We have a problem with password comparison between
Radiator Radius and Cisco AS5800.
EasyRadius works with AS5800. However we want to use
Radiator because of its LDAP capability.
I have enclosed logs from the Cisco AS5800 and from
Radiator.
Can anyone tell me what we are doing wrong?
System environment for RADIATOR-installation:
OS SUN Solaris 2.7 for i386
Radiator V2.15 incl. last patches
Perl 5.005_02 built for i86pc-solaris
MD5 PM V1.7
CISCO IOS Version 12.0(4)XL1
testing with perl radpwtst o.k.
Current configuration CISCO AS5800:
!
version 12.0
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname brf-access01
!
aaa new-model
aaa authentication login Telnet local
aaa authentication ppp default group radius local
aaa authorization network default if-authenticated local
enable secret 5 <oursecretstring>
!
.....
!
radius-server host 213.191.68.17 auth-port 1645 acct-port 1646
radius-server key ******
....
following lines are from CISCO Debug :
May 8 13:14:27.964 MEST: RADIUS: Initial Transmit Serial1/0/2:22 id 121
213.191.68.17:164
5, Access-Request, len 95
May 8 13:14:27.964 MEST: Attribute 4 6 D5BF4409
May 8 13:14:27.964 MEST: Attribute 5 6 00004EFE
May 8 13:14:27.964 MEST: Attribute 61 6 00000002
May 8 13:14:27.964 MEST: Attribute 1 21 69786931
May 8 13:14:27.964 MEST: Attribute 31 6 6973646E
May 8 13:14:27.964 MEST: Attribute 2 18 F6BDFA42
May 8 13:14:27.964 MEST: Attribute 6 6 00000002
May 8 13:14:27.964 MEST: Attribute 7 6 00000001
May 8 13:14:27.980 MEST: RADIUS: Received from id 121 213.191.68.17:1645,
Access-Reject, len 36
May 8 13:14:27.980 MEST: Attribute 18 16 52657175
May 8 13:14:27.980 MEST: RADIUS: Response (121) failed decrypt
Following lines are from RADIUS Debug-Log :
Tue May 9 16:20:57 2000: DEBUG: Packet dump:
*** Received from 213.191.68.9 port 1645 ....
Packet length = 95
01 1b 00 5f 1b ff 63 d3 ce 37 e8 fa 5e 87 b2 64
3e 79 21 65 04 06 d5 bf 44 09 05 06 00 00 51 a4
3d 06 00 00 00 02 01 15 69 78 69 31 6d 62 40 68
61 6e 73 65 6e 65 74 2e 6e 65 74 1f 06 69 73 64
6e 02 12 ef ab 61 dd fd 29 22 90 44 64 ed 00 ce
85 b2 f0 06 06 00 00 00 02 07 06 00 00 00 01
Code: Access-Request
Identifier: 27
Authentic: <27><255>c<211><206>7<232><250>^<135><178>d>y!e
Attributes:
NAS-IP-Address = 213.191.68.9
NAS-Port = 20900
NAS-Port-Type = ISDN-Sync
User-Name = "[EMAIL PROTECTED]"
Calling-Station-Id = "isdn"
User-Password =
"<239><171>a<221><253>)"<144>Dd<237><0><206><133><178><240>"
Service-Type = Framed
Framed-Protocol = PPP
Tue May 9 16:20:57 2000: DEBUG: Handling request with Handler
'Realm=hansenet.net'
Tue May 9 16:20:57 2000: DEBUG: Rewrote user name to ixi1mb
Tue May 9 16:20:57 2000: DEBUG: Deleting session for [EMAIL PROTECTED],
213.191.68.9, 20900
Tue May 9 16:20:57 2000: DEBUG: Handling with Radius::AuthLDAP
Tue May 9 16:20:57 2000: DEBUG: Connecting to localhost, port 389
Tue May 9 16:20:57 2000: DEBUG: LDAP got result for ou=RADIUSUser,
uid=ixi1mb, uniqueidentifier=0080, ou=HN01, ou=Kunden, o=hansenet, c=net
Tue May 9 16:20:57 2000: DEBUG: LDAP got radiuspassword1: 1111
Tue May 9 16:20:57 2000: DEBUG: Radius::AuthLDAP looks for match with
ixi1mb
Tue May 9 16:20:57 2000: DEBUG: Radius::AuthLDAP REJECT: Bad Password
Tue May 9 16:20:57 2000: DEBUG: Connecting to localhost, port 389
Tue May 9 16:20:57 2000: DEBUG: No entries for DEFAULT found in LDAP
database
Tue May 9 16:20:57 2000: INFO: Access rejected for ixi1mb: Bad Password
Tue May 9 16:20:57 2000: DEBUG: Packet dump:
*** Sending to 213.191.68.9 port 1645 ....
Code: Access-Reject
Identifier: 27
Authentic: <27><255>c<211><206>7<232><250>^<135><178>d>y!e
Attributes:
Reply-Message = "Request Denied"
....
testing with 'perl radpwtst' is o.k. !!!
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
