(RADIATOR) authentication using ADSI

jkleyheeg at triseptsolutions.com jkleyheeg at triseptsolutions.com
Tue Apr 13 16:12:08 CDT 2004


HI,

I' trying to get the "Auth by ADSI" to work from a standalone workstation,
and am having some problems (most likely authentication related).

Our first test was from an AD integrated XP workstation, which worked just
fine.

Our production solution will entail a standalone, non AD integrated,
workstation.

Using the same radius.cfg file, I'm now getting errors. 

Is it possible to get the ADSI authentication to work from a standalone
workstation, or do I need to be running radiator from PC that's joined to
the AD domain?

 

Thanks.

 

Radius.cfg:

 

Foreground

LogStdout

LogDir               c:/Program Files/Radiator

DbDir                c:/Program Files/Radiator

Trace                3

 

<ServerTACACSPLUS>

            Key <removed>

            AddToRequest NAS-Identifier=TACACS

</ServerTACACSPLUS>

 

<Client DEFAULT>

            Secret   <removed>

            DupInterval 0

</Client>

 

<Realm DEFAULT>

            # During authentication, AuthBy ADSI finds a matching user

            # record, checks the AccountDisabled and IsAccountLocked flags,

            # checks the LoginHours permitted times, and the users password

            <AuthBy ADSI>

                        Identifier ADSI

                        SearchAttribute   sAMAccountName

                        BindString
LDAP://SERVER.DOMAIN.com/cn=%0,dc=DOMAIN,dc=com

                        AuthUser  %0

                CheckGroup      CN=SEG,ou=Systems Engineering

                GroupRequired    CN=SEG

            </AuthBy>

            AcctLogFileName          %D/%Y%m%d-RAS.log

 

</Realm>

 

---------------------------------------------------

LogFile:

 

 

Tue Apr 13 16:06:55 2004: DEBUG: Creating TACACSPLUS port 0.0.0.0:49

Tue Apr 13 16:06:55 2004: DEBUG: Finished reading configuration file
'C:\Program Files\Radiator\radius.cfg'

Tue Apr 13 16:06:55 2004: DEBUG: Reading dictionary file 'c:/Program
Files/Radiator/dictionary'

Tue Apr 13 16:06:55 2004: DEBUG: Creating authentication port 0.0.0.0:1645

Tue Apr 13 16:06:55 2004: DEBUG: Creating accounting port 0.0.0.0:1646

Tue Apr 13 16:06:55 2004: NOTICE: Server started: Radiator 3.8 on Monitor101
(EVALUATION)

Tue Apr 13 16:07:03 2004: DEBUG: New TacacsplusConnection created for
10.11.2.2:13593

Tue Apr 13 16:07:03 2004: DEBUG: TacacsplusConnection request 192, 1, 1, 0,
77302899, 26

Tue Apr 13 16:07:03 2004: DEBUG: TacacsPlus request packet dump:
c0010100049b8c730000001a986ca3eb1571940c0447e56ac5ddddb99d110c2780ccd907beb8

Tue Apr 13 16:07:03 2004: DEBUG: TacacsplusConnection Authentication START
1, 1, 1 for , tty66, 10.11.248.244

Tue Apr 13 16:07:03 2004: DEBUG: TacacsplusConnection Authentication REPLY
4, 0, Username: ,  

Tue Apr 13 16:07:06 2004: DEBUG: TacacsplusConnection request 192, 1, 3, 0,
77302899, 11

Tue Apr 13 16:07:06 2004: DEBUG: TacacsPlus request packet dump:
c0010300049b8c730000000b7cb7246eb43232d851b035

Tue Apr 13 16:07:06 2004: DEBUG: TacacsplusConnection Authentication
CONTINUE 0, tester, 

Tue Apr 13 16:07:06 2004: DEBUG: TacacsplusConnection Authentication REPLY
5, 1, Password: ,  

Tue Apr 13 16:07:08 2004: DEBUG: TacacsplusConnection request 192, 1, 5, 0,
77302899, 10

Tue Apr 13 16:07:08 2004: DEBUG: TacacsPlus request packet dump:
c0010500049b8c730000000a45d66ad351bafe589de8

Tue Apr 13 16:07:08 2004: DEBUG: TacacsplusConnection Authentication
CONTINUE 0, <password>, 

Tue Apr 13 16:07:08 2004: DEBUG: TACACSPLUS derived Radius request packet
dump:

Code:       Access-Request

Identifier: UNDEF

Authentic:  <194><143>I<20>0<179>><25>w<222><169>1<165>`<190><249>

Attributes:

            NAS-IP-Address = 10.11.2.2

            NAS-Port-Id = "tty66"

            Calling-Station-Id = "10.11.248.244"

            Service-Type = Login-User

            NAS-Identifier = "TACACS"

            User-Name = "tester"

            User-Password = "<password>"

 

Tue Apr 13 16:07:08 2004: DEBUG: Handling request with Handler
'Realm=DEFAULT'

Tue Apr 13 16:07:08 2004: DEBUG:  Deleting session for , 10.11.2.2, 

Tue Apr 13 16:07:08 2004: DEBUG: Handling with ASDI

Tue Apr 13 16:07:08 2004: DEBUG: BindString converted to
LDAP://Server.Domain.com/cn=tester,dc=Domain,dc=com

Tue Apr 13 16:07:08 2004: DEBUG: AuthUser converted to tester

Tue Apr 13 16:07:08 2004: DEBUG: Starting ADODB search for sAMAccountName =
tester

Tue Apr 13 16:07:09 2004: DEBUG: User found at LDAP://errorexec

Tue Apr 13 16:07:09 2004: DEBUG: Connecting to namespace: LDAP:

Tue Apr 13 16:07:09 2004: DEBUG: Running OpenDSObject on LDAP://errorexec

Tue Apr 13 16:07:22 2004: DEBUG: Could not get user object:
Win32::OLE(0.1601) error 0x8007203a: "The server is not operational"

    in METHOD/PROPERTYGET "OpenDSObject"

Tue Apr 13 16:07:22 2004: INFO: Access rejected for tester: Could not find
user

Tue Apr 13 16:07:22 2004: DEBUG: TacacsplusConnection result Access-Reject

Tue Apr 13 16:07:22 2004: DEBUG: TacacsplusConnection Authentication REPLY
2, 0, ,  

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040413/9168f3b1/attachment.html>


More information about the radiator mailing list