(RADIATOR) problem to use with AD logon
William Cheung
william.cheung at interfor.com
Wed Mar 22 12:41:27 CST 2006
Sorry for take so long since I was in other project, the following is our
copy of the config file.
So far I still having problem with using the Radiator for Windows 2003 AD
login, and I have tried 3 different methods as following but not working,
can you take a look to see any thing I may miss?
1) Using the LSA method but with error message of loading:
Foreground
LogStdout
LogDir c:/Program Files/Radiator
DbDir c:/Program Files/Radiator
Trace 4
<Client 10.50.1.230>
Secret mypassword
# IgnoreAcctSignature yes
DupInterval 0
</Client>
# <Client DEFAULT>
# Secret mypassword
# DupInterval 0
#</Client>
<Realm DEFAULT>
<Handler TunnelledByPEAP=1>
<AuthBy LSA>
Domain mydomain.net
Group rasuser
DomainController \\dc-server1
EAPType MSCHAP-V2
</AuthBy>
</Handler>
# Log accounting to a detail file. %D is replaced by DbDir above
AcctLogFileName %D/detail
</Realm>
Error message with using LSA method:
C:\Program Files\Radiator>perl c:\perl\bin\radiusd
Wed Mar 22 10:12:12 2006: ERR: Could not AdjustPrivilege SE_TCB_PRIVILEGE: A
req
uired privilege is not held by the client.
Wed Mar 22 10:12:12 2006: ERR: Could not load AuthBy module Radius::AuthLSA:
Wed Mar 22 10:12:12 2006: ERR: Unknown object 'AuthBy' in C:\Program
Files\Radia
tor\radius.cfg line 76
Wed Mar 22 10:12:12 2006: DEBUG: Finished reading configuration file
'C:\Program
Files\Radiator\radius.cfg'
This Radiator license will expire on 2006-07-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact admin at open.com.au
Wed Mar 22 10:12:12 2006: DEBUG: Reading dictionary file 'c:/Program
Files/Radia
tor/dictionary'
Wed Mar 22 10:12:12 2006: DEBUG: Creating authentication port 0.0.0.0:1645
Wed Mar 22 10:12:12 2006: DEBUG: Creating accounting port 0.0.0.0:1646
Wed Mar 22 10:12:12 2006: NOTICE: Server started: Radiator 3.14 on
lap-wcheung (
LOCKED)
2) Using LDAP2 method:
Foreground
LogStdout
LogDir c:/Program Files/Radiator
DbDir c:/Program Files/Radiator
<Client 10.50.1.230>
Secret mypassword
IgnoreAcctSignature yes
DupInterval 0
</Client>
<Client DEFAULT>
Secret mypassword
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy LDAP2>
Version 3
host dc-server1
Port 3268
AuthDN cn=administrator, cn=Users, dc=companydomain, dc=net
AuthPassword mypassword
BaseDN ou=Users, dc=companydomain, dc=net
ServerChecksPassword
UsernameAttr sAMAccountName
# UsernameAttr uid
AuthAttrDef logonHours,MS-Login-Hours,check
</AuthBy>
# Log accounting to a detail file. %D is replaced by DbDir above
AcctLogFileName %D/detail
3) using ADSI method
Foreground
LogStdout
LogDir c:/Program Files/Radiator
DbDir c:/Program Files/Radiator
Trace 4
<Client 10.50.1.230>
Secret mypassword
IgnoreAcctSignature yes
DupInterval 0
</Client>
<Client DEFAULT>
Secret mypassword
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy ADSI>
BindString LDAP://dc-server1/cn=%0, cn=users, dc=mydomain,
dc=net
GroupRequired CN=Rasusers
</AuthBy>
# Log accounting to a detail file. %D is replaced by DbDir above
AcctLogFileName %D/detail
</Realm>
Please help, thanks
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Friday, March 17, 2006 2:22 PM
To: William Cheung
Cc: 'radiator at open.com.au'
Subject: Re: (RADIATOR) problem to use with AD logon
Hello William -
Could you please send me a copy of the configuration file you are
trying to use and a trace 4 debug showing what is happening?
On Windows you should use the AuthBy LSA clause and there is an
example in "goodies/lsa.cfg".
Note the prerequisites and so on in the comment block at the top of
the file.
regards
Hugh
On 18 Mar 2006, at 03:53, William Cheung wrote:
> Problem
>
> I have tried to use the radiator together with Windows 2003 AD for
> the authentication, and I have been trying with 3 different
> parameters, but none of them I am able to make it work. The
> parameters below have been tried:
>
> - AuthBy LDAP2
>
> - <Handler TunnelledByPEAP=1> with <AuthBy LSA>
>
> - <AuthBy ADSI>
>
>
> Question
>
> How can I use the Radiator software to authenticate to Windows 2003
> AD for the following condition:
>
> - Radiator installed on windows 2003 standalone member server
> (any registry needed to be modify?)
> - what parameter(s) I need to use
> - used with Nortel 8000 RAC
> - authenticate to a remote Windows 2003 DC server
>
> Please help
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060322/5a1a2a19/attachment.html>
More information about the radiator
mailing list