Error with standard Dial-up Settings.
Allister Maguire
amaguire at actonz.com
Thu Jan 31 19:11:17 CST 2002
Hello,
We are running in a Test environment Radiator with LDAP Authentications
to Active Directory. If we setup a Dialup connection (default settings)
on windows 2000 we get the error below. To make it work we must change
the security settings of the connection ie: "Advanced Security
Settings:" (Only have this selected) "Allow these protocols",
"Unencrypted password (PAP)".
How can I fix this so we don't have to change the default settings when
creating a dialup?
Also it does not produce accounting logs, How can I fix this also?
Also is it possible to pull all the settings from LDAP but authenicate
with Kerberos V or PAM Kerberso V?
Included below is the error message and config file.
Thanks
Allister Maguire
************************************************************************
***************************************************************
Fri Feb 1 13:55:50 2002: DEBUG: Packet dump:
*** Received from 192.168.0.11 port 1025 ....
Code: Access-Request
Identifier: 61
Authentic: A<223><246><167><165>y<162>^T<177><130><239><158><232><175>:
Attributes:
User-Name = "bbuilder"
CHAP-Password = "<1><201>W<158><152>
*XK9<177>Im<134><236><190>t"
NAS-Identifier = "192.168.0.11"
NAS-Port = 20131
NAS-Port-Type = Async
State = ""
Caller-Id = "49157700"
Client-Port-DNIS = "049173901"
Acct-Session-Id = "281178974"
Fri Feb 1 13:55:50 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Feb 1 13:55:50 2002: DEBUG: Deleting session for bbuilder,
192.168.0.11, 20131
Fri Feb 1 13:55:50 2002: DEBUG: Handling with Radius::AuthLDAP2:
Fri Feb 1 13:55:50 2002: INFO: Connecting to 192.168.0.6, port 389
Fri Feb 1 13:55:50 2002: INFO: Attempting to bind with cn=Proxy
User,ou=Resources,ou=Globe.Net Communications Ltd,dc=gnc,dc=net,dc=nz,
xxxxx (server 192.168.0.6:389)
Fri Feb 1 13:55:50 2002: DEBUG: LDAP got result for CN=Bob
Builder,OU=People,OU=Globe.Net Communications Ltd,DC=gnc,DC=net,DC=nz
Fri Feb 1 13:55:50 2002: DEBUG: LDAP got msNPCallingStationID: 49157700
Fri Feb 1 13:55:50 2002: DEBUG: LDAP got msRADIUSCallbackNumber:
192.168.0.189
Fri Feb 1 13:55:50 2002: DEBUG: Radius::AuthLDAP2 looks for match with
bbuilder
Fri Feb 1 13:55:50 2002: ERR: Attribute number 79 is not defined in
your dictionary
Fri Feb 1 13:55:50 2002: WARNING: Cant use encrypted passwords with
CHAP
Fri Feb 1 13:55:50 2002: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted
password
Fri Feb 1 13:55:50 2002: INFO: Connecting to 192.168.0.6, port 389
Fri Feb 1 13:55:50 2002: INFO: Attempting to bind with cn=Proxy
User,ou=Resources,ou=Globe.Net Communications Ltd,dc=gnc,dc=net,dc=nz,
xxxxx (server 192.168.0.6:389)
Fri Feb 1 13:55:50 2002: DEBUG: No entries for DEFAULT found in LDAP
database
Fri Feb 1 13:55:50 2002: INFO: Access rejected for bbuilder: Bad
Encrypted password
Fri Feb 1 13:55:50 2002: DEBUG: Packet dump:
*** Sending to 192.168.0.11 port 1025 ....
Code: Access-Reject
Identifier: 61
Authentic: A<223><246><167><165>y<162>^T<177><130><239><158><232><175>:
Attributes:
Reply-Message = "Request Denied"
************************************************************************
*************************************************************
# ad-ldap.cfg
#
# Example Radiator configuration file for authenticating from
# Active Directory via LDAP2, possibly from a Unix host.
#
# This very simple file will allow you to get started with
# a simple LDAP authentication system from AD.
#
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration.
#
#
# You should consider this file to be a starting point only
# $Id: ad-ldap.cfg,v 1.1 2001/05/17 05:33:34 mikem Exp $
Foreground
LogStdout
LogDir /var/log/radacct/radius
DbDir .
Trace 4
LogFile %L/%Y-logfile
DictionaryFile /home/amaguire/Radiator/dictionary.ascend
# You will probably want to add other Clients to suit your site.
<Client localhost>
Secret mysecret
DupInterval 0
</Client>
<Client 192.168.0.11>
Secret xxxxxxx
DupInterval 0
</Client>
# Authenticates users in the Organisational Unit called 'csx users'
# The user name coming from the NAS must match the sAMAccountName
# attribute of a user in that OU./ Users that are not in 'csx users'
# will not be able to log in.
<Realm DEFAULT>
<AuthBy LDAP2>
Host 192.168.0.6
AuthDN cn=Proxy User,ou=Resources,ou=Globe.Net
Communications Ltd,dc=gnc,dc=net,dc=nz
# AuthPassword yourADadminpasswordhere
AuthPassword xxxxxx
BaseDN ou=People,ou=Globe.Net Communications
Ltd,dc=gnc,dc=net,dc=nz
ServerChecksPassword
UsernameAttr sAMAccountName
# PasswordAttr msSFUPassword
# AuthAttrDef logonHours,MS-Login-Hours,check
AddToReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Ascend-Idle-Limit = 900,\
Framed-Compression = Van-Jacobson-TCP-IP,\
Ascend-Maximum-Channels = 1
# AuthAttrDef
msRADIUSFramedIPAddress,Framed-IP-Address,reply
AuthAttrDef
msRADIUSCallbackNumber,Framed-IP-Address,reply
# AuthAttrDef ,Framed-Protocol,reply
# AuthAttrDef ,User-Service,reply
# AuthAttrDef msRADIUSCallbackNumber,Callback-Number,reply
# Caller-ID Check.
AuthAttrDef msNPCallingStationID,Caller-Id,check
</AuthBy>
AcctLogFileName %L/%Y-%v-detail
</Realm>
-------------------------------------------------------
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list