Cisco login and Windows 2003 SP1 IAS radius

Discussion in 'Cisco' started by lord-morduk, Apr 15, 2006.

  1. lord-morduk

    lord-morduk Guest

    Hi firends,

    I have a problem which I try to solve for the past 4 days, and unable
    to understand why this doesn't work.

    I have a Cisco router running with the following commands:

    aaa new-model
    aaa authentication login default group radius local
    aaa authorization exec default group radius if-authenticated
    aaa session-id common
    !
    radius-server host 192.168.104.49 auth-port 1645 acct-port 1646 key 0
    forradius
    radius-server vsa send authentication


    and an IAS configured as following:

    Remote Access Policies
    *if a connection request matches the specified conditions:
    -----
    Edit Profile...
    specification for vendor specific attributes.
    ***
    This is the only Remote Access Policy I have, and it's order is 1
    (because its the only one LOL)
    ***
    Now... When I try to login to the cisco router I get "Access Denied"
    and I started debugging:

    At the "Event Viewer" I see this:

    User ciscoa was denied access.
    Fully-Qualified-User-Name = DOMAIN\ciscoa
    NAS-IP-Address = 192.168.104.50
    NAS-Identifier = <not present>
    Called-Station-Identifier = <not present>
    Calling-Station-Identifier = 192.168.104.49
    Client-Friendly-Name = C1841
    Client-IP-Address = 192.168.104.50
    NAS-Port-Type = Virtual
    NAS-Port = 195
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = <undetermined>
    Authentication-Type = PAP
    EAP-Type = <undetermined>
    Reason-Code = 16
    Reason = Authentication was not successful because an unknown user
    name or incorrect password was used.

    Now... the Reason is... in no chance!!! the wrong use of user/pass!! I
    checked and dubbled checked the user/pass and it's not the reason, not
    in this lifetime!

    I also checked the user properties to make sure I checked:
    Dial-in tab
    And yeap, it is checked!

    ***
    So... I started sniffing, used Ethereal for sniffing and saw this:

    No. Time Source Destination
    Protocol Info
    10 5.699731 192.168.104.50 192.168.104.49 RADIUS
    Access-Request(1) (id=52, l=133)

    Frame 10 (175 bytes on wire, 175 bytes captured)
    Arrival Time: Apr 15, 2006 16:00:46.848414000
    Time delta from previous packet: 3.929897000 seconds
    Time since reference or first frame: 5.699731000 seconds
    Frame Number: 10
    Packet Length: 175 bytes
    Capture Length: 175 bytes
    Protocols in frame: eth:ip:udp:radius
    Ethernet II, Src: 212.143.37.86 (00:12:80:7a:6d:cf), Dst:
    192.168.104.49 (00:20:ed:8e:bf:ba)
    Destination: 192.168.104.49 (00:20:ed:8e:bf:ba)
    Source: 212.143.37.86 (00:12:80:7a:6d:cf)
    Type: IP (0x0800)
    Internet Protocol, Src: 192.168.104.50 (192.168.104.50), Dst:
    192.168.104.49 (192.168.104.49)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 161
    Identification: 0x092e (2350)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 254
    Protocol: UDP (0x11)
    Header checksum: 0x9b2b [correct]
    Source: 192.168.104.50 (192.168.104.50)
    Destination: 192.168.104.49 (192.168.104.49)
    User Datagram Protocol, Src Port: 1645 (1645), Dst Port: 1645 (1645)
    Source port: 1645 (1645)
    Destination port: 1645 (1645)
    Length: 141
    Checksum: 0x1719 [correct]
    Radius Protocol
    Code: Access-Request (1)
    Packet identifier: 0x34 (52)
    Length: 133
    Authenticator: 24B9B3D06A231136330F06BF52062304
    Attribute Value Pairs
    AVP: l=8 t=User-Name(1): ciscoa
    Length: 6
    User-Name: ciscoa
    AVP: l=30 t=Reply-Message(18): Please enter your password:
    Length: 28
    Reply-Message: Please enter your password:
    AVP: l=34 t=User-Password(2): Encrypted
    Length: 32
    User-Password:
    C.qG\237;|\016m\343\271\[\3131\276+\\002\206\2321\023\026l{L\307\245\355\032\235
    AVP: l=6 t=NAS-Port(5): 195
    Length: 4
    NAS-Port: 195
    AVP: l=8 t=NAS-Port-Id(87): tty195
    Length: 6
    NAS-Port-Id: tty195
    AVP: l=6 t=NAS-Port-Type(61): Virtual(5)
    Length: 4
    NAS-Port-Type: Virtual (5)
    AVP: l=15 t=Calling-Station-Id(31): 192.168.104.49
    Length: 13
    Calling-Station-Id: 192.168.104.49
    AVP: l=6 t=NAS-IP-Address(4): 192.168.104.50
    Length: 4
    NAS-IP-Address: 192.168.104.50 (192.168.104.50)

    0000 00 20 ed 8e bf ba 00 12 80 7a 6d cf 08 00 45 00 .
    ........zm...E.
    0010 00 a1 09 2e 00 00 fe 11 9b 2b d4 8f 49 81 d4 8f
    ..........+..I...
    0020 25 52 06 6d 06 6d 00 8d 17 19 01 34 00 85 24 b9
    %R.m.m.....4..$.
    0030 b3 d0 6a 23 11 36 33 0f 06 bf 52 06 23 04 01 08
    ...j#.63...R.#...
    0040 6d 6f 72 64 75 6b 12 1e 50 6c 65 61 73 65 20 65 ciscoa..Please
    e
    0050 6e 74 65 72 20 79 6f 75 72 20 70 61 73 73 77 6f nter your
    passwo
    0060 72 64 3a 20 02 22 43 2e 71 47 9f 3b 7c 0e 6d e3 rd:
    .."C.qG.;|.m.
    0070 b9 5c 5b cb 31 be 2b 5c 02 86 9a 31 13 16 6c 7b
    ..\[.1.+\...1..l{
    0080 4c c7 a5 ed 1a 9d 05 06 00 00 00 c3 57 08 74 74
    L...........W.tt
    0090 79 31 39 35 3d 06 00 00 00 05 1f 0f 32 31 32 2e
    y195=.......212.
    00a0 31 34 33 2e 33 37 2e 38 32 04 06 d4 8f 49 81 143.37.82....I.

    No. Time Source Destination
    Protocol Info
    11 5.728148 192.168.104.49 192.168.104.50 RADIUS
    Access-Reject(3) (id=52, l=20)

    Frame 11 (62 bytes on wire, 62 bytes captured)
    Arrival Time: Apr 15, 2006 16:00:46.876831000
    Time delta from previous packet: 0.028417000 seconds
    Time since reference or first frame: 5.728148000 seconds
    Frame Number: 11
    Packet Length: 62 bytes
    Capture Length: 62 bytes
    Protocols in frame: eth:ip:udp:radius
    Ethernet II, Src: 192.168.104.49 (00:20:ed:8e:bf:ba), Dst:
    212.143.37.86 (00:12:80:7a:6d:cf)
    Destination: 212.143.37.86 (00:12:80:7a:6d:cf)
    Source: 192.168.104.49 (00:20:ed:8e:bf:ba)
    Type: IP (0x0800)
    Internet Protocol, Src: 192.168.104.49 (192.168.104.49), Dst:
    192.168.104.50 (192.168.104.50)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 48
    Identification: 0xcb67 (52071)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x5763 [correct]
    Source: 192.168.104.49 (192.168.104.49)
    Destination: 192.168.104.50 (192.168.104.50)
    User Datagram Protocol, Src Port: 1645 (1645), Dst Port: 1645 (1645)
    Source port: 1645 (1645)
    Destination port: 1645 (1645)
    Length: 28
    Checksum: 0x7afb [correct]
    Radius Protocol
    Code: Access-Reject (3)
    Packet identifier: 0x34 (52)
    Length: 20
    Authenticator: 97FCA76742D0A0CDE44C256BAD2A82C1

    0000 00 12 80 7a 6d cf 00 20 ed 8e bf ba 08 00 45 00 ...zm..
    .......E.
    0010 00 30 cb 67 00 00 80 11 57 63 d4 8f 25 52 d4 8f
    ..0.g....Wc..%R..
    0020 49 81 06 6d 06 6d 00 1c 7a fb 03 34 00 14 97 fc
    I..m.m..z..4....
    0030 a7 67 42 d0 a0 cd e4 4c 25 6b ad 2a 82 c1 .gB....L%k.*..

    ***


    This is so weird... and I am starting to feel that I am running out of
    options... so any help will be appriciated... realy,

    Thanks alot guys, I hope one of you knows how to solve this, + maybe
    there is a connection to the 2003 server "Routing and Remote Access"
    but I'm not realy sure.

    Thanks again.


    LORD-MORDUK
     
    lord-morduk, Apr 15, 2006
    #1
    1. Advertisements

  2. how about the NAS password ?
    try re-enter radiuskeys in both ends

    Hi firends,

    I have a problem which I try to solve for the past 4 days, and unable
    to understand why this doesn't work.

    I have a Cisco router running with the following commands:

    aaa new-model
    aaa authentication login default group radius local
    aaa authorization exec default group radius if-authenticated
    aaa session-id common
    !
    radius-server host 192.168.104.49 auth-port 1645 acct-port 1646 key 0
    forradius
    radius-server vsa send authentication


    and an IAS configured as following:

    Remote Access Policies
    *if a connection request matches the specified conditions:
    -----
    Edit Profile...
    specification for vendor specific attributes.
    ***
    This is the only Remote Access Policy I have, and it's order is 1
    (because its the only one LOL)
    ***
    Now... When I try to login to the cisco router I get "Access Denied"
    and I started debugging:

    At the "Event Viewer" I see this:

    User ciscoa was denied access.
    Fully-Qualified-User-Name = DOMAIN\ciscoa
    NAS-IP-Address = 192.168.104.50
    NAS-Identifier = <not present>
    Called-Station-Identifier = <not present>
    Calling-Station-Identifier = 192.168.104.49
    Client-Friendly-Name = C1841
    Client-IP-Address = 192.168.104.50
    NAS-Port-Type = Virtual
    NAS-Port = 195
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = <undetermined>
    Authentication-Type = PAP
    EAP-Type = <undetermined>
    Reason-Code = 16
    Reason = Authentication was not successful because an unknown user
    name or incorrect password was used.

    Now... the Reason is... in no chance!!! the wrong use of user/pass!! I
    checked and dubbled checked the user/pass and it's not the reason, not
    in this lifetime!

    I also checked the user properties to make sure I checked:
    Dial-in tab
    And yeap, it is checked!

    ***
    So... I started sniffing, used Ethereal for sniffing and saw this:

    No. Time Source Destination
    Protocol Info
    10 5.699731 192.168.104.50 192.168.104.49 RADIUS
    Access-Request(1) (id=52, l=133)

    Frame 10 (175 bytes on wire, 175 bytes captured)
    Arrival Time: Apr 15, 2006 16:00:46.848414000
    Time delta from previous packet: 3.929897000 seconds
    Time since reference or first frame: 5.699731000 seconds
    Frame Number: 10
    Packet Length: 175 bytes
    Capture Length: 175 bytes
    Protocols in frame: eth:ip:udp:radius
    Ethernet II, Src: 212.143.37.86 (00:12:80:7a:6d:cf), Dst:
    192.168.104.49 (00:20:ed:8e:bf:ba)
    Destination: 192.168.104.49 (00:20:ed:8e:bf:ba)
    Source: 212.143.37.86 (00:12:80:7a:6d:cf)
    Type: IP (0x0800)
    Internet Protocol, Src: 192.168.104.50 (192.168.104.50), Dst:
    192.168.104.49 (192.168.104.49)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 161
    Identification: 0x092e (2350)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 254
    Protocol: UDP (0x11)
    Header checksum: 0x9b2b [correct]
    Source: 192.168.104.50 (192.168.104.50)
    Destination: 192.168.104.49 (192.168.104.49)
    User Datagram Protocol, Src Port: 1645 (1645), Dst Port: 1645 (1645)
    Source port: 1645 (1645)
    Destination port: 1645 (1645)
    Length: 141
    Checksum: 0x1719 [correct]
    Radius Protocol
    Code: Access-Request (1)
    Packet identifier: 0x34 (52)
    Length: 133
    Authenticator: 24B9B3D06A231136330F06BF52062304
    Attribute Value Pairs
    AVP: l=8 t=User-Name(1): ciscoa
    Length: 6
    User-Name: ciscoa
    AVP: l=30 t=Reply-Message(18): Please enter your password:
    Length: 28
    Reply-Message: Please enter your password:
    AVP: l=34 t=User-Password(2): Encrypted
    Length: 32
    User-Password:
    C.qG\237;|\016m\343\271\[\3131\276+\\002\206\2321\023\026l{L\307\245\355\032
    \235
    AVP: l=6 t=NAS-Port(5): 195
    Length: 4
    NAS-Port: 195
    AVP: l=8 t=NAS-Port-Id(87): tty195
    Length: 6
    NAS-Port-Id: tty195
    AVP: l=6 t=NAS-Port-Type(61): Virtual(5)
    Length: 4
    NAS-Port-Type: Virtual (5)
    AVP: l=15 t=Calling-Station-Id(31): 192.168.104.49
    Length: 13
    Calling-Station-Id: 192.168.104.49
    AVP: l=6 t=NAS-IP-Address(4): 192.168.104.50
    Length: 4
    NAS-IP-Address: 192.168.104.50 (192.168.104.50)

    0000 00 20 ed 8e bf ba 00 12 80 7a 6d cf 08 00 45 00 .
    ........zm...E.
    0010 00 a1 09 2e 00 00 fe 11 9b 2b d4 8f 49 81 d4 8f
    ..........+..I...
    0020 25 52 06 6d 06 6d 00 8d 17 19 01 34 00 85 24 b9
    %R.m.m.....4..$.
    0030 b3 d0 6a 23 11 36 33 0f 06 bf 52 06 23 04 01 08
    ...j#.63...R.#...
    0040 6d 6f 72 64 75 6b 12 1e 50 6c 65 61 73 65 20 65 ciscoa..Please
    e
    0050 6e 74 65 72 20 79 6f 75 72 20 70 61 73 73 77 6f nter your
    passwo
    0060 72 64 3a 20 02 22 43 2e 71 47 9f 3b 7c 0e 6d e3 rd:
    .."C.qG.;|.m.
    0070 b9 5c 5b cb 31 be 2b 5c 02 86 9a 31 13 16 6c 7b
    ..\[.1.+\...1..l{
    0080 4c c7 a5 ed 1a 9d 05 06 00 00 00 c3 57 08 74 74
    L...........W.tt
    0090 79 31 39 35 3d 06 00 00 00 05 1f 0f 32 31 32 2e
    y195=.......212.
    00a0 31 34 33 2e 33 37 2e 38 32 04 06 d4 8f 49 81 143.37.82....I.

    No. Time Source Destination
    Protocol Info
    11 5.728148 192.168.104.49 192.168.104.50 RADIUS
    Access-Reject(3) (id=52, l=20)

    Frame 11 (62 bytes on wire, 62 bytes captured)
    Arrival Time: Apr 15, 2006 16:00:46.876831000
    Time delta from previous packet: 0.028417000 seconds
    Time since reference or first frame: 5.728148000 seconds
    Frame Number: 11
    Packet Length: 62 bytes
    Capture Length: 62 bytes
    Protocols in frame: eth:ip:udp:radius
    Ethernet II, Src: 192.168.104.49 (00:20:ed:8e:bf:ba), Dst:
    212.143.37.86 (00:12:80:7a:6d:cf)
    Destination: 212.143.37.86 (00:12:80:7a:6d:cf)
    Source: 192.168.104.49 (00:20:ed:8e:bf:ba)
    Type: IP (0x0800)
    Internet Protocol, Src: 192.168.104.49 (192.168.104.49), Dst:
    192.168.104.50 (192.168.104.50)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 48
    Identification: 0xcb67 (52071)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x5763 [correct]
    Source: 192.168.104.49 (192.168.104.49)
    Destination: 192.168.104.50 (192.168.104.50)
    User Datagram Protocol, Src Port: 1645 (1645), Dst Port: 1645 (1645)
    Source port: 1645 (1645)
    Destination port: 1645 (1645)
    Length: 28
    Checksum: 0x7afb [correct]
    Radius Protocol
    Code: Access-Reject (3)
    Packet identifier: 0x34 (52)
    Length: 20
    Authenticator: 97FCA76742D0A0CDE44C256BAD2A82C1

    0000 00 12 80 7a 6d cf 00 20 ed 8e bf ba 08 00 45 00 ...zm..
    .......E.
    0010 00 30 cb 67 00 00 80 11 57 63 d4 8f 25 52 d4 8f
    ..0.g....Wc..%R..
    0020 49 81 06 6d 06 6d 00 1c 7a fb 03 34 00 14 97 fc
    I..m.m..z..4....
    0030 a7 67 42 d0 a0 cd e4 4c 25 6b ad 2a 82 c1 .gB....L%k.*..

    ***


    This is so weird... and I am starting to feel that I am running out of
    options... so any help will be appriciated... realy,

    Thanks alot guys, I hope one of you knows how to solve this, + maybe
    there is a connection to the 2003 server "Routing and Remote Access"
    but I'm not realy sure.

    Thanks again.


    LORD-MORDUK
     
    Martin Bilgrav, Apr 16, 2006
    #2
    1. Advertisements

  3. also check MS for patches on this one ,,,
    seem to recall this issue has been seen before ...


    Hi firends,

    I have a problem which I try to solve for the past 4 days, and unable
    to understand why this doesn't work.

    I have a Cisco router running with the following commands:

    aaa new-model
    aaa authentication login default group radius local
    aaa authorization exec default group radius if-authenticated
    aaa session-id common
    !
    radius-server host 192.168.104.49 auth-port 1645 acct-port 1646 key 0
    forradius
    radius-server vsa send authentication


    and an IAS configured as following:

    Remote Access Policies
    *if a connection request matches the specified conditions:
    -----
    Edit Profile...
    specification for vendor specific attributes.
    ***
    This is the only Remote Access Policy I have, and it's order is 1
    (because its the only one LOL)
    ***
    Now... When I try to login to the cisco router I get "Access Denied"
    and I started debugging:

    At the "Event Viewer" I see this:

    User ciscoa was denied access.
    Fully-Qualified-User-Name = DOMAIN\ciscoa
    NAS-IP-Address = 192.168.104.50
    NAS-Identifier = <not present>
    Called-Station-Identifier = <not present>
    Calling-Station-Identifier = 192.168.104.49
    Client-Friendly-Name = C1841
    Client-IP-Address = 192.168.104.50
    NAS-Port-Type = Virtual
    NAS-Port = 195
    Proxy-Policy-Name = Use Windows authentication for all users
    Authentication-Provider = Windows
    Authentication-Server = <undetermined>
    Policy-Name = <undetermined>
    Authentication-Type = PAP
    EAP-Type = <undetermined>
    Reason-Code = 16
    Reason = Authentication was not successful because an unknown user
    name or incorrect password was used.

    Now... the Reason is... in no chance!!! the wrong use of user/pass!! I
    checked and dubbled checked the user/pass and it's not the reason, not
    in this lifetime!

    I also checked the user properties to make sure I checked:
    Dial-in tab
    And yeap, it is checked!

    ***
    So... I started sniffing, used Ethereal for sniffing and saw this:

    No. Time Source Destination
    Protocol Info
    10 5.699731 192.168.104.50 192.168.104.49 RADIUS
    Access-Request(1) (id=52, l=133)

    Frame 10 (175 bytes on wire, 175 bytes captured)
    Arrival Time: Apr 15, 2006 16:00:46.848414000
    Time delta from previous packet: 3.929897000 seconds
    Time since reference or first frame: 5.699731000 seconds
    Frame Number: 10
    Packet Length: 175 bytes
    Capture Length: 175 bytes
    Protocols in frame: eth:ip:udp:radius
    Ethernet II, Src: 212.143.37.86 (00:12:80:7a:6d:cf), Dst:
    192.168.104.49 (00:20:ed:8e:bf:ba)
    Destination: 192.168.104.49 (00:20:ed:8e:bf:ba)
    Source: 212.143.37.86 (00:12:80:7a:6d:cf)
    Type: IP (0x0800)
    Internet Protocol, Src: 192.168.104.50 (192.168.104.50), Dst:
    192.168.104.49 (192.168.104.49)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 161
    Identification: 0x092e (2350)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 254
    Protocol: UDP (0x11)
    Header checksum: 0x9b2b [correct]
    Source: 192.168.104.50 (192.168.104.50)
    Destination: 192.168.104.49 (192.168.104.49)
    User Datagram Protocol, Src Port: 1645 (1645), Dst Port: 1645 (1645)
    Source port: 1645 (1645)
    Destination port: 1645 (1645)
    Length: 141
    Checksum: 0x1719 [correct]
    Radius Protocol
    Code: Access-Request (1)
    Packet identifier: 0x34 (52)
    Length: 133
    Authenticator: 24B9B3D06A231136330F06BF52062304
    Attribute Value Pairs
    AVP: l=8 t=User-Name(1): ciscoa
    Length: 6
    User-Name: ciscoa
    AVP: l=30 t=Reply-Message(18): Please enter your password:
    Length: 28
    Reply-Message: Please enter your password:
    AVP: l=34 t=User-Password(2): Encrypted
    Length: 32
    User-Password:
    C.qG\237;|\016m\343\271\[\3131\276+\\002\206\2321\023\026l{L\307\245\355\032
    \235
    AVP: l=6 t=NAS-Port(5): 195
    Length: 4
    NAS-Port: 195
    AVP: l=8 t=NAS-Port-Id(87): tty195
    Length: 6
    NAS-Port-Id: tty195
    AVP: l=6 t=NAS-Port-Type(61): Virtual(5)
    Length: 4
    NAS-Port-Type: Virtual (5)
    AVP: l=15 t=Calling-Station-Id(31): 192.168.104.49
    Length: 13
    Calling-Station-Id: 192.168.104.49
    AVP: l=6 t=NAS-IP-Address(4): 192.168.104.50
    Length: 4
    NAS-IP-Address: 192.168.104.50 (192.168.104.50)

    0000 00 20 ed 8e bf ba 00 12 80 7a 6d cf 08 00 45 00 .
    ........zm...E.
    0010 00 a1 09 2e 00 00 fe 11 9b 2b d4 8f 49 81 d4 8f
    ..........+..I...
    0020 25 52 06 6d 06 6d 00 8d 17 19 01 34 00 85 24 b9
    %R.m.m.....4..$.
    0030 b3 d0 6a 23 11 36 33 0f 06 bf 52 06 23 04 01 08
    ...j#.63...R.#...
    0040 6d 6f 72 64 75 6b 12 1e 50 6c 65 61 73 65 20 65 ciscoa..Please
    e
    0050 6e 74 65 72 20 79 6f 75 72 20 70 61 73 73 77 6f nter your
    passwo
    0060 72 64 3a 20 02 22 43 2e 71 47 9f 3b 7c 0e 6d e3 rd:
    .."C.qG.;|.m.
    0070 b9 5c 5b cb 31 be 2b 5c 02 86 9a 31 13 16 6c 7b
    ..\[.1.+\...1..l{
    0080 4c c7 a5 ed 1a 9d 05 06 00 00 00 c3 57 08 74 74
    L...........W.tt
    0090 79 31 39 35 3d 06 00 00 00 05 1f 0f 32 31 32 2e
    y195=.......212.
    00a0 31 34 33 2e 33 37 2e 38 32 04 06 d4 8f 49 81 143.37.82....I.

    No. Time Source Destination
    Protocol Info
    11 5.728148 192.168.104.49 192.168.104.50 RADIUS
    Access-Reject(3) (id=52, l=20)

    Frame 11 (62 bytes on wire, 62 bytes captured)
    Arrival Time: Apr 15, 2006 16:00:46.876831000
    Time delta from previous packet: 0.028417000 seconds
    Time since reference or first frame: 5.728148000 seconds
    Frame Number: 11
    Packet Length: 62 bytes
    Capture Length: 62 bytes
    Protocols in frame: eth:ip:udp:radius
    Ethernet II, Src: 192.168.104.49 (00:20:ed:8e:bf:ba), Dst:
    212.143.37.86 (00:12:80:7a:6d:cf)
    Destination: 212.143.37.86 (00:12:80:7a:6d:cf)
    Source: 192.168.104.49 (00:20:ed:8e:bf:ba)
    Type: IP (0x0800)
    Internet Protocol, Src: 192.168.104.49 (192.168.104.49), Dst:
    192.168.104.50 (192.168.104.50)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 48
    Identification: 0xcb67 (52071)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x5763 [correct]
    Source: 192.168.104.49 (192.168.104.49)
    Destination: 192.168.104.50 (192.168.104.50)
    User Datagram Protocol, Src Port: 1645 (1645), Dst Port: 1645 (1645)
    Source port: 1645 (1645)
    Destination port: 1645 (1645)
    Length: 28
    Checksum: 0x7afb [correct]
    Radius Protocol
    Code: Access-Reject (3)
    Packet identifier: 0x34 (52)
    Length: 20
    Authenticator: 97FCA76742D0A0CDE44C256BAD2A82C1

    0000 00 12 80 7a 6d cf 00 20 ed 8e bf ba 08 00 45 00 ...zm..
    .......E.
    0010 00 30 cb 67 00 00 80 11 57 63 d4 8f 25 52 d4 8f
    ..0.g....Wc..%R..
    0020 49 81 06 6d 06 6d 00 1c 7a fb 03 34 00 14 97 fc
    I..m.m..z..4....
    0030 a7 67 42 d0 a0 cd e4 4c 25 6b ad 2a 82 c1 .gB....L%k.*..

    ***


    This is so weird... and I am starting to feel that I am running out of
    options... so any help will be appriciated... realy,

    Thanks alot guys, I hope one of you knows how to solve this, + maybe
    there is a connection to the 2003 server "Routing and Remote Access"
    but I'm not realy sure.

    Thanks again.


    LORD-MORDUK
     
    Martin Bilgrav, Apr 16, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.