[RADIATOR] help with AuthBy LSA failure

Jason Mueller jasmuell at indiana.edu
Fri Jul 11 10:37:08 CDT 2008


Hugh (or others),

I am still having authentication issues with the <AuthBy LSA> module  
and PEAP. The configuration file has not changed from the initial  
post. I have corrected the SE_TCB_PRIVILEGE error per Hugh's  
suggestion (thanks). I am not generally in the role of a Windows  
admin, and I *thought* running the module with an administrator  
account met the requirement (which is not the same as using the  
Administrator account). I am not sure if the SSLeay error is expected  
or not, but it also occurs when using <AuthBy FILE> for the inner  
authentication, which is successful.

Again . . . any help is appreciated. Thanks.

-Jason


Here is the output from the Radiator:
----------
Fri Jul 11 11:09:54 2008: DEBUG: Finished reading configuration file  
'C:\Program Files\Radiator\radius.cfg'
This Radiator license will expire on 2008-08-30
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact admin at open.com.au

Fri Jul 11 11:09:54 2008: DEBUG: Reading dictionary file 'E:/Radiator/ 
dictionary'
Fri Jul 11 11:09:54 2008: DEBUG: Creating authentication port  
0.0.0.0:1812
Fri Jul 11 11:09:55 2008: DEBUG: Creating accounting port 0.0.0.0:1813
Fri Jul 11 11:09:55 2008: NOTICE: Server started: Radiator 4.2 on  
iubiastest (LOCKED)
Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is not  
defined in your dictionary
Fri Jul 11 11:10:12 2008: DEBUG: Packet dump:
*** Received from 129.79.9.37 port 1026 ....
Code:       Access-Request
Identifier: 27
Authentic:  <222>@<149><222><243><30>z]CGr"$<18><132><166>
Attributes:
         Framed-MTU = 1466
         NAS-IP-Address = 129.79.9.37
         NAS-Identifier = "jcm-test"
         User-Name = "jasmuell"
         Service-Type = Framed-User
         Framed-Protocol = PPP
         NAS-Port = 24
         NAS-Port-Type = Ethernet
         NAS-Port-Id = "A24"
         Called-Station-Id = "00-17-a4-bb-07-00"
         Calling-Station-Id = "00-16-cb-8a-a8-7e"
         Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
         Tunnel-Type = 0:VLAN
         Tunnel-Medium-Type = 0:802
         Tunnel-Private-Group-ID = 100
         EAP-Message = <2><23><0><13><1>jasmuell
         Message-Authenticator = <158><249><239><137><174>q 
+<149><156>c<130>o"<203><146>C
         MS-RAS-Vendor = 11

Fri Jul 11 11:10:12 2008: DEBUG: Handling request with Handler ''
Fri Jul 11 11:10:12 2008: DEBUG:  Deleting session for jasmuell,  
129.79.9.37, 24
Fri Jul 11 11:10:12 2008: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 11 11:10:12 2008: DEBUG: Handling with EAP: code 2, 23, 13, 1
Fri Jul 11 11:10:12 2008: DEBUG: Response type 1
Prototype mismatch: sub Net::SSLeay::randomize (;$$) vs none at (eval  
48) line 1.
Fri Jul 11 11:10:12 2008: ERR: TLS could not load_verify_locations , :
Fri Jul 11 11:10:12 2008: DEBUG: EAP result: 1, EAP TLS Could not  
initialise context
Fri Jul 11 11:10:12 2008: DEBUG: AuthBy FILE result: REJECT, EAP TLS  
Could not initialise context
Fri Jul 11 11:10:12 2008: INFO: Access rejected for jasmuell: EAP TLS  
Could not initialise context
Fri Jul 11 11:10:12 2008: DEBUG: Packet dump:
*** Sending to 129.79.9.37 port 1026 ....
Code:       Access-Reject
Identifier: 27
Authentic:  h<253><192>z<193><153><159><147><27>_<148><224><20><26><0>z
Attributes:
         Reply-Message = "Request Denied"
----------




More information about the radiator mailing list