Czesc! > Framed-IP-Address should be different for Login-User > and Call-Check (as User-Name should be too). The User-Name is THE SAME!! i have double checked just now and i am getting -indeed- different 'Framed-IP-Address' values for Call-Check and Login-User but for both i get the VERY same User-Name: 'joe' how come? this is pretty annoying... i have verified that you are sending in the Service-Type=Call-Check request the User-Name AND Password of the calling-station, which i cannot check against the Framed-IP-Address the same request is sending: the one of the called-station. Our Radius:MySQL of course can't accept such request, and i get a REJECT for this call. To summarize it: if i NEVER check IP addresses, the current compile works fine, but i DO want to check IPs and in that case my calls are rejected. > This has been discussed a few months ago - try to browse the list > archive. i found that you said that you'd modify this stuff after receiving views from us, but it looks like no one bothered to send their views: http://sourceforge.net/mailarchive/message.php?msg_id=5544262 : -- Hello Alex, I do not know whether it is a bug or not. This Access-Request is send to query Radius server whether the terminal "alex" can receive incoming call from terminal "gigatel" (that's why Service-Type is CallCheck). So I put in Framed-IP-Address IP of the call origin, not destination. But I am not sure if it is correct, so if a few people confirm that it would be better to put here always IP associated with Username, then I will fix it. If it does not suit you know, it is enough to change one if condition in the source code to get behaviour you need. I can give you more details on priv, if you wish. More concerning thing is that this request does not have Calling-Station-Id atribute. Is it ommited from the text, or not sent at all? ----- Original Message ----- From: "Alexandru Coseru" <alex_spam@di...> Sent: Wednesday, July 16, 2003 11:38 AM Subject: Bug in radius ? It seems there is a bug in radius modules.. Using radius authentification & accounting , and running radiusd in debug mode , I've notice that: rad_recv: Access-Request packet from host 127.0.0.1:33606, id=59, length=219 User-Name = "alex" User-Password = "alex" NAS-IP-Address = 192.168.0.25 NAS-Identifier = "stgk02" NAS-Port-Type = Virtual Service-Type = Call-Check Framed-IP-Address = 192.168.0.136 Called-Station-Id = "961" h323-conf-id = "h323-conf-id=2134F4D 74BC2FBC 56343434 34EF0000" h323-call-origin = "h323-call-origin=answer" h323-call-type = "h323-call-type=VoIP" h323-gw-id = "h323-gw-id=stgk02" Well , it seems like a normal request.. But... terminal "alex" is not at 192.168.0.136.. That's the IP of callingstation.. So , I have a auth req with user,password from calledstation and ip from callingstation.. Is this normal ? -- i found that another guy reported the same behaviour on Aug 10th http://sourceforge.net/mailarchive/message.php?msg_id=5781046 : -- radrecv: Packet from host 202.89.130.5 code=1, id=110, length=92 User-Name = "testtnt" Password = "\255\362\340Dt\331\204A\002P\032\364\376p\343I" NAS-IP-Address = 202.89.x.z NAS-Port-Type = Virtual Service-Type = Login-User Framed-IP-Address = 202.89.xx.xx Calling-Station-Id = "99160300" Called-Station-Id = "093681030" users: Matched testtnt at line 44 auth: Local Sending Ack of id 110 to 202.89.x.z radrecv: Packet from host 202.89.x.z code=1, id=111, length=92 User-Name = "testtnt" Password = "+\210\271[\244(k\353\033\313\33C\016\312\010" NAS-IP-Address = 202.89.x.z NAS-Port-Type = Virtual Service-Type = Call-Check Framed-IP-Address = 202.89.x.z Calling-Station-Id = "99160300" Called-Station-Id = "093681030" users: Matched testtnt at line 44 auth: Local Sending Ack of id 111 to 202.89.x.z -- Thanks.. Enrique- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
