Default it seems that Dude is probing my radius server (mikrotik user-manager), the problem is that i use user-manager for personal user-accounts for every mikrotik routerboards, so there is a router config for the dude server also that make it possible for the dude session to connect to radius.

Dude server then try to log in with user TEST and flooding my log files.

Does anyone else have good idea howto still monitor radius, but keep dude from flooding radius logs.

Maybe make a TEST user in radius and then set the password accordingly to the probing request, so there is a successfull login instead of a failure. ???

This is still a problem.

Dude tries to connect to the radius with the user "TEST" and the radius (user-manager) is logging the attempt as a failure.

Work around could be to stop failure logging on the radius (user-manager), or stop probing the radius service in dude.

None of those options is a good solution.

In the dude configuration for radius I find "\x01D\0,0123456789012345\x01\x06TEST\x02\x12abcdefghijklmnop\0" and I've tried to change some of these setting without any luck.

Any suggestions?

Create a user on your raidus server named test?

Mmm.. that was my first thought as well, but i guess I have to use wireshark to find out what kind of password it tries (since I couldn't figure out the string) . And I have to change the expected response in dude something else than the expected "\x03D" response.

Anyone who could enlighten me on this different strings?

You could simplify it by just checking if the port is open by creating a new udp probe set the port and click connect only.

Of course that doesn't let you know if radius is actually working, just something is running on that port.

When you modified that string did the user "TEST" keep trying to log in?
For example try this? "\x01D\0,0123456789012345\x01\x06myuser\x02\x12mypass\0"

BUT I went looking and in this thread...
http://forum.mikrotik.com/viewtopic.php ... us#p163115

Here is the last post...
I had a similar problem and thought things needed to be changed as well then I came across this post from uldis on March 17, 2006

"you can change the contents of UDP packet that is sent in any way, but in
general it is not required to successfully authenticate with radius server,
dude just checks if reasonable response is received. (dude server should be
added to radius servers shared secret list)."

So I removed all the changes and created the dude in the shared secret list and it worked for me.

Not sure if that would work for you??

I changed the password, but it didn't help.

In the dude the settings are now.

\x01D\0,0123456789012345\x01\x06TEST\x02\x121234567890\0

And in the usermanager I get this in the log

35840 TEST 0.0.0.0 192.168.xxx.xxx Aug/30/2010 23:23:28 authorization failure

With this detail

invalid password for user <TEST>

The configuration for the TEST account in usermanager

TEST unlimited 0s 0s 0.00 0 B 0 B

With the password for the TEST account.

1234567890

As you can see, since i'm logging failure this is flooding my log files. Over 35000 log entries with the TEST account.

I made the suggestion of changing some of the fields but what we need is someone who knows which field is which...

I don't know if they are using pap or chap or ms-chap or chapv2. I would assume that they are just using pap.
Does you radius server accept pap? I would not allow unencrypted password protocols.

Although you see "bad password" if your radius server only supports chapv2 and the dude is using pap you might get the same error.

You could temporarily enable pap but then if one of the real users computer is configured wrong "using pap" the password is being sent in the clear.

Maybe gsandul or normis can shed some light on the fields of the radius probe.

I made the suggestion of changing some of the fields but what we need is someone who knows which field is which...

I don't know if they are using pap or chap or ms-chap or chapv2. I would assume that they are just using pap.
Does you radius server accept pap? I would not allow unencrypted password protocols.

Although you see "bad password" if your radius server only supports chapv2 and the dude is using pap you might get the same error.

You could temporarily enable pap but then if one of the real users computer is configured wrong "using pap" the password is being sent in the clear.

Maybe gsandul or normis can shed some light on the fields of the radius probe.

Good thinking, maybe the mikrotik crew could describe the different fields??

i had the same problem and i solved it.
i added dude ip in the router list of usermanager, and then i added the user TEST with, now i've got to understand how to change the password

For Aradial Radius I added my dude server IP in my list of NAS's and then created the a radius user;

The probe can be broken down like this after:
\x01D\0,0123456789012345\x01\x06RadiusUSERNAME\x02\x12PASSWORD\0