[VPN] VPN3000 RADIUS authentication

Yang Lee ylee at net50.com
Tue Nov 12 13:11:08 EST 2002 

Do you get any other error messages when restarting DCT radiusd? I'm
assuming if there are formating errors in the dictionary file, the radiusd
will complain about them when loading them.

I didn't use DCT radiusd before. So I don't have knowledge about the real
cause of your problem. But if I'm in your situation, I'll try to
contact the vendor support to find out the meaning of the error
messages. I'll also download
a copy of free Radius http://www.freeradius.org/, loading the same
dictionary, and do a comparison test. 

Thanks and regards,


############################################
#Yang Lee                                  #
#Sr. Engineer, Net2phone                   #
#Tel. 973-438-3836                         #
#Email. ylee at net2phone.com                 #
#                                          #
#                                          #
#Disclaimer:                               #
#My opinion here does not represent my     #
#employer's in any way                     #
#                                          #
############################################

On Tue, 12 Nov 2002, kazuki kamiya wrote:

> 
> Thank you for your reply.
> 
> I added the VPN300 VSA's to dictinary file and tested authentication,
> but error occured.
> 
> ------------------------------------------------------------------------
> Nov 12 18:28:38.467 radiusd[1329] check_packet: attribute
> CVPN3000-Simultaneous-Logins
>  has bad length (18)
> Nov 12 18:28:38.467 radiusd[1329] handle_radius_request: invalid radius
> packet
> ------------------------------------------------------------------------
> 
> Does this error message mean the RADIUS which I'm using do not support long
> attribute like
> "CVPN3000-Simultaneous-Logins"?
> 
> I 'm using Ascend Base RADIUS.(DCT RADIUS).
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: vpn-admin at lists.shmoo.com [mailto:vpn-admin at lists.shmoo.com]On
> Behalf Of Yang Lee
> Sent: Monday, November 11, 2002 9:48 AM
> To: kazuki kamiya; vpn at lists.shmoo.com
> Subject: RE: [VPN] VPN3000 RADIUS authentication
> 
> 
> Hi Kazuki,
> 
> From the radiusd log file you provided, it seems like the radiusd server
> needs more attribute definition for the VPN3000 client:
> 
> ------------------------------------------------------------------------
> 	Nov 8 18:48:12.232 radiusd[1160] Authenticate:IINTERNAL: No Valid
> 	Reply Attribute for rad : 192.168.2.1.1025, id=4
> ------------------------------------------------------------------------
> 
> You may need to add Cisco VPN3000 radius attributes into your dictionary.
> Please contact Cisco TAC for the dictionary definition file.
> 
> Hope this help,
> 
> Regards,
> 
> -Yang Lee
> -----Original Message-----
> From: vpn-admin at lists.shmoo.com [mailto:vpn-admin at lists.shmoo.com]On Behalf
> Of kazuki kamiya
> Sent: Friday, November 08, 2002 3:28 AM
> To: vpn at lists.shmoo.com
> Subject: [VPN] VPN3000 RADIUS authentication
> 
> 
> 
> Hi all
> 
> I'm trying VPN3000 to authenticate with Free RADIUS.
> But I have a trouble.
> Dose someone teach me what debug log mean,and what should
> I do?
> Should I add some attribute to dictionary file or users file ?
> 
> 
> RADIUS which I'm using is DTC RADIUS(Based on Ascend RADIUS).
> 
> 
> ####  Users file ##########################################
> rad	Password="rad"
> 
> 
> #### RADIUS debug log ###################################
>   request : User-Name ="rad"
>   request : Use-Password ="XXXXXX"
>   request : NAS-Port = 1009
>   request : Service-Type = Framed-User
>   request : Framed-Protocol = PPP
>   request : Tunnel-Client-Endpoint = " 172.16.1.100"
>   request : NAS-IP-Address = 192.168.2.1
>   request : NAS-Port-Type = Virtual
>   user_parse : Password = "rad"
> Nov 8 18:48:12.232 radiusd[1160] Authenticate:IINTERNAL: No Valid
> Reply Attribute for rad : 192.168.2.1.1025, id=4
> Nov 8 18:48:12.251 radiusd[1160]send_reject:192.168.2.1.1024.id =1
> Nov 8 18:48:12.251 radiusd[1160]send_answer:Req IP = 192.168.2.1,
> NAS IP = 192.168.2.1]
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
> 
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
> 
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
>

More information about the VPN mailing list