Attaching the requested files..
Thanks,
Miro
----- Original Message -----
From: Hugh Irvine
To: Miro Majcen
Cc: [EMAIL PROTECTED]
Sent: Thursday, October 03, 2002 1:09 AM
Subject: Re: (RADIATOR) decrypt problems
Hello Miro -
The Cisco debug log shows "Authentication failure" - but to say any more I
will need to see a copy of your configuration file (no secrets) together
with a trace 4 debug from Radiator showing what is happening in both cases.
regards
Hugh
On Wednesday, October 2, 2002, at 11:13 PM, Miro Majcen wrote:
hello,
i have been trying to get my cisco 3640 to authenticate via radiator. While
the exact config works on 26xx , it doesn't work with 3600 Software
(C3640-I-M), Version 12.2(5), RELEASE SOFTWARE (fc1)
here is the debug log, any idea what could be causing this ?
1d05h: ISDN BR2/0: RX <- SETUP pd = 8 callref = 0x01
1d05h: Sending Complete
1d05h: Bearer Capability i = 0x8890
1d05h: Channel ID i = 0x89
1d05h: Calling Party Number i = 0x01, 0x83, '354', Plan:ISDN,
Type:Unknown
1d05h: Called Party Number i = 0x80, '374', Plan:Unknown,
Type:Unknown
1d05h: ISDN BR2/0: Event: Received a DATA call from 354 on B1 at 64 Kb/s
1d05h: ISDN BR2/0: Event: Accepting the call id 0x22
1d05h: %LINK-3-UPDOWN: Interface BRI2/0:1, changed state to up
1d05h: BR2/0:1 PPP: Treating connection as a callin
1d05h: ISDN BR2/0: TX -> CALL_PROC pd = 8 callref = 0x81
1d05h: Channel ID i = 0x89
1d05h: ISDN BR2/0: TX -> CONNECT pd = 8 callref = 0x81
1d05h: ISDN BR2/0: RX <- CONNECT_ACK pd = 8 callref = 0x01
1d05h: BR2/0:1 CHAP: O CHALLENGE id 32 len 27 from "Router"
1d05h: BR2/0:1 CHAP: I RESPONSE id 32 len 25 from "miro"
1d05h: RADIUS: ustruct sharecount=2
1d05h: Radius: radius_port_info() success=1 radius_nas_port=1
1d05h: RADIUS: Initial Transmit BRI2/0:1 id 31 10.10.5.200:1645,
Access-Request, len 85
1d05h: Attribute 4 6 0A0A6794
1d05h: Attribute 5 6 00007531
1d05h: Attribute 61 6 00000002
1d05h: Attribute 1 6 6D69726F
1d05h: Attribute 30 5 3337341F
1d05h: Attribute 31 5 33353403
1d05h: Attribute 3 19 2061901F
1d05h: Attribute 6 6 00000002
1d05h: Attribute 7 6 00000001
1d05h: RADIUS: Received from id 31 10.10.5.200:1645, Access-Accept, len 74
1d05h: Attribute 8 6 0A0A0302
1d05h: Attribute 7 6 00000001
1d05h: Attribute 6 6 00000002
1d05h: Attribute 7 6 00000001
1d05h: Attribute 9 6 FFFFFFFF
1d05h: Attribute 10 6 00000000
1d05h: Attribute 12 6 000005DC
1d05h: Attribute 13 6 00000001
1d05h: Attribute 28 6 00000384
1d05h: RADIUS: Response (31) failed decrypt
1d05h: RADIUS: Reply for 31 fails decrypt
1d05h: BR2/0:1 CHAP: Unable to validate Response. Username miro:
Authentication failure
1d05h: BR2/0:1 CHAP: O FAILURE id 32 len 26 msg is "Authentication failure"
1d05h: ISDN BR2/0: RX <- DISCONNECT pd = 8 callref = 0x01
1d05h: Cause i = 0x8090 - Normal call clearing
1d05h: %ISDN-6-CONNECT: Interface BRI2/0:1 is now connected to 354 1a8e01
1d05h: %LINK-3-UPDOWN: Interface BRI2/0:1, changed state to down
1d05h: ISDN BR2/0: TX -> RELEASE pd = 8 callref = 0x81
1d05h: Cause i = 0x8090 - Normal call clearing
1d05h: ISDN BR2/0: RX <- RELEASE_COMP pd = 8 callref = 0x01
Thanks
Miro
NB: I am travelling this week, so there may be delays in our correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
Foreground
LogStdout
LogDir /logi1
DbDir .
# User a lower trace level in production systems:
Trace 5
#DictionaryFile dictionary.cisco
DictionaryFile %D/dictionary
AuthPort 1645
AcctPort 1646
BindAddress 10.10.5.200
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client 10.10.103.148>
Secret test
DupInterval 0
FramedGroupBaseAddress 10.10.3.1
FramedGroupPortOffset 30000
#PasswordLogFileName %L/password.log
</Client>
PreClientHook file:"%D/alterNASPort"
<Realm DEFAULT>
StripFromRequest NAS-IP-Address,NAS-Port
AuthByPolicy ContinueWhileAccept
<AuthBy FILE>
Filename ./baza.txt
AddToReply Service-Type = Framed-User, \
Framed-Group = 0, \
Framed-Protocol = PPP, \
Framed-IP-Netmask = 255.255.255.255, \
Framed-Routing = "None", \
Framed-MTU = 1500, \
Framed-Compression = Van-Jacobson-TCP-IP, \
Idle-Timeout = 900
</AuthBy>
# Log accounting to a detail file
#AcctLogFileName ./detail
#PasswordLogFileName %L/password.log
# Log authentication success and failure to the a file
</Realm>
<Monitor>
Username radar
Password radar
</Monitor>
debug>
Wed Oct 2 16:14:23 2002: DEBUG: Reading users file ./baza.txt
Wed Oct 2 16:14:24 2002: INFO: Server started: Radiator 3.2 on ntmgmt (DEMO)
Wed Oct 2 16:15:24 2002: DEBUG: Packet dump:
*** Received from 10.10.103.148 port 1645 ....
Packet length = 85
01 2d 00 55 9a 1d 72 20 50 86 d5 9a 9c d7 2e f0
34 09 ca 1c 04 06 0a 0a 67 94 05 06 00 00 75 31
3d 06 00 00 00 02 01 06 6d 69 72 6f 1e 05 33 37
34 1f 05 33 35 34 03 13 2e 37 45 72 2a bc b3 d3
b0 26 6a ff 28 d6 a2 24 58 06 06 00 00 00 02 07
06 00 00 00 01
Code: Access-Request
Identifier: 45
Authentic: <154><29>r P<134><213><154><156><215>.<240>4<9><202><28>
Attributes:
NAS-IP-Address = 10.10.103.148
NAS-Port = 30001
NAS-Port-Type = ISDN
User-Name = "miro"
Called-Station-Id = "374"
Calling-Station-Id = "354"
CHAP-Password = .7Er*<188><179><211><176>&j<255>(<214><162>$X
Service-Type = Framed-User
Framed-Protocol = PPP
Wed Oct 2 16:15:24 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Oct 2 16:15:24 2002: DEBUG: Deleting session for miro, 10.10.103.148, 30001
Wed Oct 2 16:15:24 2002: DEBUG: Handling with Radius::AuthFILE:
Wed Oct 2 16:15:24 2002: DEBUG: Radius::AuthFILE looks for match with miro
Wed Oct 2 16:15:24 2002: DEBUG: Radius::AuthFILE ACCEPT:
Wed Oct 2 16:15:24 2002: DEBUG: FramedGroup 0 address is being assigned
Wed Oct 2 16:15:24 2002: DEBUG: Access accepted for miro
Wed Oct 2 16:15:24 2002: DEBUG: Packet dump:
*** Sending to 10.10.103.148 port 1645 ....
Packet length = 74
02 2d 00 4a de af 43 6d fc 44 d3 76 2e 4c b0 22
aa 28 4f 3d 08 06 0a 0a 03 02 07 06 00 00 00 01
06 06 00 00 00 02 07 06 00 00 00 01 09 06 ff ff
ff ff 0a 06 00 00 00 00 0c 06 00 00 05 dc 0d 06
00 00 00 01 1c 06 00 00 03 84
Code: Access-Accept
Identifier: 45
Authentic: <154><29>r P<134><213><154><156><215>.<240>4<9><202><28>
Attributes:
Framed-IP-Address = 10.10.3.2
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Idle-Timeout = 900
