Re: (ASCEND) Authentication MAX200+, RADIUS, ACE/SERVER problem

To: Willie_Meagher@ascend.com
Subject: Re: (ASCEND) Authentication MAX200+, RADIUS, ACE/SERVER problem
From: Thorsten Eckey <Thorsten.Eckey@de.uu.net>
Date: Fri, 12 Dec 1997 11:13:49 +0100
CC: Raphael_Lignier@ascend.com, scc-tech@de.uu.net, Michael.Kienle@de.uu.net, Thomas.Wagner@de.uu.net, ascend-users@bungi.com
Organization: UUNET Deutschland
References: <88256564.006F17F7.00@smtp-mta.ascend.com>
Sender: owner-ascend-users@max.bungi.com



Willie_Meagher@ascend.com wrote:

> When Access Control (Radius) is trying to connect to the ACE server, it
> looks for ACE configuration file (sdconf.rec)  in the /var/ace directory.
> If the file is not in that location, the connection to ACE will fail.

The file was in that location at all!

> When dialing in from your RAS client, I'm assuming you are opening a
> Terminal Window when you connect to the MAX
> You'll get a Login and Password prompt.
> If you leave out the Ascend-Token-Immediate prompt, you will get a
> Login, Password and Enter Passcode Prompt

Before that there is a LAN Security Error at the MAX 200+!?

>  secuid00 Authentication-Type = ACE,  Ascend-Token-Immediate = Tok-Imm-Yes,
>    Service-Type = Framed,
>    Framed-Protocol = PPP,
>    Framed-IP-Address = ...,
>    Framed-IP-Netmask = 255.255.255.255,
>    Ascend-Idle-Limit = 300
>
> Ascend-Token-Idle and Ascend-Token-Expiry are only applicable when using
> Cache-Token on an Ascend Pipeline.

We added that! Thanks for this hint...

New Software was added:
Ascend Access Control 1.0Ai7
Max 200+ Software 5.0Ap33

Simple radpwtst worked well with secuid00!

1. Actual MAX configuration is added...

2. users-file
# User
# Ascend MAX 200+
# RADIUS
# ACE/SERVER
secuid00 Authentication-Type = ACE, Ascend-Token-Immediate = Yes,
 Ascend-Route-IP = Yes,
 Ascend-Idle-Limit = 60,
 Service-Type = Framed,
 Framed-Protocol = PPP,
 Framed-IP-Address = 195.125.108.94,
 Framed-IP-Netmask = 255.255.255.224,


> Thorsten Eckey <Thorsten.Eckey @ de.uu.net> on 12/05/97 04:42:30 AM
>
> To:   ascend-users @ bungi.com
> cc:   scc-tech @ de.uu.net
> Subject:  (ASCEND) Authentication MAX200+, RADIUS, ACE/SERVER problem
>
> We want to authenticate users with token-cards through a RADIUS. The
> configuration is shown below.
> Configuration:
>  RAS ---> ISDN ---> MAX 200+ ---> Ether ---> UNIX-Host
>  NT       EURO-                              RADIUS
>  TOKEN    ISDN                               ACE/SERVER
>
> PROBLEM:
> We got no connection from our WinNT-Client to the ACE/SERVER; no
> activity was recorded in the
> ACE/SERVER log-file. The pincode was not accepted at all.
> First we tested the RADIUS-ACE/SERVER connection with radpwtst. A user
> was connected with normal
> challenge/response procedure.
> Second a connection from the RAS-client to RADIUS was established, too.
> QUESTION:
> How do we have to setup MAX/RADIUS and ACE/SERVER to get a connection
> from a RAS-client? Configuration-Files? Any experience with it?
>
> - Net
>   255.255.255.224
>
> - RAS
>   System: WinNT 4.0 (Server/SP3)
>   ISDN-Card: AVM/Fritz!
>   Protocol: TCP/IP, PPP (WinNT/Internet)
>
> - MAX 200+
>   Software: Version 5.0Ap33
>   Config: Ethernet->Answer:   Profile Reqd (Yes)
>        ... (default)
>   Ethernet->Answer->Encaps:  default
>   Ethernet->Answer->PPP Options:  Recieve Auth (PAP)
>        ... (default)
>   Ethernet->Mod Config->Ether options: IP Adrs (valid ip)
>        ... (default)
>   Ethernet->Mod Config->Auth:  Auth (RADIUS)
>        Auth Host#1/2/3 (valid ip)
>        Auth Port (1645)
>        Auth Timeout (30)
>        Auth Key (...)
>        ... (default)
>   Conn-Prof: Ethernet->Connections->...  Station (secuid00)
>        Active (Yes)
>        Encaps (PPP)
>        ... (default)
>   Ethernet->Connections->...->Encaps Opt. Send Auth (None)
>        Recieve PW (...)
>        ... (default)
>
> - UNIX-Host
>   System: SUN Sparc 5/Solaris 2.5.1
>
> - RADIUS
>   Type:  Ascend Access Control
>   Version: r1_0Ap2
>   Location: /etc/raddb
>   Client-File: # RADIUS CLIENTS CONFIGURATIONS
>   # Ascend MAX 200+
>   (valid-ip) ...  type=Ascend:NAS
>   Users-File: # RADIUS USERS PROFILES
>   secuid00 Authentication-Type = ACE, Ascend-Token-Expiry = 540,
>    Ascend-Token-Idle = 60,
>    Ascend-Token-Immediate = Tok-Imm-No,
>    Service-Type = Framed,
>    Framed-Protocol = PPP,
>    Framed-IP-Address = ...,
>    Framed-IP-Netmask = 255.255.255.224,
>    Ascend-Idle-Limit = 300
>
> - ACE/SERVER
>   Version: 3.01
>   User:  secuid00 with assigned TOKEN
>   Client: gonzo
>   Config: sdconf.rec -> /etc/raddb
>
> MfG
> scc-tech@de.uu.net
> ++ Ascend Users Mailing List ++
> To unsubscribe:     send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd:  <http://www.nealis.net/ascend/faq>



--
Mit (freundlichen) Gruessen
SCC
scc-tech@de.uu.net

START=SAPFILT=900=0
END=SAPFILT=900=0
START=SAPFILT=900=1
END=SAPFILT=900=1
START=SAPFILT=900=2
END=SAPFILT=900=2
START=SAPFILT=900=3
END=SAPFILT=900=3
START=IPXROUTE=900=0
END=IPXROUTE=900=0
START=IPXROUTE=900=1
END=IPXROUTE=900=1
START=IPXROUTE=900=2
END=IPXROUTE=900=2
START=IPXROUTE=900=3
END=IPXROUTE=900=3
START=IPXROUTE=900=4
END=IPXROUTE=900=4
START=IPXROUTE=900=5
END=IPXROUTE=900=5
START=IPXROUTE=900=6
END=IPXROUTE=900=6
START=IPXROUTE=900=7
END=IPXROUTE=900=7
START=SIMPLE_NAME=900=0
END=SIMPLE_NAME=900=0
START=SIMPLE_NAME=900=1
END=SIMPLE_NAME=900=1
START=SIMPLE_NAME=900=2
END=SIMPLE_NAME=900=2
START=SIMPLE_NAME=900=3
END=SIMPLE_NAME=900=3
START=SIMPLE_NAME=900=4
END=SIMPLE_NAME=900=4
START=SIMPLE_NAME=900=5
END=SIMPLE_NAME=900=5
START=SIMPLE_NAME=900=6
END=SIMPLE_NAME=900=6
START=SIMPLE_NAME=900=7
END=SIMPLE_NAME=900=7
START=SIMPLE_NAME=900=8
END=SIMPLE_NAME=900=8
START=SIMPLE_NAME=900=9
END=SIMPLE_NAME=900=9
START=SIMPLE_NAME=900=10
END=SIMPLE_NAME=900=10
START=SIMPLE_NAME=900=11
END=SIMPLE_NAME=900=11
START=SIMPLE_NAME=900=12
END=SIMPLE_NAME=900=12
START=SIMPLE_NAME=900=13
END=SIMPLE_NAME=900=13
START=SIMPLE_NAME=900=14
END=SIMPLE_NAME=900=14
START=SIMPLE_NAME=900=15
END=SIMPLE_NAME=900=15
START=SIMPLE_NAME=900=16
END=SIMPLE_NAME=900=16
START=SIMPLE_NAME=900=17
END=SIMPLE_NAME=900=17
START=SIMPLE_NAME=900=18
END=SIMPLE_NAME=900=18
START=SIMPLE_NAME=900=19
END=SIMPLE_NAME=900=19
START=SIMPLE_NAME=900=20
END=SIMPLE_NAME=900=20
START=SIMPLE_NAME=900=21
END=SIMPLE_NAME=900=21
START=SIMPLE_NAME=900=22
END=SIMPLE_NAME=900=22
START=SIMPLE_NAME=900=23
END=SIMPLE_NAME=900=23
START=SIMPLE_NAME=900=24
END=SIMPLE_NAME=900=24
START=SIMPLE_NAME=900=25
END=SIMPLE_NAME=900=25
START=SIMPLE_NAME=900=26
END=SIMPLE_NAME=900=26
START=SIMPLE_NAME=900=27
END=SIMPLE_NAME=900=27
START=SIMPLE_NAME=900=28
END=SIMPLE_NAME=900=28
START=SIMPLE_NAME=900=29
END=SIMPLE_NAME=900=29
START=SIMPLE_NAME=900=30
END=SIMPLE_NAME=900=30
START=SIMPLE_NAME=900=31
END=SIMPLE_NAME=900=31
START=SIMPLE_NAME=900=32
END=SIMPLE_NAME=900=32
START=SIMPLE_NAME=900=33
END=SIMPLE_NAME=900=33
START=SIMPLE_NAME=900=34
END=SIMPLE_NAME=900=34
START=SIMPLE_NAME=900=35
END=SIMPLE_NAME=900=35
START=SIMPLE_NAME=900=36
END=SIMPLE_NAME=900=36
START=SIMPLE_NAME=900=37
END=SIMPLE_NAME=900=37
START=SIMPLE_NAME=900=38
END=SIMPLE_NAME=900=38
START=SIMPLE_NAME=900=39
END=SIMPLE_NAME=900=39
START=SIMPLE_NAME=900=40
END=SIMPLE_NAME=900=40
START=SIMPLE_NAME=900=41
END=SIMPLE_NAME=900=41
START=SIMPLE_NAME=900=42
END=SIMPLE_NAME=900=42
START=SIMPLE_NAME=900=43
END=SIMPLE_NAME=900=43
START=SIMPLE_NAME=900=44
END=SIMPLE_NAME=900=44
START=SIMPLE_NAME=900=45
END=SIMPLE_NAME=900=45
START=SIMPLE_NAME=900=46
END=SIMPLE_NAME=900=46
START=SIMPLE_NAME=900=47
END=SIMPLE_NAME=900=47
START=SIMPLE_NAME=900=48
END=SIMPLE_NAME=900=48
START=SIMPLE_NAME=900=49
END=SIMPLE_NAME=900=49
START=SIMPLE_NAME=900=50
END=SIMPLE_NAME=900=50
START=SIMPLE_NAME=900=51
END=SIMPLE_NAME=900=51
START=SIMPLE_NAME=900=52
END=SIMPLE_NAME=900=52
START=SIMPLE_NAME=900=53
END=SIMPLE_NAME=900=53
START=SIMPLE_NAME=900=54
END=SIMPLE_NAME=900=54
START=SIMPLE_NAME=900=55
END=SIMPLE_NAME=900=55
START=SIMPLE_NAME=900=56
END=SIMPLE_NAME=900=56
START=SIMPLE_NAME=900=57
END=SIMPLE_NAME=900=57
START=SIMPLE_NAME=900=58
END=SIMPLE_NAME=900=58
START=SIMPLE_NAME=900=59
END=SIMPLE_NAME=900=59
START=SIMPLE_NAME=900=60
END=SIMPLE_NAME=900=60
START=SIMPLE_NAME=900=61
END=SIMPLE_NAME=900=61
START=SIMPLE_NAME=900=62
END=SIMPLE_NAME=900=62
START=SIMPLE_NAME=900=63
END=SIMPLE_NAME=900=63
START=SIMPLE_NAME=900=64
END=SIMPLE_NAME=900=64
START=SIMPLE_NAME=900=65
END=SIMPLE_NAME=900=65
START=SIMPLE_NAME=900=66
END=SIMPLE_NAME=900=66
START=SIMPLE_NAME=900=67
END=SIMPLE_NAME=900=67
START=SIMPLE_NAME=900=68
END=SIMPLE_NAME=900=68
START=SIMPLE_NAME=900=69
END=SIMPLE_NAME=900=69
START=SIMPLE_NAME=900=70
END=SIMPLE_NAME=900=70
START=SIMPLE_NAME=900=71
END=SIMPLE_NAME=900=71
START=SIMPLE_NAME=900=72
END=SIMPLE_NAME=900=72
START=SIMPLE_NAME=900=73
END=SIMPLE_NAME=900=73
START=SIMPLE_NAME=900=74
END=SIMPLE_NAME=900=74
START=SIMPLE_NAME=900=75
END=SIMPLE_NAME=900=75
START=SIMPLE_NAME=900=76
END=SIMPLE_NAME=900=76
START=SIMPLE_NAME=900=77
END=SIMPLE_NAME=900=77
START=SIMPLE_NAME=900=78
END=SIMPLE_NAME=900=78
START=SIMPLE_NAME=900=79
END=SIMPLE_NAME=900=79
START=SIMPLE_NAME=900=80
END=SIMPLE_NAME=900=80
START=SIMPLE_NAME=900=81
END=SIMPLE_NAME=900=81
START=SIMPLE_NAME=900=82
END=SIMPLE_NAME=900=82
START=SIMPLE_NAME=900=83
END=SIMPLE_NAME=900=83
START=SIMPLE_NAME=900=84
END=SIMPLE_NAME=900=84
START=SIMPLE_NAME=900=85
END=SIMPLE_NAME=900=85
START=SIMPLE_NAME=900=86
END=SIMPLE_NAME=900=86
START=SIMPLE_NAME=900=87
END=SIMPLE_NAME=900=87
START=SIMPLE_NAME=900=88
END=SIMPLE_NAME=900=88
START=SIMPLE_NAME=900=89
END=SIMPLE_NAME=900=89
START=SIMPLE_NAME=900=90
END=SIMPLE_NAME=900=90
START=SIMPLE_NAME=900=91
END=SIMPLE_NAME=900=91
START=SIMPLE_NAME=900=92
END=SIMPLE_NAME=900=92
START=SIMPLE_NAME=900=93
END=SIMPLE_NAME=900=93
START=SIMPLE_NAME=900=94
END=SIMPLE_NAME=900=94
START=SIMPLE_NAME=900=95
END=SIMPLE_NAME=900=95
START=SIMPLE_NAME=900=96
END=SIMPLE_NAME=900=96
START=SIMPLE_NAME=900=97
END=SIMPLE_NAME=900=97
START=SIMPLE_NAME=900=98
END=SIMPLE_NAME=900=98
START=BRIDGE=900=0
END=BRIDGE=900=0
START=BRIDGE=900=1
END=BRIDGE=900=1
START=BRIDGE=900=2
END=BRIDGE=900=2
START=BRIDGE=900=3
END=BRIDGE=900=3
START=BRIDGE=900=4
END=BRIDGE=900=4
START=BRIDGE=900=5
END=BRIDGE=900=5
START=BRIDGE=900=6
END=BRIDGE=900=6
START=BRIDGE=900=7
END=BRIDGE=900=7
START=FILT=900=0
Name=IP Call
In filter 01...Valid=Yes
Out filter 01...Valid=Yes
Out filter 01...Generic...Forward=Yes
Out filter 01...Ip...Forward=Yes
END=FILT=900=0
START=FILT=900=1
Name=NetWare Call
In filter 01...Valid=Yes
Out filter 01...Valid=Yes
Out filter 01...Generic...Offset=14
Out filter 01...Generic...Length=3
Out filter 01...Generic...Mask=ffffff0000000000
Out filter 01...Generic...Value=e0e0030000000000
Out filter 01...Generic...More=Yes
Out filter 02...Valid=Yes
Out filter 02...Generic...Offset=27
Out filter 02...Generic...Length=8
Out filter 02...Generic...Mask=ffffffffffffffff
Out filter 02...Generic...Value=ffffffffffff0452
Out filter 02...Generic...More=Yes
Out filter 03...Valid=Yes
Out filter 03...Generic...Offset=47
Out filter 03...Generic...Length=2
Out filter 03...Generic...Mask=ffff000000000000
Out filter 03...Generic...Value=0002000000000000
Out filter 04...Valid=Yes
Out filter 04...Generic...Offset=12
Out filter 04...Generic...Length=4
Out filter 04...Generic...Mask=fc00ffff00000000
Out filter 04...Generic...Value=0000ffff00000000
Out filter 04...Generic...More=Yes
Out filter 05...Valid=Yes
Out filter 05...Generic...Offset=24
Out filter 05...Generic...Length=8
Out filter 05...Generic...Mask=ffffffffffffffff
Out filter 05...Generic...Value=ffffffffffff0452
Out filter 05...Generic...More=Yes
Out filter 06...Valid=Yes
Out filter 06...Generic...Offset=44
Out filter 06...Generic...Length=2
Out filter 06...Generic...Mask=ffff000000000000
Out filter 06...Generic...Value=0002000000000000
Out filter 07...Valid=Yes
Out filter 07...Generic...Forward=Yes
Out filter 07...Ip...Forward=Yes
END=FILT=900=1
START=FILT=900=2
Name=AppleTalk Call
In filter 01...Valid=Yes
Out filter 01...Valid=Yes
Out filter 01...Generic...Offset=14
Out filter 01...Generic...Length=8
Out filter 01...Generic...Mask=ffffff000000ffff
Out filter 01...Generic...Value=aaaa03000000809b
Out filter 01...Generic...More=Yes
Out filter 02...Valid=Yes
Out filter 02...Generic...Offset=32
Out filter 02...Generic...Length=3
Out filter 02...Generic...Mask=ffffff0000000000
Out filter 02...Generic...Value=0404040000000000
Out filter 03...Valid=Yes
Out filter 03...Generic...Offset=12
Out filter 03...Generic...Length=2
Out filter 03...Generic...Mask=ffff000000000000
Out filter 03...Generic...Value=809b000000000000
Out filter 03...Generic...More=Yes
Out filter 04...Valid=Yes
Out filter 04...Generic...Offset=24
Out filter 04...Generic...Length=3
Out filter 04...Generic...Mask=ffffff0000000000
Out filter 04...Generic...Value=0404040000000000
Out filter 05...Valid=Yes
Out filter 05...Generic...Forward=Yes
Out filter 05...Ip...Forward=Yes
END=FILT=900=2
START=FILT=900=3
END=FILT=900=3
START=FILT=900=4
END=FILT=900=4
START=FILT=900=5
END=FILT=900=5
START=FILT=900=6
END=FILT=900=6
START=FILT=900=7
END=FILT=900=7
START=ROUTE=900=0
Name=Default
Active=Yes
Metric=1
Private=Yes
END=ROUTE=900=0
START=ROUTE=900=1
END=ROUTE=900=1
START=ROUTE=900=2
END=ROUTE=900=2
START=ROUTE=900=3
END=ROUTE=900=3
START=ROUTE=900=4
END=ROUTE=900=4
START=ROUTE=900=5
END=ROUTE=900=5
START=ROUTE=900=6
END=ROUTE=900=6
START=ROUTE=900=7
END=ROUTE=900=7
START=ROUTE=900=8
END=ROUTE=900=8
START=ROUTE=900=9
END=ROUTE=900=9
START=ROUTE=900=10
END=ROUTE=900=10
START=ROUTE=900=11
END=ROUTE=900=11
START=ROUTE=900=12
END=ROUTE=900=12
START=ROUTE=900=13
END=ROUTE=900=13
START=ROUTE=900=14
END=ROUTE=900=14
START=ROUTE=900=15
END=ROUTE=900=15
START=ROUTE=900=16
END=ROUTE=900=16
START=ROUTE=900=17
END=ROUTE=900=17
START=ROUTE=900=18
END=ROUTE=900=18
START=ROUTE=900=19
END=ROUTE=900=19
START=ROUTE=900=20
END=ROUTE=900=20
START=ROUTE=900=21
END=ROUTE=900=21
START=ROUTE=900=22
END=ROUTE=900=22
START=ROUTE=900=23
END=ROUTE=900=23
START=ROUTE=900=24
END=ROUTE=900=24
START=ROUTE=900=25
END=ROUTE=900=25
START=ROUTE=900=26
END=ROUTE=900=26
START=ROUTE=900=27
END=ROUTE=900=27
START=ROUTE=900=28
END=ROUTE=900=28
START=ROUTE=900=29
END=ROUTE=900=29
START=ROUTE=900=30
END=ROUTE=900=30
START=ROUTE=900=31
END=ROUTE=900=31
START=CONN=900=0
PPP options...Recv Auth=Either
Session options...Idle=120
Encaps...MPP=Yes
Encaps...PPP=Yes
PPP options...Route IPX=Yes
PPP options...Route IP=Yes
Encaps...ARA=No
Profile Reqd=No
END=CONN=900=0
START=CONN=900=1
END=CONN=900=1
START=CONN=900=2
END=CONN=900=2
START=CONN=900=3
END=CONN=900=3
START=CONN=900=4
END=CONN=900=4
START=CONN=900=5
END=CONN=900=5
START=CONN=900=6
END=CONN=900=6
START=CONN=900=7
END=CONN=900=7
START=CONN=900=8
END=CONN=900=8
START=CONN=900=9
END=CONN=900=9
START=CONN=900=10
END=CONN=900=10
START=CONN=900=11
END=CONN=900=11
START=CONN=900=12
END=CONN=900=12
START=CONN=900=13
END=CONN=900=13
START=CONN=900=14
END=CONN=900=14
START=CONN=900=15
END=CONN=900=15
START=CONN=900=16
END=CONN=900=16
START=CONN=900=17
END=CONN=900=17
START=CONN=900=18
END=CONN=900=18
START=CONN=900=19
END=CONN=900=19
START=CONN=900=20
END=CONN=900=20
START=CONN=900=21
END=CONN=900=21
START=CONN=900=22
END=CONN=900=22
START=CONN=900=23
END=CONN=900=23
START=CONN=900=24
END=CONN=900=24
START=CONN=900=25
END=CONN=900=25
START=CONN=900=26
END=CONN=900=26
START=CONN=900=27
END=CONN=900=27
START=CONN=900=28
END=CONN=900=28
START=CONN=900=29
END=CONN=900=29
START=CONN=900=30
END=CONN=900=30
START=CONN=900=31
END=CONN=900=31
START=TRAP=900=0
END=TRAP=900=0
START=TRAP=900=1
END=TRAP=900=1
START=TRAP=900=2
END=TRAP=900=2
START=TRAP=900=3
END=TRAP=900=3
START=TRAP=900=4
END=TRAP=900=4
START=TRAP=900=5
END=TRAP=900=5
START=TRAP=900=6
END=TRAP=900=6
START=TRAP=900=7
END=TRAP=900=7
START=SECURITY=0=0
Name=Default
END=SECURITY=0=0
START=SECURITY=0=1
END=SECURITY=0=1
START=SECURITY=0=2
Name=Full Access
Passwd=Ascend
END=SECURITY=0=2
START=ETHERNET=900=0
Ether options...IP Adrs=0.0.0.0/0
Bridging=No
END=ETHERNET=900=0
START=SYSTEM=0=0
Name=
END=SYSTEM=0=0

Prev by Date: RE: (ASCEND) Getting USR Sportsters to behave...
Next by Date: Re: (ASCEND) Re: ASCII codes
Prev by thread: (ASCEND) Authentication MAX200+, RADIUS, ACE/SERVER problem
Next by thread: (ASCEND) Ascend software releases on WWW gripe
Index(es):
- Main
- Thread