[RADIATOR] Why does this attribute fail?
Hello, I have a Juniper Router sending the following packet (see the full log). I get a Warning error about Vendor 3561 Attribute 2 which is DSLForum-Agent-Remote-Id = "00:0f:bb:2c:bb:1b" Can you see any problem with the packet? Regards Vangelis Tue Mar 22 17:04:19 2011: WARNING: Malformed request packet: Vendor 3561 Attribute 2 with length : ignored Tue Mar 22 17:04:19 2011: DEBUG: Packet dump: *** Received from 194.219.231.127 port 50338 Packet length = 293 01 34 01 25 d9 21 b2 2f 4c cd b4 e2 73 59 2f 49 6e a9 aa b1 01 15 74 65 73 74 6c 6c 75 40 66 6f 72 74 68 6e 65 74 2e 67 72 02 12 9e 34 1d ed 51 8a 8d 41 d7 25 98 79 bf fb 62 28 59 03 00 2c 05 32 38 31 1a 16 00 00 13 0a 38 10 38 63 37 33 2e 36 65 61 63 2e 30 32 34 32 20 12 62 62 72 61 73 2d 6c 61 62 2d 6b 6c 6e 2d 30 31 05 06 10 4f 94 4e 57 18 67 65 2d 31 2f 32 2f 31 2e 31 30 30 3a 33 33 32 31 2d 31 31 30 32 3d 06 00 00 00 0f 1a 90 00 00 0d e9 01 1f 50 4f 50 2d 4b 4c 4e 2d 4d 32 2d 4d 31 20 61 64 73 6c 20 30 33 2f 31 30 3a 38 2e 33 35 02 13 30 30 3a 30 66 3a 62 62 3a 32 63 3a 62 62 3a 31 62 81 06 00 00 03 fc 82 06 00 00 5d bd 83 06 00 00 01 00 84 06 00 00 02 00 85 06 00 00 05 10 86 06 00 00 6e f0 87 06 00 00 04 00 88 06 00 00 5d c0 89 06 00 00 00 00 8a 06 00 00 00 00 8b 06 00 00 00 10 8c 06 00 00 00 01 8d 06 00 00 00 14 8e 06 00 00 00 05 90 03 00 02 04 06 c2 db e7 7f Code: Access-Request Identifier: 52 Authentic: <217>!<178>/L<205><180><226>sY/In<169><170><177> Attributes: User-Name = "test...@forthnet.gr" User-Password = x Chargeable-User-Identity = "" Acct-Session-Id = "281" Unisphere-Dhcp-Mac-Addr = "8c73.6eac.0242" NAS-Identifier = "bbras-lab-kln-01" NAS-Port = 273650766 NAS-Port-Id = "ge-1/2/1.100:3321-1102" NAS-Port-Type = Ethernet DSLForum-Agent-Circuit-Id = "POP-KLN-M2-M1 adsl 03/10:8.35" DSLForum-Agent-Remote-Id = "00:0f:bb:2c:bb:1b" DSLForum-Actual-Data-Rate-Upstream = 1020 DSLForum-Actual-Data-Rate-Downstream = 23997 DSLForum-Minimum-Data-Rate-Upstream = 256 DSLForum-Minimum-Data-Rate-Downstream = 512 DSLForum-Attainable-Data-Rate-Upstream = 1296 DSLForum-Attainable-Data-Rate-Downstream = 28400 DSLForum-Maximum-Data-Rate-Upstream = 1024 DSLForum-Maximum-Data-Rate-Downstream = 24000 DSLForum-Minimum-Data-Rate-Upstream-Low-Power = 0 DSLForum-Minimum-Data-Rate-Downstream-Low-Power = 0 DSLForum-Maximum-Interleaving-Delay-Upstream = 16 DSLForum-Actual-Interleaving-Delay-Upstream = 1 DSLForum-Maximum-Interleaving-Delay-Downstream = 20 DSLForum-Actual-Interleaving-Delay-Downstream = 5 DSLForum-Access-Loop-Encapsulation = "" ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Feature missing: PacketTrace in ServerRADSEC clause
Hi RADIATOR team, I get an "ERR: Unknown keyword 'PacketTrace'" if I use this declaration in a clause. This is a pity, since I can't even decode the packets with wireshark because we UseTLS. PacketTrace is really needed especially within this clause. Please support it in one of the next releases. Best Regards Charly -- Karl Gaissmaier Kommunikations und Informationszentrum kiz der Universität Ulm Abteilung Infrastruktur SG Netzwerk und Telekommunikation 89069 Ulm Tel.: 49(0)731/50-22499 Fax : 49(0)731/50-1222499 ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Why does this attribute fail?
Hello, Thanks for reporting this. It appears to be due to incorrect assembly of the transmitted packet sent by your NAS. The ADSL-Forum VSA, which contains the DSLForum-* attributes, has a single extra octet with value 0x02 at the end, after theDSLForum-Access-Loop-Encapsulation attribute . This is being seen by Radiator during unpacking as bad formatting, and the rest of the packet (which contains NAS-IP-Address) is not unpacked. You should refer this to your NAS vendor. Cheers. On Wednesday 23 March 2011 07:49:53 pm Vangelis Kyriakakis wrote: > Hello, > > I have a Juniper Router sending the following packet (see the full > log). I get a Warning error about Vendor 3561 Attribute 2 which is > DSLForum-Agent-Remote-Id = "00:0f:bb:2c:bb:1b" > Can you see any problem with the packet? > > Regards >Vangelis > > Tue Mar 22 17:04:19 2011: WARNING: Malformed request packet: Vendor 3561 > Attribute 2 with length : ignored > Tue Mar 22 17:04:19 2011: DEBUG: Packet dump: > *** Received from 194.219.231.127 port 50338 > > Packet length = 293 > 01 34 01 25 d9 21 b2 2f 4c cd b4 e2 73 59 2f 49 > 6e a9 aa b1 01 15 74 65 73 74 6c 6c 75 40 66 6f > 72 74 68 6e 65 74 2e 67 72 02 12 9e 34 1d ed 51 > 8a 8d 41 d7 25 98 79 bf fb 62 28 59 03 00 2c 05 > 32 38 31 1a 16 00 00 13 0a 38 10 38 63 37 33 2e > 36 65 61 63 2e 30 32 34 32 20 12 62 62 72 61 73 > 2d 6c 61 62 2d 6b 6c 6e 2d 30 31 05 06 10 4f 94 > 4e 57 18 67 65 2d 31 2f 32 2f 31 2e 31 30 30 3a > 33 33 32 31 2d 31 31 30 32 3d 06 00 00 00 0f 1a > 90 00 00 0d e9 01 1f 50 4f 50 2d 4b 4c 4e 2d 4d > 32 2d 4d 31 20 61 64 73 6c 20 30 33 2f 31 30 3a > 38 2e 33 35 02 13 30 30 3a 30 66 3a 62 62 3a 32 > 63 3a 62 62 3a 31 62 81 06 00 00 03 fc 82 06 00 > 00 5d bd 83 06 00 00 01 00 84 06 00 00 02 00 85 > 06 00 00 05 10 86 06 00 00 6e f0 87 06 00 00 04 > 00 88 06 00 00 5d c0 89 06 00 00 00 00 8a 06 00 > 00 00 00 8b 06 00 00 00 10 8c 06 00 00 00 01 8d > 06 00 00 00 14 8e 06 00 00 00 05 90 03 00 02 04 > 06 c2 db e7 7f > Code: Access-Request > Identifier: 52 > Authentic: <217>!<178>/L<205><180><226>sY/In<169><170><177> > Attributes: > User-Name = "test...@forthnet.gr" > User-Password = x > Chargeable-User-Identity = "" > Acct-Session-Id = "281" > Unisphere-Dhcp-Mac-Addr = "8c73.6eac.0242" > NAS-Identifier = "bbras-lab-kln-01" > NAS-Port = 273650766 > NAS-Port-Id = "ge-1/2/1.100:3321-1102" > NAS-Port-Type = Ethernet > DSLForum-Agent-Circuit-Id = "POP-KLN-M2-M1 adsl 03/10:8.35" > DSLForum-Agent-Remote-Id = "00:0f:bb:2c:bb:1b" > DSLForum-Actual-Data-Rate-Upstream = 1020 > DSLForum-Actual-Data-Rate-Downstream = 23997 > DSLForum-Minimum-Data-Rate-Upstream = 256 > DSLForum-Minimum-Data-Rate-Downstream = 512 > DSLForum-Attainable-Data-Rate-Upstream = 1296 > DSLForum-Attainable-Data-Rate-Downstream = 28400 > DSLForum-Maximum-Data-Rate-Upstream = 1024 > DSLForum-Maximum-Data-Rate-Downstream = 24000 > DSLForum-Minimum-Data-Rate-Upstream-Low-Power = 0 > DSLForum-Minimum-Data-Rate-Downstream-Low-Power = 0 > DSLForum-Maximum-Interleaving-Delay-Upstream = 16 > DSLForum-Actual-Interleaving-Delay-Upstream = 1 > DSLForum-Maximum-Interleaving-Delay-Downstream = 20 > DSLForum-Actual-Interleaving-Delay-Downstream = 5 > DSLForum-Access-Loop-Encapsulation = "" > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Mike McCauley mi...@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Feature missing: PacketTrace in ServerRADSEC clause
Support team: views on this request? On Wednesday 23 March 2011 09:14:50 pm Karl Gaissmaier wrote: > Hi RADIATOR team, > > I get an "ERR: Unknown keyword 'PacketTrace'" if I use this declaration > in a clause. This is a pity, since I can't even decode the > packets with wireshark because we UseTLS. > > PacketTrace is really needed especially within this clause. > Please support it in one of the next releases. > > Best Regards > Charly -- Mike McCauley mi...@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] radpwtest for EAP/TTL, EAP/TTLS and PEAP
On 03/22/2011 01:15 PM, Karl Gaissmaier wrote: >> eapol_test from the wpa_supplicant package can do lots of good things > > My nagios installation is running under Solaris 10 und I think > wpa_supplicant may not be supported for Solaris 10. You should try compiling eapol_test even if the host is running Solaris 10. If you disable all Linux and other OS specific settings from .config it seems to compile. I had problems with final linking, but I suspect this is more of a problem with the environment and I did not investigate further. My .config had these settings enabled which means e.g., CONFIG_DRIVER_ATMEL was commented out. CONFIG_BACKEND=file CONFIG_CTRL_IFACE=y CONFIG_EAP_GTC=y CONFIG_EAP_LEAP=y CONFIG_EAP_MD5=y CONFIG_EAP_MSCHAPV2=y CONFIG_EAP_OTP=y CONFIG_EAP_PEAP=y CONFIG_EAP_TLS=y CONFIG_EAP_TTLS=y CONFIG_IEEE8021X_EAPOL=y CONFIG_L2_PACKET=none CONFIG_PEERKEY=y CONFIG_PKCS12=y CONFIG_SMARTCARD=y > Would be nice if RADIATOR could test all supported AuthBy Handlers with the > radpwtest. That would duplicate lots of existing work from eapol_test. Please let us know of results if you decide to try to compile it on Solaris. Thanks! -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] RADMIN FOR TABLES THE WIMAX
On 03/22/2011 03:45 PM, Augusto Cabrera wrote: > Hi, I wonder if the normally functioning RADMIN to display Radiator > tables, also works for the WIMAX for that configuration tables, and as I > get to see through WIMAX web tables. The tables Radmin uses are not directly compatible with wimax tables. If you check goodies/radmin.cfg and wimax.sql you can see there are quite a lot of differences. I think directing Accounting messages to Radmin should work in case this would be useful to you. Best regards, Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Feature missing: PacketTrace in ServerRADSEC clause
Hi Karl, thanks for the suggestion. Support for PacketTrace has now been added to Server TACACSPLUS, Server DIAMETER, Server RADSEC. It is now available in the latest patch set. Cheers. On Wednesday 23 March 2011 09:14:50 pm Karl Gaissmaier wrote: > Hi RADIATOR team, > > I get an "ERR: Unknown keyword 'PacketTrace'" if I use this declaration > in a clause. This is a pity, since I can't even decode the > packets with wireshark because we UseTLS. > > PacketTrace is really needed especially within this clause. > Please support it in one of the next releases. > > Best Regards > Charly -- Mike McCauley mi...@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] help Radiator support EVDO rev.A ?
Dear Radiator, Please your help to confirm if your software supports the authentication for an EVDO Rev. A Network, we need that this software support the IMSI distribution (the Radius should distribute IMSI), the radius should support user group ), please confirm if this radius support template management (for example to limite the bandwidth, user type, etc). this radius support add user (include auth mode). Thanks for your kindly help Augusto <>___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] RV: help Radiator support EVDO rev.A ?
The version de my radiator is: Radiator-4.7-3 Augusto De: Augusto Cabrera Enviado el: mié 23/03/2011 17:28 Para: radiator@open.com.au CC: radiator-requ...@open.com.au Asunto: help Radiator support EVDO rev.A ? Dear Radiator, Please your help to confirm if your software supports the authentication for an EVDO Rev. A Network, we need that this software support the IMSI distribution (the Radius should distribute IMSI), the radius should support user group ), please confirm if this radius support template management (for example to limite the bandwidth, user type, etc). this radius support add user (include auth mode). Thanks for your kindly help Augusto ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
