(RADIATOR) Re: Radiator and Windows Encryption

Ayotunde Itayemi aitayemi at metrong.com
Sat Aug 3 14:17:00 CDT 2002


Hi Hugh,

Thanks a million! I moved the AutoMPPEkeys to the Authby SQL clause
and left the AddToReply clause for the Encryption types in the AuthBy
DYNADDRESS
clause.
I will check out the hooks next week (I don't know much Perl though).

Regards,
Tunde I.

----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Ayotunde Itayemi" <aitayemi at metrong.com>
Cc: "Mike McCauley" <mikem at open.com.au>; <radiator at open.com.au>
Sent: Saturday, August 03, 2002 1:49 AM
Subject: Re: (RADIATOR) Re: Radiator and Windows Encryption


>
> Hello Tunde -
>
> I will let Mike deal with the first part of your message.
>
> For the second part, you will need to write a PostAuthHook to do what
> you describe.
>
> You will find some example hooks in the file "goodies/hooks.txt".
>
> regards
>
> Hugh
>
>
> On Saturday, August 3, 2002, at 03:34 AM, Ayotunde Itayemi wrote:
>
> > Hi Mike,
> >
> > I have given the 3.1 patch a shot but to no effect. The relevant part
> > of my
> > config file is:
> >
> > <AuthBy DYNADDRESS>
> >         Identifier myIPADDRESSauth
> >         Allocator mySQLallocator
> >         AddToReply Class = %{Reply:Framed-IP-Address}
> >         PoolHint %{Reply:PoolHint}
> >         MapAttribute   yiaddr, Framed-IP-Address
> >         MapAttribute   subnetmask, Framed-IP-Netmask
> >         StripFromReply PoolHint
> >         DefaultSimultaneousUse 1
> >         AutoMPPEKeys
> > # policy = 4 (40bit), 2 (128bit), 6 (any)
> >         AddToReply MS-MPPE-Encryption-Policy = 2,
> > MS-MPPE-Encryption-Types =
> > 4
> > </AuthBy>
> >
> > I have also tried adding MS-MPPE-Send-Key and MS-MPPE-Recv-Key to the
> > "AddToReply"
> > clause above with various combinations of MS-MPPE-Encryption-Policy and
> > MS-MPPE-Encryption-Types.
> >
> > Okay, is there anyone on the list that has got this to work please :-)
> >
> > Also, about my other problem, is there anyway to conditionally remove a
> > Reply attribute from the access acccept
> > packet before it is sent? The functional word is "conditionally"
> > Simply stated, after selecting the users record from the database,
> > checking
> > the passwords etc, stripping say the
> > Framed-IP-Address attribute off if it is from say the "192.168.10.x"
> > block.
> > OR alternatively, dynanically changing the
> > PoolHint attribute based on the NAS sending the request?
> >
> > Regards,
> > Tunde I.
> >
> >
> > ----- Original Message -----
> > From: "Mike McCauley" <mikem at open.com.au>
> > To: "Hugh Irvine" <hugh at open.com.au>; "Ayotunde Itayemi"
> > <aitayemi at metrong.com>
> > Cc: <radiator at open.com.au>
> > Sent: Friday, August 02, 2002 1:43 AM
> > Subject: Re: Radiator and Windows Encryption
> >
> >
> >> Hello Tunde,
> >>
> >> On Fri, 2 Aug 2002 10:15, Hugh Irvine wrote:
> >>> Hello Tunde -
> >>>
> >>> We have many customers using Windows 2000 and we have many customers
> >>> using Patton RAS, however I don't know if anyone is using both
> >>> together.
> >>>
> >>> As for the MPPE questions, I have copied Mike on this mail for his
> >>> comments.
> >>
> >> There are some recent patches to the AutoMPPEKeys feature in the
> >> Radiator
> > 3.1
> >> area. They extend AputoMPPEKeys to MSCHAP V2, and also fix an
> >> interoperability problem. These have been tested to be working
> >> correctly
> > now
> >> by  a number of people.
> >>
> >> Cheers.
> >>
> >>>
> >>> regards
> >>>
> >>> Hugh
> >>>
> >>> On Friday, August 2, 2002, at 12:48 AM, Ayotunde Itayemi wrote:
> >>>> Hi Hugh, Hi All,
> >>>>
> >>>> Please, a straight forward question to everybody:
> >>>>
> >>>> 1. Is there anyone on this mailing list using Radiator and Windows
> > 2000
> >>>> servers?
> >>>> 2. Is there anyone on this mailing list using Radiator and Patton
> > NASes?
> >>>>
> >>>> If yes to any of the questions above, has anyone implemented RADIUS
> >>>> authentication
> >>>> with MPPE encryption (or any other encryption)?
> >>>>
> >>>>
> >>>> (Hugh) Also, "someone" I mailed suggested that it is likely radiator
> >>>> isn't sending the proper
> >>>> MPPE keys to the Windows box (reason for not doing encryption or
> >>>> being
> >>>> able to connect
> >>>> when client requires encryption)
> >>>>
> >>>> Regards,
> >>>> Tunde Itayemi.
> >>>>
> >>
> >> --
> >> Mike McCauley                               mikem at open.com.au
> >> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> >> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> >> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
> >>
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> >> Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
> >> on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
> >>
> >>
> >>
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list