Hi, Thank you very much guys for your help.. Now, I have checked the second TNT with "Radauth", and I have got the following: ------------------------------------ admin> radauth jackfa test RADIF: radius type Auth ID = 95 RADIF: authenticating <6:jackfa> with PAP RADIF 20:49:50> _radiusRequest: id 95, user name <7:jackfa> RADIF: _radiusReq: socket 6 len 65 ipaddr 10.10.10.1 port 65534->1645 RADIF:_radiusReq: id 95 <7:jackfa>, starting timer (50 sec) ...radauth request queued, awaiting response RADIF: _radCallback: buf=101C8A60 from 10.10.10.1 1645 RADIF: _radCallback, authcode = 2, id95 RADIF: _radCallback: id 95, killing timer RADIF: Authentication Ack RADIF: attribute 6, len 6, 00 00 00 02 RADIF: attribute 7, len 6, 00 00 00 01 radauth: 2 RADIF:_freeInfoClassSess ----------------------------- Which means, this box can access Radius (10.10.10.1). But still no users can dialup to this box successfuly. Also, when I checked the log file from the radius side, I have found a kind of conflict. As an example: ---------------------------- requester address mismatch: 10.10.10.217 != 10.10.10.219 Authenticate: from 10.10.10.219 - Security Breach: ipxroute-1 requester address mismatch: 10.10.10.217 != 10.10.10.219 Authenticate: from 10.10.10.219 -Security Breach: route-MAX requester address mismatch: 10.10.10.217 != 10.10.10.219 Authenticate: from 10.10.10.219 - Security Breach: initial-banner requester address mismatch: 10.10.10.217 != 10.10.10.219 Authenticate: from 10.10.10.219 - Security Breach:appleroute-1 --------------------------------- MAX TNT 1 =10.10.10.217 MAX TNT 2 =10.10.10.219 Do you have any idea ? Thanks in advance, Jack --- Hartmut > Schroeder wrote: > > > Date sent: Sun, 7 Apr 2002 > 15:51:13 -0700 > (PDT) > From: Jack Farad > Subject: > (ASCEND) "debug" authorization !! > To: > ascend-users at max.bungi.com > > > Hi all, > > One > customer has a problem between one of his TNT > > > boxes and the Radius. He has another TNT box that > > > works with the same radius. I have tried to check > > the > > authentication process through "radauth" > command > for > > both boxes. For the first one, it > works fine and > it > > gives authcode = 2 which > means the authentication > was > > successful. But > for the second one, I couldn't > execute > > that > command, it gives me the following message: > > // > error: command "radauth" requires "debug" > > > authorization // > > although, I have accessed both > boxes with admin > > account. > > > > It's true by > default the adminaccount has no > debugrights > but > he can simply get them: > > Login as Admin, > > read > user admin > set allow-debug = yes > write > > > > regards H.Schroeder > > > > Hartmut Schroeder MMS > Communication AG > mailto:hacko at mms.de Eiffestrasse > 598 > http://www.mms.de/~hacko 20537 Hamburg, > Germany > Phone: +49 40 211105-40 Fax: +49 40 210 32 > 210 > --- > ISAKMP (0:16): deleting SA reason "He's > expired! > He's lost his perch! He's an ex-parrot!" > > OR how not to build VPN's using Ciscos :-) > > ++ > Ascend Users Mailing List ++ > To unsubscribe: send > unsubscribe to > ascend-users-request at bungi.com > ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request at bungi.com Archives: http://www.nexial.com/mailinglists/