Re: ISDN user not being validated - solved!

Joe Hartley (jh@metheny.brainiac.com)
Fri, 8 Aug 1997 10:16:42 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephen Zedalis: "Re: are the 56K cards shipping or are they not ?"
Previous message: David Davies: "Re: are the 56K cards shipping or are they not ? (fwd)"
In reply to: MegaZone: "ISDN user not being validated (fwd)"

MegaZone <megazone@livingston.com> wrote:
> Once upon a time Joe Hartley shaped the electrons to say...
> >Received PAP_AUTH_REQ on port S26 of 20 bytes containing:
> >01 01 00 14 08 69 73 6c 61 6e 64 73 77 06 46 61
> >6b 65 50 57
> >Recvd from port S26: 22 bytes PAP Request-1
> > <islandsw>
> > <FakePW>
> >
> >Sending PAP_AUTH_NAK to port S26 of 18 bytes containing:
> >03 01 00 12 0d 49 6e 76 61 6c 69 64 20 4c 6f 67
> >69 6e
> >Sent to port S26: 20 bytes PAP Refuse-1
> > <Invalid Login>
>
> Can you get the RADIUS debug when this happens. Looks like RADIUS is
> telling us NO.

RADIUS debug? *smack* I knew I forgot something :) Here 'tis:
Fri Aug 8 09:36:48 1997: [6622] radrecv: Request from host 205.181.197.2 code=1, id=21, length=78
Fri Aug 8 09:36:48 1997: [6622] User-Name = "islandsw"
Fri Aug 8 09:36:48 1997: [6622] Password = "\015f-x\240\010wX#g\006\241\200\360`W"
Fri Aug 8 09:36:48 1997: [6622] NAS-IP-Address = 205.181.197.2
Fri Aug 8 09:36:48 1997: [6622] NAS-Port = 26
Fri Aug 8 09:36:48 1997: [6622] NAS-Port-Type = ISDN
Fri Aug 8 09:36:48 1997: [6622] Service-Type = Framed-User
Fri Aug 8 09:36:48 1997: [6622] Framed-Protocol = PPP
Fri Aug 8 09:36:48 1997: [6655] Sending Reject of id 21 to dod (205.181.197.2)

Not very helpful, except to say it's not authenticating.

BUT!!!!! I noticed that we get a regular ISDN link, so I removed the ISDN-V120
entry from the users table; that is, we went from this:

>islandsw Auth-Type = System, NAS-Port-Type = ISDN-V120
> Port-Limit = 2,
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255
>islandsw Auth-Type = System, NAS-Port-Type = ISDN
> Port-Limit = 2,
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255
>islandsw Auth-Type = Reject

to this:

>islandsw Auth-Type = System, NAS-Port-Type = ISDN
> Port-Limit = 2,
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255
>islandsw Auth-Type = Reject

And it works!! Don't ask me why - the entry seems to be OK according to the docs-
if the first match doesn't authenticate, it passes to the next match, until finally
it gets to the DEFAULT. In theory, it should have worked fine with the first
version, but it didn't, and didn't seem to match the 2nd, either.

I'll drop a line to support to clear the ticket I have open, and maybe see if
this is a bug worth reporting.

========================================================================
Joe Hartley - jh@brainiac.com - brainiac services, inc
PO Box 5069 : Greene, RI : 02827 - vox 401.539.9050 : fax 401.539.2070
Without deviation from the norm, "progress" is not possible. - FZappa

Next message: Stephen Zedalis: "Re: are the 56K cards shipping or are they not ?"
Previous message: David Davies: "Re: are the 56K cards shipping or are they not ? (fwd)"
In reply to: MegaZone: "ISDN user not being validated (fwd)"