RE: [Emerald] Radius junk logins from Ascend MAX 4000

Dale E. Reed Jr. ( (no email) )
Tue, 9 Jul 2002 09:55:26 -0700

> Output from radius -x15 -X.
>
> radrecv: Request from host d8409a02 code=1, id=173, length=70 01 ad 00
> 46 ef e1 e0 2d 7f e2 ae da 23 91 a7 06 93 d1 aa 32
> Packet Information: 50 bytes:
> 01 11 69 6e 69 74 69 61 6c 2d 62 61 6e 6e 65 72 00 02 09 00 c5 26 63 2a
> c3 8a 04 06 d8 40 9a 02 05 06 00 00 00 00 3d 06 00 00 00 05 06 06 00 00
> 00 05
>
>
> radrecv: Request from host d8409a02 code=1, id=173, length=70
> User-Name = "initial-banner"
> Password = ""
> Authenticate: from sellstoua-rtr2.toua.net - Invalid Password Length
> Request from sellstoua-rtr2.toua.net - Malformed Packet
> Resp Time: 31 Auth: 0/0 -> 0 Acct: 0/0/0 -> 0

If you break down the password, you'll see its:

02 09 00 c5 26 63 2a c3 8a

The 02 is the RADIUS Password Attribute ID
09 is the total length of the data (plus 2)
The "00 c5 26 63 2a c3 8a" is the password. But it begins with a
NULL and it why RadiusNT says its zero length. If I remember right,
the Ascend should always send "Ascend" as the password for the
psuedo user profiles.

This is from the latest TAOS documentation on how to disable the
psuedo profiles:

--------------------------------------
Limiting excess RADIUS traffic

If you do not use RADIUS pseudo-user profiles, you can direct the
TAOS unit to not send requests for pseudo-user information.

CLI configuration

To prevent the TAOS unit from sending requests for the configuration
information stored in
pseudo-user profiles, set Allow-Extern-Config-Rqsts to No in the
Rad-Auth-Client subprofile
of the External-Auth profile.

VT100 configuration

To prevent the TAOS unit from sending requests for the configuration
information stored in
pseudo-user profiles, set Allow-Extern-Config-Rqsts to No in the Ethernet >
Mod Config >
Auth menu.
--------------------------------------

Dale

------------

This is a user supported list. If you require assistance from IEA Software's
Support Engineers, please check out our Support resources at
http://www.iea-software.com/support.

For more information about this list (including removal) go to:
http://www.iea-software.com/support/maillists/liststart