[Help-gnu-radius] Several Problems with

help-gnu-radius

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnu-radius] Several Problems with

From:	Steven Glogger
Subject:	[Help-gnu-radius] Several Problems with
Date:	Tue, 10 Feb 2004 05:06:34 +0100

hi all

i've got some problems with gnu-radius 1.2.


first problem is, that everyone dialing in with an windows pc has no
success:

Feb 10 03:49:29 Auth.notice: (Access-Request 212.249.x.x 171 "testuser"
CLID=1280 CSID=0842): Login incorrect [testuser/{chap-password}]
Feb 10 03:49:29 Auth.notice: (Access-Request 212.249.x.x 171 "testuser"
CLID=1280 CSID=0842): Rejected [testuser]
Feb 10 03:49:49 Auth.notice: (Access-Request 212.249.x.x 172 "testuser"
CLID=1280 CSID=0158): Login incorrect [testuser/{chap-password}]

so, why double entries.
simple answer: we have several reams on our dialup.

if address@hidden dials in, we have this on raddb/realms:

# Realm                 Remote server[:port]            flags
#----------------       ---------------------           --------
testrealm.com           localhost                       strip,ignorecase


the connection to the database is made, and in raddb/users i have:

DEFAULT Auth-Type = Local, Password-Location = SQL, Simultaneous-Use = 2
        Framed-Compression = Van-Jacobson-TCP-IP,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Idle-Timeout = 1800,
        Port-Limit = 2,
        Session-Timeout = 86400

the passwords in the database are plaintext.
i tried also with: "DEFAULT Auth-Type = SQL, Simultaneous-Use = 2" .. but
this fails completely (because he wants crypt()ed passwords...)

when i use radtest to test the connection, it works:

Sending request to server xxx.xxx.xxx.xxx, port 1812.
radrecv: Packet from host xxx.xxx.xxx.xxx code=2, id=136, length=56
    Framed-Compression = Van-Jacobson-TCP-IP
    Framed-IP-Address = 255.255.255.254
    Framed-Protocol = PPP
    Idle-Timeout = 1800
    Port-Limit = 2
    Service-Type = Framed-User

any idea what went wrong here?

the second problem is, that when a  correct configured client (e.g. nas)
uses a secred-key for auth to the radius-server he has some problems with
the key.

e.g.:

raddb/naslist:

# NAS Name              Short Name      Type            Flags
#----------------       ----------      ----            ---------------
danproxy200.dan.uu.net  mci1            ascend
danproxy201.dan.uu.net  mci2            ascend

raddb/client.conf:

server  mci1            195.129.12.2    SECRET          1812 1813
server  mci2            195.129.12.34   SECRET          1812 1813

raddb/clients:

#Client Name            Key
#----------------       -------------------
mci1                    SECRET
mci2                    SECRET

it works only if i add an DEFAULT key to the raddb/clients .
but when i then use another host with another key than "SECRET" i have no
positive result:
Feb 10 04:44:10 Auth.notice: (Access-Request idefix2 5 "testuser2"): Login
incorrect [testuser2/~DBØ~KXWú~M~^ÌÓàVëW¸]
any idea why he ignores the rest?

-steven

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnu-radius] Several Problems with, Steven Glogger <=
- Re: [Help-gnu-radius] Several Problems with, Sergey Poznyakoff, 2004/02/10

Prev by Date: Re: [Help-gnu-radius] AS5350 & Radius
Next by Date: Re: [Help-gnu-radius] Several Problems with
Previous by thread: [Help-gnu-radius] AS5350 & Radius
Next by thread: Re: [Help-gnu-radius] Several Problems with
Index(es):
- Date
- Thread