Hi Hugh,
I jumped the gun.
Actually when passed zero radpwtst is sending an invalid size
MA(size=03). May be there is a bug in this utility. Please find attached
the logs.
Thanks & Regards,
. . . . Subash
Changing the Way We Live, Work, Play and Learn
-----Original Message-----
From: Hugh Irvine [mailto:[email protected]]
Sent: Wednesday, June 23, 2010 12:54 AM
To: Subash Comerica (subashtc)
Cc: [email protected]
Subject: Re: [RADIATOR] Radiator CoA
Hello Subash -
As mentioned in my previous email:
perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
Change-Filter-Request User-Name=whatever Message-Authenticator=xxxxx
.....
where "....." are whatever attributes your NAS equipment expects in this
type of request.
regards
Hugh
On 22 Jun 2010, at 14:38, Subash Comerica (subashtc) wrote:
> Hi Hugh,
> Sure I will get back with some logs for others reference/FAQ.
> How do I make radpwtst utility send the MA attribute?
>
> Thanks & Regards,
> . . . . Subash
> Changing the Way We Live, Work, Play and Learn
>
> -----Original Message-----
> From: Hugh Irvine [mailto:[email protected]]
> Sent: Tuesday, June 22, 2010 11:52 PM
> To: Subash Comerica (subashtc)
> Cc: [email protected]
> Subject: Re: [RADIATOR] Radiator CoA
>
>
> Hello Subash -
>
> The Message-Authenticator attribute is supported.
>
> If you find any problems let me know and I will get them fixed.
>
> And please let me know the results of your tests - I can add a FAQ
> item with your findings.
>
> regards
>
> Hugh
>
>
> On 22 Jun 2010, at 13:57, Subash Comerica (subashtc) wrote:
>
>> Hi Hugh,
>> Thanks. Any idea about the MA attribute? I will give this a shot.
>> How do I raise a bug on RADIATOR?
>>
>> Thanks & Regards,
>> . . . . Subash
>> Changing the Way We Live, Work, Play and Learn
>>
>> -----Original Message-----
>> From: Hugh Irvine [mailto:[email protected]]
>> Sent: Tuesday, June 22, 2010 11:09 PM
>> To: Subash Comerica (subashtc)
>> Cc: [email protected]
>> Subject: Re: [RADIATOR] Radiator CoA
>>
>>
>> Hello Subash -
>>
>> You can use the radpwtst utulity included with Radiator to generate
>> any RADIUS request, including Disconnect-Request and
> Change-Filter-Request.
>>
>> Something like this (using whatever attributes are required by your
>> NAS
>> equipment):
>>
>>
>> perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
>> Change-Filter-Request User-Name=whatever .....
>>
>>
>> Note that your NAS equipment must support and be configured for such
>> operation.
>>
>> hope that helps
>>
>> regards
>>
>> Hugh
>>
>>
>>
>>
>> On 22 Jun 2010, at 12:56, Subash Comerica (subashtc) wrote:
>>
>>> Hi All,
>>> I am trying to send a CoA message using Radiator. I tried
>> searching but couldn't find any documentation on how to do it.
>>> Can somebody please point me to any documentation?
>>> Does Radiator CoA support Message Authenticator as well?
>>>
>>> Thanks & Regards,
>>> . . . . Subash
>>> Changing the Way We Live, Work, Play and Learn
>>> _______________________________________________
>>> radiator mailing list
>>> [email protected]
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
>> translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
> translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec), and DIAMETER
translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
[r...@eveready bin]# perl radpwtst -noauth -noacct -s 9.27.101.8 -secret rad123
-code Change-Filter-Request User-Name=whatever Message-Authenticator=0 -trace 5
-auth_port 1700
Wed Jun 23 09:56:26 2010: DEBUG: Reading dictionary file
'/etc/radiator/dictionary'
sending Change-Filter-Request...
Wed Jun 23 09:56:26 2010: DEBUG: Packet dump:
*** Sending to 9.27.101.8 port 1700 ....
Packet length = 48
2b ec 00 21 17 74 a3 d8 40 b7 b6 63 34 4b c6 44
d3 a4 80 1e 01 0a 77 68 61 74 65 76 65 72 50 03
4f 4f 2b cc ab a4 0e 9e 55 1c e6 57 4b 4a 17 5a
Code: Change-Filter-Request
Identifier: 236
Authentic: <23>t<163><216>@<183><182>c4K<198>D<211><164><128><30>
Attributes:
User-Name = "whatever"
Message-Authenticator = 0
No reply
NAS Side Logs
=============
Router#
09:48:30: RADIUS: COA received from id 152 10.64.67.106:33149, CoA Request,
len 30
09:48:30: COA: 10.64.67.106 request queued
09:48:30: RADIUS: authenticator 6C C8 26 D0 95 C9 B0 55 - 86 E8 F8 6B D6 7D CF
59
09:48:30: RADIUS: User-Name [1] 10 "whatever"
09:48:30: ++++++ CoA Attribute List ++++++
09:48:30: 654568E0 0 00000009 username(365) 8 whatever
09:48:30:
09:48:30: COA: Added NACK Error Cause: Success
09:48:30: COA: Sending NAK from port 1700 to 10.64.67.106/33149
09:48:30: RADIUS: 101 6 000000C8COA: Received from 10.64.67.106 - un-sane
packet, invalid lengthCOA: Received from 10.64.67.106 - un-sane packet, invalid
length
Router#
09:52:09: RADIUS: COA received from id 115 10.64.67.106:33149, CoA Request,
len 30
09:52:09: COA: 10.64.67.106 request queued
09:52:09: RADIUS: authenticator 33 BA DD 8A 20 B3 7B DD - 1B FE CB E3 2C 80 13
60
09:52:09: RADIUS: User-Name [1] 10 "whatever"
09:52:09: ++++++ CoA Attribute List ++++++
09:52:09: 6527FC0C 0 00000009 username(365) 8 whatever
09:52:09:
09:52:09: COA: Added NACK Error Cause: Success
09:52:09: COA: Sending NAK from port 1700 to 10.64.67.106/33149
09:52:09: RADIUS: 101 6 000000C8COA: Received from 10.64.67.106 - un-sane
packet, invalid length
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
