[RADIATOR] Adding Class Attribute to access response
Richard Dunne
richard.dunne at dit.ie
Wed Feb 18 11:51:27 CST 2009
Active dir/ radius
Hi all
Im rebuilding my radius setup.
I have a new server and trying to get eAP-PEAP working again.
I want to get to a point where i can use it to log in a user using WPA and
AES or TKIp
Using active dir via radius,
At the monument I cant get the users file to even work,
Below is my config and log file.
The main problem is Wed Feb 18 17:16:57 2009: DEBUG: AuthBy FILE result:
REJECT, EAP authentication is not permitted.
Wed Feb 18 17:16:57 2009: INFO: Access rejected for kk at dit.ie: EAP
authentication is not permitted.
Wed Feb 18 17:16:57 2009: DEBUG: Packet dump:
*** Sending to 147.252.2.112 port 2051 .....
Im all this all day. And just cant see it
If any one has this working can you send on the files . I cant get my head
around inner and outher auth
Thaks
Richard
Config
Foreground
LogStdout
AuthPort 1645,1812,1813
DictionaryFile /etc/radiator/dictionary,/etc/radiator/dictionary.cisco
LogDir /var/log/radius
DbDir /etc/radiator/
# User a lower trace level in production systems:
Trace 5
#AuthPort 1812
#AcctPort 1813
#LogDir /var/log/radius
#DbDir /etc/radiator
#Trace 5
#DictionaryFile /etc/radiator/dictionary,/etc/radiator/dictionary.cisco
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
<Client 147.252.2.112>
Secret hello
DupInterval 0
</Client>
<Client 192.168.1.1>
Secret hello
DupInterval 0
</Client>
<Handler Realm=dit.ie>
<AuthBy FILE>
Filename users
</AuthBy>
</Handler>
<Handler Realm=dit.ie>
<AuthBy FILE>
Filename users
EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge,PAP,GTC
#EAPType TTLS, PEAP, MSCHAP-V2
EAPTLS_CAFile %D/certificates/cacert.pem
EAPTLS_CertificateFile %D/certificates/server_cert.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/server_key.pem
EAPTLS_MaxFragmentSize 1024
EAPAnonymous anonymous at default
AutoMPPEKeysIdentifier: 5
Authentic: n}<144>H<138>E<211><158>s<12>E5k<0>VF
Attributes:
User-Name = "kk at dit.ie"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Called-Station-Id = "00-1E-E5-97-1A-00:rdunne"
Calling-Station-Id = "00-1C-BF-7B-14-B2"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><0><0><14><1>kk at dit.ie
Message-Authenticator =
k<27><209>V<213><242>A<232><20><201><157><15><11><141><152><183>
Wed Feb 18 17:16:57 2009: DEBUG: Handling request with Handler
'Realm=dit.ie'
Wed Feb 18 17:16:57 2009: DEBUG: Deleting session for kk at dit.ie,
192.168.1.1, 0
Wed Feb 18 17:16:57 2009: DEBUG: Handling with Radius::AuthFILE:
Wed Feb 18 17:16:57 2009: DEBUG: Handling with EAP: code 2, 0, 14, 1
Wed Feb 18 17:16:57 2009: DEBUG: Response type 1
Wed Feb 18 17:16:57 2009: DEBUG: EAP result: 1, EAP authentication is not
permitted.
Wed Feb 18 17:16:57 2009: DEBUG: AuthBy FILE result: REJECT, EAP
authentication is not permitted.
Wed Feb 18 17:16:57 2009: INFO: Access rejected for kk at dit.ie: EAP
authentication is not permitted.
Wed Feb 18 17:16:57 2009: DEBUG: Packet dump:
*** Sending to 147.252.2.112 port 2051 ....
Packet length = 36
03 05 00 24 40 6a 11 4a 01 67 4e 0f df 29 ec b7
73 b5 da be 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code: Access-Reject
Identifier: 5
Authentic: @j<17>J<1>gN<15><223>)<236><183>s<181><218><190>
Attributes:
Reply-Message = "Request Denied"
AddToReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
LOG
This message has been scanned for content and viruses by the DIT Information Services E-Mail Scanning Service, and is believed to be clean. http://www.dit.ie
More information about the radiator
mailing list