| *** nowen (~nowen@adsl-74-176-212-133.asm.bellsouth.net) has joined #wikid | 12:52 | |
| *** scranley55 (d839cdfa@gateway/web/freenode/ip.216.57.205.250) has joined #wikid | 16:29 | |
| scranley55 | hello | 16:29 |
|---|---|---|
| nowen | hi | 16:29 |
| scranley55 | Hey Nick whats the syntax for the radius attritubes on the radius nc? I seem to be getting garbage in my radius log | 16:30 |
| nowen | hmm. | 16:31 |
| nowen | what attribute are you using? | 16:32 |
| nowen | because you should be able to just drop the text in and get the text out on the other sie | 16:33 |
| scranley55 | Auth-Type := Local, User-Password == "test" Service-Type = Login-User, Framed-IP-Address = 10.10.10.1, Framed-IP-Netmask = 255.255.255.0, Juniper-Primary-Dns = 4.2.2.2 | 16:33 |
| nowen | and the juniper isn't getting that? | 16:34 |
| scranley55 | those Framed-IP-Address and such don't seem to be coming back right | 16:34 |
| scranley55 | no the juniper isn't getting it, and in the radius debug it shows up and wierd text. | 16:34 |
| scranley55 | Let me try again | 16:34 |
| scranley55 | Here this is what im getting | 16:51 |
| scranley55 | Framed-IP-Netmask = 0x3235352e3235352e3235352e323438 Framed-IP-Address = 0x3137322e32352e302e323336 Service-Type = 0x4c6f67696e2d55736572 Proxy-State = 0x323038 | 16:51 |
| nowen | is the auth failing? | 16:51 |
| scranley55 | It says access accepted but then yeah I can't login | 16:54 |
| scranley55 | if I take the attributes off then it works | 16:54 |
| scranley55 | I mean I can login | 16:55 |
| scranley55 | but with no ip assign | 16:55 |
| nowen | I think it must be something on the juniper side | 16:56 |
| nowen | I tested this the other day for the same reason | 16:56 |
| nowen | can you test with radlogin or some other tool? | 16:56 |
| nowen | http://www.iea-software.com/products/radlogin4.cfm | 16:57 |
| *** Lake_Lurker (~Just@h237.205.140.67.dynamic.ip.windstream.net) has joined #wikid | 16:57 | |
| scranley55 | but thats before it goes to the juniper, that stuff I pasted is coming directly from Wikid | 16:58 |
| scranley55 | rad_recv: Access-Accept packet from host 172.55.10.100 port 1812, id=141, length=84 Reply-Message = "Access Granted" Framed-IP-Netmask = 0x3235352e3235352e3235352e323438 Framed-IP-Address = 0x3137322e32352e302e323336 Service-Type = 0x4c6f67696e2d55736572 Proxy-State = 0x323038 | 16:59 |
| scranley55 | thats whats coming from wiki | 16:59 |
| scranley55 | wikid | 16:59 |
| scranley55 | brb | 16:59 |
| scranley55 | ok im here | 17:05 |
| nowen | 172.55.10.100 == juniper? | 17:06 |
| scranley55 | nope thats wikid | 17:06 |
| scranley55 | isn't this supposed to be Framed-IP-Address = radiusFramedIPAddress? | 17:06 |
| scranley55 | or something like that | 17:06 |
| scranley55 | or do I put quotes are something around it? | 17:07 |
| nowen | no quotes neeed | 17:09 |
| scranley55 | maybe my freeradius doesn't understand whats coming from wikid? | 17:10 |
| scranley55 | Framed-IP-address seems pretty basic though | 17:10 |
| scranley55 | you know | 17:10 |
| nowen | hmm, so it freeradius between wikid and the juniper? | 17:11 |
| scranley55 | yes | 17:12 |
| scranley55 | freeradius proxies the request to wikid | 17:12 |
| scranley55 | wikid replies to freeraidus | 17:12 |
| scranley55 | freeradius* | 17:12 |
| nowen | can you test by setting up radlogin as another network client with the same attributes? | 17:12 |
| scranley55 | ok | 17:12 |
| scranley55 | When you rad client, does a suse 11.4 box with ssh count? I tried it on there and it logged me in even with the garbled attributes | 17:15 |
| nowen | actually, I meant using this tool: http://www.iea-software.com/products/radlogin4.cfm | 17:16 |
| scranley55 | ah oops ok | 17:16 |
| nowen | it shows you exactly what is returned by the server in html | 17:16 |
| nowen | I have to re-setup my test server | 17:23 |
| scranley55 | hm Microsoft security essentials says it's a trojan, Win32/Sefnit.O | 17:24 |
| nowen | huh. never ran it on windows. and it's been a while since i downloaded it | 17:27 |
| scranley55 | I'll try it on linux | 17:28 |
| nowen | scranley55: you still here? | 19:07 |
| *** Lake_Lurker has parted #wikid (None) | 19:43 | |
| nowen | ping scranley55 | 21:51 |
| nowen | you there? | 21:51 |
| scranley55 | im here | 22:48 |
| scranley55 | I just sent you a mail | 22:48 |
| scranley55 | That did the trick | 22:48 |
| nowen | excellent! | 22:48 |
| scranley55 | It's passing the variables now | 22:48 |
| scranley55 | Next step I need to make them dynamic | 22:48 |
| scranley55 | cause the ldap server is passing per user | 22:49 |
| scranley55 | which ip | 22:49 |
| scranley55 | it can't be the same IP for every user | 22:49 |
| scranley55 | which is what it will do now | 22:49 |
| nowen | can you specify the range? | 22:49 |
| scranley55 | that wont do it, because we have to track each user from the VPN by thier IP. at least that is what we were planning | 22:50 |
| scranley55 | maybe it will take variables now | 22:50 |
| scranley55 | let me try that | 22:50 |
| nowen | dunno | 22:50 |
| nowen | there is a class in the radius server plugin we use that 'guesses' at the format to use. so, an ip is an integer. | 22:50 |
| nowen | but maybe if you use a .0...? | 22:51 |
| scranley55 | sorry don't get that .0... | 22:52 |
| scranley55 | literally? | 22:52 |
| nowen | 10.1.1.0 | 22:52 |
| nowen | with a /24? | 22:53 |
| scranley55 | not sure let me check | 22:53 |
| nowen | later guys, I've got to get one home | 23:40 |
| nowen | on home | 23:41 |
| nowen | I will be traveling Monday & Tues, so email me if you need me or use the forums. | 23:41 |
| *** nowen has parted #wikid (None) | 23:41 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!