Nokia IP 260 and User-Password
david.suarezdelis at telefonica.es
david.suarezdelis at telefonica.es
Thu Jun 21 11:04:10 CEST 2007
Greetings,
We are receiving the attached information from a Nokia IP 260 Firewall and
VPN appliance,
The Access-Request is processed by a Perl program (through rlm_perl), and
AR::RADIUSRequest is the class of objects that represent a generic RADIUS
packet (don't mind the empty attributes).
The password sent is 'AAAAAAAA' but we just get gibberish on our end (and
the tethereal capture also looks weird). The VPN is using PAP, as we are.
Any hints on what can be wrong? (shared key is okay on both sides, and no
other NAS is doing this weird thing). I'm thinking in some configuration
options that may be hurting with this NAS, but, frankly...
Server is 1.1.3 on a Debian 3.1 intel box.
Thanks for any help
david
PS- tethereal capture:
Frame 4 (101 bytes on wire, 101 bytes captured)
Arrival Time: Jun 21, 2007 10:32:18.545587000
Time delta from previous packet: 5.050255000 seconds
Time since reference or first frame: 10.108408000 seconds
Frame Number: 4
Packet Length: 101 bytes
Capture Length: 101 bytes
Protocols in frame: eth:ip:udp:radius
Ethernet II, Src: 00:17:cb:5a:81:7e, Dst: 00:11:0a:2f:61:3b
Destination: 00:11:0a:2f:61:3b (HewlettP_2f:61:3b)
Source: 00:17:cb:5a:81:7e (00:17:cb:5a:81:7e)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.235.236.14 (10.235.236.14), Dst Addr:
10.235.244.133 (10.235.244.133)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 87
Identification: 0x79dc (31196)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 55
Protocol: UDP (0x11)
Header checksum: 0x1350 (correct)
Source: 10.235.236.14 (10.235.236.14)
Destination: 10.235.244.133 (10.235.244.133)
User Datagram Protocol, Src Port: 2305 (2305), Dst Port: radius (1812)
Source port: 2305 (2305)
Destination port: radius (1812)
Length: 67
Checksum: 0xa4c4 (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x41 (65)
Length: 59
Authenticator: 0x9FE8712917FDD893EF8E416B424D0E89
Attribute value pairs
t:User Name(1) l:9, Value:"user1"
User-Name: un41814
t:User Password(2) l:18, Value:A0EB498C3FAD6541B06C0785F76F04C2
t:Service Type(6) l:6, Value:Login(1)
Service-Type: Login (1)
t:NAS IP Address(4) l:6, Value: xxx.xxx.xxx.xxx
Nas IP Address: xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)
PPS- Perl Data::Dumper dump:
User-Password = 'AAAAAAAA'
'REQUEST' => bless( {
'MODIFICATION_TIME' =>
'1182414728.493002',
'ATTR' => {
'Acct-Input-Octets' =>
'',
'NAS-Port-Type' => '',
'Acct-Session-Id' =>
'',
'Service-Type' =>
'Login-User',
'Called-Station-Id' =>
'',
'Client-IP-Address' =>
'10.235.236.14',
'Tunnel-Client-Endpoint' => '',
'Acct-Authentic' => '',
'Acct-Status-Type' =>
'',
'Acct-Output-Packets'
=> '',
'NAS-IP-Address' =>
'xxx.xxx.xxx.xxx',
'Acct-Output-Octets' =>
'',
'Acct-Tunnel-Client-Endpoint:0' => '',
'Acct-Terminate-Cause'
=> '',
'Acct-Session-Time' =>
'',
'Calling-Station-Id' =>
'',
'Framed-Protocol' =>
'',
'User-Name' => 'user1',
'User-Password' =>
'x\\264\\343\\023y\\232\\004\\211\\357\\333\\010\\214\\2163U\\217',
'Tunnel-Client-Endpoint:0' => '',
'Acct-Input-Packets' =>
'',
'Framed-IP-Address' =>
'',
'Class' => '',
'NAS-Port' => '',
'Acct-Delay-Time' => ''
},
'CREATION_TIME' =>
'1182414728.493002'
}, 'AR::RADIUSRequest' ),
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070621/df33bca3/attachment.html>
More information about the Freeradius-Users
mailing list