(ASCEND) MAX TNT and Merit problem

To: ascend-users@max.bungi.com
Subject: (ASCEND) MAX TNT and Merit problem
From: "Marcelo L. Rodrigues" <marcelo@cernet.com.br>
Date: Thu, 5 Aug 1999 17:56:38 -0300
CC: ricardo@cernet.com.br
In-reply-to: <199908040545.WAA11791@max.bungi.com>
Priority: normal
Reply-to: marcelo@cernet.com.br
Sender: owner-ascend-users@max.bungi.com
Hi, 

I have a free Merit RADIUS running and authenticating correcly with Lucent's 
PM4s. I am now trying to make a MAX TNT to authenticate on it, but up to now  
no sucess.

I am testing it telneting to the MAX TNT and using, as a user a name, a one 
that is valid to the Merit RADIUS server:

(tnt1.isptwo.com) Enter password:

User: mlrdo
Password:

The problem is that Merit RADIUS does not acknowledge - not even with an 
Invalid Login message.

Using TNT radif debbuging command I have:

RADIF: radius type Auth ID = 222
RADIF: authenticating <5:mlrdo> with PAP
RADIF 17:50:54> _radiusRequest: id 222, user name <6:mlrdo>
RADIF: _radiusReq: challenge len = <0>
RADIF: _radiusReq: socket 6 len 62 ipaddr 200.219.192.104 port 65534->1645
RADIF:_radiusReq: id 222 <6:mlrdo>, starting timer (10 sec)
RADIF 17:51:04> Timeout: retry #1 of 3, id 222 <mlrdo>
RADIF 17:51:04> _radiusRequest: id 222, user name <6:mlrdo>
RADIF: _radiusReq: challenge len = <0>
RADIF: _radiusReq: socket 6 len 62 ipaddr 201.19.19.238 port 65534->1645
RADIF:_radiusReq: id 222 <6:mlrdo>, starting timer (10 sec)
RADIF 17:51:14> Timeout: retry #2 of 3, id 222 <mlrdo>
RADIF 17:51:14> _radiusRequest: id 222, user name <6:mlrdo>
RADIF: _radiusReq: challenge len = <0>
RADIF: _radiusReq: socket 6 len 62 ipaddr 201.19.19.238 port 65534->1645
RADIF:_radiusReq: id 222 <6:mlrdo>, starting timer (10 sec)
RADIF 17:51:24> Timeout: retry #3 of 3, id 222 <mlrdo>
RADIF 17:51:24> _radiusRequest: id 222, user name <6:mlrdo>
RADIF: _radiusReq: challenge len = <0>
RADIF: _radiusReq: socket 6 len 62 ipaddr 201.19.19.238 port 65534->1645
RADIF:_radiusReq: id 222 <6:mlrdo>, starting timer (10 sec)
RADIF 17:51:34> Timeout, 3 retries, id 222, <mlrdo>
RADIF:_freeInfoClassSess

I've more than double checked the RADIUS key (both: the TNT configuration and 
the CLIENTS file into the Merit RADIUS).

I've tried to test the MAX TNT using a Cistron RADIUS and it worked fine. So I 
believe that it is a Merit RADIUS configuration problem.

Also, using the radauth command works fine:

admin> radauth mlrdo abc123
RADIF: radius type Auth ID = 223
RADIF: authenticating <4:mlrdo> with PAP
RADIF 18:01:35> _radiusRequest: id 223, user name <5:mlrdo>
RADIF: _radiusReq: socket 6 len 52 ipaddr 201.19.19.238 port 65534->1645
RADIF:_radiusReq: id 223 <5:mlrdo>, starting timer (10 sec)
...radauth request queued, awaiting response
admin> RADIF: _radCallback: buf=101B40A0 from 201.19.19.238 1645
RADIF: _radCallback, authcode = 2, id 223
RADIF: _radCallback: id 223, killing timer
RADIF: Authentication Ack
RADIF: attribute 11, len 7, 75 6e 6c 69
RADIF: attribute 62, len 6, 00 00 00 01
RADIF: attribute 6, len 6, 00 00 00 02
RADIF: attribute 7, len 6, 00 00 00 01
RADIF: attribute 9, len 6, ff ff ff ff
RADIF: attribute 10, len 6, 00 00 00 00
RADIF: attribute 12, len 6, 00 00 05 dc
RADIF: attribute 28, len 6, 00 00 0e 10
RADIF: attribute 13, len 6, 00 00 00 01
radauth: 2
RADIF:_freeInfoClassSess


On the Merit RADIUS side I have this output:

>> dict_init: entered
>> reconfig: entered
>> init_fsm: entered
>> using built-in standard FSM table
>> rad_fsminit: entered
>> 
>> State  Event                 Action        Next State Value String
>> -----  --------------------  ------------  ---------- ----- ------
>> 
>> 
>>   0   [254,*            , 8] AUTHENTICATE      1         0  ''
>>   0   [254,*            ,14] AUTHENTICATE      1         0  ''
>>   0   [254,*            , 9] ACCT              2         0  ''
>>   0   [254,*            ,13] SRV_STATUS        3         0  ''
>>   0   [254,*            ,-1] REPLY           255         0  ''
>> 
>>   1   [  0,AUTHENTICATE , 0] REPLY             4         0  ''
>>   1   [  0,AUTHENTICATE ,-1] REPLY             4         0  ''
>> 
>>   2   [  0,ACCT         , 0] REPLY             4         0  ''
>> 
>>   3   [  0,SRV_STATUS   , 0] REPLY             4         0  ''
>> 
>>   4   [254,*            , 6] NULL            255         0  ''
>> 
>> 
>> State  State Name     Number Flag
>> -----  -------------- ------ ----
>> 
>>   0    START            0    ST_DEFINED
>>   1    AUTHWAIT         1    ST_DEFINED
>>   2    ACCTWAIT         2    ST_DEFINED
>>   3    MGTWAIT          3    ST_DEFINED
>>   4    HOLD             4    ST_DEFINED
>> 
>> init_fsm: FSM defined with 5 states from built-in standard FSM table
>> rad_fsminit: entered
>> 
>> State  Event                 Action        Next State Value String
>> -----  --------------------  ------------  ---------- ----- ------
>> 
>> 
>>   0   [254,*            , 4] REDO            253         0  ''
>>   0   [254,*            , 3] LOG             255         0  ''
>>   0   [254,*            , 6] TIMEOUT         255         0  ''
>>   0   [254,*            , 7] NULL            255         0  ''
>> 
>> 
>> State  State Name     Number Flag
>> -----  -------------- ------ ----
>> 
>>   0    START            0    ST_DEFINED
>> 
>> config_files: entered
>> read_users: entered
>> read_auth: entered
>> init_aatvs: entered
>> rad_acct_init: entered
>> rad_init: entered
>> rad_reply_init: entered
>> rad_ipc_init: entered
>> rad_2rad_init: entered
>> stat_files: entered
>> Tue Aug  3 08:39:58 1999
>> : Debugging turned ON, Level 3
>> Version  2.4.21  sun sys5
>> Program = ../radiusd
>> child_end: entered
>> child_end: leaving routine
>> reply_timer: entered
>> rad_recv: entered
>> get_radrequest: entered
>> get_radrequest: Request from c8dbc639 (tnt1.isptwo.com[1804]) code
= 1, id = 131, len = 68
>> gen_valpairs: entered
>>     User-Name = "mlrdo"
>>     User-Password = "\352\333\241\264\304\360\263"
>>     NAS-IP-Address = "201.19.19.57"
>>     NAS-Port = 0
>>     NAS-Port-Type = Virtual
>>     Service-Type = Outbound
>> is_dup_request: entered
>> list_copy: entered
>> list_copy: copied 8 items
>> state_machine: entered: current state = 0  event = [254 RADIUS 14]
>> state_machine: decision: action = AUTHENTICATE  next_state = 1
>> call_action: AATV 'AUTHENTICATE', type 0, value 0 and ''
>> rad_authenticate: entered
>> user_find: entered
>> user_find: entered
>> list_copy: entered
>> list_copy: copied 0 items
>> list_copy: entered
>> list_copy: copied 3 items
>> Check items:
>> Reply items:
>>     Authentication-Type = Realm
>>     Filter-Id = "unlim"
>>     Port-Limit = 1
>> state_machine: after action: event = [0 AUTHENTICATE -1 ]
>> state_machine: decision: action = REPLY  next_state = 4
>> call_action: AATV 'REPLY', type 1, value 0 and ''
>> free_event_list: entered
>> protocol_check: entered
>> list_copy: entered
>> list_copy: copied 11 items
>> send_reply: entered: result = -1
>>     Reply-Message = "Authentication failure
>> "
>> send_reply: Authentication Reject for id 131 of type 1 to c8dbc639
(tnt1.isptwo.com)
>> record_event: event [1 'REPLY' 'REPLY'  PID = 0  0 '']
>> state_machine: after action: event = [1 REPLY 2 ]
>> state_machine: decision: action = NULL  next_state = 4
>> call_action: AATV 'NULL', type 0, value 0 and ''
>> state_machine: after action: event = [4 NULL 2 ]
>> state_machine: return from FSM -- nothing to do
>> reply_timer: entered
>> reply_timer: entered
>> rad_recv: entered



Marcelo L. Rodrigues
marcelo@cernet.com.br
+++++++++++++++++++++++++++++++++++++++++++++
Cernet Tecnologia e Sistemas Ltda.
Tel.: (011) 3061-3352
Fax: (011) 3061-3031

Lucent [RABU, WaveLAN, ITS, Cajun]
Argus
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>
Prev by Date: (ASCEND) Single Slot modem card power req?
Next by Date: Re: (ASCEND) Single Slot modem card power req?
Prev by thread: (ASCEND) ethernet port problems
Next by thread: (ASCEND) VERY IMPORTANT Announcement !
Index(es):
- Date
- Thread