(RADIATOR) radiator and windows 2000 RRAS

Hugh Irvine hugh at open.com.au
Fri May 20 03:15:59 CDT 2005 

Salut Stephane -

Ooops - my apologies - I didn't notice this typo.

As for wired connections, there is no difference compared to wireless  
connections, so you should not have any difficulty.

regards

Hugh


On 20 May 2005, at 17:09, DELORT Stephane wrote:

> Thanks for your reply Hugh,
>
> actually, I made a mistake when I wrote my radius conf file.
> You can read :
> ...
> AuthPort 1812,1645
> AuthPort 1813
> ...
>
> So, RRAS is not able to find the accounting service on port 1813 as  
> written in the RFC but as the port is open, it does not throw an  
> error message.
>
> Everything works fine once I have :
> ...
> AuthPort 1812,1645
> AcctPort 1813
> ...
>
>
> As I will soon test different Wifi manufacturers for mu company, I  
> would like to have a radius server ruuning with PEAP/MSCHAP-V2. I  
> already tested MSCHAP-V2 with radpwtst and windows remote  
> connections. The thing is that I don't know how to do it with only  
> wired workstations. I hope it is possible and will go through it.
> Any remark or feedback will be useful.
>
>
> Kind regards,
> Stéphane
>
>
>
>
>
> -----Message d'origine-----
> De : Hugh Irvine [mailto:hugh at open.com.au]
> Envoyé : jeudi 19 mai 2005 20:51
> À : DELORT Stephane
> Cc : radiator at open.com.au
> Objet : Re: (RADIATOR) radiator and windows 2000 RRAS
>
>
>
> Salut Stephane -
>
> What you show in the debug is an accounting request, not an
> authentication request.
>
> The accounting request appears to be processed correctly.
>
> I am not quite sure what may be happening, but it would be useful to
> see a trace 4 debug showing what happens with radpwtst and another
> showing what happens when you have the problem.
>
> regards
>
> Hugh
>
>
> On 19 May 2005, at 20:47, DELORT Stephane wrote:
>
>
>> Sorry, I did not write the right subject the first time.
>> ----
>>
>>
>> Hello all !
>>
>> First of all, warm thanks to Hugh Irvine for his previous answer.
>>
>> Here is another problem ...
>>
>> I use windows 2000 RRAS service to relay the authentication request
>> toward radiator (running as a windows service).
>> But the shame is that it does not work and RRAS logs : "unable to
>> proceed the request in enough time".
>> The supplicant is a windows 2000 pro.
>>
>> It works fine with IAS (obviously).
>> The comandline radpwtst used to work OK but since I run radiator as
>> a windows service, it does not.
>>
>>
>> Here are the logs of Radiator :
>> **************************************
>>
>> Thu May 19 11:13:15 2005: DEBUG: Creating Monitor port 0.0.0.0:9048
>> Thu May 19 11:13:15 2005: DEBUG: Finished reading configuration
>> file 'C:\Program Files\Radiator\radius.cfg'
>> Thu May 19 11:13:15 2005: DEBUG: Reading dictionary file 'c:/
>> Program Files/Radiator/dictionary'
>> Thu May 19 11:13:16 2005: DEBUG: Creating authentication port
>> 0.0.0.0:1813
>> Thu May 19 11:13:16 2005: DEBUG: Creating accounting port  
>> 0.0.0.0:1646
>> Thu May 19 11:13:16 2005: NOTICE: Server started: Radiator 3.12 on
>> vmware-IAS (LOCKED)
>> Thu May 19 11:13:22 2005: DEBUG: Packet dump:
>> *** Received from 192.168.0.3 port 1087 ....
>> Code:       Accounting-Request
>> Identifier: 0
>> Authentic:  L<174><195>K<236><254><153><186>`l_4<245>z'<160>
>> Attributes:
>>     Acct-Status-Type = Accounting-On
>>     NAS-IP-Address = 192.168.0.3
>>     Acct-Session-Id = "31"
>>
>> Thu May 19 11:13:22 2005: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>> Thu May 19 11:13:22 2005: DEBUG:  Deleting all sessions for
>> 192.168.0.3
>> Thu May 19 11:13:22 2005: DEBUG: Handling with Radius::AuthLSA:
>> Thu May 19 11:13:22 2005: DEBUG: AuthBy LSA result: ACCEPT,
>> Thu May 19 11:13:22 2005: DEBUG: Accounting accepted
>> Thu May 19 11:13:22 2005: DEBUG: Packet dump:
>> *** Sending to 192.168.0.3 port 1087 ....
>> Code:       Accounting-Response
>> Identifier: 0
>> Authentic:  L<174><195>K<236><254><153><186>`l_4<245>z'<160>
>> Attributes:
>>
>>
>> **************************************
>> Everything after "*** Received from 192.168.0.3 port 1087 ...." is
>> written after starting the RRAS.
>>
>>
>>
>> My config file :
>>
>> Foreground
>> LogStdout
>> LogDir    c:/Program Files/Radiator
>> DbDir        c:/Program Files/Radiator
>> AuthPort 1812,1645
>> AuthPort 1813
>>
>> Trace         4
>>
>> <Monitor>
>>     Username ******
>>     Password ******
>> </Monitor>
>>
>> <Client DEFAULT>
>>     Secret    ******
>>     DupInterval 0
>> </Client>
>>
>>
>> <Realm DEFAULT>
>>     # Look up user details in a flat file
>>     <AuthBy LSA>
>>         DefaultDomain krb.com
>>         EAPType MSCHAP-V2
>>     </AuthBy>
>>
>>     # Log accounting to a detail file. %D is replaced by DbDir above
>>     AcctLogFileName    %D/detail
>> </Realm>
>>
>>
>> Thanks in advance for any help,
>> Stéphane
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list