(RADIATOR) Re: Radiator and Windows Encryption

Hugh Irvine hugh at open.com.au
Fri Aug 2 19:49:59 CDT 2002


Hello Tunde -

I will let Mike deal with the first part of your message.

For the second part, you will need to write a PostAuthHook to do what 
you describe.

You will find some example hooks in the file "goodies/hooks.txt".

regards

Hugh


On Saturday, August 3, 2002, at 03:34 AM, Ayotunde Itayemi wrote:

> Hi Mike,
>
> I have given the 3.1 patch a shot but to no effect. The relevant part 
> of my
> config file is:
>
> <AuthBy DYNADDRESS>
>         Identifier myIPADDRESSauth
>         Allocator mySQLallocator
>         AddToReply Class = %{Reply:Framed-IP-Address}
>         PoolHint %{Reply:PoolHint}
>         MapAttribute   yiaddr, Framed-IP-Address
>         MapAttribute   subnetmask, Framed-IP-Netmask
>         StripFromReply PoolHint
>         DefaultSimultaneousUse 1
>         AutoMPPEKeys
> # policy = 4 (40bit), 2 (128bit), 6 (any)
>         AddToReply MS-MPPE-Encryption-Policy = 2, 
> MS-MPPE-Encryption-Types =
> 4
> </AuthBy>
>
> I have also tried adding MS-MPPE-Send-Key and MS-MPPE-Recv-Key to the
> "AddToReply"
> clause above with various combinations of MS-MPPE-Encryption-Policy and
> MS-MPPE-Encryption-Types.
>
> Okay, is there anyone on the list that has got this to work please :-)
>
> Also, about my other problem, is there anyway to conditionally remove a
> Reply attribute from the access acccept
> packet before it is sent? The functional word is "conditionally"
> Simply stated, after selecting the users record from the database, 
> checking
> the passwords etc, stripping say the
> Framed-IP-Address attribute off if it is from say the "192.168.10.x" 
> block.
> OR alternatively, dynanically changing the
> PoolHint attribute based on the NAS sending the request?
>
> Regards,
> Tunde I.
>
>
> ----- Original Message -----
> From: "Mike McCauley" <mikem at open.com.au>
> To: "Hugh Irvine" <hugh at open.com.au>; "Ayotunde Itayemi"
> <aitayemi at metrong.com>
> Cc: <radiator at open.com.au>
> Sent: Friday, August 02, 2002 1:43 AM
> Subject: Re: Radiator and Windows Encryption
>
>
>> Hello Tunde,
>>
>> On Fri, 2 Aug 2002 10:15, Hugh Irvine wrote:
>>> Hello Tunde -
>>>
>>> We have many customers using Windows 2000 and we have many customers
>>> using Patton RAS, however I don't know if anyone is using both 
>>> together.
>>>
>>> As for the MPPE questions, I have copied Mike on this mail for his
>>> comments.
>>
>> There are some recent patches to the AutoMPPEKeys feature in the 
>> Radiator
> 3.1
>> area. They extend AputoMPPEKeys to MSCHAP V2, and also fix an
>> interoperability problem. These have been tested to be working 
>> correctly
> now
>> by  a number of people.
>>
>> Cheers.
>>
>>>
>>> regards
>>>
>>> Hugh
>>>
>>> On Friday, August 2, 2002, at 12:48 AM, Ayotunde Itayemi wrote:
>>>> Hi Hugh, Hi All,
>>>>
>>>> Please, a straight forward question to everybody:
>>>>
>>>> 1. Is there anyone on this mailing list using Radiator and Windows
> 2000
>>>> servers?
>>>> 2. Is there anyone on this mailing list using Radiator and Patton
> NASes?
>>>>
>>>> If yes to any of the questions above, has anyone implemented RADIUS
>>>> authentication
>>>> with MPPE encryption (or any other encryption)?
>>>>
>>>>
>>>> (Hugh) Also, "someone" I mailed suggested that it is likely radiator
>>>> isn't sending the proper
>>>> MPPE keys to the Windows box (reason for not doing encryption or 
>>>> being
>>>> able to connect
>>>> when client requires encryption)
>>>>
>>>> Regards,
>>>> Tunde Itayemi.
>>>>
>>
>> --
>> Mike McCauley                               mikem at open.com.au
>> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
>> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
>> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
>> on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
>>
>>
>>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list