Hi Mike, Thanks for your reply. We are using Cisco PIX 525, authenticating and accounting HTTP traffic from Inside to Outside zone. What shall I do so that Radiator recognizes these attribute (ie. shall I edit the dictionary, or something like that???)
Thanking you in advance for your help and support, Alan --- Mike McCauley <[EMAIL PROTECTED]> wrote: >Hello Alan, > >This Stop packet looks like it came from a broken Radius client. It contains >4 vendor specific attributes with a correct length, but they do not conform >to the standard VSA structure. Instead, of vendor ID etc, they contain these >strings: > > > >Source-IP=192.168.10.20 >Source-Port=1750 >Destination-IP=66.39.112.64 >Destination-Port=80 > >What sort of device sent them? > >Cheers. > >On Fri, 22 Mar 2002 14:45, Hugh Irvine wrote: >> Mikey - >> >> Could you take a look at this please? >> >> thanks >> >> Hugh >> >> >> ---------- Forwarded Message ---------- >> >> Subject: Re: (RADIATOR) Undefined attributes in dictionary >> Date: Thu, 21 Mar 2002 12:59:39 -0800 (PST) >> From: Alan Attard <[EMAIL PROTECTED]> >> To: [EMAIL PROTECTED];, [EMAIL PROTECTED] >> >> Hi Hugh, >> >> I'm forwarding you the Hex Dump Trace your asked for. These strange >> attribute only appear in Accounting, type STOP. >> >> Packet length = 177 >> 04 e3 00 b1 41 8c 3e 83 1d 67 ef 04 98 19 e6 ad >> ee 8f 0a f6 28 06 00 00 00 02 04 06 81 01 19 ba >> 0e 06 c0 a8 0a 14 10 06 00 00 00 50 2c 0c 30 78 >> 30 30 30 30 30 32 32 64 01 0a 61 74 74 61 61 30 >> 32 35 2e 06 00 00 00 0c 2a 06 00 00 07 8c 2b 06 >> 00 00 03 52 1a 19 53 6f 75 72 63 65 2d 49 50 3d >> 31 39 32 2e 31 36 38 2e 31 30 2e 32 30 1a 12 53 >> 6f 75 72 63 65 2d 50 6f 72 74 3d 31 37 35 30 1a >> 1d 44 65 73 74 69 6e 61 74 69 6f 6e 2d 49 50 3d >> 36 36 2e 33 39 2e 31 31 32 2e 36 34 1a 15 44 65 >> 73 74 69 6e 61 74 69 6f 6e 2d 50 6f 72 74 3d 38 >> 30 >> Code: Accounting-Request >> Identifier: 227 >> Authentic: A<140>><131><29>g<239><4><152><25><230><173><238><143><10><246> >> Attributes: >> Acct-Status-Type = Stop >> NAS-IP-Address = 129.1.25.186 >> Login-IP-Host = 192.168.10.20 >> Login-TCP-Port = 80 >> Acct-Session-Id = "0x0000022d" >> User-Name = "attaa025" >> Acct-Session-Time = 12 >> Acct-Input-Octets = 1932 >> Acct-Output-Octets = 850 >> >> Thu Mar 21 21:46:38 2002: DEBUG: Check if Handler >> Client-Identifier=Internet_Auth should be used to handle this request Thu >> Mar 21 21:46:38 2002: DEBUG: Handling request with Handler >> 'Client-Identifier=Internet_Auth' Thu Mar 21 21:46:38 2002: DEBUG: >> Deleting session for attaa025, 129.1.25.186, Thu Mar 21 21:46:38 2002: >> DEBUG: Handling with Radius::AuthFILE: InternetGroups Thu Mar 21 21:46:38 >> 2002: DEBUG: Accounting accepted >> Thu Mar 21 21:46:38 2002: DEBUG: Packet dump: >> *** Sending to 129.1.25.186 port 1646 .... >> >> Packet length = 20 >> 05 e3 00 14 ed 4c a2 a6 d4 bc 5a 23 5a cf f2 30 >> 92 25 df 45 >> Code: Accounting-Response >> Identifier: 227 >> Authentic: A<140>><131><29>g<239><4><152><25><230><173><238><143><10><246> >> Attributes: >> >> Thu Mar 21 21:46:38 2002: ERR: Attribute number 99 (vendor 1399813490) is >> not defined in your dictionary Thu Mar 21 21:46:38 2002: ERR: Attribute >> number 99 (vendor 1399813490) is not defined in your dictionary Thu Mar 21 >> 21:46:38 2002: ERR: Attribute number 105 (vendor 1147499380) is not defined >> in your dictionary Thu Mar 21 21:46:38 2002: ERR: Attribute number 105 >> (vendor 1147499380) is not defined in your dictionary Thu Mar 21 21:46:38 >> 2002: DEBUG: Packet dump: >> >> Regards, >> Alan >> >> --- Hugh Irvine <[EMAIL PROTECTED]> wrote: >> >Hello Alan - >> > >> >These look like broken radius attributes to me. >> > >> >Can you please send me a trace 5 (hex dump) of some of the requests that >> >cause these errors? I suspect it is a bug in the Cisco IOS software. >> > >> >thanks >> > >> >Hugh >> > >> >On Fri, 22 Mar 2002 01:08, Alan Attard wrote: >> >> Hi, >> >> >> >> I'd like to ask if anyone knows what the following attributes are: >> >> >> >> Attribute number 99 (vender 1399813490) >> >> Attribute number 105 (vender 1147499380) >> >> >> >> I'm using Cisco PIX 525 as a NAS. >> >> >> >> Regards, >> >> Alan >> >> >> >> _____________________________________________________________ >> >> YMCAMAIL • YOUR MAIL COMING SOON ---> >> >> >> >> _____________________________________________________________ >> >> Run a small business? Then you need professional email like >> >> [EMAIL PROTECTED] from Everyone.net http://www.everyone.net?tag === >> >> Archive at http://www.open.com.au/archives/radiator/ >> >> Announcements on [EMAIL PROTECTED] >> >> To unsubscribe, email '[EMAIL PROTECTED]' with >> >> 'unsubscribe radiator' in the body of the message. >> > >> >-- >> >Radiator: the most portable, flexible and configurable RADIUS server >> >anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. >> >- >> >Nets: internetwork inventory and management - graphical, extensible, >> >flexible with hardware, software, platform and database independence. >> >> _____________________________________________________________ >> YMCAMAIL • YOUR MAIL COMING SOON ---> >> >> _____________________________________________________________ >> Run a small business? Then you need professional email like [EMAIL PROTECTED] >> from Everyone.net http://www.everyone.net?tag === >> Archive at http://www.open.com.au/archives/radiator/ >> Announcements on [EMAIL PROTECTED] >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. >> >> ------------------------------------------------------- > >-- >Mike McCauley [EMAIL PROTECTED] >Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW >24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au >Phone +61 3 9598-0985 Fax +61 3 9598-0955 > >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc >on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc _____________________________________________________________ YMCAMAIL • YOUR MAIL COMING SOON ---> _____________________________________________________________ Run a small business? Then you need professional email like [EMAIL PROTECTED] from Everyone.net http://www.everyone.net?tag === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.