Re: FW: Problems with Rads

Dale E. Reed Jr. ( (no email) )
Fri, 01 May 1998 22:29:30 -0700

Fox, Thomas wrote:
> The first thing appears to have solved it....
> What was the second?

Actually, they were the same thing, but one was the CHECK attribute
lines, and the second what that there was not a Framed-Address in
the reply list. The first was causing the second, but I wanted
to point out the reply list so you would look at it and note
the attributes going back from RadiusNT to the client.

> Thanks, Dale!
> On Friday, May 01, 1998 2:16 PM, Dale E. Reed Jr. []
> wrote:
> > Note two things. First, the Framed-Address and Idle-Timeout should
> > *NOT* be check attributes, but you have them confgiured as such. If
> > you look at the last four lines above, you'll note there is NOT
> > a Framed-Address attribute being returned to the RADIUS client (hence
> > the assigned address by default).
> >
> > Go into your RadConfigs table and double check the RadCheck column.
> > In almost ALL cases, unless the attribute is a check attribute (see
> > below) the column needs to NOT be a 1. If the column is a 1 for
> > that record, its a check attribute, not a reply attribute. For
> > a check attribute, RadiusNT will look for a matching attribute
> > in the authentication request and compare the two. If they don't
> > match, RadiusNT will reject the request (and put a check attribute
> > failur in the RadLogs for the user). Check attributes are *NOT*
> > sent in the list of reply attributes back to the NAS.

-- Dale E. Reed Jr.  (       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |