[RADIATOR] Win32-Lsa.ppd

Thu Apr 29 11:14:21 CDT 2010

Hugh,

That was the trick! That piece is now working and I can do Wireless Authentication with PEAP/MS-CHAP v2.

However I can't seem to get the groups working. See following message.

Thanks.

-Neil

-- 
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
Work: 319 384-0938
Mobile: 319 540-2081
Fax: 319 355-2618
E-mail: neil-johnson at uiowa.edu

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Wednesday, April 28, 2010 8:49 PM
To: Johnson, Neil M
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] Win32-Lsa.ppd

Hello Neil -

The problem is indicated by the first line below - it appears the user who is running Radiator does not have 

	'Act as part of the operating system' security policy enabled

See section 5.51 in the Radiator 4.6 reference manual ("doc/ref.pdf").

regards

Hugh

> Hugh,
> 
> Below is the trace you requested.
> 
> Thanks.
> -Neil
> 
> 
> Tue Apr 27 14:22:10 2010: ERR: Could not AdjustPrivilege SE_TCB_PRIVILEGE: A required privilege is not held by the client.
> 
> 
> Tue Apr 27 14:22:10 2010: DEBUG: Finished reading configuration file 'C:\Program Files\Radiator\radius.cfg'
> Tue Apr 27 14:22:10 2010: DEBUG: Reading dictionary file './dictionary'
> Tue Apr 27 14:22:11 2010: DEBUG: Creating authentication port 0.0.0.0:1812
> Tue Apr 27 14:22:11 2010: DEBUG: Creating accounting port 0.0.0.0:1813
> Tue Apr 27 14:22:11 2010: NOTICE: Server started: Radiator 4.6 on NET-AUTH-2
> Tue Apr 27 14:23:25 2010: DEBUG: Packet dump:
> *** Received from 128.255.134.59 port 32774 ....
> Code:       Access-Request
> Identifier: 6
> Authentic:  #<248>3<255><220>.<203><141><203><207><191><16>+R<232><197>
> Attributes:
>       User-Name = "IOWA\nmjoo"
>       NAS-IP-Address = 128.255.134.59
>       NAS-Port = 12289
>       Called-Station-Id = "00-90-0B-06-23-5A:UI-Test-Radiator"
>       Calling-Station-Id = "00-1F-3B-CC-09-ED"
>       Framed-MTU = 1250
>       NAS-Port-Type = Wireless-IEEE-802-11
>       Connect-Info = "CONNECT 802.11g"
>       EAP-Message = <2><1><0><15><1>IOWA\nmjoo
>       Message-Authenticator = z<222>|<30>v<246><19><162><216>W<224>W|<243><165><219>
> 
> Tue Apr 27 14:23:25 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Apr 27 14:23:25 2010: DEBUG:  Deleting session for IOWA\nmjoo, 128.255.134.59, 12289
> Tue Apr 27 14:23:25 2010: DEBUG: Handling with Radius::AuthFILE:
> Tue Apr 27 14:23:25 2010: DEBUG: Handling with EAP: code 2, 1, 15, 1
> Tue Apr 27 14:23:25 2010: DEBUG: Response type 1
> Tue Apr 27 14:23:26 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Apr 27 14:23:26 2010: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
> Tue Apr 27 14:23:26 2010: DEBUG: Access challenged for IOWA\nmjoo: EAP PEAP Challenge
> Tue Apr 27 14:23:26 2010: DEBUG: Packet dump:
> *** Sending to 128.255.134.59 port 32774 ....
> Code:       Access-Challenge
> Identifier: 6
> Authentic:  )h<142><182><230><143>tw<230><136>$<141><152><17><202><9>
> Attributes:
>       EAP-Message = <1><2><0><6><25>
>       Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.