Re: NT Radius and Livingston Radius

Dale E. Reed Jr. ( (no email) )
Wed, 18 Jun 1997 00:13:44 -0700

Dale E. Reed Jr. wrote:
> > Just set up NT Radius client. It works with my
> > Shiva Radius server but not my Livingston Radius
> > server. Turns out NT Radius puts the challange in
> > CHAP-Challange attribute #60 and this is not
> > defined in Livingston dictionary. Putting it in
> > dictionary doesn't help because livingston
> > doesn't do anything with it. RFC says this
> > should be supported.
> >
> > Anyone run into same problem?
> I added (atleast my interpretation of) the RFC attribute
> 60 last night to RadiusNT and still couldn't get the
> MS RAS RADIUS client to work with RadiusNT. My CHAP
> encryption never matched that of what RadiusNT received.

My mistake on the above. Digging a little deeper, I found the
problem with it (I has something backwards). I was able to
get new code for RadiusNT 2.2 to work with the Windows NT
RADIUS client. Thats the good news. The bad news is it looks
like the accounting is pretty bad. For example, here is an
accounting pair:

radrecv: Request from host cf358111 code=4, id=5, length=69
Acct-Status-Type = Start
User-Name = "user"
CHAP-Challenge =
Challenge-Response = "\002o\374R;\2120\034\003X\312\002?\2145\356t"

radrecv: Request from host cf358111 code=4, id=6, length=69
Acct-Status-Type = Stop
User-Name = "user"
CHAP-Challenge =
Challenge-Response = "\002o\374R;\2120\034\003X\312\002?\2145\356t"

Now thats about useful. No NAS-Identifier, NAS-IPAddress, NAS-Port, or
NAS-Port-Type. Not even an Acct-SessionID or Acct-Session-Time, and
all that CHAP-CRAP doing in accounting?

Moral of the story: Stick with Livingston, the people who invented
and you'll be a much happier camper. :)

-- Dale E. Reed Jr.  (       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |