(RADIATOR) radiator and windows 2000 RRAS
DELORT Stephane
Stephane.DELORT at murex.com
Fri May 20 02:09:12 CDT 2005
Thanks for your reply Hugh,
actually, I made a mistake when I wrote my radius conf file.
You can read :
...
AuthPort 1812,1645
AuthPort 1813
...
So, RRAS is not able to find the accounting service on port 1813 as written in the RFC but as the port is open, it does not throw an error message.
Everything works fine once I have :
...
AuthPort 1812,1645
AcctPort 1813
...
As I will soon test different Wifi manufacturers for mu company, I would like to have a radius server ruuning with PEAP/MSCHAP-V2. I already tested MSCHAP-V2 with radpwtst and windows remote connections. The thing is that I don't know how to do it with only wired workstations. I hope it is possible and will go through it.
Any remark or feedback will be useful.
Kind regards,
Stéphane
-----Message d'origine-----
De : Hugh Irvine [mailto:hugh at open.com.au]
Envoyé : jeudi 19 mai 2005 20:51
À : DELORT Stephane
Cc : radiator at open.com.au
Objet : Re: (RADIATOR) radiator and windows 2000 RRAS
Salut Stephane -
What you show in the debug is an accounting request, not an
authentication request.
The accounting request appears to be processed correctly.
I am not quite sure what may be happening, but it would be useful to
see a trace 4 debug showing what happens with radpwtst and another
showing what happens when you have the problem.
regards
Hugh
On 19 May 2005, at 20:47, DELORT Stephane wrote:
> Sorry, I did not write the right subject the first time.
> ----
>
>
> Hello all !
>
> First of all, warm thanks to Hugh Irvine for his previous answer.
>
> Here is another problem ...
>
> I use windows 2000 RRAS service to relay the authentication request
> toward radiator (running as a windows service).
> But the shame is that it does not work and RRAS logs : "unable to
> proceed the request in enough time".
> The supplicant is a windows 2000 pro.
>
> It works fine with IAS (obviously).
> The comandline radpwtst used to work OK but since I run radiator as
> a windows service, it does not.
>
>
> Here are the logs of Radiator :
> **************************************
>
> Thu May 19 11:13:15 2005: DEBUG: Creating Monitor port 0.0.0.0:9048
> Thu May 19 11:13:15 2005: DEBUG: Finished reading configuration
> file 'C:\Program Files\Radiator\radius.cfg'
> Thu May 19 11:13:15 2005: DEBUG: Reading dictionary file 'c:/
> Program Files/Radiator/dictionary'
> Thu May 19 11:13:16 2005: DEBUG: Creating authentication port
> 0.0.0.0:1813
> Thu May 19 11:13:16 2005: DEBUG: Creating accounting port 0.0.0.0:1646
> Thu May 19 11:13:16 2005: NOTICE: Server started: Radiator 3.12 on
> vmware-IAS (LOCKED)
> Thu May 19 11:13:22 2005: DEBUG: Packet dump:
> *** Received from 192.168.0.3 port 1087 ....
> Code: Accounting-Request
> Identifier: 0
> Authentic: L<174><195>K<236><254><153><186>`l_4<245>z'<160>
> Attributes:
> Acct-Status-Type = Accounting-On
> NAS-IP-Address = 192.168.0.3
> Acct-Session-Id = "31"
>
> Thu May 19 11:13:22 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Thu May 19 11:13:22 2005: DEBUG: Deleting all sessions for
> 192.168.0.3
> Thu May 19 11:13:22 2005: DEBUG: Handling with Radius::AuthLSA:
> Thu May 19 11:13:22 2005: DEBUG: AuthBy LSA result: ACCEPT,
> Thu May 19 11:13:22 2005: DEBUG: Accounting accepted
> Thu May 19 11:13:22 2005: DEBUG: Packet dump:
> *** Sending to 192.168.0.3 port 1087 ....
> Code: Accounting-Response
> Identifier: 0
> Authentic: L<174><195>K<236><254><153><186>`l_4<245>z'<160>
> Attributes:
>
>
> **************************************
> Everything after "*** Received from 192.168.0.3 port 1087 ...." is
> written after starting the RRAS.
>
>
>
> My config file :
>
> Foreground
> LogStdout
> LogDir c:/Program Files/Radiator
> DbDir c:/Program Files/Radiator
> AuthPort 1812,1645
> AuthPort 1813
>
> Trace 4
>
> <Monitor>
> Username ******
> Password ******
> </Monitor>
>
> <Client DEFAULT>
> Secret ******
> DupInterval 0
> </Client>
>
>
> <Realm DEFAULT>
> # Look up user details in a flat file
> <AuthBy LSA>
> DefaultDomain krb.com
> EAPType MSCHAP-V2
> </AuthBy>
>
> # Log accounting to a detail file. %D is replaced by DbDir above
> AcctLogFileName %D/detail
> </Realm>
>
>
> Thanks in advance for any help,
> Stéphane
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list