Re: Need help with IPASS and ServerAccess

Mourad Dahoumane ( (no email) )
Mon, 3 Aug 1998 22:19:32 +0200

I also use Ipass and I have the same problem
It seems Emerald/radius doesn't recognise this kind of virtual port.
also you can't assign an ip pool to this vnas and you never know which ip
address
will your roaming users have.

Mourad Dahoumane
Connexion Interway

-----Original Message-----
From: David Niblett <niblettda@gru.com>
To: 'radiusnt@iea-software.com' <radiusnt@iea-software.com>
Date: 03 August 1998 20:34
Subject: Need help with IPASS and ServerAccess

>I am trying to set up so that I can use the ServerAccess feature of
RadiusNT
>v2.5
>I've got the authentication working just fine from my TNT's and MAX's. The
>problem
>I am facing is with IPASS.
>
>When I user 'check-vnas' with a known working username and password this
is
>the
>response I get back.
>
>-----
>radrecv: Request from host cf168e05 code=1, id=15, length=73
> User-Name = "ipasstest"
> Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"
>Received unknown attribute 32
> NAS-Port = 1
>rad_authenticate_ODBC()
> Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"
>
> SQL Statement: Select DateDiff(Minute, GetDate(), DateAdd(Day,
>(ma.Extension+ma
>.OverDue+1), maExpireDate)), DateDiff(Minute, GetDate(), DateAdd(Day,
>sa.Extensi
>on+1, saExpireDate)), sa.AccountID, sa.AccountType, sa.Password, sa.Login,
>sa.Sh
>ell, sa.LoginLimit From MasterAccounts ma, SubAccounts sa Where
>(sa.Login='ipas
>stest' or sa.Shell='ipasstest') AND ma.CustomerID=sa.CustomerID and
>sa.Active<>0
> and ma.Active<>0
>
> Decrypted Password: <secret>
> Database Password: <secret>
>Checking for duplicate logins.
>
> SQL Statement: RadCheckOnline 'ipasstest'
>
> ipasstest found on-line 0 time(s).
>Checking for port access.
>Incomplete authentication record. ServerAccess not possible.
>Sending Reject of id 15 to cf168e05 (grucom2.gru.net)
>User: ipasstest Time Access denied
>User: ipasstest Time Access denied
> SQL Statement: INSERT INTO RadLogs(RadLogMsgID, LogDate, Username, Data)
> VALUE
>S (16, GetDate(), 'ipasstest', 'Server:Unknown Port:1 (No Access)')
>
>
>Resp Time: 261 Auth: 0/1 -> 1 Acct: 0/0/0 -> 0
>-----
>
>My main concern is the 'Received unknown attribute 32'. I added in the
>Servers table the entry for the machine that IPASS is running on. Then
>added the entry into ServerPorts and lastly ServerAccess.
>
>However, the best I can tell is that attribute 32 is 'NAS-IP-Address'. I
>checked
>what a normal record looks like and it uses attribute 4, 'NAS-Identifier.'
>RadCheckAccess is never called in this case since it would appear that the
>record is not right.
>
>So what I did was define attribute 32 in the tables and then I got this:
>-----
>radrecv: Request from host cf168e05 code=1, id=120, length=73
> User-Name = "ipasstest"
> Password = "pB\325L\264\244\005\025\212\373T'6\200\351\263"
> NAS-IP-Address = "i-Pass VNAS"
> NAS-Port = 1
>rad_authenticate_ODBC()
>Calc_digest: from 207.22.142.5, ID 120 : Request from Unknown Client
>
>rad_auth() calc_digest ret'd error
>Authenticate: from 207.22.142.5 - Security Breach: ipasstest
>-----
>
>Needless to say, I'm very confused. Any thoughts or help on this would
>be greatly appreciated.
>
>The statistics are as follows:
>IPASS version 3.1 (latest)
>RadiusNT version 2.5.110
>NT v4.0
>
>Thanks!
>
>--
>David A. Niblett | Email: niblettda@gru.com
>Systems Programmer | Phone: (352) 334-3400
>Gainesville Regional Utilities | Web: http://www.gru.com/
>
>