(RADIATOR) Radiator, Solaris, ActiveDirectory and WindowsXP

Hugh Irvine hugh at open.com.au
Fri Jul 22 19:18:21 CDT 2005 

Hello Chris -

Could you please tell me the name of the registered company that has  
purchased this copy of Radiator?

Please reply to me directly.

In answer to your question, there is undoubtedly a missing Perl  
module that is causing the problem.

You should change directory to the Radiator distribution, then run  
radiusd like this (in a DOS window):

         perl radiusd -foreground -log_stdout -trace 4 - 
config_file .....

where ..... is the name of your configuration file.

This will show you the startup messages which will tell you what is  
going on.

The example configuration files in the goodies directory list all the  
required Perl modules ("goodies/eap_*.cfg").

regards

Hugh


On 23 Jul 2005, at 01:34, Chris Hodgins wrote:

> Hi,
>
> I am currently doing some testing for IEEE802.1x and so trying to
> establish authentication between a laptop running Windows XP SP2 and a
> ActiveDirectory server via our Radiator server.  So far we have user
> authentication working using MD5-Challenge and the radiator user
> files.  Now I would like to hook it up to ActiveDirectory.  Since the
> Radiator server is running Solaris I gather the best option here is to
> use AuthBy LDAP2 and EAP-TTLS with an inner request using PAP.
>
> Unfortunetly the setup I have so far is failing to authenticate
> properly.  The log file shows:
>
> Fri Jul 22 15:14:22 2005: DEBUG: Handling request with Handler
> 'Client-Identifier="3com", Realm= '
> Fri Jul 22 15:14:22 2005: INFO: Access rejected for anonymous: Could
> not handle an EAP request
>
> I have a handler for the initial TTLS request that looks like this:
>
> <Handler Client-Identifier="3com", Realm= >
>         Identifier      3comTTLShandler
>         <AuthBy FILE>
>                 Filename        %D/users
>                 EAPType TTLS
>                 EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>                 EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>                 EAPTLS_PrivateKeyPassword whatever
>         </AuthBy>
>         <Log FILE>
>                 Identifier      3comDebugLog
>                 Filename        %L/3comradiusd.debug
>                 Trace           4
>         </Log>
> </Handler>
>
> With the certificates directory copied from the tarball and also add
> to the windows client.  I also added the anonymous user.  I have
> another handler below that should sort out the inner request.
>
> <Handler Client-Identifier="3com", Realm= TunnelledByTTLS=1>
>         Identifier      3comhandler
>         UsernameCharset a-zA-Z0-9\.-_
>         RewriteUsername tr/[A-Z]/[a-z]/
>         AuthBy          3comITSAuth
>         AuthLog         authlog
>         AuthLog         authsyslog
>         RejectHasReason
>         <Log FILE>
>                 Identifier      3comDebugLog2
>                 Filename        %L/3comradiusd.debug
>                 Trace           4
>         </Log>
> </Handler>
>
> The AuthBy points to this block where LDAPServer is another AuthBy
> block describing our LDAPServer properties, which have been proven to
> work.:
>
> <AuthBy LDAP2>
>         Identifier       3comITSAuth
>         EAPType     PAP
>         AuthBy        LDAPServer
> </AuthBy>
>
> One thing I have noticed on top of the above error I have seen this
> being repeated from the output of dmesg.
>
> Jul 22 16:29:27 blofeld.net.strath.ac.uk
> /usr/perl5/5.6.1/bin/radiusd[23491]: Could not handle an EAP request:
> Can't locate object method "response_identity" via package
> "Radius::EAP_21" (perhaps you forgot to load "Radius::EAP_21"?) at
> /usr/perl5/site_perl/5.6.1/Radius/EAP.pm line 143.
>
> I also read I may require the packages SSLeay and Digest::MD4?  Does
> anyone have any pointers which may put me back on the right track or
> at least fix the current problems?
>
> Thanks all
> Chris
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list