I have a Portmaster 2er with 2 5-BRI cards in them, ComOS3.3.3. I have a customer
attempting to dial into our dialup ISDN line with WinNT4.0 and a 3Com ISDN modem.
He connects, but apparently is not being authenticated. Our RADIUS server is
a SunOS 4.1.3_U1 machine running v2.0.1 of RADIUS. We can authenticate other
users, just not this guy.
Here's the decoded output from his login session (note - I changed the real PW
and the hex equivalent for security's sake!):
Found Livingston dump format
Received LCP_CONFIGURE_REQUEST on port S26 of 23 bytes containing:
01 01 00 1b 05 06 00 00 23 91 11 04 05 dc 13 0d
05 34 30 31 37 35 31 38 38 32 32
Fixed #bytes to match #found...
Recvd from port S26: 29 bytes LCP Request-1
Magic-Number = 0x00002391
MP-MRRU = 1500
MP-Endpoint-Disc = 0x0534303137353138383232
Sending LCP_CONFIGURE_REQUEST to port S26 of 29 bytes containing:
01 04 00 1d 05 06 d4 4f 91 0a 03 04 c0 23 11 04
06 1c 12 02 13 09 03 00 c0 05 01 15 ff
Sent to port S26: 31 bytes LCP Request-4
Magic-Number = 0xd44f910a
Authentication-Protocol = PAP
MP-MRRU = 1564
MP-Short-Seq-Num-Header
MP-Endpoint-Disc = 0x0300c0050115ff
Sending LCP_CONFIGURE_ACK to port S26 of 27 bytes containing:
02 01 00 1b 05 06 00 00 23 91 11 04 05 dc 13 0d
05 34 30 31 37 35 31 38 38 32 32
Sent to port S26: 29 bytes LCP Accept-1
Magic-Number = 0x00002391
MP-MRRU = 1500
MP-Endpoint-Disc = 0x0534303137353138383232
Received LCP_CONFIGURE_ACK on port S26 of 25 bytes containing:
02 04 00 1d 05 06 d4 4f 91 0a 03 04 c0 23 11 04
06 1c 12 02 13 09 03 00 c0 05 01 15 ff
Fixed #bytes to match #found...
Recvd from port S26: 31 bytes LCP Accept-4
Magic-Number = 0xd44f910a
Authentication-Protocol = PAP
MP-MRRU = 1564
MP-Short-Seq-Num-Header
MP-Endpoint-Disc = 0x0300c0050115ff
Skipping: S26: LCP Open
Received PAP_AUTH_REQ on port S26 of 20 bytes containing:
01 01 00 14 08 69 73 6c 61 6e 64 73 77 06 46 61
6b 65 50 57
Recvd from port S26: 22 bytes PAP Request-1
<islandsw>
<FakePW>
Sending PAP_AUTH_NAK to port S26 of 18 bytes containing:
03 01 00 12 0d 49 6e 76 61 6c 69 64 20 4c 6f 67
69 6e
Sent to port S26: 20 bytes PAP Refuse-1
<Invalid Login>
Received LCP_TERMINATE_REQUEST on port S26 of 4 bytes containing:
05 02 00 08 00 00 00 05
Fixed #bytes to match #found...
Recvd from port S26: 10 bytes LCP Term-Reqest-2 00 00 00 05
Sending LCP_TERMINATE_ACK to port S26 of 4 bytes containing:
06 05 00 04
Sent to port S26: 6 bytes LCP Term-Acknowlege-5
Skipping:
The login and password above are correct! When I telnet into the PM2, attach to
an open port and call the dialup ISDN number and enter the login and password,
I see the beginning of the PPP session!
Here's the relevant portion of the users file:
# ISDN customers. These have 2 entries each, the first is the correct one
# for the customer, the second is a rejection in case the 2 check items
# (password and port type) are not both matched. In such a case, RADIUS
# continues through the list looking for a match. If it weren't for the
# second line, the session would use the DEFAULT line, allowing access via
# the modem pool. Note that this isn't needed for any type of dialup customer
# since the DEFAULT forces use of an Async (modem) port.
# I don't know how islandsw will come in, so there's the ISDN and ISDN-V120
# Port-Types. Remove the one that's not used later...
islandsw Auth-Type = System, NAS-Port-Type = ISDN-V120
Port-Limit = 2,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.0
islandsw Auth-Type = System, NAS-Port-Type = ISDN
Port-Limit = 2,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.0
islandsw Auth-Type = Reject
Is it NT, the PM or RADIUS? (I'm betting NT - we've got 5 other ISDN dedicated
lines that connect to this box which authenticate fine, none of which are NT).
Any clues will be appreciated.
========================================================================
Joe Hartley - jh@brainiac.com - brainiac services, inc
PO Box 5069 : Greene, RI : 02827 - vox 401.539.9050 : fax 401.539.2070
Without deviation from the norm, "progress" is not possible. - FZappa