[RADIATOR] Win32-Lsa.ppd
Johnson, Neil M
neil-johnson at uiowa.edu
Thu Apr 29 11:14:21 CDT 2010
Hugh,
That was the trick! That piece is now working and I can do Wireless Authentication with PEAP/MS-CHAP v2.
However I can't seem to get the groups working. See following message.
Thanks.
-Neil
--
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
Work: 319 384-0938
Mobile: 319 540-2081
Fax: 319 355-2618
E-mail: neil-johnson at uiowa.edu
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Wednesday, April 28, 2010 8:49 PM
To: Johnson, Neil M
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] Win32-Lsa.ppd
Hello Neil -
The problem is indicated by the first line below - it appears the user who is running Radiator does not have
'Act as part of the operating system' security policy enabled
See section 5.51 in the Radiator 4.6 reference manual ("doc/ref.pdf").
regards
Hugh
> Hugh,
>
> Below is the trace you requested.
>
> Thanks.
> -Neil
>
>
> Tue Apr 27 14:22:10 2010: ERR: Could not AdjustPrivilege SE_TCB_PRIVILEGE: A required privilege is not held by the client.
>
>
> Tue Apr 27 14:22:10 2010: DEBUG: Finished reading configuration file 'C:\Program Files\Radiator\radius.cfg'
> Tue Apr 27 14:22:10 2010: DEBUG: Reading dictionary file './dictionary'
> Tue Apr 27 14:22:11 2010: DEBUG: Creating authentication port 0.0.0.0:1812
> Tue Apr 27 14:22:11 2010: DEBUG: Creating accounting port 0.0.0.0:1813
> Tue Apr 27 14:22:11 2010: NOTICE: Server started: Radiator 4.6 on NET-AUTH-2
> Tue Apr 27 14:23:25 2010: DEBUG: Packet dump:
> *** Received from 128.255.134.59 port 32774 ....
> Code: Access-Request
> Identifier: 6
> Authentic: #<248>3<255><220>.<203><141><203><207><191><16>+R<232><197>
> Attributes:
> User-Name = "IOWA\nmjoo"
> NAS-IP-Address = 128.255.134.59
> NAS-Port = 12289
> Called-Station-Id = "00-90-0B-06-23-5A:UI-Test-Radiator"
> Calling-Station-Id = "00-1F-3B-CC-09-ED"
> Framed-MTU = 1250
> NAS-Port-Type = Wireless-IEEE-802-11
> Connect-Info = "CONNECT 802.11g"
> EAP-Message = <2><1><0><15><1>IOWA\nmjoo
> Message-Authenticator = z<222>|<30>v<246><19><162><216>W<224>W|<243><165><219>
>
> Tue Apr 27 14:23:25 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Apr 27 14:23:25 2010: DEBUG: Deleting session for IOWA\nmjoo, 128.255.134.59, 12289
> Tue Apr 27 14:23:25 2010: DEBUG: Handling with Radius::AuthFILE:
> Tue Apr 27 14:23:25 2010: DEBUG: Handling with EAP: code 2, 1, 15, 1
> Tue Apr 27 14:23:25 2010: DEBUG: Response type 1
> Tue Apr 27 14:23:26 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Apr 27 14:23:26 2010: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
> Tue Apr 27 14:23:26 2010: DEBUG: Access challenged for IOWA\nmjoo: EAP PEAP Challenge
> Tue Apr 27 14:23:26 2010: DEBUG: Packet dump:
> *** Sending to 128.255.134.59 port 32774 ....
> Code: Access-Challenge
> Identifier: 6
> Authentic: )h<142><182><230><143>tw<230><136>$<141><152><17><202><9>
> Attributes:
> EAP-Message = <1><2><0><6><25>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list