(RADIATOR) Help with configure radius.cfg with eap and ldap

tudalat at shaw.ca tudalat at shaw.ca
Thu Jan 15 15:09:59 CST 2004


Hi All:
  I've been  experimenting with EAP and LDAP and haven't been able to
get it to work. I can however get
  - LDAP to work succesfully
  - EAP to work using Radiator.3.7.1/goodies/eap_md5.cfg
  Can anyone advise or point me to the right direction?
Thanks in advance

Andy Dalat
tudalat at shaw.ca

Attached are my radius.cfg, users and the log.radiusd




############  radius.cfg
#Trace 3
Trace 5
Foreground
LogDir /usr/local/radius/log
DbDir /usr/local/radius/etc
LogFile %L/log.radiusd.eap
PidFile %L/../run/radiusd.pid
AuthPort 1812
AcctPort 1813
<Client DEFAULT>
        Secret                  abcd1234dcba
        IgnoreAcctSignature
#       DefaultRealm            callid
</Client>

<Realm DEFAULT>
        RewriteUsername s/(.*)@.*$/$1/
        AuthByPolicy ContinueAlways
        <AuthBy LDAP2>
                NoDefault
                Identifier      test-uid
                Host            test.ldap.ucalgary.ca
                Port            389
                ServerChecksPassword    1
                BaseDN          ou=test-uid,o=ucalgary.ca
                Version         3
        </AuthBy>
        <AuthBy FILE>
                Filename        %D/users.switches2
                EAPType         MD5-Challenge
        </AuthBy>
        AcctLogFileName         %L/detail.eap
</Realm>

###############    users.switches2
DEFAULT         Auth-Type = "test-uid"
                Reply-Message = "switches:Permission granted"


###############    log.radiusd

Code:       Access-Request
Identifier: 51
Authentic:  <164><206><177>Z?<148>"h<156><202>Z<198><251>QP<187>
Attributes:
        Framed-MTU = 1480
        NAS-IP-Address = xxx.xxx.254.224
        NAS-Identifier = "HP ProCurve Switch 2626"
        User-Name = "tudalat"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 23
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "23"
        Called-Station-Id = "00-30-6e-ae-d1-29"
        Calling-Station-Id = "00-d0-b7-70-8d-7c"
        Connect-Info = "CONNECT Ethernet 10Mbps Half duplex"
        Tunnel-Type = 0:13
        Tunnel-Medium-Type = 0:Ether_802
        Tunnel-Private-Group-ID = 1
        EAP-Message = <2><4><0><11><1>tudalat
        Message-Authenticator = R<238><13><225><183>)x<163>W<230><201><221><243>g<23>t

Thu Jan 15 13:34:51 2004: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jan 15 13:34:51 2004: DEBUG: Rewrote user name to tudalat
Thu Jan 15 13:34:51 2004: DEBUG:  Deleting session for tudalat, xxx.xxx.254.224, 23
Thu Jan 15 13:34:51 2004: DEBUG: Handling with Radius::AuthLDAP2: test-uid
Thu Jan 15 13:34:51 2004: DEBUG: Handling with EAP: code 2, 4, 11
Thu Jan 15 13:34:51 2004: DEBUG: Response type 1
Thu Jan 15 13:34:51 2004: DEBUG: EAP result: 1, EAP authentication is not permitted.
Thu Jan 15 13:34:51 2004: INFO: Access rejected for tudalat: EAP authentication is not permitted.
Thu Jan 15 13:34:51 2004: DEBUG: Packet dump:
*** Sending to 136.159.254.224 port 1024 ....

Packet length = 36
03 33 00 24 a6 09 31 13 7c 13 99 68 88 df 77 b2
5b 3e 88 d7 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 51
Authentic:  <164><206><177>Z?<148>"h<156><202>Z<198><251>QP<187>
Attributes:
        Reply-Message = "Request Denied"




===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list