No subject


Tue Jun 24 01:22:33 CDT 2008


LSA. I think you will find that AuthBy LSA will work better with EAP 
authentication types.

Cheers.


On Wed, 3 Sep 2003 05:13 am, Christian Fredrickson wrote:
> OK, I configured the server to run a LSA handler and my normal handler. I
> have the server up and running the LSA module, but I cannot get a user
> authenticated. I still do not see the password coming through the request.
> My configuration and error will be in the body of the message below. You
> can see the password still does not show up. I am not certain what the
> configuration settings should be for the AuthBy sections. We are using
> EAPTTLS with PAP for authentication.
>
> Thank you,
>
> Chris
>
> Config
> ***************************************************************************
>* ********
> # radius.cfg - Chemical and Fuels
> # Last updated 08-25-2003
>
>
>
> # ----------------------------------------
> # General Server Options
> # ----------------------------------------
> #Foreground
> BindAddress             155.99.173.37
> AuthPort                1812
> AcctPort                1813
>
> IgnoreAcctSignature
>
>
> Foreground
> LogStdout
> LogDir		c:/Program Files/Radiator
> DbDir		c:/Program Files/Radiator
>
> PidFile                 %D/radiusd.pid
> DictionaryFile          %D/dictionary
>
>
>
> # ----------------------------------------
> # Logging
> # ----------------------------------------
> #LogStdout
> Trace                   4
> LogFile                 %L/radiator.log
>
> # ----------------------------------------
> # NAS Devices
> # ----------------------------------------
>
> <Client 155.98.0.3>
>     NoIgnoreDuplicates Access-Request
>     NoIgnoreDuplicates Access-Challenge
>     Secret
>     DupInterval 0
> </Client>
>
> <Client 155.98.0.4>
>     NoIgnoreDuplicates Access-Request
>     NoIgnoreDuplicates Access-Challenge
>     Secret
>     DupInterval 0
> </Client>
>
> <Client 155.99.173.37>
>     NoIgnoreDuplicates Access-Request
>     NoIgnoreDuplicates Access-Challenge
>     Secret
> </Client>
>
> <Handler TunnelledByPEAP=1>
> 	# Authenticate with Windows LSA
> 	<AuthBy LSA>
> 		Domain				CHE
> 		EAPType				TTLS
> 	</AuthBy>
> </Handler>
>
> <Handler Realm=che.utah.edu>
>     RejectHasReason
>     AcctLogFileName             %L/che.utah.edu_accounting.log
>     AcctLogFileFormat           %l, %{User-Name}, %{Acct-Session-Id},
> %{Acct-Authentic}, %{Acct-Status-Type}, \
>                                 %{NAS-Identifier}, %{NAS-IP-Address},
> %{NAS-Port}, %{NAS-Port-Type}, %{Timestamp}
>     #PasswordLogFileName        %L/che.utah.edu_login.log
>
>     <Log FILE>        Trace                   5
>         Filename                %L/che.utah.edu_radiator.log
>     </Log>
>
>     <AuthLog FILE>
>         Filename                %L/che.utah.edu_auth.log
>         LogSuccess              1
>         LogFailure              1
>         SuccessFormat           %l,%U,%N,%h,OK
>         FailureFormat           %l,%U,%N,%h,FAIL
>     </AuthLog>
>
>     <StatsLog FILE>
>         Interval                604800
>         Filename                %L/che.utah.edu_stats.log
>         #Format
>     </StatsLog>
>
>
>     RewriteUsername s/^([^@]+).*/$1/
> 	<AuthBy ADSI>
> 		#Identifier			ADSI
> 		SearchAttribute			SAMAccountName
> 		AuthUser			%0
> 		AuthFlags			1
>         	BindString			LDAP://che-2551-37/dc=che,dc=utah,dc=edu
> 		SSLeayTrace			4
>         	EAPType				TTLS
> 		EAPTLS_MaxFragmentSize		1024
> 		EAPTLS_SessionResumption        0
> 		EAPTLS_CertificateType		PEM
> 		EAPTLS_CAFile                   %D/cert/root.pem
>         	EAPTLS_CertificateType          PEM
>         	EAPTLS_CertificateFile          %D/cert/server-cert.pem
>         	EAPTLS_PrivateKeyFile           %D/cert/server-cert.pem.txt
>         	EAPTLS_PrivateKeyPassword       cheradiuscert
>         	#EAPTLS_RandomFile              %D/cert/random
>         	AutoMPPEKeys
>     	</AuthBy>
>
> </Handler>
>
> ***************************************************************************
>* ********
> End Config
>
> Error
> ***************************************************************************
>* ********
>
> Tue Sep  2 13:09:31 2003: DEBUG: User found at LDAP://CN=Chris
> Fredrickson,OU=CH
> E Admins,DC=che,DC=utah,DC=edu
> Tue Sep  2 13:09:31 2003: DEBUG: Connecting to namespace: LDAP:
> Tue Sep  2 13:09:31 2003: DEBUG: Running OpenDSObject on LDAP://CN=Chris
> Fredric
> kson,OU=CHE Admins,DC=che,DC=utah,DC=edu
> Tue Sep  2 13:09:31 2003: DEBUG: BindString: LDAP://CN=Chris
> Fredrickson,OU=CHE
> Admins,DC=che,DC=utah,DC=edu  authUser: 00303341 password:  authFlags: 1
> Win32::OLE(0.1403) error 0x8002000f: "Parameter not optional"
>     in METHOD/PROPERTYGET "OpenDSObject" at
> c:/Perl/site/lib/Radius/AuthADSI.pm
> line 134
> Tue Sep  2 13:09:31 2003: DEBUG: Could not get user object:
> Win32::OLE(0.1403) e
> rror 0x8002000f: "Parameter not optional"
>     in METHOD/PROPERTYGET "OpenDSObject"
> Tue Sep  2 13:09:31 2003: INFO: Access rejected for 00303341: Could not
> find use
> r
> Tue Sep  2 13:09:31 2003: DEBUG: Packet dump:
> *** Sending to 155.98.0.3 port 1814 ....
> Code:       Access-Reject
> Identifier: 70
> Authentic:  <152><10><0><0><243><11><0><0><134><13><0><0><10>I<0><0>
> Attributes:
>         Reply-Message = "Could not find user"
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> Behalf Of Mike McCauley
> Sent: Friday, August 29, 2003 6:46 PM
> To: Christian Fredrickson; Radiator
> Subject: Re: (RADIATOR) ADSI and EAP
>
>
> Hello Christian,
>
> On Sat, 30 Aug 2003 09:33 am, Christian Fredrickson wrote:
> > When I use EAP authentication using AuthBy ADSI, the password fails. Is
> > there any way to get this working?
>
> AuthBy ADSI only works with authentication methods that send a plaintext
> password, such as PAP.
> If you wish to support PAP, CHAP, MSCHAP, MSCHAPV2, EAP-PEAP-MSCHAPV2 etc,
> you
> should look at the new AuthBy LSA module. See the Radiator 3.6 patches area
> for more information.
>
> Cheers.
>
> > Chris
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list