(RADIATOR) Help with configure radius.cfg with eap and ldap
tudalat at shaw.ca
tudalat at shaw.ca
Thu Jan 15 15:09:59 CST 2004
Hi All:
I've been experimenting with EAP and LDAP and haven't been able to
get it to work. I can however get
- LDAP to work succesfully
- EAP to work using Radiator.3.7.1/goodies/eap_md5.cfg
Can anyone advise or point me to the right direction?
Thanks in advance
Andy Dalat
tudalat at shaw.ca
Attached are my radius.cfg, users and the log.radiusd
############ radius.cfg
#Trace 3
Trace 5
Foreground
LogDir /usr/local/radius/log
DbDir /usr/local/radius/etc
LogFile %L/log.radiusd.eap
PidFile %L/../run/radiusd.pid
AuthPort 1812
AcctPort 1813
<Client DEFAULT>
Secret abcd1234dcba
IgnoreAcctSignature
# DefaultRealm callid
</Client>
<Realm DEFAULT>
RewriteUsername s/(.*)@.*$/$1/
AuthByPolicy ContinueAlways
<AuthBy LDAP2>
NoDefault
Identifier test-uid
Host test.ldap.ucalgary.ca
Port 389
ServerChecksPassword 1
BaseDN ou=test-uid,o=ucalgary.ca
Version 3
</AuthBy>
<AuthBy FILE>
Filename %D/users.switches2
EAPType MD5-Challenge
</AuthBy>
AcctLogFileName %L/detail.eap
</Realm>
############### users.switches2
DEFAULT Auth-Type = "test-uid"
Reply-Message = "switches:Permission granted"
############### log.radiusd
Code: Access-Request
Identifier: 51
Authentic: <164><206><177>Z?<148>"h<156><202>Z<198><251>QP<187>
Attributes:
Framed-MTU = 1480
NAS-IP-Address = xxx.xxx.254.224
NAS-Identifier = "HP ProCurve Switch 2626"
User-Name = "tudalat"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 23
NAS-Port-Type = Ethernet
NAS-Port-Id = "23"
Called-Station-Id = "00-30-6e-ae-d1-29"
Calling-Station-Id = "00-d0-b7-70-8d-7c"
Connect-Info = "CONNECT Ethernet 10Mbps Half duplex"
Tunnel-Type = 0:13
Tunnel-Medium-Type = 0:Ether_802
Tunnel-Private-Group-ID = 1
EAP-Message = <2><4><0><11><1>tudalat
Message-Authenticator = R<238><13><225><183>)x<163>W<230><201><221><243>g<23>t
Thu Jan 15 13:34:51 2004: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jan 15 13:34:51 2004: DEBUG: Rewrote user name to tudalat
Thu Jan 15 13:34:51 2004: DEBUG: Deleting session for tudalat, xxx.xxx.254.224, 23
Thu Jan 15 13:34:51 2004: DEBUG: Handling with Radius::AuthLDAP2: test-uid
Thu Jan 15 13:34:51 2004: DEBUG: Handling with EAP: code 2, 4, 11
Thu Jan 15 13:34:51 2004: DEBUG: Response type 1
Thu Jan 15 13:34:51 2004: DEBUG: EAP result: 1, EAP authentication is not permitted.
Thu Jan 15 13:34:51 2004: INFO: Access rejected for tudalat: EAP authentication is not permitted.
Thu Jan 15 13:34:51 2004: DEBUG: Packet dump:
*** Sending to 136.159.254.224 port 1024 ....
Packet length = 36
03 33 00 24 a6 09 31 13 7c 13 99 68 88 df 77 b2
5b 3e 88 d7 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code: Access-Reject
Identifier: 51
Authentic: <164><206><177>Z?<148>"h<156><202>Z<198><251>QP<187>
Attributes:
Reply-Message = "Request Denied"
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list