(RADIATOR) I need a little help validating against an NT doma in.

Stewart, Bill wjs-corp at kaman.com
Wed Mar 30 09:36:40 CST 2005 

Hugh,

	Thanks! I downloaded that package, and I no longer get the error
starting up Radiator.  I am still unable to validate the user name password
against the domain controller.  He is a sample of what id going on.

	Dose someone have an example cfg file that works for validating
against an NT domain server.

Bill

Wed Mar 30 09:21:03 2005: DEBUG: Packet dump:
*** Received from 149.158.3.250 port 1086 ....
Code:       Access-Request
Identifier: 61
Authentic:  <225><6><0><0>r0<0><0>>?<0><0><173>C<0><0>
Attributes:
        Message-Authenticator =
'<5><157><218>6<219>|<18><171>@<208>s-<228><160>w
        User-Name = "LAN_KCNT\\wjs"
        NAS-IP-Address = 149.158.3.250
        NAS-Port = 2
        NAS-Port-Type = Wireless-IEEE-802-11
        Calling-Station-Id = "00-01-f4-ec-97-29"
        EAP-Message = <2><1><0><18><1>LAN_KCNT\\wjs
        Framed-MTU = 1000

Wed Mar 30 09:21:03 2005: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Mar 30 09:21:03 2005: DEBUG:  Deleting session for LAN_KCNT\\wjs,
149.158.3.250, 2
Wed Mar 30 09:21:03 2005: DEBUG: Handling with NT
Wed Mar 30 09:21:03 2005: DEBUG: Handling with EAP: code 2, 1, 18
Wed Mar 30 09:21:03 2005: DEBUG: Response type 1
Wed Mar 30 09:21:03 2005: DEBUG: EAP result: 1, EAP authentication is not
permitted.
Wed Mar 30 09:21:03 2005: DEBUG: AuthBy NT result: REJECT, EAP
authentication is not permitted.
Wed Mar 30 09:21:03 2005: INFO: Access rejected for LAN_KCNT\\wjs: EAP
authentication is not permitted.
Wed Mar 30 09:21:03 2005: DEBUG: Packet dump:
*** Sending to 149.158.3.250 port 1086 ....




> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Wednesday, March 30, 2005 3:03 AM
> To: Stewart, Bill
> Cc: 'radiator at open.com.au'
> Subject: Re: (RADIATOR) I need a little help validating against an NT
> domain.
> 
> 
> 
> Hello Bill -
> 
> You will need to install the Authen-Smb module before you can use 
> AuthBy NT.
> 
> See section 6.28 in the Radiator 3.12 reference manual 
> ("doc/ref.html").
> 
> There is an example configuration file in "goodies/nt.cfg".
> 
> regards
> 
> Hugh
> 
> 
> On 29 Mar 2005, at 22:28, Stewart, Bill wrote:
> 
> >
> > 	We are trying to set up to validate against an NT 
> domain, using an
> > Enterasys AP and a Windows XP laptop with a wireless card.
> >
> > 	Can someone give me an example cfg file that is set up 
> to validate
> > against an nt domain?
> >
> > 	When I start radiator I get the following errors:
> >
> > Tue Mar 29 15:24:54 2005: ERR: Could not load AuthBy module 
> > Radius::AuthNT:
> > Can't locate Authen/Smb.pm in @INC (@INC contains: . /us
> > r/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
> > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi 
> /usr/lib/perl5
> > /site_perl/5.8.0 /usr/lib/perl5/site_perl
> > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
> > /usr/lib/perl5/vendor_perl/5.8.0
> > /usr/lib/perl5/vendor_perl 
> /usr/lib/perl5/5.8.0/i386-linux-thread-multi
> > /usr/lib/perl5/5.8.0 .) at /usr/lib/perl5/site_perl/Radius/A
> > uthNT.pm line 31, <FILE> line 40.
> > Compilation failed in require at (eval 35) line 3, <FILE> line 40.
> >
> > Tue Mar 29 15:24:54 2005: ERR: Unknown object 'AuthBy' in
> > /etc/radiator/radius.cfg line 40
> > Tue Mar 29 15:24:54 2005: DEBUG: Finished reading configuration file
> > '/etc/radiator/radius.cfg'
> > Tue Mar 29 15:24:54 2005: DEBUG: Reading dictionary file
> > '/etc/radiator/dictionary'
> > Tue Mar 29 15:24:54 2005: DEBUG: Creating authentication port 
> > 0.0.0.0:1812
> > Tue Mar 29 15:24:54 2005: DEBUG: Creating accounting port 
> 0.0.0.0:1646
> > Tue Mar 29 15:24:54 2005: NOTICE: Server started: Radiator 3.12 on 
> > kmnradius
> > (LOCKED)
> >
> >
> >
> > Here is what we have so far:
> >
> > # radius.cfg
> > #
> > # Example Radiator configuration file.
> > # This very simple file will allow you to get started with
> > # a simple system. You can then add and change features.
> > # We suggest you start simple, prove to yourself that it
> > # works and then develop a more complicated configuration 
> as required.
> > #
> > # This example will authenticate from a standard users file in
> > # DbDir/users and log accounting to LogDir/detail.
> > #
> > # It will accept requests from any client and try to handle request
> > # for any realm.
> > #
> > # You should consider this file to be a starting point only
> > # $Id: linux-radius.cfg,v 1.3 2002/03/24 23:07:49 mikem Exp $
> >
> > #Foreground
> > LogStdout
> > LogDir          /var/log/radius
> > DbDir           /etc/radiator
> > # Use a low trace level in production systems. Increase
> > # it to 4 or 5 for debugging, or use the -trace flag to radiusd
> > Trace           4
> > AuthPort 1812
> > DictionaryFile %D/dictionary
> >
> > # You will probably want to add other Clients to suit your site,
> > # one for each NAS you want to work with
> > <Client DEFAULT>
> >         Secret  mysecret
> >         DupInterval 0
> > </Client>
> >
> > <Client 149.158.3.250>
> >         Secret secretword
> > </Client>
> >
> > <Realm DEFAULT>
> >         <AuthBy NT>
> >                 Domain LAN_KCNT
> >                 DomainController kcnt1.kaman.com
> >         </AuthBy>
> >
> >         <AuthBy FILE>
> >                 Filename %D/users
> >         </AuthBy>
> >
> >         # Log accounting to a detail file
> >         #AcctLogFileName        %L/detail
> >         AcctLogFileName /var/log/radius/detail
> > </Realm>
> >
> > Bill Stewart   :-)
> > Kaman Corporation
> > 1332 Blue Hills Avenue
> > Bloomfield, Connecticut, 06002
> > (860) 243-7058
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
> 
> NB: I am travelling this week, so there may be delays in our 
> correspondence.
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list