[ previous ] [ next ] [ threads ]
 
 From:  Andrew Hull <list at racc2000 dot com>
 To:  Jonathan De Graeve <Jonathan dot De dot Graeve at imelda dot be>, M0n0 Wall list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RADIUS Calling-Station-Id consistency
 Date:  Mon, 07 Nov 2005 16:27:05 -0500
Greetings,
Using the esteemed Mr De Graeve's latest image, I have discovered a 
slight inconsistency.
 
Assuming "Cisco functionality" is disabled, the Access Request (type 1) 
RADIUS packet sends Calling-Station-Id (31) as the client's MAC addy.
The Accounting Request (type 4) RADIUS packet (Acct-Status_Type (40) = 
Start) does not send Calling-Station-Id at all.
The Accounting Request (type 4) RADIUS packet (Acct-Status_Type (40) = 
End) sends Calling-Station-Id (31) as the client's IP addy.

See log snips below
 
I believe this small bit of inconsistency is relatively begin; I have 
discovered an instance where it is a problem...
 
My RADIUS server (Vircom's VOP (not VoIP) RADIUS) offers a security 
feature which treats Calling-Station-Id (31) as a "non-shareable 
resource." Basically, it checks and prevents different users logging in 
on the same calling station. Whenever I attempt to enable this feature, 
RADIUS gets mighty confused due (I believe) to this inconsistency.
 
Has anyone else encountered issues like this?
 
Jonathan -- is this something you could easily remedy?
 
thanks,
Andy

 
<Access Request snip>
(Debug   :03108) 11/7/2005 12:54:05 RECEIVED: 66.129.44.14, code=1 
(Access Request), id=250, len=96
        ( 61) NAS-Port-Type = 15 
        (  6) Service-Type = 1 Login-User
        (  4) NAS-IP-Address = [12]"192.168.5.10",\ 31 39 32 2E 31 36 38 
2E 35 2E 31 30 \
        (  1) User-Name = [5]"test2",\ 74 65 73 74 32 \
        (  2) Password = [16]"<encrypted>"
        ( 31) Calling-Station-Id = [17]"00:0f:b5:4d:93:f4",\ 30 30 3A 30 
66 3A 62 35 3A 34 64 3A 39 33 3A 66 34 \
        (  5) NAS-Port-Id = 7
<!Access Request snip>


<Accounting Start snip>
(Debug   :03108) 11/7/2005 12:54:06 RECEIVED: 66.129.44.14, code=4 
(Accounting Request), id=102, len=109
        (  6) Service-Type = 1 Login-User
        (  1) User-Name = [5]"test2",\ 74 65 73 74 32 \
        ( 32) Nas-Identifier = [26]"alnsn-hotspot.racc2000.com",\ 61 6C 
6E 73 6E 2D 68 6F 74 73 70 6F 74 2E 72 61 63 63 32 30 30 30 2E 63 6F 6D \
        (  5) NAS-Port-Id = 7 
        ( 61) NAS-Port-Type = 15 
        ( 40) Acct-Status-Type = 1 Start
        ( 45) Acct-Authentic = 1 RADIUS
        ( 44) Acct-Session-Id = [16]"13a05169c69ff918",\ 31 33 61 30 35 
31 36 39 63 36 39 66 66 39 31 38 \
        (  8) Framed-Address = 192.168.1.199
<!Accounting Start snip>


<Accounting Stop snip>
(Debug   :03108) 11/7/2005 12:54:49 RECEIVED: 66.129.44.14, code=4 
(Accounting Request), id=250, len=186
        (  6) Service-Type = 1 Login-User
        (  1) User-Name = [5]"test2",\ 74 65 73 74 32 \
        ( 32) Nas-Identifier = [26]"alnsn-hotspot.racc2000.com",\ 61 6C 
6E 73 6E 2D 68 6F 74 73 70 6F 74 2E 72 61 63 63 32 30 30 30 2E 63 6F 6D \
        (  5) NAS-Port-Id = 7 
        ( 61) NAS-Port-Type = 15 
        ( 40) Acct-Status-Type = 2 Stop
        ( 45) Acct-Authentic = 1 RADIUS
        ( 44) Acct-Session-Id = [16]"13a05169c69ff918",\ 31 33 61 30 35 
31 36 39 63 36 39 66 66 39 31 38 \
        ( 49) Acct-Terminate-Cause = 1 User-Request
        ( 46) Acct-Session-Time = 43 
        ( 42) Acct-Input-Octets = 11811 
        ( 47) Acct-Input-Packets = 88 
        ( 52)  = [4]"....",\ 00 00 00 00 \
        ( 43) Acct-Output-Octets = 59347 
        ( 48) Acct-Output-Packets = 82 
        ( 53)  = [4]"....",\ 00 00 00 00 \
        ( 30) Called-Station-Id = [12]"192.168.5.10",\ 31 39 32 2E 31 36 
38 2E 35 2E 31 30 \
        ( 31) Calling-Station-Id = [13]"192.168.1.199",\ 31 39 32 2E 31 
36 38 2E 31 2E 31 39 39 \
        (  8) Framed-Address = 192.168.1.199
<!Accounting Stop snip>