(RADIATOR) Using AD authentication in Radiator

Jimenez, Roman roman.jimenez at waukeshaengine.dresser.com
Mon Feb 21 08:13:13 CST 2005 

Hugh,
Thanks for the reply. I am including the log file and my configuration fiel
as an attachment to this message. I hope that will give you an idea of what
I am doing wrong.

Thanks again, 


Roman Jimenez
 

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Friday, February 18, 2005 11:36 PM
To: Jimenez, Roman
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Using AD authentication in Radiator


Hello Roman -

EAP authentication comprises two stages - the first (outer request) for
"anonymous" and a second (inner request) for the actual username.

Have a look at the examples in "goodies/eap_*.cfg" in the Radiator 3.11
distribution.

There may also be a problem with MS-CHAPv2, but I can't tell without seeing
your configuration file and a more complete trace 4 debug.

regards

Hugh


On 17 Feb 2005, at 21:52, Jimenez, Roman wrote:

> Hi all,
> I am trying to configure our Radiator server to authenticate against 
> our Active Directory as an LDAP V.2. and I am getting an "access 
> rejected for anonymous..." in the log fine. I am including an extract 
> of the logs, it seems that the ldap query for the user comes back fine 
> though. I would appreciate any help in resolving this issue:
>  
>
> Thu Feb 17 12:33:48 2005: INFO: Connecting to 10.121.15.81, port 389
>
> Thu Feb 17 12:33:48 2005: INFO: Attempting to bind to LDAP server
> 10.121.15.81:389)
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got result for CN=Roman 
> Jimenez,OU=X,,DC=y,DC=z,DC=com
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got objectClass: top person 
> organizationalPerson user
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got cn: Roman Jimenez
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got description: IT
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got distinguishedName: CN=
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got instanceType: 4
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got whenCreated: 
> 20041216181343.0Z
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got whenChanged: 
> 20041216194601.0Z
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got displayName: Roman Jimenez
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got uSNCreated: 95721
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got memberOf: CN=
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got userPrincipalName: 
> Roman.Jimenez
>
> Thu Feb 17 12:33:48 2005: DEBUG: Radius::AuthLDAP2 looks for match 
> with Roman.Jimenez
>
> Thu Feb 17 12:33:48 2005: DEBUG: Radius::AuthLDAP2 ACCEPT:
>
>  Thu Feb 17 12:33:48 2005: DEBUG: EAP result: 1, EAP MSCHAP-V2 
> Authentication failure
>
> Thu Feb 17 12:33:48 2005: INFO: Access rejected for anonymous: EAP
> MSCHAP-V2 Authentication failure
>  
>  
> Roman Jimenez
>  
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), together
with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius.cfg
Type: application/octet-stream
Size: 796 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050221/6946da64/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logfile
Type: application/octet-stream
Size: 23230 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050221/6946da64/attachment-0001.obj>

More information about the radiator mailing list