(RADIATOR) problem to use with AD logon

William Cheung william.cheung at interfor.com
Wed Mar 22 12:41:27 CST 2006


Sorry for take so long since I was in other project, the following is our
copy of the config file.


So far I still having problem with using the Radiator for Windows 2003 AD
login, and I have tried 3 different methods as following but not working,
can you take a look to see any thing I may miss?

1) Using the LSA method but with error message of loading:

Foreground
LogStdout
LogDir		c:/Program Files/Radiator
DbDir		c:/Program Files/Radiator

Trace 		4


<Client 10.50.1.230>
	Secret	mypassword
	# IgnoreAcctSignature	yes
	DupInterval 0
</Client>
# <Client DEFAULT>
#	Secret	mypassword
#	DupInterval 0
#</Client>

<Realm DEFAULT>
	
<Handler TunnelledByPEAP=1>	
	<AuthBy LSA>
		Domain mydomain.net
		Group rasuser
		DomainController \\dc-server1
	EAPType MSCHAP-V2
	</AuthBy>

</Handler>

	# Log accounting to a detail file. %D is replaced by DbDir above
	AcctLogFileName	%D/detail
</Realm>


Error message with using LSA method:

C:\Program Files\Radiator>perl c:\perl\bin\radiusd
Wed Mar 22 10:12:12 2006: ERR: Could not AdjustPrivilege SE_TCB_PRIVILEGE: A
req
uired privilege is not held by the client.

Wed Mar 22 10:12:12 2006: ERR: Could not load AuthBy module Radius::AuthLSA:
Wed Mar 22 10:12:12 2006: ERR: Unknown object 'AuthBy' in C:\Program
Files\Radia
tor\radius.cfg line 76
Wed Mar 22 10:12:12 2006: DEBUG: Finished reading configuration file
'C:\Program
 Files\Radiator\radius.cfg'
This Radiator license will expire on 2006-07-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact admin at open.com.au

Wed Mar 22 10:12:12 2006: DEBUG: Reading dictionary file 'c:/Program
Files/Radia
tor/dictionary'
Wed Mar 22 10:12:12 2006: DEBUG: Creating authentication port 0.0.0.0:1645
Wed Mar 22 10:12:12 2006: DEBUG: Creating accounting port 0.0.0.0:1646
Wed Mar 22 10:12:12 2006: NOTICE: Server started: Radiator 3.14 on
lap-wcheung (
LOCKED)


2) Using LDAP2 method:

Foreground
LogStdout
LogDir		c:/Program Files/Radiator
DbDir		c:/Program Files/Radiator


<Client 10.50.1.230>
	Secret	mypassword
	IgnoreAcctSignature	yes
	DupInterval 0
</Client>
<Client DEFAULT>
	Secret	mypassword
	DupInterval 0
</Client>

<Realm DEFAULT>
	<AuthBy LDAP2>
		Version 3
		host	dc-server1
		Port 3268
		AuthDN cn=administrator, cn=Users, dc=companydomain, dc=net
		AuthPassword	mypassword
		BaseDN		ou=Users, dc=companydomain, dc=net
		ServerChecksPassword
		UsernameAttr sAMAccountName
		# UsernameAttr uid
		AuthAttrDef logonHours,MS-Login-Hours,check
	</AuthBy>
	# Log accounting to a detail file. %D is replaced by DbDir above
	AcctLogFileName	%D/detail

3) using ADSI method
Foreground
LogStdout
LogDir		c:/Program Files/Radiator
DbDir		c:/Program Files/Radiator

Trace 		4

<Client 10.50.1.230>
	Secret	mypassword
	IgnoreAcctSignature	yes
	DupInterval 0
</Client>
<Client DEFAULT>
	Secret	mypassword
	DupInterval 0
</Client>


<Realm DEFAULT>
	
	<AuthBy ADSI>
		BindString LDAP://dc-server1/cn=%0, cn=users, dc=mydomain,
dc=net
		GroupRequired CN=Rasusers
	</AuthBy>

# Log accounting to a detail file. %D is replaced by DbDir above
	AcctLogFileName	%D/detail
</Realm>



Please help, thanks
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Friday, March 17, 2006 2:22 PM
To: William Cheung
Cc: 'radiator at open.com.au'
Subject: Re: (RADIATOR) problem to use with AD logon


Hello William -

Could you please send me a copy of the configuration file you are  
trying to use and a trace 4 debug showing what is happening?

On Windows you should use the AuthBy LSA clause and there is an  
example in "goodies/lsa.cfg".

Note the prerequisites and so on in the comment block at the top of  
the file.

regards

Hugh


On 18 Mar 2006, at 03:53, William Cheung wrote:

> Problem
>
> I have tried to use the radiator together with Windows 2003 AD for  
> the authentication, and I have been trying with 3 different  
> parameters, but none of them I am able to make it work. The  
> parameters below have been tried:
>
>         - AuthBy LDAP2
>
>         - <Handler TunnelledByPEAP=1>   with <AuthBy LSA>
>
>         - <AuthBy ADSI>
>
>
> Question
>
> How can I use the Radiator software to authenticate to Windows 2003  
> AD for the following condition:
>
> -       Radiator installed on windows 2003 standalone member server  
> (any registry needed to be modify?)
> -       what parameter(s) I need to use
> -       used with Nortel 8000 RAC
> -       authenticate to a remote Windows 2003 DC server
>
> Please help
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060322/5a1a2a19/attachment.html>


More information about the radiator mailing list