Need help with IPASS and ServerAccess

David Niblett ( niblettda@gru.com )
Mon, 3 Aug 1998 14:33:50 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Postman Account: "RadiusNT and SQL Questions"
Next message: Mike Roberts: "RE: RadiusNT and the SAM"
Next in thread: Webmaster: "Re: Need help with IPASS and ServerAccess"

I am trying to set up so that I can use the ServerAccess feature of RadiusNT
v2.5
I've got the authentication working just fine from my TNT's and MAX's. The
problem
I am facing is with IPASS.

When I user 'check-vnas' with a known working username and password this is
the
response I get back.

-----
radrecv: Request from host cf168e05 code=1, id=15, length=73
User-Name = "ipasstest"
Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"
Received unknown attribute 32
NAS-Port = 1
rad_authenticate_ODBC()
Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"

SQL Statement: Select DateDiff(Minute, GetDate(), DateAdd(Day,
(ma.Extension+ma
..OverDue+1), maExpireDate)), DateDiff(Minute, GetDate(), DateAdd(Day,
sa.Extensi
on+1, saExpireDate)), sa.AccountID, sa.AccountType, sa.Password, sa.Login,
sa.Sh
ell, sa.LoginLimit From MasterAccounts ma, SubAccounts sa Where
(sa.Login='ipas
stest' or sa.Shell='ipasstest') AND ma.CustomerID=sa.CustomerID and
sa.Active<>0
and ma.Active<>0

Decrypted Password: <secret>
Database Password: <secret>
Checking for duplicate logins.

SQL Statement: RadCheckOnline 'ipasstest'

ipasstest found on-line 0 time(s).
Checking for port access.
Incomplete authentication record. ServerAccess not possible.
Sending Reject of id 15 to cf168e05 (grucom2.gru.net)
User: ipasstest Time Access denied
User: ipasstest Time Access denied
SQL Statement: INSERT INTO RadLogs(RadLogMsgID, LogDate, Username, Data)
VALUE
S (16, GetDate(), 'ipasstest', 'Server:Unknown Port:1 (No Access)')

Resp Time: 261 Auth: 0/1 -> 1 Acct: 0/0/0 -> 0
-----

My main concern is the 'Received unknown attribute 32'. I added in the
Servers table the entry for the machine that IPASS is running on. Then
added the entry into ServerPorts and lastly ServerAccess.

However, the best I can tell is that attribute 32 is 'NAS-IP-Address'. I
checked
what a normal record looks like and it uses attribute 4, 'NAS-Identifier.'
RadCheckAccess is never called in this case since it would appear that the
record is not right.

So what I did was define attribute 32 in the tables and then I got this:
-----
radrecv: Request from host cf168e05 code=1, id=120, length=73
User-Name = "ipasstest"
Password = "pB\325L\264\244\005\025\212\373T'6\200\351\263"
NAS-IP-Address = "i-Pass VNAS"
NAS-Port = 1
rad_authenticate_ODBC()
Calc_digest: from 207.22.142.5, ID 120 : Request from Unknown Client

rad_auth() calc_digest ret'd error
Authenticate: from 207.22.142.5 - Security Breach: ipasstest
-----

Needless to say, I'm very confused. Any thoughts or help on this would
be greatly appreciated.

The statistics are as follows:
IPASS version 3.1 (latest)
RadiusNT version 2.5.110
NT v4.0

Thanks!

--David A. Niblett		 | Email: niblettda@gru.comSystems Programmer		 | Phone: (352) 334-3400Gainesville Regional Utilities | Web: http://www.gru.com/

Previous message: Postman Account: "RadiusNT and SQL Questions"
Next message: Mike Roberts: "RE: RadiusNT and the SAM"
Next in thread: Webmaster: "Re: Need help with IPASS and ServerAccess"