(RADIATOR) I need a little help with the log file

Stewart, Bill wjs-corp at kaman.com
Tue Apr 5 06:01:00 CDT 2005


Hi Mark,

	Maybe we can not do what I'm trying to do.  Let me explain.  My boss
would like to have Windows XP machines, in a building that uses wireless
communications, validate against our Windows NT domain.  He does not want to
have to install certificates on each of the machines.  We also have some
printers in those locations that would validate via MAC address. We have no
problem with those.  So my question is "Is it possible to validate to an NT
domain without using certificates?" I thought my previous question was
answered with a "yes" if we use the LSA validation.

Thanks

Bill

	Here is what I get with the test.

>perl radiusd -config goodies/lsa_eap_peap.cfg
Tue Apr  5 06:51:20 2005: ERR: Could not AdjustPrivilege SE_TCB_PRIVILEGE: A
req
uired privilege is not held by the client.

Tue Apr  5 06:51:20 2005: ERR: Could not load AuthBy module Radius::AuthLSA:
Tue Apr  5 06:51:20 2005: ERR: Unknown object 'AuthBy' in
goodies/lsa_eap_peap.c
fg line 102
Tue Apr  5 06:51:20 2005: DEBUG: Finished reading configuration file
'goodies/ls
a_eap_peap.cfg'
This Radiator license will expire on 2005-10-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact admin at open.com.au

Tue Apr  5 06:51:20 2005: DEBUG: Reading dictionary file './dictionary'
Tue Apr  5 06:51:21 2005: DEBUG: Creating authentication port 0.0.0.0:1645
Tue Apr  5 06:51:21 2005: DEBUG: Creating accounting port 0.0.0.0:1646
Tue Apr  5 06:51:21 2005: NOTICE: Server started: Radiator 3.12 on PC148
(LOCKED
)


> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: Monday, April 04, 2005 6:26 PM
> To: Stewart, Bill
> Cc: 'radiator at open.com.au'
> Subject: Re: (RADIATOR) I need a little help with the log file
> 
> 
> Hello Bill,
> 
> Looks like your Radiator is incorrectly configured to do EAP 
> authentication.
> You should post your Radiator configuration file (no secrets).
> 
> Note that there are a number of example configuration files 
> for Handling EAP 
> with LSA in the goodies directory of your distribution. All 
> of them require 
> certificates to handle PEAP (the default windows XP protocol).
> The example config files work with the sample certificates 
> that we supply in 
> the distribution.
> Perhaps your configuration does not define DbDir to point to 
> the directory 
> where your certificates are. 
> 
> You should be able to test with XP by doing:
> 
> cd .....\Radiator-3.12
> perl radiusd -config goodies/lsa_eap_peap.cfg
> 
> Cheers.
> 
> 
> On Monday 04 April 2005 23:57, Stewart, Bill wrote:
> > Mike,
> >
> > 	Thanks, that installed O.K. Now I do need an example 
> for validating
> > a wireless XP notebook.  I'm sure I'm overlooking something 
> in the .cfg
> > file for LSA validation.  Here is what I get in the 
> logfile. Looks like it
> > is trying to verify via certificates.
> >
> > Mon Apr  4 09:27:36 2005: DEBUG: Packet dump:
> > *** Received from 149.158.3.250 port 1147 ....
> > Code:       Access-Request
> > Identifier: 122
> > Authentic:  l&<0><0><243>P<0><0>]a<0><0>`<8><0><0>
> > Attributes:
> >         Message-Authenticator =
> > %<152>@<249><128>z<169><192><199><167><137><202>
> > F<157><18>}
> >         User-Name = "LAN_KCNT\wjs"
> >         NAS-IP-Address = 149.158.3.250
> >         NAS-Port = 2
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         Calling-Station-Id = "00-01-f4-ec-97-29"
> >         EAP-Message = <2><1><0><17><1>LAN_KCNT\wjs
> >         Framed-MTU = 1000
> >
> > Mon Apr  4 09:27:36 2005: DEBUG: Handling request with Handler ''
> > Mon Apr  4 09:27:36 2005: DEBUG:  Deleting session for LAN_KCNT\wjs,
> > 149.158.3.2
> > 50, 2
> > Mon Apr  4 09:27:36 2005: DEBUG: Handling with Radius::AuthFILE:
> > Mon Apr  4 09:27:36 2005: DEBUG: Handling with EAP: code 2, 1, 17
> > Mon Apr  4 09:27:36 2005: DEBUG: Response type 1
> > Mon Apr  4 09:27:36 2005: ERR: TLS could not load_verify_locations
> > %D/certificat
> > es/demoCA/cacert.pem, :  328: 1 - error:02001003:system 
> library:fopen:No
> > such pr
> > ocess
> >  328: 2 - error:2006D080:BIO routines:BIO_new_file:no such file
> >  328: 3 - error:0B084002:x509 certificate
> > routines:X509_load_cert_crl_file:syste
> > m lib
> >
> > Mon Apr  4 09:27:36 2005: DEBUG: EAP result: 1, EAP TLS Could not
> > initialise con
> > text
> > Mon Apr  4 09:27:36 2005: DEBUG: AuthBy FILE result: 
> REJECT, EAP TLS Could
> > not i
> > nitialise context
> > Mon Apr  4 09:27:36 2005: INFO: Access rejected for 
> LAN_KCNT\wjs: EAP TLS
> > Could
> > not initialise context
> > Mon Apr  4 09:27:36 2005: DEBUG: Packet dump:
> > *** Sending to 149.158.3.250 port 1147 ....
> > Code:       Access-Reject
> > Identifier: 122
> > Authentic:  l&<0><0><243>P<0><0>]a<0><0>`<8><0><0>
> > Attributes:
> >         Reply-Message = "Request Denied"
> >
> >
> > Bill
> >
> > > -----Original Message-----
> > > From: Mike McCauley [mailto:mikem at open.com.au]
> > > Sent: Saturday, April 02, 2005 6:38 AM
> > > To: Stewart, Bill
> > > Cc: 'radiator at open.com.au'
> > > Subject: Re: (RADIATOR) I need a little help with the log file
> > >
> > >
> > > Hello again,
> > >
> > > On Saturday 02 April 2005 21:10, Mike McCauley wrote:
> > > > Hello Bill,
> > > >
> > > > You dont have to compile Net::SSLeay.
> > > >
> > > > There is a precompiled Net::SSLeay PPM for ActiveState on
> > >
> > > our web site.
> > >
> > > > Hugh shows the relevant extract from the FAQ.
> > > >
> > > > Run this command on your Radiator host:
> > >
> > > Ooops I meant:
> > >
> > > ppm install
> > > http://www.open.com.au/radiator/free-downloads/Net_SSLeay.pm.ppd
> > >
> > > Cheers.
> > >
> > > > http://www.open.com.au/radiator/free-downloads/Net_SSLeay.pm.ppd
> > > >
> > > > It will download and install Net::SSLeay.
> > > >
> > > > Cheers.
> > > >
> > > > On Saturday 02 April 2005 04:59, Stewart, Bill wrote:
> > > > > I installed openssl, and tried to install Net::SSLeay.
> > >
> > > When I follow the
> > >
> > > > > instructions, the nmake command gives me the following error:
> > > > >
> > > > > 'cl' is not recognized as an internal or external command,
> > > > > operable program or batch file.
> > > > > NMAKE : fatal error U1077: 'C:\WINDOWS\system32\cmd.exe'
> > > :
> > > : return code
> > > :
> > > > > '0x1' Stop.
> > > > >
> > > > > Any ideas?
> > > > >
> > > > > Bill
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Hugh Irvine [mailto:hugh at open.com.au]
> > > > > > Sent: Friday, April 01, 2005 3:17 AM
> > > > > > To: Stewart, Bill
> > > > > > Cc: 'radiator at open.com.au'
> > > > > > Subject: Re: (RADIATOR) I need a little help with 
> the log file
> > > > > >
> > > > > >
> > > > > >
> > > > > > Hello Bill -
> > > > > >
> > > > > > As the error message indicates you will need to install
> > >
> > > Net-SSLeay.
> > >
> > > > > > See the FAQ ("doc/faq.html"):
> > > > > >
> > > > > > 140. What do I have to install on Windows for Radiator to
> > > > > > authenticate
> > > > > > TLS, TTLS and PEAP
> > > > > > Radiator requires OpenSSL and the perl Net::SSLeay 
> module to be
> > > > > > installed on the radius server in order to support EAP
> > >
> > > TLS, TTLS or
> > >
> > > > > > PEAP. All these modules are freely available.
> > > > > > 	1.  	 Install ActivePerl 5.8.4 from ActiveState
> > > > > > 	2.  	Install Win32 OpenSSL v0.9.7e or later from
> > > > > > Shining Light
> > > > > > Productions
> > > > > > 	3.  	Install the Net::SSLeay module using PPM
> > > > > > included with ActivePerl:
> > > > > >
> > > > > > 	ppm install
> > > > > > 
> http://www.open.com.au/radiator/free-downloads/Net_SSLeay.pm.ppd
> > > > > >
> > > > > > regards
> > > > > >
> > > > > > Hugh
> > > > > >
> > > > > > On 31 Mar 2005, at 20:50, Stewart, Bill wrote:
> > > > > > > 	Here are some errors I getting in my logfile (running
> > > > > >
> > > > > > on windows xp
> > > > > >
> > > > > > > trying to validate a wireless laptop against a NT domain)
> > > > > >
> > > > > > Can anyone
> > > > > >
> > > > > > > help
> > > > > > > me?
> > > > > > >
> > > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Packet dump:
> > > > > > > *** Received from 149.158.3.250 port 1134 ....
> > > > > > > Code:       Access-Request
> > > > > > > Identifier: 109
> > > > > > > Authentic:  <161>3<0><0>n`<0><0>(]<0><0>7Q<0><0>
> > > > > > > Attributes:
> > > > > > > 	Message-Authenticator =
> > > > > > > 
> <248><180>&<194>G<228><226>@:<242><174><243><233><143><173>e
> > > > > > > 	User-Name = "LAN_KCNT\wjs"
> > > > > > > 	NAS-IP-Address = 149.158.3.250
> > > > > > > 	NAS-Port = 2
> > > > > > > 	NAS-Port-Type = Wireless-IEEE-802-11
> > > > > > > 	Calling-Station-Id = "00-01-f4-ec-97-29"
> > > > > > > 	EAP-Message = <2><1><0><17><1>LAN_KCNT\wjs
> > > > > > > 	Framed-MTU = 1000
> > > > > > >
> > > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Handling request
> > >
> > > with Handler ''
> > >
> > > > > > > Thu Mar 31 13:22:57 2005: DEBUG:  Deleting session
> > >
> > > for LAN_KCNT\wjs,
> > >
> > > > > > > 149.158.3.250, 2
> > > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Handling with
> > >
> > > Radius::AuthFILE:
> > > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Handling with EAP:
> > >
> > > code 2, 1, 17
> > >
> > > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Response type 1
> > > > > > > Thu Mar 31 13:22:57 2005: ERR: Could not load EAP module
> > > > > > > Radius::EAP_25:
> > > > > > > Can't load
> > >
> > > 'C:/Perl/site/lib/auto/Net/SSLeay/SSLeay.dll' for module
> > >
> > > > > > > Net::SSLeay: load_file:The specified module could not
> > >
> > > be found at
> > >
> > > > > > > C:/Perl/lib/DynaLoader.pm line 206.
> > > > > > > Compilation failed in require at
> > >
> > > C:/Perl/site/lib/Radius/EAP_25.pm
> > >
> > > > > > > line 24.
> > > > > > > BEGIN failed--compilation aborted at
> > > > > >
> > > > > > C:/Perl/site/lib/Radius/EAP_25.pm
> > > > > >
> > > > > > > line
> > > > > > > 24.
> > > > > > > Compilation failed in require at (eval 48) line 3.
> > > > > > >
> > > > > > > Thu Mar 31 13:22:57 2005: DEBUG: EAP result: 1, 
> Unsupported
> > > > > >
> > > > > > default EAP
> > > > > >
> > > > > > > Response/Identity 25
> > > > > > > Thu Mar 31 13:22:57 2005: DEBUG: AuthBy FILE 
> result: REJECT,
> > > > > > > Unsupported
> > > > > > > default EAP Response/Identity 25
> > > > > > > Thu Mar 31 13:22:57 2005: INFO: Access rejected for
> > >
> > > LAN_KCNT\wjs:
> > > > > > > Unsupported default EAP Response/Identity 25
> > > > > > > Thu Mar 31 13:22:57 2005: DEBUG: Packet dump:
> > > > > > > *** Sending to 149.158.3.250 port 1134 ....
> > > > > > > Code:       Access-Reject
> > > > > > > Identifier: 109
> > > > > > > Authentic:  <161>3<0><0>n`<0><0>(]<0><0>7Q<0><0>
> > > > > > > Attributes:
> > > > > > > 	Reply-Message = "Request Denied"
> > > > > > >
> > > > > > >
> > > > > > > Bill Stewart   :-)
> > > > > > > Kaman Corporation
> > > > > > > 1332 Blue Hills Avenue
> > > > > > > Bloomfield, Connecticut, 06002
> > > > > > > (860) 243-7058
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > > > Announcements on radiator-announce at open.com.au
> > > > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > > > 'unsubscribe radiator' in the body of the message.
> > > > > >
> > > > > > NB: I am travelling this week, so there may be delays in our
> > > > > > correspondence.
> > > > > >
> > > > > > --
> > > > > > Radiator: the most portable, flexible and configurable
> > >
> > > RADIUS server
> > >
> > > > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000,
> > >
> > > NT, MacOS X.
> > >
> > > > > > -
> > > > > > Nets: internetwork inventory and management -
> > >
> > > graphical, extensible,
> > >
> > > > > > flexible with hardware, software, platform and database
> > >
> > > independence.
> > >
> > > > > > -
> > > > > > CATool: Private Certificate Authority for Unix and
> > >
> > > Unix-like systems.
> > >
> > > > > --
> > > > > Archive at http://www.open.com.au/archives/radiator/
> > > > > Announcements on radiator-announce at open.com.au
> > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > 'unsubscribe radiator' in the body of the message.
> > >
> > > --
> > > Mike McCauley                               mikem at open.com.au
> > > Open System Consultants Pty. Ltd            Unix, Perl,
> > > Motif, C++, WWW
> > > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> >
> > http://www.open.com.au
> > Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active 
> Directory, EAP, TLS,
> > TTLS, PEAP etc on Unix, Windows, MacOS etc.
> 
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, 
> Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia   
http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list