[RADIATOR] help with AuthBy LSA failure
Hugh Irvine
hugh at open.com.au
Sat Jul 12 03:10:30 CDT 2008
Hello Jason -
Can you please tell me what access server, what version of Windows,
what version of Perl, and what version of OpenSSL you are running?
There appears to be a problem with whatever access server you are
running, as the debug below seems to show a broken packet.
If you can send us a trace 5 debug it will help.
regards
Hugh
On 12 Jul 2008, at 01:37, Jason Mueller wrote:
> Hugh (or others),
>
> I am still having authentication issues with the <AuthBy LSA>
> module and PEAP. The configuration file has not changed from the
> initial post. I have corrected the SE_TCB_PRIVILEGE error per
> Hugh's suggestion (thanks). I am not generally in the role of a
> Windows admin, and I *thought* running the module with an
> administrator account met the requirement (which is not the same as
> using the Administrator account). I am not sure if the SSLeay error
> is expected or not, but it also occurs when using <AuthBy FILE> for
> the inner authentication, which is successful.
>
> Again . . . any help is appreciated. Thanks.
>
> -Jason
>
>
> Here is the output from the Radiator:
> ----------
> Fri Jul 11 11:09:54 2008: DEBUG: Finished reading configuration
> file 'C:\Program Files\Radiator\radius.cfg'
> This Radiator license will expire on 2008-08-30
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your license period, contact admin at open.com.au
>
> Fri Jul 11 11:09:54 2008: DEBUG: Reading dictionary file 'E:/
> Radiator/dictionary'
> Fri Jul 11 11:09:54 2008: DEBUG: Creating authentication port
> 0.0.0.0:1812
> Fri Jul 11 11:09:55 2008: DEBUG: Creating accounting port 0.0.0.0:1813
> Fri Jul 11 11:09:55 2008: NOTICE: Server started: Radiator 4.2 on
> iubiastest (LOCKED)
> Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is
> not defined in your dictionary
> Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is
> not defined in your dictionary
> Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is
> not defined in your dictionary
> Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is
> not defined in your dictionary
> Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is
> not defined in your dictionary
> Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is
> not defined in your dictionary
> Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is
> not defined in your dictionary
> Fri Jul 11 11:10:12 2008: ERR: Attribute number 255 (vendor 11) is
> not defined in your dictionary
> Fri Jul 11 11:10:12 2008: DEBUG: Packet dump:
> *** Received from 129.79.9.37 port 1026 ....
> Code: Access-Request
> Identifier: 27
> Authentic: <222>@<149><222><243><30>z]CGr"$<18><132><166>
> Attributes:
> Framed-MTU = 1466
> NAS-IP-Address = 129.79.9.37
> NAS-Identifier = "jcm-test"
> User-Name = "jasmuell"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> NAS-Port = 24
> NAS-Port-Type = Ethernet
> NAS-Port-Id = "A24"
> Called-Station-Id = "00-17-a4-bb-07-00"
> Calling-Station-Id = "00-16-cb-8a-a8-7e"
> Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
> Tunnel-Type = 0:VLAN
> Tunnel-Medium-Type = 0:802
> Tunnel-Private-Group-ID = 100
> EAP-Message = <2><23><0><13><1>jasmuell
> Message-Authenticator = <158><249><239><137><174>q
> +<149><156>c<130>o"<203><146>C
> MS-RAS-Vendor = 11
>
> Fri Jul 11 11:10:12 2008: DEBUG: Handling request with Handler ''
> Fri Jul 11 11:10:12 2008: DEBUG: Deleting session for jasmuell,
> 129.79.9.37, 24
> Fri Jul 11 11:10:12 2008: DEBUG: Handling with Radius::AuthFILE:
> Fri Jul 11 11:10:12 2008: DEBUG: Handling with EAP: code 2, 23, 13, 1
> Fri Jul 11 11:10:12 2008: DEBUG: Response type 1
> Prototype mismatch: sub Net::SSLeay::randomize (;$$) vs none at
> (eval 48) line 1.
> Fri Jul 11 11:10:12 2008: ERR: TLS could not load_verify_locations , :
> Fri Jul 11 11:10:12 2008: DEBUG: EAP result: 1, EAP TLS Could not
> initialise context
> Fri Jul 11 11:10:12 2008: DEBUG: AuthBy FILE result: REJECT, EAP
> TLS Could not initialise context
> Fri Jul 11 11:10:12 2008: INFO: Access rejected for jasmuell: EAP
> TLS Could not initialise context
> Fri Jul 11 11:10:12 2008: DEBUG: Packet dump:
> *** Sending to 129.79.9.37 port 1026 ....
> Code: Access-Reject
> Identifier: 27
> Authentic:
> h<253><192>z<193><153><159><147><27>_<148><224><20><26><0>z
> Attributes:
> Reply-Message = "Request Denied"
> ----------
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list