Powered by Jitbit .Net Forum free trial version. dismiss

HomeGeneral

General issues

Import users - - Wrong actions Messages in this topic - RSS

raven_fox
raven_fox
Posts: 50


18.04.2020
raven_fox
raven_fox
Posts: 50
https://yadi.sk/i/SNxd9yyWhKCBsA

Wrong password, login - only these counters increase.
0 link
Admin
Admin
Administrator
Posts: 4992


18.04.2020
Admin
Admin
Administrator
Posts: 4992
Please apply the latest update and try again; https://www.kaplansoft.com/tekradius/release/TekRADIUSLT-Update.zip Make sure that you have update only .exe files. File version is 5.5.4.13.
0 link
raven_fox
raven_fox
Posts: 50


20.04.2020
raven_fox
raven_fox
Posts: 50
5.5.4.13 installed.
No change:
1. nonexistent user
2. Wrong password
Both events lead to an increase in the 'Radius successful authentification requests recieved' counters - this should not be
0 link
Admin
Admin
Administrator
Posts: 4992


20.04.2020
Admin
Admin
Administrator
Posts: 4992
Please try; https://www.kaplansoft.com/tekradius/release/TekRADIUSLT-Update-A.zip
0 link
raven_fox
raven_fox
Posts: 50


21.04.2020
raven_fox
raven_fox
Posts: 50
5.5.4.13-A installed.
No change:
1. nonexistent user
2. Wrong password
'Radius failed authentication requests recieved' counter is not changed

'Radius successful authentification requests recieved' counter increased


0 link
Admin
Admin
Administrator
Posts: 4992


21.04.2020
Admin
Admin
Administrator
Posts: 4992
Please apply the latest update and try again; https://www.kaplansoft.com/tekradius/release/TekRADIUSLT-Update.zip Make sure that you have update only .exe files. File version is 5.5.4.14.
0 link
raven_fox
raven_fox
Posts: 50


21.04.2020
raven_fox
raven_fox
Posts: 50
5.5.4.14 installed.
No change:
I'm trying to log in as

1. nonexistent user
2. Wrong password
'Radius failed authentication requests recieved' counter is not changed , always =0

'Radius successful authentification requests recieved' counter increased upon successful and unsuccessful authentication attempts
0 link
Admin
Admin
Administrator
Posts: 4992


21.04.2020
Admin
Admin
Administrator
Posts: 4992
Can you send me TekRADIUS log for this authentication attempts?
0 link
raven_fox
raven_fox
Posts: 50


21.04.2020
raven_fox
raven_fox
Posts: 50
https://yadi.sk/d/_eHEkfdDTmt4GQ
user xx
pass - Password intentionally entered incorrect

'Radius failed authentication requests recieved' counter is not changed
'Radius successful authentification requests recieved' - only this counter is incremented
0 link
Admin
Admin
Administrator
Posts: 4992


21.04.2020
Admin
Admin
Administrator
Posts: 4992
Please replace TekRADIUSLT.exe and try again; https://www.kaplansoft.com/tekradius/release/TekRADIUSLT.exe.zip
0 link
raven_fox
raven_fox
Posts: 50


26.04.2020
raven_fox
raven_fox
Posts: 50
No change
Let's return to the counters a little later.


Tell me how to compare a composite attribute Vendor-Specific(26) for a match. The type is string. I tried many options, it did not work

##
NAS returns me

AVP: t=Vendor-Specific(26) l=24 vnd=ciscoSystems(9)
Type: 26
Length: 24
Vendor ID: ciscoSystems (9)
VSA: t=Cisco-AVPair(1) l=18 val=shell:priv-lvl=1
Type: 1
Length: 18
Cisco-AVPair: shell:priv-lvl=1


1a 18 00 00 00 09 01 ~u>.....`.......
12 73 68 65 6c 6c 3a 70 72 69 76 2d 6c 76 6c 3d .shell:priv-lvl=
31 1

I want check it in Group profile -- "Vendor-Specific Check "help with expr!!)""
0 link
raven_fox
raven_fox
Posts: 50


27.04.2020
raven_fox
raven_fox
Posts: 50
RADIUS authentication request does not contain check attribute 'Vendor-Specific'

I tried everything I could. Help
0 link
Admin
Admin
Administrator
Posts: 4992


27.04.2020
Admin
Admin
Administrator
Posts: 4992
Vendor-Specific attribute is used encapsulate vendor attributes. You cannot add it indecently to user or group profile. You should add vendor attribute directly to user or group profile.
0 link
raven_fox
raven_fox
Posts: 50


27.04.2020
raven_fox
raven_fox
Posts: 50
Those. Cannot check sent Vendor-Specific attribute?
NAS-device sends to radius Vendor-Specific(26)-ciscoSystems (9)-shell:priv-lvl=1
Is there anything you can check in this answer?

0 link
Admin
Admin
Administrator
Posts: 4992


27.04.2020
Admin
Admin
Administrator
Posts: 4992
Please replace TekRADIUSLT.exe https://www.kaplansoft.com/tekradius/release/TekRADIUSLT.A.exe.zip and add Cisco-AVPair = shell:priv-lvl=1 as a check attribute to user or group profile.
0 link
raven_fox
raven_fox
Posts: 50


27.04.2020
raven_fox
raven_fox
Posts: 50
It`s works!!!
0 link
raven_fox
raven_fox
Posts: 50


28.04.2020
raven_fox
raven_fox
Posts: 50
Help, I discovered a serious problem
Scheme of work:
NASgroup1 -> NASgroup2 ->NASgroup3

NASgroup1
Next-Group Check NASgroup2
Framed-Protocol Check PPP


NASgroup2
Next-Group Check NASgroup3
External-Executable Check "X:\command.bat" %ietf|32%


PROBLEM

If the NAS client does not send Framed-Protocol or Framed-Protocol is not equal to PPP, then processing will continue in NASgroup2.
Everything is bad at NASgroup2
If the NAS client does not send a NAS-Identifier or command.bat exit code is not 0, then
1. stop processing - there will be no transition to NASgroup3
2. radius does not send Access-Reject
3. authentication error is not written to the log- no RadAuth reply failure(log level-max)
Help!
0 link
Admin
Admin
Administrator
Posts: 4992


28.04.2020
Admin
Admin
Administrator
Posts: 4992
Please apply the latest update at https://www.kaplansoft.com/tekradius/release/TekRADIUSLT-Update.zip (5.5.4.16) and try again.
0 link
raven_fox
raven_fox
Posts: 50


28.04.2020
raven_fox
raven_fox
Posts: 50
I checked it. Everything remains as before:
1) Ietf | 32 was transmitted and was obviously wrong (exit code !=0)- stop processing - there will be no transition to NASgroup3.
2) Ietf | 32 was passed, but the parameter in External-Executable was different ("X:\command.bat" %ietf|31% ) and didn`t transmitted from NAS client -- here in this case, there is an error event, reject is recovering, and there is no transition in NASgroup3
0 link
Admin
Admin
Administrator
Posts: 4992


28.04.2020
Admin
Admin
Administrator
Posts: 4992
Can you send me TekRADIUS log entries?
0 link






Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software