[Issues] [mod_auth_xradius 0000062]: patch for management of RAD_NAS_IDENTIFIER and RAD_NAS_IP_ADDRESS attributes

Mantis Bug Tracker issues at outoforder.cc
Mon Dec 15 05:15:26 EST 2008 

The following issue requires your FEEDBACK. 
====================================================================== 
http://issues.outoforder.cc/view.php?id=62 
====================================================================== 
Reported By:                Andy Igoshin
Assigned To:                
====================================================================== 
Project:                    mod_auth_xradius
Issue ID:                   62
Category:                   Apache Integration
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     feedback
Apache Version:             unspecified 
====================================================================== 
Date Submitted:             2006-05-27 07:37 EDT
Last Modified:              2008-12-15 05:15 EST
====================================================================== 
Summary:                    patch for management of RAD_NAS_IDENTIFIER and
RAD_NAS_IP_ADDRESS attributes
Description: 
patch for management of RAD_NAS_IDENTIFIER and RAD_NAS_IP_ADDRESS
attributes

====================================================================== 

---------------------------------------------------------------------- 
 (0000137) olv (reporter) - 2008-12-15 05:15
 http://issues.outoforder.cc/view.php?id=62#c137 
---------------------------------------------------------------------- 
Hi,

I am not to sure how to proceed with this as I am not a developper.

My radius request are always rejected because of the lack of the
NAS_IP_ADDRESS parameter which is mandatory in this configuration. I have
patched the sources with this patch to no avail, I am still getting
rejects from the server.
I have been looking (for *days*) for a solution and don't know what to do
anymore.

Here is the server log (before I patched the sources) :

12/12/2008 08:43:25
-----------------------------------------------------------
12/12/2008 08:43:25 Authentication Request
12/12/2008 08:43:25 Received From: ip=192.168.242.166 port=50854
12/12/2008 08:43:25 Packet : Code = 0x1 ID = 0x88
12/12/2008 08:43:25 Client Name = 192.168.242.166 Dictionary Name =
Radius.dct
12/12/2008 08:43:25 Vector =
12/12/2008 08:43:25 000: 4a065abe 8ba095e1 57a5bb74 6968f403
|J.Z.....W..tih..|
12/12/2008 08:43:25 Parsed Packet =
12/12/2008 08:43:25 Service-Type : Integer Value = 8
12/12/2008 08:43:25 NAS-Port-Type : Integer Value = 5
12/12/2008 08:43:25 User-Name : String Value = test.user
12/12/2008 08:43:25 NAS-Identifier : String Value = 192.168.242.166
12/12/2008 08:43:25 User-Password : Value =
12/12/2008 08:43:25 000: 2c89b29f 493143b8 765d1233 814b7e6d
|,...I1C.v].3.K~m|
12/12/2008 08:43:25
-----------------------------------------------------------
12/12/2008 08:43:25 Determining if this radius should act as a proxy
12/12/2008 08:43:25 Missing checklist attribute NAS-IP-Address for user
TEST.USER
12/12/2008 08:43:25 request items don't match user/profile items,
Rejecting

----------------------------------------------

Server log after patching :

Authentication Request
12/15/2008 09:27:11 Received From: ip=192.168.241.198 port=60054
12/15/2008 09:27:11 Packet : Code = 0x1 ID = 0x88
12/15/2008 09:27:11 Client Name = <ANY> Dictionary Name = Radius.dct
12/15/2008 09:27:11 Vector =
12/15/2008 09:27:11 000: 44724f5e 33be7b86 75c93934 796ee1e6
|DrO3.{.u.94yn..|
12/15/2008 09:27:11 Parsed Packet =
12/15/2008 09:27:11 Service-Type : Integer Value = 8
12/15/2008 09:27:11 NAS-Port-Type : Integer Value = 5
12/15/2008 09:27:11 User-Name : String Value = test.user
12/15/2008 09:27:11 User-Password : Value =
12/15/2008 09:27:11 000: 4bb87177 eaf775b6 d788e87b b38af1c3
|K.qw..u....{....|
12/15/2008 09:27:11 NAS-IP-Address : IPAddress = 0.0.0.0
12/15/2008 09:27:11 NAS-Identifier : String Value = 192.168.241.198
12/15/2008 09:27:11
-----------------------------------------------------------
12/15/2008 09:27:11 Determining if this radius should act as a proxy
12/15/2008 09:27:11 VASCO ERROR : (Code Replay Attempt).
12/15/2008 09:27:11 User test.user firmly rejected by Digipass auth
method
12/15/2008 09:27:11 Unable to find user test.user with matching password
12/15/2008 09:27:11
-----------------------------------------------------------
12/15/2008 09:27:11 Authentication Response (reject)
12/15/2008 09:27:11 Packet : Code = 0x3 ID = 0x88
12/15/2008 09:27:11 Vector =
12/15/2008 09:27:11 000: 3285b769 4248b517 0da02b08 fabee932
|2..iBH....+....2| 

now the NAS IP ADDRESS parameter is set to 0.0.0.0

The radtest CLI utility works perfectly with this same configuration from
the same computer.

This is not a simple issue to solve as I do not have access to server
(it's not mine). This configuration used to work with apache 1.3 +
mod_auth_radius and now the systems have been updated to apache 2.2 and
mod_auth_xradius.

My configuration :
OS : Gentoo
Apache 2.2.9
mod_auth_xradius 0.4.6 + patch

Do you have any hint to solve quickly this issue ? ..as this is blocking a
production application.

Thank you, best regards.

O.V. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2006-05-27 07:37 Andy Igoshin   New Issue                                    
2006-05-27 07:37 Andy Igoshin   File Added: mod_auth_xradius-0.4.6-ai.diff      
             
2006-05-27 07:37 Andy Igoshin   Apache Version            => unspecified     
2007-05-11 05:03 step           File Added: literotica.html                    
2008-12-15 05:15 olv            Note Added: 0000137                          
2008-12-15 05:15 olv            Status                   new => feedback     
======================================================================

More information about the Issues mailing list