Hello Rafael -
Thanks for sending the log file - what it shows is that the incoming request
with the domain suffix does not have a password attribute. This is the cause of
the problem, as Radiator tries to check the password.
Note that IPASS has recently changed their policy and now operates with a much
simpler proxy Radius setup. The latest version of Radiator (2.16.1) has a not
in the IPASS section of the manual about this. Perhaps you should consider
changing to an AuthBy RADIUS configuration instead.
hth
Hugh
On Sat, 19 Aug 2000, Rafael Ortega wrote:
> Hello, Hugh
>
> I'm using this setup for the incoming ipass requests.
>
> When one of our customers is roaming, the auth requests arrives to the vnas
> and is forwarded via radius to the Radiator. Outgoing ipass (using ipass
> netserver software) works fine.
>
> The problem is when i set ipass to forward the domain to the radius server.
>
> The Trace 5 dump is something like this:
>
>
> ************************************ BEGIN DUMP
> **************************************
>
>
> *** Received from 200.46.0.5 port 33553 ....
>
> Packet length = 81
> 01 fe 00 51 bb 46 00 00 6a 28 00 00 8f 41 00 00
> 95 45 00 00 01 13 72 61 64 69 75 73 74 40 73 69
> 6e 66 6f 2e 6e 65 74 00 02 12 f6 61 5a 01 42 7b
> e9 93 64 01 3e 3e ca e8 9b c3 20 12 69 2d 50 61
> 73 73 20 56 4e 41 53 00 00 00 00 00 05 06 00 00
> 00
> Code: Access-Request
> Identifier: 254
> Authentic: <187>F<0><0>j(<0><0><143>A<0><0><149>E<0><0>
> Attributes:
> User-Name = "[EMAIL PROTECTED]"
> Reply-Message = "aZ<1>B{<233><147>d<1>>><202><232><155><195>
> <18>i-Pass VNAS<0><0><0><0><0><5><6>"
>
> Fri Aug 18 20:56:57 2000: DEBUG: Handling request with Handler
> 'Realm=sinfo.net'
> Fri Aug 18 20:56:57 2000: DEBUG: Rewrote user name to radiust
> Fri Aug 18 20:56:57 2000: DEBUG: Deleting session for [EMAIL PROTECTED],
> 200.46.0.5,
> Fri Aug 18 20:56:57 2000: DEBUG: Handling with Radius::AuthUNIX
> Fri Aug 18 20:56:57 2000: DEBUG: Radius::AuthUNIX looks for match with
> radiust
> Fri Aug 18 20:56:57 2000: WARNING: No CHAP-Password or User-Password in
> request: does your dictionary have User-Password in it?
> Fri Aug 18 20:56:57 2000: DEBUG: Radius::AuthUNIX REJECT: Bad Encrypted
> password
> Fri Aug 18 20:56:57 2000: INFO: Access rejected for radiust: Bad Encrypted
> password
> Fri Aug 18 20:56:57 2000: DEBUG: Packet dump:
> *** Sending to 200.46.0.5 port 33553 ....
> Code: Access-Reject
> Identifier: 254
> Authentic: <187>F<0><0>j(<0><0><143>A<0><0><149>E<0><0>
> Attributes:
> Reply-Message = "Request Denied"
> Reply-Message = "Bad Encrypted password"
>
>
>
> ********************* END DUMP
> *************************************************
>
>
> When I set the vnas so it won't forward the domain it looks like this:
>
>
> ********************BEGIN DUMP
> **************************************************
>
> *** Received from 200.46.0.10 port 33549 ....
>
> Packet length = 71
> 01 f7 00 47 f9 3d 00 00 5f 7c 00 00 6c 2d 00 00
> 8b 26 00 00 01 09 72 61 64 69 75 73 74 02 12 a5
> 21 65 3f bb cc 55 50 9d da e1 d0 58 7f b9 4d 20
> 12 69 2d 50 61 73 73 20 56 4e 41 53 00 00 00 00
> 00 05 06 00 00 00 01
> Code: Access-Request
> Identifier: 247
> Authentic: <249>=<0><0>_|<0><0>l-<0><0><139>&<0><0>
> Attributes:
> User-Name = "radiust"
> User-Password =
> "<165>!e?<187><204>UP<157><218><225><208>X<127><185>M"
> NAS-Identifier = "i-Pass VNAS"
> NAS-Port = 1
>
> Fri Aug 18 20:56:16 2000: DEBUG: Handling request with Handler 'Realm='
> Fri Aug 18 20:56:16 2000: DEBUG: Deleting session for radiust, 200.46.0.10,
> 1
> Fri Aug 18 20:56:16 2000: DEBUG: Handling with Radius::AuthUNIX
> Fri Aug 18 20:56:16 2000: DEBUG: Radius::AuthUNIX looks for match with
> radiust
> Fri Aug 18 20:56:16 2000: DEBUG: Radius::AuthUNIX ACCEPT:
> Fri Aug 18 20:56:16 2000: DEBUG: Access accepted for radiust
> Fri Aug 18 20:56:16 2000: DEBUG: Packet dump:
> *** Sending to 200.46.0.10 port 33549 ....
> Code: Access-Accept
> Identifier: 247
> Authentic: <249>=<0><0>_|<0><0>l-<0><0><139>&<0><0>
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
>
> Fri Aug 18 20:56:20 2000: DEBUG: Packet dump:
>
>
> ******************** END DUMP
> ********************************************************
>
>
> I need it to forward the domain so i can use different databases.
>
>
> Thanks
>
> rafael
>
>
>
>
>
> ----------------------
> Rafael Ortega
> PSINetworks Panama
> [EMAIL PROTECTED]
> +507-206-3000 x 309
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: jueves 17 de agosto de 2000 22:00
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) IPASS Vnas radius authentication
>
>
>
> Hello Rafael -
>
> How do you have the systems set up? Is the IPass server before
> Radiator? It is usually easier to have Radiator as the first system,
> which does the majority of the processing, and then only forward
> roaming requests to the IPass system.
>
> hth
>
> Hugh
>
>
> At 15:44 -0500 17/8/00, Rafael Ortega wrote:
> >Hello, all.
> >
> >After a bit of tweaking, I got to use Ipass vnas with radiator. I've run
> >into a new problem, tho.
> >
> >I need to authenticate with different databases (because our company merged
> >with another isp). If I set the vnas to forward the domain it fails. A
> >Radiator Trace 4 gives me the following message:
> >
> > "WARNING: No CHAP-Password or User-Password in request: does your
> >dictionary have User-Password in it?"
> >
> >Then AuthUnix proceeds to reject the password. Strange thing is, if I use
> >the check-vnas that comes with the Ipass software, it works fine (if i
> >specify the domain and if i leave it out). I'm currently logging at level
> 5
> >but I can't see anything strange other than the warning.
> >
> >I remember somebody posted a similar problem a while ago, but I never found
> >the solution.
> >
> >Could it be an Ipass problem? Without the domain forwarding, everything
> >works fine, but can't use different databases.
> >
> >
> >Thanks
> >
> >rafael
> >
> >
> >
> >
> >----------------------
> >Rafael Ortega
> >PSINetworks Panama
> >[EMAIL PROTECTED]
> >507-206-3000 x 309
> >
> >
> >===
> >Archive at http://www.starport.net/~radiator/
> >Announcements on [EMAIL PROTECTED]
> >To unsubscribe, email '[EMAIL PROTECTED]' with
> >'unsubscribe radiator' in the body of the message.
>
> --
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
