Hello, Hugh
I'm using this setup for the incoming ipass requests.
When one of our customers is roaming, the auth requests arrives to the vnas
and is forwarded via radius to the Radiator. Outgoing ipass (using ipass
netserver software) works fine.
The problem is when i set ipass to forward the domain to the radius server.
The Trace 5 dump is something like this:
************************************ BEGIN DUMP
**************************************
*** Received from 200.46.0.5 port 33553 ....
Packet length = 81
01 fe 00 51 bb 46 00 00 6a 28 00 00 8f 41 00 00
95 45 00 00 01 13 72 61 64 69 75 73 74 40 73 69
6e 66 6f 2e 6e 65 74 00 02 12 f6 61 5a 01 42 7b
e9 93 64 01 3e 3e ca e8 9b c3 20 12 69 2d 50 61
73 73 20 56 4e 41 53 00 00 00 00 00 05 06 00 00
00
Code: Access-Request
Identifier: 254
Authentic: <187>F<0><0>j(<0><0><143>A<0><0><149>E<0><0>
Attributes:
User-Name = "[EMAIL PROTECTED]"
Reply-Message = "aZ<1>B{<233><147>d<1>>><202><232><155><195>
<18>i-Pass VNAS<0><0><0><0><0><5><6>"
Fri Aug 18 20:56:57 2000: DEBUG: Handling request with Handler
'Realm=sinfo.net'
Fri Aug 18 20:56:57 2000: DEBUG: Rewrote user name to radiust
Fri Aug 18 20:56:57 2000: DEBUG: Deleting session for [EMAIL PROTECTED],
200.46.0.5,
Fri Aug 18 20:56:57 2000: DEBUG: Handling with Radius::AuthUNIX
Fri Aug 18 20:56:57 2000: DEBUG: Radius::AuthUNIX looks for match with
radiust
Fri Aug 18 20:56:57 2000: WARNING: No CHAP-Password or User-Password in
request: does your dictionary have User-Password in it?
Fri Aug 18 20:56:57 2000: DEBUG: Radius::AuthUNIX REJECT: Bad Encrypted
password
Fri Aug 18 20:56:57 2000: INFO: Access rejected for radiust: Bad Encrypted
password
Fri Aug 18 20:56:57 2000: DEBUG: Packet dump:
*** Sending to 200.46.0.5 port 33553 ....
Code: Access-Reject
Identifier: 254
Authentic: <187>F<0><0>j(<0><0><143>A<0><0><149>E<0><0>
Attributes:
Reply-Message = "Request Denied"
Reply-Message = "Bad Encrypted password"
********************* END DUMP
*************************************************
When I set the vnas so it won't forward the domain it looks like this:
********************BEGIN DUMP
**************************************************
*** Received from 200.46.0.10 port 33549 ....
Packet length = 71
01 f7 00 47 f9 3d 00 00 5f 7c 00 00 6c 2d 00 00
8b 26 00 00 01 09 72 61 64 69 75 73 74 02 12 a5
21 65 3f bb cc 55 50 9d da e1 d0 58 7f b9 4d 20
12 69 2d 50 61 73 73 20 56 4e 41 53 00 00 00 00
00 05 06 00 00 00 01
Code: Access-Request
Identifier: 247
Authentic: <249>=<0><0>_|<0><0>l-<0><0><139>&<0><0>
Attributes:
User-Name = "radiust"
User-Password =
"<165>!e?<187><204>UP<157><218><225><208>X<127><185>M"
NAS-Identifier = "i-Pass VNAS"
NAS-Port = 1
Fri Aug 18 20:56:16 2000: DEBUG: Handling request with Handler 'Realm='
Fri Aug 18 20:56:16 2000: DEBUG: Deleting session for radiust, 200.46.0.10,
1
Fri Aug 18 20:56:16 2000: DEBUG: Handling with Radius::AuthUNIX
Fri Aug 18 20:56:16 2000: DEBUG: Radius::AuthUNIX looks for match with
radiust
Fri Aug 18 20:56:16 2000: DEBUG: Radius::AuthUNIX ACCEPT:
Fri Aug 18 20:56:16 2000: DEBUG: Access accepted for radiust
Fri Aug 18 20:56:16 2000: DEBUG: Packet dump:
*** Sending to 200.46.0.10 port 33549 ....
Code: Access-Accept
Identifier: 247
Authentic: <249>=<0><0>_|<0><0>l-<0><0><139>&<0><0>
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Fri Aug 18 20:56:20 2000: DEBUG: Packet dump:
******************** END DUMP
********************************************************
I need it to forward the domain so i can use different databases.
Thanks
rafael
----------------------
Rafael Ortega
PSINetworks Panama
[EMAIL PROTECTED]
+507-206-3000 x 309
-----Original Message-----
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: jueves 17 de agosto de 2000 22:00
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) IPASS Vnas radius authentication
Hello Rafael -
How do you have the systems set up? Is the IPass server before
Radiator? It is usually easier to have Radiator as the first system,
which does the majority of the processing, and then only forward
roaming requests to the IPass system.
hth
Hugh
At 15:44 -0500 17/8/00, Rafael Ortega wrote:
>Hello, all.
>
>After a bit of tweaking, I got to use Ipass vnas with radiator. I've run
>into a new problem, tho.
>
>I need to authenticate with different databases (because our company merged
>with another isp). If I set the vnas to forward the domain it fails. A
>Radiator Trace 4 gives me the following message:
>
> "WARNING: No CHAP-Password or User-Password in request: does your
>dictionary have User-Password in it?"
>
>Then AuthUnix proceeds to reject the password. Strange thing is, if I use
>the check-vnas that comes with the Ipass software, it works fine (if i
>specify the domain and if i leave it out). I'm currently logging at level
5
>but I can't see anything strange other than the warning.
>
>I remember somebody posted a similar problem a while ago, but I never found
>the solution.
>
>Could it be an Ipass problem? Without the domain forwarding, everything
>works fine, but can't use different databases.
>
>
>Thanks
>
>rafael
>
>
>
>
>----------------------
>Rafael Ortega
>PSINetworks Panama
>[EMAIL PROTECTED]
>507-206-3000 x 309
>
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on [EMAIL PROTECTED]
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.
--
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
