02.03.2011 03:27:44
rushal
Posts: 6
|
Hi,
I have a user for which I have a check attribute as user-Password and a Success-Reply attribute as Class. The Access-Request gets an Access-Accept, but the packet doesn't have Class attribute in it. How do I make tekRADIUS send Class attribute on authentication success in the response?
Thanks for your help.
|
|
|
0
• permalink
|
02.03.2011 08:15:31
Admin
Administrator
Posts: 1833
|
Hi,
Can you send TekRADIUS lof entries (Accessible through File menu) after setting log level to debug at Settings / Service Parameters for a sample session?
Best regards,
Yasin KAPLAN
|
|
|
0
• permalink
|
02.03.2011 18:20:26
rushal
Posts: 6
|
Hi Yasin,
I am not able to attach a snapshot of my config, is there a way to send that to you? Please find the log entries below:
3/2/2011 8:12:23 AM - TekRADIUS Service 4.1.0.0 is being started (Microsoft Windows NT 5.1.2600 Service Pack 3).
3/2/2011 8:12:26 AM - TekRADIUS Service is listening on : 172.16.34.118 (2 client(s))
RadAuth req. from : 134.56.72.224:32827 - 3/2/2011 8:13:02 AM
Size : 63 / 63
Identifier : 209
Attributes :
Service-Type = 8
NAS-IP-Address = 134.56.72.224
NAS-Port = 0
User-Name = patel
3/2/2011 8:13:02 AM - PAP Authentication commencing for user 'patel'
3/2/2011 8:13:02 AM - Check items control - Start (Group : Default).
3/2/2011 8:13:02 AM - Check items control - Stop (Group : Default).
3/2/2011 8:13:02 AM - Authentication successfull for user 'patel'
3/2/2011 8:13:02 AM - Fetching Success-Reply items - Start.
3/2/2011 8:13:02 AM - Fetching Success-Reply items - Stop.
|
|
|
0
• permalink
|
02.03.2011 18:23:45
Admin
Administrator
Posts: 1833
|
Please make sure that you have added Class attribute as a reply attribute to user or group profile. As far as I see from the log,
there is not any reply attribute configured for user "patel". You can send screen capture to info at tekradius.com
|
|
|
0
• permalink
|
02.03.2011 18:28:31
rushal
Posts: 6
|
Hi Yasin,
From the logs, I figured that tekRADIUS doesn't see the Class attribute, but I have configured it in the profile. Is there a way to see if there is something wrong with the Class value? Maybe that is the reason why it is not seeing it in the first place?
Besides, I also have the following attributes configured as success-reply attributes:
Vendor-Specific Success-Reply ABC
NAS-IP-Address Success-Reply 134.56.72.224
But I don't see those in the response either.
Thanks.
|
|
|
0
• permalink
|
02.03.2011 21:02:01
Admin
Administrator
Posts: 1833
|
Please send me a screen capture showing user profile. You can send it to info at tekradius.com
|
|
|
0
• permalink
|
03.03.2011 10:04:56
Admin
Administrator
Posts: 1833
|
Hi,
Your access server has an Service-Type = Authenticate-Only (8) attribute. TekRADIUS replies such requests with access-accept or access-reject with no attributes.
Please see vendor documentation why this attribute is used.
|
|
|
0
• permalink
|
28.09.2011 17:10:16
Mike Rose
Posts: 2
|
I appear to to be having the same issue. My Access-Accept does not include my Success-Reply Attributes, my access-request also includes a Service Type(6) of Authenticate-Only (8). Does this mean I can not send additional AVP's in my access-accept via TeckRadius? I also use FreeRadius, and it works just fine. Thanks.
|
|
|
0
• permalink
|
28.09.2011 17:23:56
Admin
Administrator
Posts: 1833
|
Hi,
This is a defined behavior by RFC.
Best regards,
Yasin KAPLAN
|
|
|
0
• permalink
|
28.09.2011 18:10:10
Mike Rose
Posts: 2
|
Thanks, do you know which RFC specifically? This appears to be an issue with my client device since it is sending the Authenticate-Only attribute. If this is the case, I want my client updated to NOT send this attribute.
|
|
|
0
• permalink
|
28.09.2011 22:10:28
Admin
Administrator
Posts: 1833
|
Please see page # 31 in RFC 2865;
http://www.ietf.org/rfc/rfc2865.txt
|
|
|
0
• permalink
|