POD not work with radclient

Stephan Jaeger stephan.jaeger at ewetel.de
Fri May 11 11:17:47 CEST 2007


Am Mittwoch, den 28.03.2007, 14:30 +0100 schrieb satish patel:

> why user not disconnect from NAS  but user still login on NAS ?????

Maybe you've been hit by this bug?

http://www.cisco.com/en/US/products/hw/routers/ps133/prod_release_note09186a0080346996.html

CSCee16150


Previously, the router did not respond to valid packet of disconnect
(PoD) packets by disconnecting the user. Instead, the router returned a
RADIUS-format packet with a Code of Disconnect-Request-NAKed (42 in
decimal) and a Reply-Message attribute with a value set to the string
"No Matching Session." This problem occurred when you used PoD to
disconnect users, and have aaa pod server ... auth-type all ...
configured, and used a PoD server that included an exact copy of RADIUS
attribute 151 from an earlier accounting request in the PoD packet. 


In RADIUS accounting packets, Cisco IOS generates attribute 151 values
as a string of hexadecimal digits, corresponding to a 32-bit integer.
When running an IOS version affected by this bug, the router IOS expects
a copy of that 32-bit unsigned integer as a 32-bit unsigned integer,
rather than as a string of ASCII characters representing a hexadecimal
number. In Cisco IOS versions where the fix for this bug has been
integrated, Cisco IOS will accept either the string which IOS sent out,
or the 32-bit unsigned integer which unfixed versions accept.


Regards

Stephan





More information about the Freeradius-Users mailing list