[ previous ] [ next ] [ threads ]
 
 From:  "Jason Brunk" <jbrunk at wthosting dot com>
 To:  "'Andrew Hull'" <list at racc2000 dot com>, "'Jonathan De Graeve'" <Jonathan dot De dot Graeve at imelda dot be>, "'M0n0 Wall list'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] RADIUS Calling-Station-Id consistency
 Date:  Mon, 7 Nov 2005 18:31:02 -0500
I noticed this last night myself.  I am not getting called or calling
station ids at all.  I am trying to figure out how to get calling and called
station ids to both be mac addresses.

Jason 

-----Original Message-----
From: Andrew Hull [mailto:list at racc2000 dot com] 
Sent: Monday, November 07, 2005 4:27 PM
To: Jonathan De Graeve; M0n0 Wall list
Subject: [m0n0wall] RADIUS Calling-Station-Id consistency

Greetings,
Using the esteemed Mr De Graeve's latest image, I have discovered a slight
inconsistency.
 
Assuming "Cisco functionality" is disabled, the Access Request (type 1)
RADIUS packet sends Calling-Station-Id (31) as the client's MAC addy.
The Accounting Request (type 4) RADIUS packet (Acct-Status_Type (40) =
Start) does not send Calling-Station-Id at all.
The Accounting Request (type 4) RADIUS packet (Acct-Status_Type (40) =
End) sends Calling-Station-Id (31) as the client's IP addy.

See log snips below
 
I believe this small bit of inconsistency is relatively begin; I have
discovered an instance where it is a problem...
 
My RADIUS server (Vircom's VOP (not VoIP) RADIUS) offers a security feature
which treats Calling-Station-Id (31) as a "non-shareable resource."
Basically, it checks and prevents different users logging in on the same
calling station. Whenever I attempt to enable this feature, RADIUS gets
mighty confused due (I believe) to this inconsistency.
 
Has anyone else encountered issues like this?
 
Jonathan -- is this something you could easily remedy?
 
thanks,
Andy

 
<Access Request snip>
(Debug   :03108) 11/7/2005 12:54:05 RECEIVED: 66.129.44.14, code=1 
(Access Request), id=250, len=96
        ( 61) NAS-Port-Type = 15 
        (  6) Service-Type = 1 Login-User
        (  4) NAS-IP-Address = [12]"192.168.5.10",\ 31 39 32 2E 31 36 38 2E
35 2E 31 30 \
        (  1) User-Name = [5]"test2",\ 74 65 73 74 32 \
        (  2) Password = [16]"<encrypted>"
        ( 31) Calling-Station-Id = [17]"00:0f:b5:4d:93:f4",\ 30 30 3A 30
66 3A 62 35 3A 34 64 3A 39 33 3A 66 34 \
        (  5) NAS-Port-Id = 7
<!Access Request snip>


<Accounting Start snip>
(Debug   :03108) 11/7/2005 12:54:06 RECEIVED: 66.129.44.14, code=4 
(Accounting Request), id=102, len=109
        (  6) Service-Type = 1 Login-User
        (  1) User-Name = [5]"test2",\ 74 65 73 74 32 \
        ( 32) Nas-Identifier = [26]"alnsn-hotspot.racc2000.com",\ 61 6C 6E
73 6E 2D 68 6F 74 73 70 6F 74 2E 72 61 63 63 32 30 30 30 2E 63 6F 6D \
        (  5) NAS-Port-Id = 7 
        ( 61) NAS-Port-Type = 15 
        ( 40) Acct-Status-Type = 1 Start
        ( 45) Acct-Authentic = 1 RADIUS
        ( 44) Acct-Session-Id = [16]"13a05169c69ff918",\ 31 33 61 30 35
31 36 39 63 36 39 66 66 39 31 38 \
        (  8) Framed-Address = 192.168.1.199 <!Accounting Start snip>


<Accounting Stop snip>
(Debug   :03108) 11/7/2005 12:54:49 RECEIVED: 66.129.44.14, code=4 
(Accounting Request), id=250, len=186
        (  6) Service-Type = 1 Login-User
        (  1) User-Name = [5]"test2",\ 74 65 73 74 32 \
        ( 32) Nas-Identifier = [26]"alnsn-hotspot.racc2000.com",\ 61 6C 6E
73 6E 2D 68 6F 74 73 70 6F 74 2E 72 61 63 63 32 30 30 30 2E 63 6F 6D \
        (  5) NAS-Port-Id = 7 
        ( 61) NAS-Port-Type = 15 
        ( 40) Acct-Status-Type = 2 Stop
        ( 45) Acct-Authentic = 1 RADIUS
        ( 44) Acct-Session-Id = [16]"13a05169c69ff918",\ 31 33 61 30 35
31 36 39 63 36 39 66 66 39 31 38 \
        ( 49) Acct-Terminate-Cause = 1 User-Request
        ( 46) Acct-Session-Time = 43 
        ( 42) Acct-Input-Octets = 11811 
        ( 47) Acct-Input-Packets = 88 
        ( 52)  = [4]"....",\ 00 00 00 00 \
        ( 43) Acct-Output-Octets = 59347 
        ( 48) Acct-Output-Packets = 82 
        ( 53)  = [4]"....",\ 00 00 00 00 \
        ( 30) Called-Station-Id = [12]"192.168.5.10",\ 31 39 32 2E 31 36
38 2E 35 2E 31 30 \
        ( 31) Calling-Station-Id = [13]"192.168.1.199",\ 31 39 32 2E 31
36 38 2E 31 2E 31 39 39 \
        (  8) Framed-Address = 192.168.1.199 <!Accounting Stop snip>

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch




--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.12.8/162 - Release Date: 11/5/2005