(RADIATOR) Re: Radiator and Windows Encryption

Ayotunde Itayemi aitayemi at metrong.com
Fri Aug 2 12:34:22 CDT 2002


Hi Mike,

I have given the 3.1 patch a shot but to no effect. The relevant part of my
config file is:

<AuthBy DYNADDRESS>
        Identifier myIPADDRESSauth
        Allocator mySQLallocator
        AddToReply Class = %{Reply:Framed-IP-Address}
        PoolHint %{Reply:PoolHint}
        MapAttribute   yiaddr, Framed-IP-Address
        MapAttribute   subnetmask, Framed-IP-Netmask
        StripFromReply PoolHint
        DefaultSimultaneousUse 1
        AutoMPPEKeys
# policy = 4 (40bit), 2 (128bit), 6 (any)
        AddToReply MS-MPPE-Encryption-Policy = 2, MS-MPPE-Encryption-Types =
4
</AuthBy>

I have also tried adding MS-MPPE-Send-Key and MS-MPPE-Recv-Key to the
"AddToReply"
clause above with various combinations of MS-MPPE-Encryption-Policy and
MS-MPPE-Encryption-Types.

Okay, is there anyone on the list that has got this to work please :-)

Also, about my other problem, is there anyway to conditionally remove a
Reply attribute from the access acccept
packet before it is sent? The functional word is "conditionally"
Simply stated, after selecting the users record from the database, checking
the passwords etc, stripping say the
Framed-IP-Address attribute off if it is from say the "192.168.10.x" block.
OR alternatively, dynanically changing the
PoolHint attribute based on the NAS sending the request?

Regards,
Tunde I.


----- Original Message -----
From: "Mike McCauley" <mikem at open.com.au>
To: "Hugh Irvine" <hugh at open.com.au>; "Ayotunde Itayemi"
<aitayemi at metrong.com>
Cc: <radiator at open.com.au>
Sent: Friday, August 02, 2002 1:43 AM
Subject: Re: Radiator and Windows Encryption


> Hello Tunde,
>
> On Fri, 2 Aug 2002 10:15, Hugh Irvine wrote:
> > Hello Tunde -
> >
> > We have many customers using Windows 2000 and we have many customers
> > using Patton RAS, however I don't know if anyone is using both together.
> >
> > As for the MPPE questions, I have copied Mike on this mail for his
> > comments.
>
> There are some recent patches to the AutoMPPEKeys feature in the Radiator
3.1
> area. They extend AputoMPPEKeys to MSCHAP V2, and also fix an
> interoperability problem. These have been tested to be working correctly
now
> by  a number of people.
>
> Cheers.
>
> >
> > regards
> >
> > Hugh
> >
> > On Friday, August 2, 2002, at 12:48 AM, Ayotunde Itayemi wrote:
> > > Hi Hugh, Hi All,
> > >
> > > Please, a straight forward question to everybody:
> > >
> > > 1. Is there anyone on this mailing list using Radiator and Windows
2000
> > > servers?
> > > 2. Is there anyone on this mailing list using Radiator and Patton
NASes?
> > >
> > > If yes to any of the questions above, has anyone implemented RADIUS
> > > authentication
> > > with MPPE encryption (or any other encryption)?
> > >
> > >
> > > (Hugh) Also, "someone" I mailed suggested that it is likely radiator
> > > isn't sending the proper
> > > MPPE keys to the Windows box (reason for not doing encryption or being
> > > able to connect
> > > when client requires encryption)
> > >
> > > Regards,
> > > Tunde Itayemi.
> > >
>
> --
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
> on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
>
>
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list