(RADIATOR) I need a little help validating against an NT doma in.

Hugh Irvine hugh at open.com.au
Wed Mar 30 09:56:34 CST 2005 

Hello Bill -

It appears from the trace shown below that you are trying to do EAP 
authentication in a wireless environment?

If so I suggest you run Radiator on Windows and use the AuthBy LSA 
clause.

There are a number of EAP configuration files in "goodies/eap_*.cfg".

regards

Hugh


On 30 Mar 2005, at 17:36, Stewart, Bill wrote:

> Hugh,
>
> 	Thanks! I downloaded that package, and I no longer get the error
> starting up Radiator.  I am still unable to validate the user name 
> password
> against the domain controller.  He is a sample of what id going on.
>
> 	Dose someone have an example cfg file that works for validating
> against an NT domain server.
>
> Bill
>
> Wed Mar 30 09:21:03 2005: DEBUG: Packet dump:
> *** Received from 149.158.3.250 port 1086 ....
> Code:       Access-Request
> Identifier: 61
> Authentic:  <225><6><0><0>r0<0><0>>?<0><0><173>C<0><0>
> Attributes:
>         Message-Authenticator =
> '<5><157><218>6<219>|<18><171>@<208>s-<228><160>w
>         User-Name = "LAN_KCNT\\wjs"
>         NAS-IP-Address = 149.158.3.250
>         NAS-Port = 2
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Calling-Station-Id = "00-01-f4-ec-97-29"
>         EAP-Message = <2><1><0><18><1>LAN_KCNT\\wjs
>         Framed-MTU = 1000
>
> Wed Mar 30 09:21:03 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Mar 30 09:21:03 2005: DEBUG:  Deleting session for LAN_KCNT\\wjs,
> 149.158.3.250, 2
> Wed Mar 30 09:21:03 2005: DEBUG: Handling with NT
> Wed Mar 30 09:21:03 2005: DEBUG: Handling with EAP: code 2, 1, 18
> Wed Mar 30 09:21:03 2005: DEBUG: Response type 1
> Wed Mar 30 09:21:03 2005: DEBUG: EAP result: 1, EAP authentication is 
> not
> permitted.
> Wed Mar 30 09:21:03 2005: DEBUG: AuthBy NT result: REJECT, EAP
> authentication is not permitted.
> Wed Mar 30 09:21:03 2005: INFO: Access rejected for LAN_KCNT\\wjs: EAP
> authentication is not permitted.
> Wed Mar 30 09:21:03 2005: DEBUG: Packet dump:
> *** Sending to 149.158.3.250 port 1086 ....
>
>
>
>
>> -----Original Message-----
>> From: Hugh Irvine [mailto:hugh at open.com.au]
>> Sent: Wednesday, March 30, 2005 3:03 AM
>> To: Stewart, Bill
>> Cc: 'radiator at open.com.au'
>> Subject: Re: (RADIATOR) I need a little help validating against an NT
>> domain.
>>
>>
>>
>> Hello Bill -
>>
>> You will need to install the Authen-Smb module before you can use
>> AuthBy NT.
>>
>> See section 6.28 in the Radiator 3.12 reference manual
>> ("doc/ref.html").
>>
>> There is an example configuration file in "goodies/nt.cfg".
>>
>> regards
>>
>> Hugh
>>
>>
>> On 29 Mar 2005, at 22:28, Stewart, Bill wrote:
>>
>>>
>>> 	We are trying to set up to validate against an NT
>> domain, using an
>>> Enterasys AP and a Windows XP laptop with a wireless card.
>>>
>>> 	Can someone give me an example cfg file that is set up
>> to validate
>>> against an nt domain?
>>>
>>> 	When I start radiator I get the following errors:
>>>
>>> Tue Mar 29 15:24:54 2005: ERR: Could not load AuthBy module
>>> Radius::AuthNT:
>>> Can't locate Authen/Smb.pm in @INC (@INC contains: . /us
>>> r/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0
>>> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
>> /usr/lib/perl5
>>> /site_perl/5.8.0 /usr/lib/perl5/site_perl
>>> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
>>> /usr/lib/perl5/vendor_perl/5.8.0
>>> /usr/lib/perl5/vendor_perl
>> /usr/lib/perl5/5.8.0/i386-linux-thread-multi
>>> /usr/lib/perl5/5.8.0 .) at /usr/lib/perl5/site_perl/Radius/A
>>> uthNT.pm line 31, <FILE> line 40.
>>> Compilation failed in require at (eval 35) line 3, <FILE> line 40.
>>>
>>> Tue Mar 29 15:24:54 2005: ERR: Unknown object 'AuthBy' in
>>> /etc/radiator/radius.cfg line 40
>>> Tue Mar 29 15:24:54 2005: DEBUG: Finished reading configuration file
>>> '/etc/radiator/radius.cfg'
>>> Tue Mar 29 15:24:54 2005: DEBUG: Reading dictionary file
>>> '/etc/radiator/dictionary'
>>> Tue Mar 29 15:24:54 2005: DEBUG: Creating authentication port
>>> 0.0.0.0:1812
>>> Tue Mar 29 15:24:54 2005: DEBUG: Creating accounting port
>> 0.0.0.0:1646
>>> Tue Mar 29 15:24:54 2005: NOTICE: Server started: Radiator 3.12 on
>>> kmnradius
>>> (LOCKED)
>>>
>>>
>>>
>>> Here is what we have so far:
>>>
>>> # radius.cfg
>>> #
>>> # Example Radiator configuration file.
>>> # This very simple file will allow you to get started with
>>> # a simple system. You can then add and change features.
>>> # We suggest you start simple, prove to yourself that it
>>> # works and then develop a more complicated configuration
>> as required.
>>> #
>>> # This example will authenticate from a standard users file in
>>> # DbDir/users and log accounting to LogDir/detail.
>>> #
>>> # It will accept requests from any client and try to handle request
>>> # for any realm.
>>> #
>>> # You should consider this file to be a starting point only
>>> # $Id: linux-radius.cfg,v 1.3 2002/03/24 23:07:49 mikem Exp $
>>>
>>> #Foreground
>>> LogStdout
>>> LogDir          /var/log/radius
>>> DbDir           /etc/radiator
>>> # Use a low trace level in production systems. Increase
>>> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>>> Trace           4
>>> AuthPort 1812
>>> DictionaryFile %D/dictionary
>>>
>>> # You will probably want to add other Clients to suit your site,
>>> # one for each NAS you want to work with
>>> <Client DEFAULT>
>>>         Secret  mysecret
>>>         DupInterval 0
>>> </Client>
>>>
>>> <Client 149.158.3.250>
>>>         Secret secretword
>>> </Client>
>>>
>>> <Realm DEFAULT>
>>>         <AuthBy NT>
>>>                 Domain LAN_KCNT
>>>                 DomainController kcnt1.kaman.com
>>>         </AuthBy>
>>>
>>>         <AuthBy FILE>
>>>                 Filename %D/users
>>>         </AuthBy>
>>>
>>>         # Log accounting to a detail file
>>>         #AcctLogFileName        %L/detail
>>>         AcctLogFileName /var/log/radius/detail
>>> </Realm>
>>>
>>> Bill Stewart   :-)
>>> Kaman Corporation
>>> 1332 Blue Hills Avenue
>>> Bloomfield, Connecticut, 06002
>>> (860) 243-7058
>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: I am travelling this week, so there may be delays in our
>> correspondence.
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list