All, Has anyone compiled a list of wireless access points that do radius authentication? If so, would they like to share it?? If not, can anyone offer some advice as to those that do and work with Radiator. Thanks in advance, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Wireless Access Points that can do Radius Authentication
Brian and Mike, I will add Linksys WRT51AB with official spec at (http://www.linksys.com/products/product.asp?prid=476grid= ) I have not tried this but it claims to support 802.1x and it is the least inexpensive one in the U.S. (retail less than $200). I will also suggest to check against the Wi-Fi certified product list at http://www.wi-fi.org/OpenSection/certified_products.asp?TID=2 to avoid compatibility issues with cross vendor products. For example, I did not find Lancom 3050 that Mike mentioned in the list. As new standards like 802.11g and WPA that are emerging frequently, I will suggest the listing, either here or elsewhere, to get into more specifics and user experience. For example, what client supplicants works with what AP through (radiator or other) radius under what version of driver/firmware, and any problems when using it as we have encountered. In either case, I will repost this to http://www.qcwireless.net/ I will also try to update when warranted via the site that we maintain at http://www.qcwireless.net/ where it devoted itself to only wireless related discussion. I hope this coould help to complement this site that devotes specifically only to radiator issues. Bon On Thu, 19 Jun 2003, Mike McCauley wrote: Hello Brian, You will find a list of the ones we know about at http://www.open.com.au/radiator/technical.html, see also below. If anyone can list others that are known to work with Radiator, we will update the list: Cisco Aironet AP340, 350, 1200 3Com SR AP 8000 LanCom 3050 D-Link DWL-900AP+ Orinoco/Proxim AP-2000, 2500 On Thu, 19 Jun 2003 10:22 am, Brian Morris wrote: Hi All, Has anyone compiled a list of wireless access points that do radius authentication? If so, would they like to share it?? If not, can anyone offer some advice as to those that do and work with Radiator. Thanks in advance, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator Error Logging
Hello Ingvar - This is a good idea and is easy to do in a PreClientHook (see goodies/hooks.txt). You may also be able to use an AddToRequest in the Client clause. regards Hugh On Thursday, Jun 19, 2003, at 17:52 Australia/Melbourne, Ingvar Berg (EAB) wrote: It might also be an option to copy the caller ID to the user ID. Assuming that no other part of your system gets confused, of course. /Ingvar -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: den 19 juni 2003 07:47 To: Harrison Ng Cc: '[EMAIL PROTECTED]' Subject:Re: (RADIATOR) Radiator Error Logging Hello Harrison - The only way I can think of to do this is to write a NoReplyHook and have it log whatever message you require. There are some example hooks in the file goodies/hooks.txt. regards Hugh On Thursday, Jun 19, 2003, at 13:04 Australia/Melbourne, Harrison Ng wrote: Dear Sir, Our radiator generates following messages: INFO: AuthRADIUS: No reply after 0 retransmissions to 123.123.123.123:1813 for void (54) Since our customer doesn't need to enter his username, remote access server sends out 'void' for default. Can we customize the message so that it includes Calling-Station-Id attribute? We need to identify which record doesn't arrive remote accounting server. The new message will look like this: INFO: AuthRADIUS: No reply after 0 retransmissions to 123.123.123.123:1813 for void (85291234567) (54) **where (85291234567) represents Calling-Station-Id attribute Thanks for your help in advance! Regards, Harrison InterScan_Disclaimer.txt NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using UseExtendedId
Hello Martin - Sounds like three potential customers to me. :-) regards Hugh On Thursday, Jun 19, 2003, at 18:14 Australia/Melbourne, Martin Edge wrote: Have 1 instance of MacRadius, one of ICRadius 0.18, one X-Radius 1.2.1 which I've never heard of. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Edge Sent: Thursday, 19 June 2003 5:31 PM To: 'Hugh Irvine' Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: (RADIATOR) Using UseExtendedId I'll see I can find out which products these customers are using.. (pretty sure it's not Radiator) Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Thursday, 19 June 2003 5:12 PM To: Martin Edge Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - Not returning a Proxy-State attribute is quite broken behaviour. regards Hugh On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge wrote: Hi Hugh, It appears they are not responding with the Proxy-State attribute, therefore our RADIUS system is coming up unknown reply to packet. For instance: Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 239 from 203.30.19.248:1846 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 240 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 202.71.168.62:1846 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 202.71.168.62:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 203.30.19.248:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 202.71.168.62:1846 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 203.30.19.248:1846 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS for request 244 from 203.30.19.248:1846 *** Sending to 202.4.30.2 port 1646 Code: Accounting-Request Identifier: 74 Authentic: Attributes: Acct-Session-Id = 2F85 Framed-Protocol = PPP Framed-IP-Address = 203.194.16.52 Ascend-Connect-Progress = prLanSessionUp Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = XXX Called-Station-Id = XXX NAS-Port-Type = Async NAS-Port = 7393 Service-Type = Framed-User NAS-IP-Address = 203.194.30.8 Ascend-Session-Svr-Key = XXX NAS-Identifier = ACC08-XX Acct-Delay-Time = 0 User-Name = X Timestamp = 1056005873 Proxy-State = OSC-Extended-Id=330 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted Thu Jun 19 16:57:53 2003: DEBUG: Packet dump: *** Received from 202.4.30.2 port 1646 Code: Accounting-Response Identifier: 74 Authentic: 181156NP130;{`21226+{U1331406 Attributes: Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 74 from 202.4.30.2:1646 Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:38 PM To: Martin Edge; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId.
Re: (RADIATOR) Wireless Access Points that can do Radius Authentication
Hugh, Brian, and who else is interested, The whole point of going to a centralized site like wi-fi.org is to have trustworthy/(semi)credible entities to conduct the test and to post the results. First off, I have no relationship with wi-fi.org if anyone wonders, and I do not embrace just one entity. Rather, it makes sense for me to embrace whatever entity providing good and useful services. We all know the problems of subjective tests and biased statements. As Hugh has pointed out, radius support is _not_ the same as radius full support on AAA or 802.1x. So, approaching vendor or googling, in my opinion, bears more or less the same risk if one is not applying own judgement and/or if there is a lack of trustworthy/(semi)credible entity doing so. I still feel some sort of (semi)official entities that can provide some sort of a validation lab service could be a great service to the technology users, wireless or not. If nothing else, one can have a shortlist to start, and perhaps if nothing works, resort it back to googling or staying on a phone for 45 mins to wait for tech support to answer a simple question. About the time lag issue, it is unavoidable. The question really is the response time issue. For myself, if I never commit myself within a month of a new product release, and if whatever (semi)official entity can have the valuable validation infor/testing/results available within a month of a new product release, I can live perfectly happy with it. In addition, it also has to do with time-to-market strategy and balance between potential liability on a company's reputation (if a product has a problem) vs the level of completeness in the testing/validation phase of a new product. For example, if a company is reputable and conservative on conducting thorough test before releasing a product, or if I know the company/organization is not just speculative on gaining market share, I may be willing to jump into it sooner. Hugh, Brian, and perhaps whoever is interested, I wonder anyone cares to offer your viewpoint on the acceptable lag time for a product review/test/validation, and what's your viewpoint on having such (semi)official entities? Either case, I think this could be a great discussion and I am going to re-post this for our students and colleagues here (at Queens College). Your inputs will certainly help folks in this community as well as those in the Queens College community to understand this issue better. Thanks in advance! Bon On Thu, 19 Jun 2003, Hugh Irvine wrote: Hello Brian - This is a quickly moving target, so it is probably best to ask your favourite vendors and/or do a Google search. Any published list is going to be out of date within days. You should also be a bit careful with vendor spec sheets, as they often don't reflect reality particularily well. And although many wireless access points claim to implement radius, it is our experience that this is oftentimes limited to authentication only. As is usually the case, you should test everything yourself to verify vendor claims. YMMV regards Hugh On Thursday, Jun 19, 2003, at 10:22 Australia/Melbourne, Brian Morris wrote: Hi All, Has anyone compiled a list of wireless access points that do radius authentication? If so, would they like to share it?? If not, can anyone offer some advice as to those that do and work with Radiator. Thanks in advance, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Can't get PEAP to work, need help.
Here is the test config: Client: Cisco Aironet/Orinoco 802.1X client: 2000+hotfix/Funk Odyssey AP: Cisco Aironet 1100 I use the test config from goodies/eap_peap.cfg with this modification: Filename %D/users-wifi (is there any special entry to put in this file ? anonymous user ?) As soon as I enter my credentials (802.1X identification window from Windows 2000 appears), the radius request launches from the AP: .Jun 19 13:42:01.250: dot11_dot1x_run_rfsm: current state CLIENT_WAIT, received CLIENT_REPLY, mac: 0060.1df0.3503 .Jun 19 13:42:01.250: dot11_dot1x_send_response_to_server: Sending client data to server .Jun 19 13:42:01.251: RADIUS/ENCODE(3489): acct_session_id: 13473 .Jun 19 13:42:01.251: RADIUS(3489): sending .Jun 19 13:42:01.252: RADIUS: Send to unknown id 44 172.30.19.3:1812, Access-Request, len 128 .Jun 19 13:42:01.252: RADIUS: authenticator 52 44 49 1C E4 86 B3 78 - E9 F8 87 6C B1 59 CA FF .Jun 19 13:42:01.252: RADIUS: User-Name [1] 5 ben .Jun 19 13:42:01.252: RADIUS: Framed-MTU [12] 6 1400 .Jun 19 13:42:01.252: RADIUS: Called-Station-Id [30] 16 0002.8a5b.400f .Jun 19 13:42:01.252: RADIUS: Calling-Station-Id [31] 16 0060.1df0.3503 .Jun 19 13:42:01.252: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19] .Jun 19 13:42:01.252: RADIUS: Message-Authenticato[80] 18 * .Jun 19 13:42:01.252: RADIUS: EAP-Message [79] 8 .Jun 19 13:42:01.253: RADIUS: 02 03 00 06 [] .Jun 19 13:42:01.253: RADIUS: NAS-Port-Type [61] 6 Virtual [5] .Jun 19 13:42:01.253: RADIUS: NAS-Port[5] 6 159 .Jun 19 13:42:01.253: RADIUS: Service-Type[6] 6 Login [1] .Jun 19 13:42:01.254: RADIUS: NAS-IP-Address [4] 6 172.30.24.10 .Jun 19 13:42:01.254: RADIUS: Nas-Identifier [32] 9 ap2.gre .Jun 19 13:42:06.253: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:12.056: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:17.057: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:21.899: dot11_dot1x_parse_client_pak: Received EAPOL packet from 0060.1df0.3503 .Jun 19 13:42:21.899: EAPOL pak dump rx .Jun 19 13:42:21.899: EAPOL Version: 0x1 type: 0x1 length: 0x 00E126C0: 0101 .Jun 19 13:42:21.899: dot11_dot1x_run_rfsm: current state SERVER_WAIT, received EAP_START, mac: 0060.1df0.3503 .Jun 19 13:42:21.900: dot11_dot1x_ignore_event: Ignore event: do nothing .Jun 19 13:42:22.188: RADIUS: Tried all servers. .Jun 19 13:42:22.188: RADIUS: No valid server found. Trying any viable server .Jun 19 13:42:22.188: RADIUS: Tried all servers. .Jun 19 13:42:22.188: RADIUS: No response from (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:22.188: RADIUS/DECODE: parse response no app start; FAIL .Jun 19 13:42:22.188: RADIUS/DECODE: parse response; FAIL As you can see, the Radius server seems not to respond, and AP retransmits. Here are the logs on Radiator: Code: Access-Request Identifier: 44 Authentic: RDI28228134179x233248135l177Y202255 Attributes: User-Name = ben Framed-MTU = 1400 Called-Station-Id = 0002.8a5b.400f Calling-Station-Id = 0060.1df0.3503 NAS-Port-Type = 19 Signature = 14184;197Q12;219Y5209240179%181184 EAP-Message = 230625 NAS-Port-Type = Virtual NAS-Port = 159 Service-Type = Login-User NAS-IP-Address = 172.30.24.10 NAS-Identifier = ap2.gre Thu Jun 19 15:42:17 2003: DEBUG: Handling request with Handler '' Thu Jun 19 15:42:17 2003: DEBUG: Deleting session for ben, 172.30.24.10, 159 Thu Jun 19 15:42:17 2003: DEBUG: Handling with Radius::AuthFILE: Thu Jun 19 15:42:17 2003: DEBUG: Handling with EAP: code 2, 3, 6 Thu Jun 19 15:42:17 2003: DEBUG: Response type 25 and that's pretty all. No error to help me out. Has anybody any clue about that ? Thanks. -- Jerome Fleury === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Wireless Access Points that can do Radius Authentication
I have tested the following access points with Radiator (802.1x, remote MAC or both): Proxim AP600 Proxim AP2500 Netgear ME103 Apple Airport Base station All the best, Ken - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, June 19, 2003 12:03 PM Subject: Re: (RADIATOR) Wireless Access Points that can do Radius Authentication Hello Brian - This is a quickly moving target, so it is probably best to ask your favourite vendors and/or do a Google search. Any published list is going to be out of date within days. You should also be a bit careful with vendor spec sheets, as they often don't reflect reality particularily well. And although many wireless access points claim to implement radius, it is our experience that this is oftentimes limited to authentication only. As is usually the case, you should test everything yourself to verify vendor claims. YMMV regards Hugh On Thursday, Jun 19, 2003, at 10:22 Australia/Melbourne, Brian Morris wrote: Hi All, Has anyone compiled a list of wireless access points that do radius authentication? If so, would they like to share it?? If not, can anyone offer some advice as to those that do and work with Radiator. Thanks in advance, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.490 / Virus Database: 289 - Release Date: 6/16/2003 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Wireless Access Points that can do Radius Authentication
Hi Ken, When you use Proxim AP600 and Proxim AP2500, I wonder you can share your experience on the acocunting, and specificially with Radiator radius. Also, how much are these AP sold for in UK? Thanks in advance! Bon On Thu, 19 Jun 2003, Ken Wolstencroft wrote: I have tested the following access points with Radiator (802.1x, remote MAC or both): Proxim AP600 Proxim AP2500 Netgear ME103 Apple Airport Base station All the best, Ken - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Brian Morris [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, June 19, 2003 12:03 PM Subject: Re: (RADIATOR) Wireless Access Points that can do Radius Authentication Hello Brian - This is a quickly moving target, so it is probably best to ask your favourite vendors and/or do a Google search. Any published list is going to be out of date within days. You should also be a bit careful with vendor spec sheets, as they often don't reflect reality particularily well. And although many wireless access points claim to implement radius, it is our experience that this is oftentimes limited to authentication only. As is usually the case, you should test everything yourself to verify vendor claims. YMMV regards Hugh On Thursday, Jun 19, 2003, at 10:22 Australia/Melbourne, Brian Morris wrote: Hi All, Has anyone compiled a list of wireless access points that do radius authentication? If so, would they like to share it?? If not, can anyone offer some advice as to those that do and work with Radiator. Thanks in advance, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.490 / Virus Database: 289 - Release Date: 6/16/2003 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Can't get PEAP to work, need help.
Jerome, It seems like the request did not reach the server, or the server dropped the request. We have similar problems at one point with Windows 2000 when using the Windows 2000 built-in client with Cisco 350. It turned out we needed zero configuration, Service pack 3 and 802.11b authentication patch on the client side. We have not tried Funk Odyssey. But if our environment setup infor may be useful to you, you may want to check out: http://bonnet2.geol.qc.edu/wireless/wirelessEap-2.htm which is our How-To for PEAP auth in our environment. Good luck! Bon On Thu, 19 Jun 2003, Jerome Fleury wrote: Here is the test config: Client: Cisco Aironet/Orinoco 802.1X client: 2000+hotfix/Funk Odyssey AP: Cisco Aironet 1100 I use the test config from goodies/eap_peap.cfg with this modification: Filename %D/users-wifi (is there any special entry to put in this file ? anonymous user ?) As soon as I enter my credentials (802.1X identification window from Windows 2000 appears), the radius request launches from the AP: .Jun 19 13:42:01.250: dot11_dot1x_run_rfsm: current state CLIENT_WAIT, received CLIENT_REPLY, mac: 0060.1df0.3503 .Jun 19 13:42:01.250: dot11_dot1x_send_response_to_server: Sending client data to server .Jun 19 13:42:01.251: RADIUS/ENCODE(3489): acct_session_id: 13473 .Jun 19 13:42:01.251: RADIUS(3489): sending .Jun 19 13:42:01.252: RADIUS: Send to unknown id 44 172.30.19.3:1812, Access-Request, len 128 .Jun 19 13:42:01.252: RADIUS: authenticator 52 44 49 1C E4 86 B3 78 - E9 F8 87 6C B1 59 CA FF .Jun 19 13:42:01.252: RADIUS: User-Name [1] 5 ben .Jun 19 13:42:01.252: RADIUS: Framed-MTU [12] 6 1400 .Jun 19 13:42:01.252: RADIUS: Called-Station-Id [30] 16 0002.8a5b.400f .Jun 19 13:42:01.252: RADIUS: Calling-Station-Id [31] 16 0060.1df0.3503 .Jun 19 13:42:01.252: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19] .Jun 19 13:42:01.252: RADIUS: Message-Authenticato[80] 18 * .Jun 19 13:42:01.252: RADIUS: EAP-Message [79] 8 .Jun 19 13:42:01.253: RADIUS: 02 03 00 06 [] .Jun 19 13:42:01.253: RADIUS: NAS-Port-Type [61] 6 Virtual [5] .Jun 19 13:42:01.253: RADIUS: NAS-Port[5] 6 159 .Jun 19 13:42:01.253: RADIUS: Service-Type[6] 6 Login [1] .Jun 19 13:42:01.254: RADIUS: NAS-IP-Address [4] 6 172.30.24.10 .Jun 19 13:42:01.254: RADIUS: Nas-Identifier [32] 9 ap2.gre .Jun 19 13:42:06.253: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:12.056: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:17.057: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:21.899: dot11_dot1x_parse_client_pak: Received EAPOL packet from 0060.1df0.3503 .Jun 19 13:42:21.899: EAPOL pak dump rx .Jun 19 13:42:21.899: EAPOL Version: 0x1 type: 0x1 length: 0x 00E126C0: 0101 .Jun 19 13:42:21.899: dot11_dot1x_run_rfsm: current state SERVER_WAIT, received EAP_START, mac: 0060.1df0.3503 .Jun 19 13:42:21.900: dot11_dot1x_ignore_event: Ignore event: do nothing .Jun 19 13:42:22.188: RADIUS: Tried all servers. .Jun 19 13:42:22.188: RADIUS: No valid server found. Trying any viable server .Jun 19 13:42:22.188: RADIUS: Tried all servers. .Jun 19 13:42:22.188: RADIUS: No response from (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:22.188: RADIUS/DECODE: parse response no app start; FAIL .Jun 19 13:42:22.188: RADIUS/DECODE: parse response; FAIL As you can see, the Radius server seems not to respond, and AP retransmits. Here are the logs on Radiator: Code: Access-Request Identifier: 44 Authentic: RDI28228134179x233248135l177Y202255 Attributes: User-Name = ben Framed-MTU = 1400 Called-Station-Id = 0002.8a5b.400f Calling-Station-Id = 0060.1df0.3503 NAS-Port-Type = 19 Signature = 14184;197Q12;219Y5209240179%181184 EAP-Message = 230625 NAS-Port-Type = Virtual NAS-Port = 159 Service-Type = Login-User NAS-IP-Address = 172.30.24.10 NAS-Identifier = ap2.gre Thu Jun 19 15:42:17 2003: DEBUG: Handling request with Handler '' Thu Jun 19 15:42:17 2003: DEBUG: Deleting session for ben, 172.30.24.10, 159 Thu Jun 19 15:42:17 2003: DEBUG: Handling with Radius::AuthFILE: Thu Jun 19 15:42:17 2003: DEBUG: Handling with EAP: code 2, 3, 6 Thu Jun 19 15:42:17 2003: DEBUG: Response type 25 and that's pretty all. No error to help me out. Has anybody any clue about that ? Thanks. -- Jerome Fleury === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the
(RADIATOR) Radiator freezing intermitantly
I have been running radiator on the same server for the last 3 years and it worked perfect. I am now setting up radiator 3.6 on another server using the old config file which was version 2.18.1 I am noticing that radiator will just freeze up for a period of 5 minutes or so. Is there any incompatabilities between the versions for the config file, or can someone suggest a way of logging to diagnose the problem? I am running Redhat 8.0 Linux server1 2.4.18-24.8.0smp #1 SMP Fri Jan 31 06:03:47 EST 2003 i686 i686 i386 GNU/Linux) === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Wireless Access Points that can do Radius Authentication
The ones we would suggest getting are the Proxim AP 2000.. Not only do they work will with an 802.1x deployment but they are willing to work with us to get Linux support. They are trying to get us hardware docs right now so that we can write the linux drivers for 802.11a and thus release that driver to everyone.. All the tools that we are going to write (we have just started writing the tools and have not started the drivers) will be hosted at http://utahgeeks.sourceforge.net/ Bret Brian Morris wrote: Hi All, Has anyone compiled a list of wireless access points that do radius authentication? If so, would they like to share it?? If not, can anyone offer some advice as to those that do and work with Radiator. Thanks in advance, Brian. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- ~~~ Bret Jordan Dean's Office Computer Administrator College of Engineering 801.585.3765 University of Utah [EMAIL PROTECTED] ~~~ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator Radar conflict
Hi, I have noticed that keeping Radar open all the time on debug-logging sometimes freezes Radiator... Has anyone else noticed this? Just closing Radar start everything up again. Herman
RE: (RADIATOR) Radiator Radar conflict
Ive noticed the same problem. Sometimes it will crash within just a couple minutes of debugging and other times it takes longer. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Herman verschooten Sent: Thursday, June 19, 2003 11:18 AM To: [EMAIL PROTECTED] Subject: (RADIATOR) Radiator Radar conflict Hi, I have noticed that keeping Radar open all the time on debug-logging sometimes freezes Radiator... Has anyone else noticed this? Just closing Radar start everything up again. Herman
Re: (RADIATOR) Radiator Radar conflict
Hello Dave, Hello Herman - Could you both please send us more details including Radiator version hardware/software platform, Perl version and any other debugging information that you have available. The output from Perl when the crash occurs would also be very helpful. I have copied Mike on this mail as we would like to fix whatever is wrong. thanks and regards Hugh On Friday, Jun 20, 2003, at 07:19 Australia/Melbourne, Dave Birkbeck wrote: Ive noticed the same problem. Sometimes it will crash within just a couple minutes of debugging and other times it takes longer. ? Dave ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf OfHerman verschooten Sent: Thursday, June 19, 2003 11:18 AM To: [EMAIL PROTECTED] Subject: (RADIATOR) Radiator Radar conflict ? Hi, ? I have noticed that keeping Radar open all the time on debug-logging sometimes freezes Radiator... Has anyone else noticed this?? Just closing Radar start everything up again. ? Herman NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Radiator freezing intermitantly
Hello Brian - I will need to see a copy of the configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. There is also a FAQ item regarding Redhat 8 here: http://www.open.com.au/radiator/faq.html#127 regards Hugh On Friday, Jun 20, 2003, at 02:20 Australia/Melbourne, Brian Fisk wrote: I have been running radiator on the same server for the last 3 years and it worked perfect. I am now setting up radiator 3.6 on another server using the old config file which was version 2.18.1 I am noticing that radiator will just freeze up for a period of 5 minutes or so. Is there any incompatabilities between the versions for the config file, or can someone suggest a way of logging to diagnose the problem? I am running Redhat 8.0 Linux server1 2.4.18-24.8.0smp #1 SMP Fri Jan 31 06:03:47 EST 2003 i686 i686 i386 GNU/Linux) === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Can't get PEAP to work, need help.
Salut Jerome - It looks like Radiator is crashing if the log stops as shown. You will need to look at the Perl output to see what the error is, but it is usually a missing module that has not been loaded. The easiest way to see what is happening is to run radiusd from the command line like this: perl radiusd -foreground -log_stdout -trace 4 -config_file . where is the name of your configuration file. Note the list of prerequisite modules that are listed in the comment block at the top of the eap_peap.cfg file. regards Hugh On Thursday, Jun 19, 2003, at 23:49 Australia/Melbourne, Jerome Fleury wrote: Here is the test config: Client: Cisco Aironet/Orinoco 802.1X client: 2000+hotfix/Funk Odyssey AP: Cisco Aironet 1100 I use the test config from goodies/eap_peap.cfg with this modification: Filename %D/users-wifi (is there any special entry to put in this file ? anonymous user ?) As soon as I enter my credentials (802.1X identification window from Windows 2000 appears), the radius request launches from the AP: .Jun 19 13:42:01.250: dot11_dot1x_run_rfsm: current state CLIENT_WAIT, received CLIENT_REPLY, mac: 0060.1df0.3503 .Jun 19 13:42:01.250: dot11_dot1x_send_response_to_server: Sending client data to server .Jun 19 13:42:01.251: RADIUS/ENCODE(3489): acct_session_id: 13473 .Jun 19 13:42:01.251: RADIUS(3489): sending .Jun 19 13:42:01.252: RADIUS: Send to unknown id 44 172.30.19.3:1812, Access-Request, len 128 .Jun 19 13:42:01.252: RADIUS: authenticator 52 44 49 1C E4 86 B3 78 - E9 F8 87 6C B1 59 CA FF .Jun 19 13:42:01.252: RADIUS: User-Name [1] 5 ben .Jun 19 13:42:01.252: RADIUS: Framed-MTU [12] 6 1400 .Jun 19 13:42:01.252: RADIUS: Called-Station-Id [30] 16 0002.8a5b.400f .Jun 19 13:42:01.252: RADIUS: Calling-Station-Id [31] 16 0060.1df0.3503 .Jun 19 13:42:01.252: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19] .Jun 19 13:42:01.252: RADIUS: Message-Authenticato[80] 18 * .Jun 19 13:42:01.252: RADIUS: EAP-Message [79] 8 .Jun 19 13:42:01.253: RADIUS: 02 03 00 06 [] .Jun 19 13:42:01.253: RADIUS: NAS-Port-Type [61] 6 Virtual [5] .Jun 19 13:42:01.253: RADIUS: NAS-Port[5] 6 159 .Jun 19 13:42:01.253: RADIUS: Service-Type[6] 6 Login [1] .Jun 19 13:42:01.254: RADIUS: NAS-IP-Address [4] 6 172.30.24.10 .Jun 19 13:42:01.254: RADIUS: Nas-Identifier [32] 9 ap2.gre .Jun 19 13:42:06.253: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:12.056: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:17.057: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:21.899: dot11_dot1x_parse_client_pak: Received EAPOL packet from 0060.1df0.3503 .Jun 19 13:42:21.899: EAPOL pak dump rx .Jun 19 13:42:21.899: EAPOL Version: 0x1 type: 0x1 length: 0x 00E126C0: 0101 .Jun 19 13:42:21.899: dot11_dot1x_run_rfsm: current state SERVER_WAIT, received EAP_START, mac: 0060.1df0.3503 .Jun 19 13:42:21.900: dot11_dot1x_ignore_event: Ignore event: do nothing .Jun 19 13:42:22.188: RADIUS: Tried all servers. .Jun 19 13:42:22.188: RADIUS: No valid server found. Trying any viable server .Jun 19 13:42:22.188: RADIUS: Tried all servers. .Jun 19 13:42:22.188: RADIUS: No response from (172.30.19.3:1812,1813) for id 44 .Jun 19 13:42:22.188: RADIUS/DECODE: parse response no app start; FAIL .Jun 19 13:42:22.188: RADIUS/DECODE: parse response; FAIL As you can see, the Radius server seems not to respond, and AP retransmits. Here are the logs on Radiator: Code: Access-Request Identifier: 44 Authentic: RDI28228134179x233248135l177Y202255 Attributes: User-Name = ben Framed-MTU = 1400 Called-Station-Id = 0002.8a5b.400f Calling-Station-Id = 0060.1df0.3503 NAS-Port-Type = 19 Signature = 14184;197Q12;219Y5209240179%181184 EAP-Message = 230625 NAS-Port-Type = Virtual NAS-Port = 159 Service-Type = Login-User NAS-IP-Address = 172.30.24.10 NAS-Identifier = ap2.gre Thu Jun 19 15:42:17 2003: DEBUG: Handling request with Handler '' Thu Jun 19 15:42:17 2003: DEBUG: Deleting session for ben, 172.30.24.10, 159 Thu Jun 19 15:42:17 2003: DEBUG: Handling with Radius::AuthFILE: Thu Jun 19 15:42:17 2003: DEBUG: Handling with EAP: code 2, 3, 6 Thu Jun 19 15:42:17 2003: DEBUG: Response type 25 and that's pretty all. No error to help me out. Has anybody any clue about that ? Thanks. -- Jerome Fleury === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? --
(RADIATOR) Testing Problem
Dear Sir, I have installed radiator successfully in Win2k. But ... I get a problem when i test my radiator. the problem is : DEBUG: Creating authentication port 0.0.0.0:1645 Could not bind authentication socket: Unknown error at c:\perl\bin\radiusd line 463. Please advice us. Thanks Iin Nurhidayat === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) What does this mean?
Jun 19 17:48:50 2003: ERR: Error in PreHandlerHook(): Can't use string (vpr) as a subroutine ref while strict refs in use at C:/Perl/site/lib/Radius/Configurable.pm line 460. This is the vpr file: (Thanks to Robert Blayzor!) sub { ${$_[0]}-delete_attr('NAS-Port-Type'); ${$_[0]}-add_attr('NAS-Port-Type', 'Virtual'); } and I am using a database with the field Prehandlerhook set to vpr ThanksIA, Craig Gittens Internet Infrastructure Support Manager Sunbeach Communications Inc. San Remo Belmont Road, St. Michael, Barbados Voice: (246) 430-1569 Fax: (246) 228-6330 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) What does this mean?
Hello Craig - I suspect what you show below is in a file called vpr? If so, the correct configuration file syntax is this: PreHandlerHook file:%D/vpr assuming that you have copied the vpr file to your DbDir directory (%D). This instructs Radiator to load the hook code from the file vpr in the DbDir directory. regards Hugh On Friday, Jun 20, 2003, at 14:50 Australia/Melbourne, Craig Gittens wrote: Jun 19 17:48:50 2003: ERR: Error in PreHandlerHook(): Can't use string (vpr) as a subroutine ref while strict refs in use at C:/Perl/site/lib/Radius/Configurable.pm line 460. This is the vpr file: (Thanks to Robert Blayzor!) sub { ${$_[0]}-delete_attr('NAS-Port-Type'); ${$_[0]}-add_attr('NAS-Port-Type', 'Virtual'); } and I am using a database with the field Prehandlerhook set to vpr ThanksIA, Craig Gittens Internet Infrastructure Support Manager Sunbeach Communications Inc. San Remo Belmont Road, St. Michael, Barbados Voice: (246) 430-1569 Fax: (246) 228-6330 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.