| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 527.1 | FT10D.05 has some RADIUS changes in it | IROCZ::RRICHARD | | Thu Mar 20 1997 13:06 | 19 |
|
FT10D.05 contains two changes having to with the way RADIUS reply messages
are handled. Is he using RADIUS? I reviewed the changes and didn't see
anything that would account for the problem. Has the customer gone back and tried BL10D
to verify that it's the software?
What client is he using on his Windows 3.1 PCs?
Are the Win 3.1 PCs using the same type of authentication?
He might be able to isolate the problem a little more by zeroing, then
monitoring the port's security counters while logging in. This would
at least verify that authentication requests are being sent to the host.
Has he tried bringing up the connection manually to see if he can identify
what part of the process is failing?
|
| 527.2 | more info... | CSC32::D_SHAVEY | | Thu Mar 20 1997 15:43 | 15 |
| More information:
Nothing has changed on these Windows 3.1 PC's, and he tested it and
they can authenticate on the BL10D-40 image fine. They have Netscape
3.0 and are using the shiva dialer which is part of the personal
edition Netscape 3.0 kit. The authentication method here is PAP. His
DRAS server is an Windows/NT box. He says with this FT10D.05-40 patch
with authentication turned off, the windows 3.1 pc's can dial in fine
with a PPP connection. He will look at the security counters after
trying to dial in with the windows 3.1 pc's, but right now the total
packets send and valid packets received match.
Darrell Shavey
CSC32::D_SHAVEY
DTN 592-4712
|
| 527.3 | any ideas? | CSC32::D_SHAVEY | | Mon Mar 24 1997 13:12 | 9 |
| Any ideas here. I can't have him go back to the previous patch, because
of the crashing problem. But with authentication turned off, these
windows 3.1 pc's can dial into the decserver fine.
thanks,
Darrell Shavey
CSC32::D_SHAVEY
DTN 592-4712
|
| 527.4 | we need more information | IROCZ::RRICHARD | | Tue Mar 25 1997 09:46 | 33 |
|
The RADIUS related changes made in FT10D.05 only affect post authentication
processing. Specifically, the first change does some cleanup after failed
authentication requests, and the second change inhibts the output of the text
contained in the reply messages if PPP is active. Since the DRAS accounting
log doesn't contain any accounting records for the failed authentication it
would appear that the authentication is not progressing far enough to
encounter the changes. I don't have the Shiva client available so I tested
with Trumpet and Windows for Workgroups V3.1. I was not able to reproduce
the problem. That could be because I didn't have the customer's DRAS
user profiles or DECserver configuration.
What are the differences between the DRAS user profiles for the Windows 95
and the Windows 3.1 users? Can we get a sample of both?
Has the customer monitored the port security counters during authentication
to determine if the port is at least attempting to authenticate?
Are there any differences between the port configurations for Windows 95
and Windows 3.1 users? Can we get a copy of the LCP, IPCP, and PORT
settings?
Does the Shiva client work with a script? If so can we get a copy of it?
Is there a way to manually log in then start PPP with the Shiva client?
Windows 95 allows the user to bring up a window, then log in and start PPP
does Shiva support this? If so can it be used to determine if any error
messages are being printed during authentication?
Does Shiva produce a detailed log like Trumpet does? If so can we a trace
of both types of login?
|
| 527.5 | more info....hope to have more | CSC32::D_SHAVEY | | Tue Mar 25 1997 15:30 | 14 |
| The windows 3.1 pc's are using the Netscape Personal Edition and the
dial in script similar to dial up networking is in here. He said that
Netscape just calls it the shiva script. These windows 3.1 pc's dial
into the same decserver 90m's as the windows 95 pc's for
authentication, and if the authentication characteristic is turned off
on the DECserver, the windows 3.1 pc's dial in fine and can make their
PPP connection, and all works fine. He will be sending me the LCP, IPCP
and port settings and I will post them here. So the windows 3.1 pc's
make the ppp connection fine, just can't be authenticated. He has no
tools to get a trace, so as a last resort I can get field service
involved to get one if needed.
Darrell
|
| 527.6 | We could set something up in LKG for testing | IROCZ::RRICHARD | | Wed Mar 26 1997 07:43 | 22 |
|
Thanks for the additional information. The best thing to do at this point
may be to set something up in LKG and ask the customer to dial in so we
can monitor the authentication attempt. Let me know if you want to take
this route. It will take about a day to get everything setup. In order to
emulate the customer's configuration I'll need a sample of a DRAS user
profile in addition to the port, LCP, and IPCP information he's collecting
for us.
What are the differences between the DRAS user profiles for the Windows 95
and the Windows 3.1 users? Can we get a sample of both?
Has the customer monitored the port security counters during authentication
to determine if the port is at least attempting to authenticate?
Can the customer provide a copy of the dialin script his customers are using?
Does Netscape produce a detailed log like Trumpet does? If so can we a trace
of both types of login?
Would it help if I called the customer? If so mail me the information at
twoby4::rrichard.
|