alx
November 6, 2009, 1:53pm
1
Hi everybody!
I’ve bought Mikrotik RB 1000 (Version 4.2).http://wiki.mikrotik.com/wiki/PPPoE , http://wiki.mikrotik.com/wiki/RADIUS_Client ) to basically configure my device as pppoe server. But I have a trouble with authentication of pppoe users throw RADIUS server (CTI RADIUS).
Parser N1 ----DBG: Processing [Access-Request] from <IP_address> with identifier 30 for session
Parser N1 Invalid date format:
Parser N1 Cannot work on request with empty session ID
Really, when I use AS5350, it sent Attribute Value Pair - “AVP: l=18 t=Acct-Session-Id(44):<some_session_id>”, and now Mikrotik sends:
Attribute Value Pairs
AVP: l=6 t=Service-Type(6): Framed-User(2)
AVP: l=6 t=Framed-Protocol(7): PPP(1)
AVP: l=6 t=NAS-Port(5): 156
AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)
AVP: l=7 t=User-Name(1): test1
AVP: l=19 t=Calling-Station-Id(31): 00:19:5B:**:**:**
AVP: l=10 t=Called-Station-Id(30): internet
AVP: l=8 t=NAS-Port-Id(87): ether2
AVP: l=18 t=CHAP-Challenge(60): E25C349EB42527E3F487C7*********
AVP: l=19 t=CHAP-Password(3): 01D310ED6C6DDD643801B*********
AVP: l=10 t=NAS-Identifier(32): MikroTik
AVP: l=6 t=NAS-IP-Address(4): <IP_address>
without “Acct-Session-Id”.
The RADIUS server configuration has not parameter to ignore “Acct-Session-Id” and license on my RADIUS server do not permits to upgrade it. Is this possible to send “Acct-Session-Id” from Mikrotik, or maybe you have any ideas how to solve this problem?
fewi
November 6, 2009, 4:04pm
2
According to http://wiki.mikrotik.com/wiki/RADIUS_Client#Access-Request that attribute is sent by default.
Turn on RADIUS logging on the RB1000 and post the logs of an Access-Request as RouterOS claims it sends it out.
alx
November 9, 2009, 7:31am
3
Ok, I turned on logging “radius” and that’s it:
radius debug new request 1b:c4 code=Access-Request service=ppp called-id =internet
radius debug sending 1b:c4 to xx.xx.128.4: 1812
radius debug packet sending Access-Request with id 51 to xx.xx.128.4:1812
radius debug packet Signature = 0xcdcb52e9252b2b7762a39b2a3592bd80
radius debug packet SetVice-Type = 2
radius debug packet Framed-Protocol = 1
radius debug packet NAS-Port = 177
radius debug packet NAS-Port-Type = 15
radius debug packet User-Name = "test1"
radius debug packet Calling-Station-Id = "00:19:5B:xx:xx:xx"
radius debug packet Called-Station-Id = "internet"
radius debug packet NAS-Port-Id = "ether2"
radius debug packet MS-CHAP-Challenge = 0xefa6669e60c2e89de0cdd558e0c3b3ca
radius debug packet MS-CHAP2-Response = 0x0100c58619b4750d3b1fc05423d3334c
radius debug packet b2cb00000000000000001ea0722f7b4
radius debug packet 5f8708aa99cf07d4d47311709e94e6709
radius debug packet c7f9
radius debug packet NAS-Identifier = "MikroTik"
radius debug packet NAS-IP-Address = xx.xx.128.1
radius debug resending 1b:c4
radius debug packet sending Access-Request with id 51 to 194.8.128.4:1812
radius debug packet Signature = 0xcdcb52e9252b2b7762a39b2a3592bd80
radius debug packet SetVice-Type = 2
radius debug packet Framed-Protocol = 1
radius debug packet NAS-Port = 177
radius debug packet NAS-Port-Type = 15
radius debug packet User-Name = "test1"
radius debug packet Calling-Station-Id = "00:19:5B:xx:xx:xx"
radius debug packet Called-Station-Id = "internet"
radius debug packet NAS-Port-Id = "ether2"
radius debug packet MS-CHAP-Challenge = 0xefa6669e60c2e89de0cdd558e0c3b3ca
radius debug packet MS-CHAP2-Response = 0x0100c58619b4750d3b1fc05423d3334c
radius debug packet b2cb00000000000000001ea0722f7b4
radius debug packet 5f8708aa99cf07d4d47311709e94e6709
radius debug packet c7f9
radius debug packet NAS-Identifier = "MikroTik"
radius debug packet NAS-IP-Address = xx.xx.128.1
radius debug resending 1b:c4
radius debug packet sending Access-Request with id 51 to xx.xx.128.4:1812
radius debug packet Signature = 0xcdcb52e9252b2b7762a39b2a3592bd80
radius debug packet SetVice-Type = 2
radius debug packet Framed-Protocol = 1
radius debug packet NAS-Port = 177
radius debug packet NAS-Port-Type = 15
radius debug packet User-Name = "test1"
radius debug packet Calling-Station-Id = "00:19:5B:xx:xx:xx"
radius debug packet Called-Station-Id = "internet"
radius debug packet NAS-Port-Id = "ether2"
radius debug packet MS-CHAP-Challenge = 0xefa6669e60c2e89de0cdd558e0c3b3ca
radius debug packet MS-CHAP2-Response = 0x0100c58619b4750d3b1fc05423d3334c
radius debug packet b2cb00000000000000001ea0722f7b4
radius debug packet 5f8708aa99cf07d4d47311709e94e6709
radius debug packet c7f9
radius debug packet NAS-Identifier = "MikroTik"
radius debug packet NAS-IP-Address = xx.xx.128.1
radius debug timeout for 1b:c4
Additionally there is TCP/IP packet, captured on RADIUS side using Wireshark:
Frame 90 (228 bytes on wire, 228 bytes captured)
Ethernet II, Src: Routerbo_20:71:34 (00:0c:42:20:71:34), Dst: Vmware_xx:xx:xx (00:0c:29:xx:xx:xx)
Internet Protocol, Src: xx.xx.128.1 (xx.xx.128.1), Dst: xx.xx.128.4 (xx.xx.128.4)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 214
Identification: 0xa857 (43095)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x0da9 [correct]
Source: xx.xx.128.1 (xx.xx.128.1)
Destination: xx.xx.128.4 (xx.xx.128.4)
User Datagram Protocol, Src Port: 40374 (40374), Dst Port: radius (1812)
Source port: 40374 (40374)
Destination port: radius (1812)
Length: 194
Checksum: 0xac93 [validation disabled]
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x33 (51)
Length: 186
Authenticator: CDCB52E9252B2B7762A39B2A3592BD80
Attribute Value Pairs
AVP: l=6 t=Service-Type(6): Framed-User(2)
AVP: l=6 t=Framed-Protocol(7): PPP(1)
AVP: l=6 t=NAS-Port(5): 177
AVP: l=6 t=NAS-Port-Type(61): Ethernet(15)
AVP: l=7 t=User-Name(1): test1
AVP: l=19 t=Calling-Station-Id(31): 00:19:5B:xx:xx:xx
AVP: l=10 t=Called-Station-Id(30): internet
AVP: l=8 t=NAS-Port-Id(87): ether2
AVP: l=24 t=Vendor-Specific(26) v=Microsoft(311)
AVP: l=58 t=Vendor-Specific(26) v=Microsoft(311)
AVP: l=10 t=NAS-Identifier(32): MikroTik
AVP: l=6 t=NAS-IP-Address(4): xx.xx.128.1