Re: Livingston and Merit radiusd's both won't work (fwd)

Mike Wronski (admin@australiagate.com.au)
Fri, 11 Oct 1996 17:07:01 +1000 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steven P. Crain: "Re: ascend mod of radius (fwd)"
Previous message: Mike Wronski: "radius accounting.."
In reply to: MegaZone: "Livingston and Merit radiusd's both won't work (fwd)"

Sorry to bother you I dont suppose you could tell me what rules are
required to set up an IRX incoming filter on the WAN port for KALI,
Iphone, Webphone or IRC ?

Desparate Russell

On Thu, 10 Oct 1996, MegaZone wrote:

> Once upon a time Brian C Hill shaped the electrons to say...
> > The portmaster (version):
> > Livingston Enterprises PortMaster Version 3.0.3
>
> FYI that is ancient. We are running 3.3.3 now. 3.0.3 is roughly 10 releases
> old now. (Not counting 2 or 3 patch releases in there.)
>
> > I did a "set secret" on the pm and put that in the clients file
> >on the radiusd host. I did a "set authentic" on the pm pointing to the
> >radius host. I also didn't even change the users file. I just tried to
> >test one of local entries. This is a sample of the -x output.
>
> If the user is in the local file it won't use RADIUS...
>
> 3.0.3 is so old I'm not even sure what tools you have to use... I believe
> you have 'ptrace' - I would set up a ptrace filter that lists an traffic
> coming from UDP port 1645 and 1646
> Like
> permit UDP src eq 1645
> permit UDP src eq 1646
>
> Then watch the packets coming in from the RADIUS host:
> 1. Make sure you are getting the replies.
> 2. Make sure they are coming from the right IP. If the host is multihomed
> sometimes it is messed up and the packets are from a different IP then the
> request went to. We will ignore packets with the wrong IP and try again.
>
> >radrecv: Request from host cf218446 code=1, id=2, length=64
> > User-Name = "rhw"
> > Password = "$\257OT\223\335J\014\336\022\325\237\324\346@\321"
> > Client-Id = 207.33.132.70
> > Client-Port-Id = 99
> > User-Service-Type = Outbound-User
> >Sending Ack of id 2 to cf218446 (pm-1.nsnet.net)
> > User-Service-Type = Login-User
> > Login-Host = 207.33.132.130
> > Login-Service = PortMaster
>
> Wait a minute - Outbound user? This must be the TC because we only added
> that in the last release.
>
> -MZ
> --
> Livingston Enterprises - Chair, Department of Interstitial Affairs
> Phone: 800-458-9966 510-426-0770 FAX: 510-426-8951 megazone@livingston.com
> For support requests: support@livingston.com <http://www.livingston.com/>
> Snail mail: 6920 Koll Center Parkway #220, Pleasanton, CA 94566
> See me in person: Internet Expo, Boston, MA, October 16-17, Booth 422 ;-)
>

Next message: Steven P. Crain: "Re: ascend mod of radius (fwd)"
Previous message: Mike Wronski: "radius accounting.."
In reply to: MegaZone: "Livingston and Merit radiusd's both won't work (fwd)"