Mourad Dahoumane
Connexion Interway
-----Original Message-----
From: David Niblett <niblettda@gru.com>
To: 'radiusnt@iea-software.com' <radiusnt@iea-software.com>
Date: 03 August 1998 20:34
Subject: Need help with IPASS and ServerAccess
>I am trying to set up so that I can use the ServerAccess feature of
RadiusNT
>v2.5
>I've got the authentication working just fine from my TNT's and MAX's. The
>problem
>I am facing is with IPASS.
>
>When I user 'check-vnas' with a known working username and password this
is
>the
>response I get back.
>
>-----
>radrecv: Request from host cf168e05 code=1, id=15, length=73
> User-Name = "ipasstest"
> Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"
>Received unknown attribute 32
> NAS-Port = 1
>rad_authenticate_ODBC()
> Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"
>
> SQL Statement: Select DateDiff(Minute, GetDate(), DateAdd(Day,
>(ma.Extension+ma
>.OverDue+1), maExpireDate)), DateDiff(Minute, GetDate(), DateAdd(Day,
>sa.Extensi
>on+1, saExpireDate)), sa.AccountID, sa.AccountType, sa.Password, sa.Login,
>sa.Sh
>ell, sa.LoginLimit From MasterAccounts ma, SubAccounts sa Where
>(sa.Login='ipas
>stest' or sa.Shell='ipasstest') AND ma.CustomerID=sa.CustomerID and
>sa.Active<>0
> and ma.Active<>0
>
> Decrypted Password: <secret>
> Database Password: <secret>
>Checking for duplicate logins.
>
> SQL Statement: RadCheckOnline 'ipasstest'
>
> ipasstest found on-line 0 time(s).
>Checking for port access.
>Incomplete authentication record. ServerAccess not possible.
>Sending Reject of id 15 to cf168e05 (grucom2.gru.net)
>User: ipasstest Time Access denied
>User: ipasstest Time Access denied
> SQL Statement: INSERT INTO RadLogs(RadLogMsgID, LogDate, Username, Data)
> VALUE
>S (16, GetDate(), 'ipasstest', 'Server:Unknown Port:1 (No Access)')
>
>
>Resp Time: 261 Auth: 0/1 -> 1 Acct: 0/0/0 -> 0
>-----
>
>My main concern is the 'Received unknown attribute 32'. I added in the
>Servers table the entry for the machine that IPASS is running on. Then
>added the entry into ServerPorts and lastly ServerAccess.
>
>However, the best I can tell is that attribute 32 is 'NAS-IP-Address'. I
>checked
>what a normal record looks like and it uses attribute 4, 'NAS-Identifier.'
>RadCheckAccess is never called in this case since it would appear that the
>record is not right.
>
>So what I did was define attribute 32 in the tables and then I got this:
>-----
>radrecv: Request from host cf168e05 code=1, id=120, length=73
> User-Name = "ipasstest"
> Password = "pB\325L\264\244\005\025\212\373T'6\200\351\263"
> NAS-IP-Address = "i-Pass VNAS"
> NAS-Port = 1
>rad_authenticate_ODBC()
>Calc_digest: from 207.22.142.5, ID 120 : Request from Unknown Client
>
>rad_auth() calc_digest ret'd error
>Authenticate: from 207.22.142.5 - Security Breach: ipasstest
>-----
>
>Needless to say, I'm very confused. Any thoughts or help on this would
>be greatly appreciated.
>
>The statistics are as follows:
>IPASS version 3.1 (latest)
>RadiusNT version 2.5.110
>NT v4.0
>
>Thanks!
>
>--
>David A. Niblett | Email: niblettda@gru.com
>Systems Programmer | Phone: (352) 334-3400
>Gainesville Regional Utilities | Web: http://www.gru.com/
>
>