[RADIATOR] Windows AD authentication with radius
Hugh Irvine
hugh at open.com.au
Wed Jan 27 18:23:28 CST 2010
Hello Corey -
There are typos in your configuration file for the <Client ...> - and you should probably use AuthBy NTLM.
The configuration file should look more like this:
.....
# the Client clause(s) list the devices from which we will accept RADIUS requests
<Client 1.1.1.1>
Secret somesecret
.....
</Client>
# requests will be processed here
# define Realm(s) or Handler(s)
<Handler>
# use AuthBy NTLM for AD
<AuthBy NTLM>
.....
</AuthBy>
</Handler>
There is also already some process using ports 1645 and 1646 which you will need to terminate before you can run Radiator on these ports.
See section 5.65 in the Radiator 4.5.1 reference manual ("doc/ref.pdf") and the example configuration file in "goodies/ntlm.cfg" and "goodies/ntlm_eap_*.cfg".
regards
Hugh
On 28 Jan 2010, at 09:43, Corey Gray wrote:
> Hi,
> I have just been asked to test radiator to secure our wireless network. The requirement is to authenticate users from AD using there common name. I have tried to configure this in the config file but am having a bit of trouble getting radiator to parse the file correctly (im sure my file is inconsistent with radiators requirements) config details
>
>
> Platform RHEL 5.3
> Radiator 4.4
>
> LogDir /var/log/radius
> DbDir /etc/radiator
> Trace 4
>
> <client DEFAULT>
> <AuthBy ADSI>
> BindString LDAP://cn=%0,cn=users,dc=tsa,dc=com,dc=au
> AuthUser cn=%0,cn=users,dc=tsa,dc=com,dc=au
> AuthFlags 0
> </AuthBy>
> secret testpass
> DupInterval 0
> <Realm tsa.com.au>
>
> </Realm>
> <Realm DEFAULT>
> </Realm>
>
> Wed Jan 27 21:51:50 2010: ERR: Unknown object 'client' in /etc/radiator/Radd.cfg line 5
> Wed Jan 27 21:51:50 2010: DEBUG: Finished reading configuration file '/etc/radiator/Radd.cfg'
> Wed Jan 27 21:51:51 2010: DEBUG: Reading dictionary file '/etc/radiator/dictionary'
> Wed Jan 27 21:51:52 2010: DEBUG: Creating authentication port 0.0.0.0:1645
> Wed Jan 27 21:51:52 2010: ERR: Could not bind authentication socket: Address already in use
> Wed Jan 27 21:51:52 2010: DEBUG: Creating accounting port 0.0.0.0:1646
> Wed Jan 27 21:51:52 2010: ERR: Could not bind accounting socket: Address already in use
> Wed Jan 27 21:51:52 2010: NOTICE: Server started: Radiator 4.4 on radiator.tsa.com.au (LOCKED)
>
> My question….
>
> What modules do I need for AD auth and what is required in the config file for this to work?
>
> Im aware of the dictionary issue and that is soon to be resolved J
>
> Thanks in advance
>
> Corey
>
>
>
>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4811 (20100127) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list