Important! Reply Worng pack when Auth failed. - Bugs - TekRADIUS

Powered by Jitbit Forum free trial version.

	home	recent topics	recent posts	search	faq

Messages in this topic - RSS

Home » Bugs » Important! Reply Worng pack when Auth failed.

Bugs

show rated messages only |

25.03.2010 03:07:20 3rdGunner Posts: 10	Hi， If I using an Reply-Mssage for Failure-Reply。when I use An Exprie user and Wrong password，I can pass Authentication。 If have none Failure-Reply。when I use An Exprie user and Wrong password，I could not pass Authentication。 I think something wrong with TekRadius。 AND another bug for Reporting 。The "Start" of report is wrong,it is using "Dateadd(second,[AcctSessTime],[TimeStamp])".Actually using "Dateadd(second,0-[AcctSessTime],[TimeStamp])" is right. TekRadius Log 2010-3-25 8:35:55 - TekRADIUS Service 3.4.0.0 is being started (Microsoft Windows NT 5.2.3790 Service Pack 2). 2010-3-25 8:35:58 - TekRADIUS Service is listening on : 211.142.137.100 (2 client(s)) RadAuth req. from : 211.142.137.82:1812 - 2010-3-25 8:36:20 Size : 303 / 303 Identifier : 57 Attributes : 2010-3-25 8:36:20 - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... Calling-Station-Id = 00:1b:24:a0:b3:bb Connect-Info = 1000000000 NAS-Port-Type = 15 User-Name = 15896958117 NAS-IP-Address = 211.142.137.82 Service-Type = 2 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; NAS-Port = 16814082 Acct-Session-Id = HASHQ-M0100900000000235ebc1003893 Framed-Protocol = 1 2010-3-25 8:36:20 - CHAP authentication commencing. 2010-3-25 8:36:20 - Check items control - Start. 2010-3-25 8:36:20 - Check items control - Stop. 2010-3-25 8:36:20 - Authentication failed. User account '15896958117' has been expired, sending Failure-Reply. 2010-3-25 8:36:20 - Fetching Failure-Reply items - Start. 2010-3-25 8:36:20 - Fetching Failure-Reply items - Stop. 2010-3-25 8:36:20 - Generating Reply Packet - Start. 2010-3-25 8:36:20 - Generating Reply Packet - Stop. RadAuth reply to : 211.142.137.82 - 2010-3-25 8:36:20 Size : 28 Identifier : 57 Attributes : Reply-Message = Expire RadAcct req. from : 211.142.137.82:1812 - 2010-3-25 8:36:20 Size : 308 / 308 Identifier : 194 Attributes : Framed-Protocol = PPP Calling-Station-Id = 00:1b:24:a0:b3:bb Acct-Status-Type = Start Acct-Authentic = RADIUS Framed-IP-Address = 120.194.192.3 User-Name = 15896958117 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-IP-Address = 211.142.137.82 Service-Type = Framed Acct-Delay-Time = 0 Event-Timestamp = 1269477386 NAS-Port = 16814082 Acct-Session-Id = HASHQ-M0100900000000235ebc1003893 NAS-Port-Type = Ethernet NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; Connect-Info = 1000000000 RadAcct req. from : 211.142.137.82:1812 - 2010-3-25 8:36:20 Size : 338 / 338 Identifier : 195 Attributes : Framed-Protocol = PPP Acct-Output-Gigawords = 0 Event-Timestamp = 1269477386 Acct-Status-Type = Checkpoint Acct-Authentic = RADIUS Acct-Input-Octets = 0 User-Name = 15896958117 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-IP-Address = 211.142.137.82 Acct-Input-Packets = 0 Service-Type = Framed Acct-Input-Gigawords = 0 Acct-Delay-Time = 0 Calling-Station-Id = 00:1b:24:a0:b3:bb Acct-Output-Octets = 0 NAS-Port = 16814082 Acct-Output-Packets = 0 Acct-Session-Id = HASHQ-M0100900000000235ebc1003893 NAS-Port-Type = Ethernet Acct-Session-Time = 0 NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; Framed-IP-Address = 120.194.192.3 Catch packet by wireshark 。Image Link
	0 • permalink
25.03.2010 09:05:24 Admin Administrator Posts: 1684	Hi, The first issue is not a bug but an expected behaviour since you may wish to provide limited access even user account is expired. Can you clarify the second issue? Best regards, Yasin KAPLAN
	0 • permalink
25.03.2010 09:50:38 3rdGunner Posts: 10	I konw what you mean。 But I only use User-Password for Check AND Repaly-Message for Failure-Reply, user use wrong password can pass the Authentication。 If User use wrong password,when his acccout have an Repaly-Message for Failure-Reply,TekRadius send back AN Access-Accept Packet, when his acccout have no Repaly-Message for Failure-Reply ,TekRadius send back An Access-Reject Packet. In all situation If User use wrong password，TekRadius should send back An Access-Reject Packet to NAS,just have Failure-Reply or not. The LOG 2010-3-25 15:21:23 - TekRADIUS Service 3.4.0.0 is being started (Microsoft Windows NT 5.2.3790 Service Pack 2). 2010-3-25 15:21:27 - TekRADIUS Service is listening on : 211.142.137.100 (2 client(s)) RadAuth req. from : 211.142.137.82:1812 - 2010-3-25 15:21:32 Size : 303 / 303 Identifier : 65 Attributes : 2010-3-25 15:21:32 - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... Calling-Station-Id = 00:1b:24:a0:b3:bb Connect-Info = 1000000000 NAS-Port-Type = 15 User-Name = 15896958117 NAS-IP-Address = 211.142.137.82 Service-Type = 2 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; NAS-Port = 16814082 Acct-Session-Id = HASHQ-M010090000000026580b9003971 Framed-Protocol = 1 2010-3-25 15:21:32 - CHAP authentication commencing. 2010-3-25 15:21:32 - Check items control - Start. 2010-3-25 15:21:32 - Check items control - Stop. 2010-3-25 15:21:32 - Authentication failed for user '15896958117', sending Failure-Reply. 2010-3-25 15:21:32 - Fetching Failure-Reply items - Start. 2010-3-25 15:21:32 - Fetching Failure-Reply items - Stop. 2010-3-25 15:21:32 - Generating Reply Packet - Start. 2010-3-25 15:21:32 - Generating Reply Packet - Stop. RadAuth reply to : 211.142.137.82 - 2010-3-25 15:21:32 Size : 34 Identifier : 65 Attributes : Reply-Message = Test Message RadAcct req. from : 211.142.137.82:1812 - 2010-3-25 15:21:32 Size : 310 / 310 Identifier : 217 Attributes : Framed-Protocol = PPP Calling-Station-Id = 00:1b:24:a0:b3:bb Acct-Status-Type = Start Acct-Authentic = RADIUS Framed-IP-Address = 120.194.193.233 User-Name = 15896958117 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-IP-Address = 211.142.137.82 Service-Type = Framed Acct-Delay-Time = 0 Event-Timestamp = 1269501698 NAS-Port = 16814082 Acct-Session-Id = HASHQ-M010090000000026580b9003971 NAS-Port-Type = Ethernet NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; Connect-Info = 1000000000 RadAcct req. from : 211.142.137.82:1812 - 2010-3-25 15:21:32 Size : 340 / 340 Identifier : 218 Attributes : Framed-Protocol = PPP Acct-Output-Gigawords = 0 Event-Timestamp = 1269501698 Acct-Status-Type = Checkpoint Acct-Authentic = RADIUS Acct-Input-Octets = 0 User-Name = 15896958117 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-IP-Address = 211.142.137.82 Acct-Input-Packets = 0 Service-Type = Framed Acct-Input-Gigawords = 0 Acct-Delay-Time = 0 Calling-Station-Id = 00:1b:24:a0:b3:bb Acct-Output-Octets = 0 NAS-Port = 16814082 Acct-Output-Packets = 0 Acct-Session-Id = HASHQ-M010090000000026580b9003971 NAS-Port-Type = Ethernet Acct-Session-Time = 0 NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; Framed-IP-Address = 120.194.193.233 RadAcct req. from : 211.142.137.82:1812 - 2010-3-25 15:28:47 Size : 358 / 358 Identifier : 219 Attributes : Framed-Protocol = PPP Acct-Output-Gigawords = 0 Event-Timestamp = 1269502133 Acct-Status-Type = Stop Acct-Authentic = RADIUS Acct-Input-Octets = 3188727 User-Name = 15896958117 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-IP-Address = 211.142.137.82 Connect-Info = 1000000000 Acct-Input-Packets = 4640 Service-Type = Framed Acct-Input-Gigawords = 0 Acct-Delay-Time = 0 Calling-Station-Id = 00:1b:24:a0:b3:bb Acct-Output-Octets = 199989 Acct-Terminate-Cause = User-Request NAS-Port = 16814082 Acct-Output-Packets = 1129 Acct-Session-Id = HASHQ-M010090000000026580b9003971 NAS-Port-Type = Ethernet Acct-Session-Time = 435 NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; Framed-IP-Address = 120.194.193.233 RadAuth req. from : 211.142.137.82:1812 - 2010-3-25 15:28:51 Size : 303 / 303 Identifier : 66 Attributes : 2010-3-25 15:28:51 - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... Calling-Station-Id = 00:1b:24:a0:b3:bb Connect-Info = 1000000000 NAS-Port-Type = 15 User-Name = 15896958117 NAS-IP-Address = 211.142.137.82 Service-Type = 2 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; NAS-Port = 16814082 Acct-Session-Id = HASHQ-M0100900000000295feac003972 Framed-Protocol = 1 2010-3-25 15:28:51 - CHAP authentication commencing. 2010-3-25 15:28:51 - Check items control - Start. 2010-3-25 15:28:51 - Check items control - Stop. 2010-3-25 15:28:51 - Authentication failed for user '15896958117', sending Failure-Reply. 2010-3-25 15:28:51 - Fetching Failure-Reply items - Start. 2010-3-25 15:28:51 - Fetching Failure-Reply items - Stop. 2010-3-25 15:28:51 - Generating Reply Packet - Start. 2010-3-25 15:28:51 - Generating Reply Packet - Stop. RadAuth reply to : 211.142.137.82 - 2010-3-25 15:28:51 Size : 34 Identifier : 66 Attributes : Reply-Message = Test Message RadAcct req. from : 211.142.137.82:1812 - 2010-3-25 15:28:51 Size : 310 / 310 Identifier : 220 Attributes : Framed-Protocol = PPP Calling-Station-Id = 00:1b:24:a0:b3:bb Acct-Status-Type = Start Acct-Authentic = RADIUS Framed-IP-Address = 120.194.193.224 User-Name = 15896958117 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-IP-Address = 211.142.137.82 Service-Type = Framed Acct-Delay-Time = 0 Event-Timestamp = 1269502137 NAS-Port = 16814082 Acct-Session-Id = HASHQ-M0100900000000295feac003972 NAS-Port-Type = Ethernet NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; Connect-Info = 1000000000 RadAcct req. from : 211.142.137.82:1812 - 2010-3-25 15:28:51 Size : 340 / 340 Identifier : 221 Attributes : Framed-Protocol = PPP Acct-Output-Gigawords = 0 Event-Timestamp = 1269502137 Acct-Status-Type = Checkpoint Acct-Authentic = RADIUS Acct-Input-Octets = 0 User-Name = 15896958117 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-IP-Address = 211.142.137.82 Acct-Input-Packets = 0 Service-Type = Framed Acct-Input-Gigawords = 0 Acct-Delay-Time = 0 Calling-Station-Id = 00:1b:24:a0:b3:bb Acct-Output-Octets = 0 NAS-Port = 16814082 Acct-Output-Packets = 0 Acct-Session-Id = HASHQ-M0100900000000295feac003972 NAS-Port-Type = Ethernet Acct-Session-Time = 0 NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; Framed-IP-Address = 120.194.193.224 RadAcct req. from : 211.142.137.82:1812 - 2010-3-25 15:29:14 Size : 358 / 358 Identifier : 222 Attributes : Framed-Protocol = PPP Acct-Output-Gigawords = 0 Event-Timestamp = 1269502160 Acct-Status-Type = Stop Acct-Authentic = RADIUS Acct-Input-Octets = 44843 User-Name = 15896958117 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-IP-Address = 211.142.137.82 Connect-Info = 1000000000 Acct-Input-Packets = 163 Service-Type = Framed Acct-Input-Gigawords = 0 Acct-Delay-Time = 0 Calling-Station-Id = 00:1b:24:a0:b3:bb Acct-Output-Octets = 8954 Acct-Terminate-Cause = User-Request NAS-Port = 16814082 Acct-Output-Packets = 50 Acct-Session-Id = HASHQ-M0100900000000295feac003972 NAS-Port-Type = Ethernet Acct-Session-Time = 23 NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; Framed-IP-Address = 120.194.193.224 RadAuth req. from : 211.142.137.82:1812 - 2010-3-25 15:29:17 Size : 303 / 303 Identifier : 67 Attributes : 2010-3-25 15:29:17 - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... Calling-Station-Id = 00:1b:24:a0:b3:bb Connect-Info = 1000000000 NAS-Port-Type = 15 User-Name = 15896958117 NAS-IP-Address = 211.142.137.82 Service-Type = 2 NAS-Identifier = HASHQ-MC-BA02-guidenan NAS-Port-Id = slot=1;subslot=0;port=9;vlanid=2; NAS-Port = 16814082 Acct-Session-Id = HASHQ-M01009000000002e6a1a2003973 Framed-Protocol = 1 2010-3-25 15:29:17 - CHAP authentication commencing. 2010-3-25 15:29:17 - Check items control - Start. 2010-3-25 15:29:17 - Check items control - Stop. 2010-3-25 15:29:17 - Authentication failed for user '15896958117'
	0 • permalink
25.03.2010 09:59:39 3rdGunner Posts: 10	The second bug is Report of tekradius have somewrong with users starttimestamp. user star at 2010-3-25 8:36:20 and stop at 2010-3-25 9:6:00,the report of Tekradius dispay user start at 2010-3-25 9:35:39.
	0 • permalink
25.03.2010 10:43:13 Admin Administrator Posts: 1684	If you would like to provide restricted access to unauthenticated users, add Failure-Reply attributes to user or group profiles. TekRADIUS will reply with Access-Accept containing message Failure-Reply attributes if user or group profile has Failure-Reply attributes when authentication fails. If user or group profile has not Failure-Reply attributes, TekRADIUS will reply with Access-Reject message. (This feature is not available for PEAP authentication, VPN authentication and when authentication failure caused by invalid authentication method). Use this feature with extreme care; if Default user group has Failure-Reply attributes, all failed authentication attempts will be replied by Access-Accept messages containing Failure-Reply attributes. When a user is authorized with Failure-Reply Simultaneous-Use, Expire-Date, Login-Time, TekRADIUS-Status and Quota check will not be done. Do you see "2010-3-25 9:35:39" active sessions list?
	0 • permalink
25.03.2010 12:29:48 3rdGunner Posts: 10	I have take a test . An user start at 2010-3-25 17:55:42,in Actve Session display startdate ‘25.3.2010’ Start Time ‘17:55:42’ ,end 2010-3-25 18:25:41. the report of Tekradius dispay user start at 2010-3-25 18:55:38.
	0 • permalink
25.03.2010 12:41:06 3rdGunner Posts: 10	Now I konw how TekRADIUS works. Can you offer me an special version ，can modify the Authentication Query like Authorization Query.I will update something after user Authentication before Authorization. Thank Very much. And I have to do something with web manage of TekRAIDUS,But now It is not complete and using Chinese。When I complete it， i will show you an english DEMO。
	0 • permalink
27.03.2010 17:58:09 3rdGunner Posts: 10	Hello Yasin KAPLAN ， Are you a plan to update tekradius?I want to try an new version. Very thank you
	0 • permalink
29.03.2010 13:36:03 Admin Administrator Posts: 1684	Hi, How the accounting start issue; please check wihcih date is written as start date / time. I've added a new attribute called Failure-Reply-Type. By adding this attribute as a check attribute you can control TekRADIUS's behaviour while sending failure-reply. It's available latest build which I've posted to TekRADIUS web site. For the special version which can provide customized authentication query please contact me at info at tekradius.com Best regards, Yasin KAPLAN
	0 • permalink

show rated messages only |

Home » Bugs » Important! Reply Worng pack when Auth failed.

Powered by Jitbit Forum 7.2.3.0 © 2006-2011 Jitbit Software