(RADIATOR) Using AD authentication in Radiator
Jimenez, Roman
roman.jimenez at waukeshaengine.dresser.com
Mon Feb 21 08:13:13 CST 2005
Hugh,
Thanks for the reply. I am including the log file and my configuration fiel
as an attachment to this message. I hope that will give you an idea of what
I am doing wrong.
Thanks again,
Roman Jimenez
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Friday, February 18, 2005 11:36 PM
To: Jimenez, Roman
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Using AD authentication in Radiator
Hello Roman -
EAP authentication comprises two stages - the first (outer request) for
"anonymous" and a second (inner request) for the actual username.
Have a look at the examples in "goodies/eap_*.cfg" in the Radiator 3.11
distribution.
There may also be a problem with MS-CHAPv2, but I can't tell without seeing
your configuration file and a more complete trace 4 debug.
regards
Hugh
On 17 Feb 2005, at 21:52, Jimenez, Roman wrote:
> Hi all,
> I am trying to configure our Radiator server to authenticate against
> our Active Directory as an LDAP V.2. and I am getting an "access
> rejected for anonymous..." in the log fine. I am including an extract
> of the logs, it seems that the ldap query for the user comes back fine
> though. I would appreciate any help in resolving this issue:
>
>
> Thu Feb 17 12:33:48 2005: INFO: Connecting to 10.121.15.81, port 389
>
> Thu Feb 17 12:33:48 2005: INFO: Attempting to bind to LDAP server
> 10.121.15.81:389)
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got result for CN=Roman
> Jimenez,OU=X,,DC=y,DC=z,DC=com
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got objectClass: top person
> organizationalPerson user
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got cn: Roman Jimenez
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got description: IT
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got distinguishedName: CN=
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got instanceType: 4
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got whenCreated:
> 20041216181343.0Z
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got whenChanged:
> 20041216194601.0Z
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got displayName: Roman Jimenez
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got uSNCreated: 95721
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got memberOf: CN=
>
> Thu Feb 17 12:33:48 2005: DEBUG: LDAP got userPrincipalName:
> Roman.Jimenez
>
> Thu Feb 17 12:33:48 2005: DEBUG: Radius::AuthLDAP2 looks for match
> with Roman.Jimenez
>
> Thu Feb 17 12:33:48 2005: DEBUG: Radius::AuthLDAP2 ACCEPT:
>
> Thu Feb 17 12:33:48 2005: DEBUG: EAP result: 1, EAP MSCHAP-V2
> Authentication failure
>
> Thu Feb 17 12:33:48 2005: INFO: Access rejected for anonymous: EAP
> MSCHAP-V2 Authentication failure
>
>
> Roman Jimenez
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), together
with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius.cfg
Type: application/octet-stream
Size: 796 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050221/6946da64/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logfile
Type: application/octet-stream
Size: 23230 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050221/6946da64/attachment-0001.obj>
More information about the radiator
mailing list