Willie_Meagher@ascend.com wrote: > When Access Control (Radius) is trying to connect to the ACE server, it > looks for ACE configuration file (sdconf.rec) in the /var/ace directory. > If the file is not in that location, the connection to ACE will fail. The file was in that location at all! > When dialing in from your RAS client, I'm assuming you are opening a > Terminal Window when you connect to the MAX > You'll get a Login and Password prompt. > If you leave out the Ascend-Token-Immediate prompt, you will get a > Login, Password and Enter Passcode Prompt Before that there is a LAN Security Error at the MAX 200+!? > secuid00 Authentication-Type = ACE, Ascend-Token-Immediate = Tok-Imm-Yes, > Service-Type = Framed, > Framed-Protocol = PPP, > Framed-IP-Address = ..., > Framed-IP-Netmask = 255.255.255.255, > Ascend-Idle-Limit = 300 > > Ascend-Token-Idle and Ascend-Token-Expiry are only applicable when using > Cache-Token on an Ascend Pipeline. We added that! Thanks for this hint... New Software was added: Ascend Access Control 1.0Ai7 Max 200+ Software 5.0Ap33 Simple radpwtst worked well with secuid00! 1. Actual MAX configuration is added... 2. users-file # User # Ascend MAX 200+ # RADIUS # ACE/SERVER secuid00 Authentication-Type = ACE, Ascend-Token-Immediate = Yes, Ascend-Route-IP = Yes, Ascend-Idle-Limit = 60, Service-Type = Framed, Framed-Protocol = PPP, Framed-IP-Address = 195.125.108.94, Framed-IP-Netmask = 255.255.255.224, > Thorsten Eckey <Thorsten.Eckey @ de.uu.net> on 12/05/97 04:42:30 AM > > To: ascend-users @ bungi.com > cc: scc-tech @ de.uu.net > Subject: (ASCEND) Authentication MAX200+, RADIUS, ACE/SERVER problem > > We want to authenticate users with token-cards through a RADIUS. The > configuration is shown below. > Configuration: > RAS ---> ISDN ---> MAX 200+ ---> Ether ---> UNIX-Host > NT EURO- RADIUS > TOKEN ISDN ACE/SERVER > > PROBLEM: > We got no connection from our WinNT-Client to the ACE/SERVER; no > activity was recorded in the > ACE/SERVER log-file. The pincode was not accepted at all. > First we tested the RADIUS-ACE/SERVER connection with radpwtst. A user > was connected with normal > challenge/response procedure. > Second a connection from the RAS-client to RADIUS was established, too. > QUESTION: > How do we have to setup MAX/RADIUS and ACE/SERVER to get a connection > from a RAS-client? Configuration-Files? Any experience with it? > > - Net > 255.255.255.224 > > - RAS > System: WinNT 4.0 (Server/SP3) > ISDN-Card: AVM/Fritz! > Protocol: TCP/IP, PPP (WinNT/Internet) > > - MAX 200+ > Software: Version 5.0Ap33 > Config: Ethernet->Answer: Profile Reqd (Yes) > ... (default) > Ethernet->Answer->Encaps: default > Ethernet->Answer->PPP Options: Recieve Auth (PAP) > ... (default) > Ethernet->Mod Config->Ether options: IP Adrs (valid ip) > ... (default) > Ethernet->Mod Config->Auth: Auth (RADIUS) > Auth Host#1/2/3 (valid ip) > Auth Port (1645) > Auth Timeout (30) > Auth Key (...) > ... (default) > Conn-Prof: Ethernet->Connections->... Station (secuid00) > Active (Yes) > Encaps (PPP) > ... (default) > Ethernet->Connections->...->Encaps Opt. Send Auth (None) > Recieve PW (...) > ... (default) > > - UNIX-Host > System: SUN Sparc 5/Solaris 2.5.1 > > - RADIUS > Type: Ascend Access Control > Version: r1_0Ap2 > Location: /etc/raddb > Client-File: # RADIUS CLIENTS CONFIGURATIONS > # Ascend MAX 200+ > (valid-ip) ... type=Ascend:NAS > Users-File: # RADIUS USERS PROFILES > secuid00 Authentication-Type = ACE, Ascend-Token-Expiry = 540, > Ascend-Token-Idle = 60, > Ascend-Token-Immediate = Tok-Imm-No, > Service-Type = Framed, > Framed-Protocol = PPP, > Framed-IP-Address = ..., > Framed-IP-Netmask = 255.255.255.224, > Ascend-Idle-Limit = 300 > > - ACE/SERVER > Version: 3.01 > User: secuid00 with assigned TOKEN > Client: gonzo > Config: sdconf.rec -> /etc/raddb > > MfG > scc-tech@de.uu.net > ++ Ascend Users Mailing List ++ > To unsubscribe: send unsubscribe to ascend-users-request@bungi.com > To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> -- Mit (freundlichen) Gruessen SCC scc-tech@de.uu.net </PRE> <PRE> START=SAPFILT=900=0 END=SAPFILT=900=0 START=SAPFILT=900=1 END=SAPFILT=900=1 START=SAPFILT=900=2 END=SAPFILT=900=2 START=SAPFILT=900=3 END=SAPFILT=900=3 START=IPXROUTE=900=0 END=IPXROUTE=900=0 START=IPXROUTE=900=1 END=IPXROUTE=900=1 START=IPXROUTE=900=2 END=IPXROUTE=900=2 START=IPXROUTE=900=3 END=IPXROUTE=900=3 START=IPXROUTE=900=4 END=IPXROUTE=900=4 START=IPXROUTE=900=5 END=IPXROUTE=900=5 START=IPXROUTE=900=6 END=IPXROUTE=900=6 START=IPXROUTE=900=7 END=IPXROUTE=900=7 START=SIMPLE_NAME=900=0 END=SIMPLE_NAME=900=0 START=SIMPLE_NAME=900=1 END=SIMPLE_NAME=900=1 START=SIMPLE_NAME=900=2 END=SIMPLE_NAME=900=2 START=SIMPLE_NAME=900=3 END=SIMPLE_NAME=900=3 START=SIMPLE_NAME=900=4 END=SIMPLE_NAME=900=4 START=SIMPLE_NAME=900=5 END=SIMPLE_NAME=900=5 START=SIMPLE_NAME=900=6 END=SIMPLE_NAME=900=6 START=SIMPLE_NAME=900=7 END=SIMPLE_NAME=900=7 START=SIMPLE_NAME=900=8 END=SIMPLE_NAME=900=8 START=SIMPLE_NAME=900=9 END=SIMPLE_NAME=900=9 START=SIMPLE_NAME=900=10 END=SIMPLE_NAME=900=10 START=SIMPLE_NAME=900=11 END=SIMPLE_NAME=900=11 START=SIMPLE_NAME=900=12 END=SIMPLE_NAME=900=12 START=SIMPLE_NAME=900=13 END=SIMPLE_NAME=900=13 START=SIMPLE_NAME=900=14 END=SIMPLE_NAME=900=14 START=SIMPLE_NAME=900=15 END=SIMPLE_NAME=900=15 START=SIMPLE_NAME=900=16 END=SIMPLE_NAME=900=16 START=SIMPLE_NAME=900=17 END=SIMPLE_NAME=900=17 START=SIMPLE_NAME=900=18 END=SIMPLE_NAME=900=18 START=SIMPLE_NAME=900=19 END=SIMPLE_NAME=900=19 START=SIMPLE_NAME=900=20 END=SIMPLE_NAME=900=20 START=SIMPLE_NAME=900=21 END=SIMPLE_NAME=900=21 START=SIMPLE_NAME=900=22 END=SIMPLE_NAME=900=22 START=SIMPLE_NAME=900=23 END=SIMPLE_NAME=900=23 START=SIMPLE_NAME=900=24 END=SIMPLE_NAME=900=24 START=SIMPLE_NAME=900=25 END=SIMPLE_NAME=900=25 START=SIMPLE_NAME=900=26 END=SIMPLE_NAME=900=26 START=SIMPLE_NAME=900=27 END=SIMPLE_NAME=900=27 START=SIMPLE_NAME=900=28 END=SIMPLE_NAME=900=28 START=SIMPLE_NAME=900=29 END=SIMPLE_NAME=900=29 START=SIMPLE_NAME=900=30 END=SIMPLE_NAME=900=30 START=SIMPLE_NAME=900=31 END=SIMPLE_NAME=900=31 START=SIMPLE_NAME=900=32 END=SIMPLE_NAME=900=32 START=SIMPLE_NAME=900=33 END=SIMPLE_NAME=900=33 START=SIMPLE_NAME=900=34 END=SIMPLE_NAME=900=34 START=SIMPLE_NAME=900=35 END=SIMPLE_NAME=900=35 START=SIMPLE_NAME=900=36 END=SIMPLE_NAME=900=36 START=SIMPLE_NAME=900=37 END=SIMPLE_NAME=900=37 START=SIMPLE_NAME=900=38 END=SIMPLE_NAME=900=38 START=SIMPLE_NAME=900=39 END=SIMPLE_NAME=900=39 START=SIMPLE_NAME=900=40 END=SIMPLE_NAME=900=40 START=SIMPLE_NAME=900=41 END=SIMPLE_NAME=900=41 START=SIMPLE_NAME=900=42 END=SIMPLE_NAME=900=42 START=SIMPLE_NAME=900=43 END=SIMPLE_NAME=900=43 START=SIMPLE_NAME=900=44 END=SIMPLE_NAME=900=44 START=SIMPLE_NAME=900=45 END=SIMPLE_NAME=900=45 START=SIMPLE_NAME=900=46 END=SIMPLE_NAME=900=46 START=SIMPLE_NAME=900=47 END=SIMPLE_NAME=900=47 START=SIMPLE_NAME=900=48 END=SIMPLE_NAME=900=48 START=SIMPLE_NAME=900=49 END=SIMPLE_NAME=900=49 START=SIMPLE_NAME=900=50 END=SIMPLE_NAME=900=50 START=SIMPLE_NAME=900=51 END=SIMPLE_NAME=900=51 START=SIMPLE_NAME=900=52 END=SIMPLE_NAME=900=52 START=SIMPLE_NAME=900=53 END=SIMPLE_NAME=900=53 START=SIMPLE_NAME=900=54 END=SIMPLE_NAME=900=54 START=SIMPLE_NAME=900=55 END=SIMPLE_NAME=900=55 START=SIMPLE_NAME=900=56 END=SIMPLE_NAME=900=56 START=SIMPLE_NAME=900=57 END=SIMPLE_NAME=900=57 START=SIMPLE_NAME=900=58 END=SIMPLE_NAME=900=58 START=SIMPLE_NAME=900=59 END=SIMPLE_NAME=900=59 START=SIMPLE_NAME=900=60 END=SIMPLE_NAME=900=60 START=SIMPLE_NAME=900=61 END=SIMPLE_NAME=900=61 START=SIMPLE_NAME=900=62 END=SIMPLE_NAME=900=62 START=SIMPLE_NAME=900=63 END=SIMPLE_NAME=900=63 START=SIMPLE_NAME=900=64 END=SIMPLE_NAME=900=64 START=SIMPLE_NAME=900=65 END=SIMPLE_NAME=900=65 START=SIMPLE_NAME=900=66 END=SIMPLE_NAME=900=66 START=SIMPLE_NAME=900=67 END=SIMPLE_NAME=900=67 START=SIMPLE_NAME=900=68 END=SIMPLE_NAME=900=68 START=SIMPLE_NAME=900=69 END=SIMPLE_NAME=900=69 START=SIMPLE_NAME=900=70 END=SIMPLE_NAME=900=70 START=SIMPLE_NAME=900=71 END=SIMPLE_NAME=900=71 START=SIMPLE_NAME=900=72 END=SIMPLE_NAME=900=72 START=SIMPLE_NAME=900=73 END=SIMPLE_NAME=900=73 START=SIMPLE_NAME=900=74 END=SIMPLE_NAME=900=74 START=SIMPLE_NAME=900=75 END=SIMPLE_NAME=900=75 START=SIMPLE_NAME=900=76 END=SIMPLE_NAME=900=76 START=SIMPLE_NAME=900=77 END=SIMPLE_NAME=900=77 START=SIMPLE_NAME=900=78 END=SIMPLE_NAME=900=78 START=SIMPLE_NAME=900=79 END=SIMPLE_NAME=900=79 START=SIMPLE_NAME=900=80 END=SIMPLE_NAME=900=80 START=SIMPLE_NAME=900=81 END=SIMPLE_NAME=900=81 START=SIMPLE_NAME=900=82 END=SIMPLE_NAME=900=82 START=SIMPLE_NAME=900=83 END=SIMPLE_NAME=900=83 START=SIMPLE_NAME=900=84 END=SIMPLE_NAME=900=84 START=SIMPLE_NAME=900=85 END=SIMPLE_NAME=900=85 START=SIMPLE_NAME=900=86 END=SIMPLE_NAME=900=86 START=SIMPLE_NAME=900=87 END=SIMPLE_NAME=900=87 START=SIMPLE_NAME=900=88 END=SIMPLE_NAME=900=88 START=SIMPLE_NAME=900=89 END=SIMPLE_NAME=900=89 START=SIMPLE_NAME=900=90 END=SIMPLE_NAME=900=90 START=SIMPLE_NAME=900=91 END=SIMPLE_NAME=900=91 START=SIMPLE_NAME=900=92 END=SIMPLE_NAME=900=92 START=SIMPLE_NAME=900=93 END=SIMPLE_NAME=900=93 START=SIMPLE_NAME=900=94 END=SIMPLE_NAME=900=94 START=SIMPLE_NAME=900=95 END=SIMPLE_NAME=900=95 START=SIMPLE_NAME=900=96 END=SIMPLE_NAME=900=96 START=SIMPLE_NAME=900=97 END=SIMPLE_NAME=900=97 START=SIMPLE_NAME=900=98 END=SIMPLE_NAME=900=98 START=BRIDGE=900=0 END=BRIDGE=900=0 START=BRIDGE=900=1 END=BRIDGE=900=1 START=BRIDGE=900=2 END=BRIDGE=900=2 START=BRIDGE=900=3 END=BRIDGE=900=3 START=BRIDGE=900=4 END=BRIDGE=900=4 START=BRIDGE=900=5 END=BRIDGE=900=5 START=BRIDGE=900=6 END=BRIDGE=900=6 START=BRIDGE=900=7 END=BRIDGE=900=7 START=FILT=900=0 Name=IP Call In filter 01...Valid=Yes Out filter 01...Valid=Yes Out filter 01...Generic...Forward=Yes Out filter 01...Ip...Forward=Yes END=FILT=900=0 START=FILT=900=1 Name=NetWare Call In filter 01...Valid=Yes Out filter 01...Valid=Yes Out filter 01...Generic...Offset=14 Out filter 01...Generic...Length=3 Out filter 01...Generic...Mask=ffffff0000000000 Out filter 01...Generic...Value=e0e0030000000000 Out filter 01...Generic...More=Yes Out filter 02...Valid=Yes Out filter 02...Generic...Offset=27 Out filter 02...Generic...Length=8 Out filter 02...Generic...Mask=ffffffffffffffff Out filter 02...Generic...Value=ffffffffffff0452 Out filter 02...Generic...More=Yes Out filter 03...Valid=Yes Out filter 03...Generic...Offset=47 Out filter 03...Generic...Length=2 Out filter 03...Generic...Mask=ffff000000000000 Out filter 03...Generic...Value=0002000000000000 Out filter 04...Valid=Yes Out filter 04...Generic...Offset=12 Out filter 04...Generic...Length=4 Out filter 04...Generic...Mask=fc00ffff00000000 Out filter 04...Generic...Value=0000ffff00000000 Out filter 04...Generic...More=Yes Out filter 05...Valid=Yes Out filter 05...Generic...Offset=24 Out filter 05...Generic...Length=8 Out filter 05...Generic...Mask=ffffffffffffffff Out filter 05...Generic...Value=ffffffffffff0452 Out filter 05...Generic...More=Yes Out filter 06...Valid=Yes Out filter 06...Generic...Offset=44 Out filter 06...Generic...Length=2 Out filter 06...Generic...Mask=ffff000000000000 Out filter 06...Generic...Value=0002000000000000 Out filter 07...Valid=Yes Out filter 07...Generic...Forward=Yes Out filter 07...Ip...Forward=Yes END=FILT=900=1 START=FILT=900=2 Name=AppleTalk Call In filter 01...Valid=Yes Out filter 01...Valid=Yes Out filter 01...Generic...Offset=14 Out filter 01...Generic...Length=8 Out filter 01...Generic...Mask=ffffff000000ffff Out filter 01...Generic...Value=aaaa03000000809b Out filter 01...Generic...More=Yes Out filter 02...Valid=Yes Out filter 02...Generic...Offset=32 Out filter 02...Generic...Length=3 Out filter 02...Generic...Mask=ffffff0000000000 Out filter 02...Generic...Value=0404040000000000 Out filter 03...Valid=Yes Out filter 03...Generic...Offset=12 Out filter 03...Generic...Length=2 Out filter 03...Generic...Mask=ffff000000000000 Out filter 03...Generic...Value=809b000000000000 Out filter 03...Generic...More=Yes Out filter 04...Valid=Yes Out filter 04...Generic...Offset=24 Out filter 04...Generic...Length=3 Out filter 04...Generic...Mask=ffffff0000000000 Out filter 04...Generic...Value=0404040000000000 Out filter 05...Valid=Yes Out filter 05...Generic...Forward=Yes Out filter 05...Ip...Forward=Yes END=FILT=900=2 START=FILT=900=3 END=FILT=900=3 START=FILT=900=4 END=FILT=900=4 START=FILT=900=5 END=FILT=900=5 START=FILT=900=6 END=FILT=900=6 START=FILT=900=7 END=FILT=900=7 START=ROUTE=900=0 Name=Default Active=Yes Metric=1 Private=Yes END=ROUTE=900=0 START=ROUTE=900=1 END=ROUTE=900=1 START=ROUTE=900=2 END=ROUTE=900=2 START=ROUTE=900=3 END=ROUTE=900=3 START=ROUTE=900=4 END=ROUTE=900=4 START=ROUTE=900=5 END=ROUTE=900=5 START=ROUTE=900=6 END=ROUTE=900=6 START=ROUTE=900=7 END=ROUTE=900=7 START=ROUTE=900=8 END=ROUTE=900=8 START=ROUTE=900=9 END=ROUTE=900=9 START=ROUTE=900=10 END=ROUTE=900=10 START=ROUTE=900=11 END=ROUTE=900=11 START=ROUTE=900=12 END=ROUTE=900=12 START=ROUTE=900=13 END=ROUTE=900=13 START=ROUTE=900=14 END=ROUTE=900=14 START=ROUTE=900=15 END=ROUTE=900=15 START=ROUTE=900=16 END=ROUTE=900=16 START=ROUTE=900=17 END=ROUTE=900=17 START=ROUTE=900=18 END=ROUTE=900=18 START=ROUTE=900=19 END=ROUTE=900=19 START=ROUTE=900=20 END=ROUTE=900=20 START=ROUTE=900=21 END=ROUTE=900=21 START=ROUTE=900=22 END=ROUTE=900=22 START=ROUTE=900=23 END=ROUTE=900=23 START=ROUTE=900=24 END=ROUTE=900=24 START=ROUTE=900=25 END=ROUTE=900=25 START=ROUTE=900=26 END=ROUTE=900=26 START=ROUTE=900=27 END=ROUTE=900=27 START=ROUTE=900=28 END=ROUTE=900=28 START=ROUTE=900=29 END=ROUTE=900=29 START=ROUTE=900=30 END=ROUTE=900=30 START=ROUTE=900=31 END=ROUTE=900=31 START=CONN=900=0 PPP options...Recv Auth=Either Session options...Idle=120 Encaps...MPP=Yes Encaps...PPP=Yes PPP options...Route IPX=Yes PPP options...Route IP=Yes Encaps...ARA=No Profile Reqd=No END=CONN=900=0 START=CONN=900=1 END=CONN=900=1 START=CONN=900=2 END=CONN=900=2 START=CONN=900=3 END=CONN=900=3 START=CONN=900=4 END=CONN=900=4 START=CONN=900=5 END=CONN=900=5 START=CONN=900=6 END=CONN=900=6 START=CONN=900=7 END=CONN=900=7 START=CONN=900=8 END=CONN=900=8 START=CONN=900=9 END=CONN=900=9 START=CONN=900=10 END=CONN=900=10 START=CONN=900=11 END=CONN=900=11 START=CONN=900=12 END=CONN=900=12 START=CONN=900=13 END=CONN=900=13 START=CONN=900=14 END=CONN=900=14 START=CONN=900=15 END=CONN=900=15 START=CONN=900=16 END=CONN=900=16 START=CONN=900=17 END=CONN=900=17 START=CONN=900=18 END=CONN=900=18 START=CONN=900=19 END=CONN=900=19 START=CONN=900=20 END=CONN=900=20 START=CONN=900=21 END=CONN=900=21 START=CONN=900=22 END=CONN=900=22 START=CONN=900=23 END=CONN=900=23 START=CONN=900=24 END=CONN=900=24 START=CONN=900=25 END=CONN=900=25 START=CONN=900=26 END=CONN=900=26 START=CONN=900=27 END=CONN=900=27 START=CONN=900=28 END=CONN=900=28 START=CONN=900=29 END=CONN=900=29 START=CONN=900=30 END=CONN=900=30 START=CONN=900=31 END=CONN=900=31 START=TRAP=900=0 END=TRAP=900=0 START=TRAP=900=1 END=TRAP=900=1 START=TRAP=900=2 END=TRAP=900=2 START=TRAP=900=3 END=TRAP=900=3 START=TRAP=900=4 END=TRAP=900=4 START=TRAP=900=5 END=TRAP=900=5 START=TRAP=900=6 END=TRAP=900=6 START=TRAP=900=7 END=TRAP=900=7 START=SECURITY=0=0 Name=Default END=SECURITY=0=0 START=SECURITY=0=1 END=SECURITY=0=1 START=SECURITY=0=2 Name=Full Access Passwd=Ascend END=SECURITY=0=2 START=ETHERNET=900=0 Ether options...IP Adrs=0.0.0.0/0 Bridging=No END=ETHERNET=900=0 START=SYSTEM=0=0 Name= END=SYSTEM=0=0 </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!--X-Follow-Ups-End--> <!--X-References--> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg11626.html">RE: (ASCEND) Getting USR Sportsters to behave...</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg11622.html">Re: (ASCEND) Re: ASCII codes</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg11426.html">(ASCEND) Authentication MAX200+, RADIUS, ACE/SERVER problem</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg11427.html">(ASCEND) Ascend software releases on WWW gripe</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="maillist.html#11623"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd268.html#11623"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>