(ASCEND) Authentication MAX200+, RADIUS, ACE/SERVER problem

To: ascend-users@bungi.com
Subject: (ASCEND) Authentication MAX200+, RADIUS, ACE/SERVER problem
From: Thorsten Eckey <Thorsten.Eckey@de.uu.net>
Date: Fri, 05 Dec 1997 13:42:30 +0100
CC: scc-tech@de.uu.net
Organization: UUNET Deutschland
Sender: owner-ascend-users@max.bungi.com

We want to authenticate users with token-cards through a RADIUS. The
configuration is shown below.

Configuration:

 RAS ---> ISDN ---> MAX 200+ ---> Ether ---> UNIX-Host

 NT       EURO-                              RADIUS
 TOKEN    ISDN                               ACE/SERVER


PROBLEM:
We got no connection from our WinNT-Client to the ACE/SERVER; no
activity was recorded in the
ACE/SERVER log-file. The pincode was not accepted at all.
First we tested the RADIUS-ACE/SERVER connection with radpwtst. A user
was connected with normal
challenge/response procedure.
Second a connection from the RAS-client to RADIUS was established, too.

QUESTION:
How do we have to setup MAX/RADIUS and ACE/SERVER to get a connection
from a RAS-client? Configuration-Files? Any experience with it?


- Net
  255.255.255.224


- RAS
  System: WinNT 4.0 (Server/SP3)
  ISDN-Card: AVM/Fritz!
  Protocol: TCP/IP, PPP (WinNT/Internet)



- MAX 200+
  Software: Version 5.0Ap33

  Config: Ethernet->Answer:   Profile Reqd (Yes)
       ... (default)
  Ethernet->Answer->Encaps:  default
  Ethernet->Answer->PPP Options:  Recieve Auth (PAP)
       ... (default)
  Ethernet->Mod Config->Ether options: IP Adrs (valid ip)
       ... (default)
  Ethernet->Mod Config->Auth:  Auth (RADIUS)
       Auth Host#1/2/3 (valid ip)
       Auth Port (1645)
       Auth Timeout (30)
       Auth Key (...)
       ... (default)

  Conn-Prof: Ethernet->Connections->...  Station (secuid00)
       Active (Yes)
       Encaps (PPP)
       ... (default)
  Ethernet->Connections->...->Encaps Opt. Send Auth (None)
       Recieve PW (...)
       ... (default)


- UNIX-Host
  System: SUN Sparc 5/Solaris 2.5.1


- RADIUS
  Type:  Ascend Access Control
  Version: r1_0Ap2
  Location: /etc/raddb

  Client-File: # RADIUS CLIENTS CONFIGURATIONS
  # Ascend MAX 200+
  (valid-ip) ...  type=Ascend:NAS

  Users-File: # RADIUS USERS PROFILES
  secuid00 Authentication-Type = ACE, Ascend-Token-Expiry = 540,
   Ascend-Token-Idle = 60,
   Ascend-Token-Immediate = Tok-Imm-No,
   Service-Type = Framed,
   Framed-Protocol = PPP,
   Framed-IP-Address = ...,
   Framed-IP-Netmask = 255.255.255.224,
   Ascend-Idle-Limit = 300


- ACE/SERVER
  Version: 3.01
  User:  secuid00 with assigned TOKEN
  Client: gonzo
  Config: sdconf.rec -> /etc/raddb


MfG

scc-tech@de.uu.net
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: (ASCEND) Ascend software releases on WWW gripe
Next by Date: (ASCEND) New P75:s available in Sweden?
Prev by thread: Re: (ASCEND) New P75:s available in Sweden?
Next by thread: Re: (ASCEND) Authentication MAX200+, RADIUS, ACE/SERVER problem
Index(es):
- Main
- Thread