[RADIATOR] Windows AD authentication with radius

Alexander Hartmaier alexander.hartmaier at t-systems.at
Thu Jan 28 02:54:38 CST 2010


I'd suggest to use AuthBy LDAP2 to be able to limit the allowed users to
groups or other user attributes (like not-locked, ...).

--
Best regards, Alex


Am Donnerstag, den 28.01.2010, 01:23 +0100 schrieb Hugh Irvine:
> Hello Corey -
>
> There are typos in your configuration file for the <Client ...> - and you should probably use AuthBy NTLM.
>
> The configuration file should look more like this:
>
> .....
>
> # the Client clause(s) list the devices from which we will accept RADIUS requests
>
> <Client 1.1.1.1>
>       Secret somesecret
>       .....
> </Client>
>
> # requests will be processed here
> # define Realm(s) or Handler(s)
>
> <Handler>
>       # use AuthBy NTLM for AD
>       <AuthBy NTLM>
>               .....
>       </AuthBy>
> </Handler>
>
>
> There is also already some process using ports 1645 and 1646 which you will need to terminate before you can run Radiator on these ports.
>
> See section 5.65 in the Radiator 4.5.1 reference manual ("doc/ref.pdf") and the example configuration file in "goodies/ntlm.cfg" and "goodies/ntlm_eap_*.cfg".
>
> regards
>
> Hugh
>
>
>
> On 28 Jan 2010, at 09:43, Corey Gray wrote:
>
> > Hi,
> >    I have just been asked to test radiator to secure our wireless network. The requirement is to authenticate users from AD using there common name. I have tried to configure this in the config file but am having a bit of trouble getting radiator to parse the file correctly (im sure my file is inconsistent with radiators requirements) config details
> >
> >
> > Platform RHEL 5.3
> > Radiator 4.4
> >
> > LogDir  /var/log/radius
> > DbDir   /etc/radiator
> > Trace   4
> >
> > <client DEFAULT>
> >         <AuthBy ADSI>
> >                 BindString LDAP://cn=%0,cn=users,dc=tsa,dc=com,dc=au
> >                 AuthUser cn=%0,cn=users,dc=tsa,dc=com,dc=au
> >                 AuthFlags 0
> >         </AuthBy>
> >                 secret  testpass
> >                 DupInterval 0
> > <Realm tsa.com.au>
> >
> > </Realm>
> > <Realm DEFAULT>
> > </Realm>
> >
> > Wed Jan 27 21:51:50 2010: ERR: Unknown object 'client' in /etc/radiator/Radd.cfg line 5
> > Wed Jan 27 21:51:50 2010: DEBUG: Finished reading configuration file '/etc/radiator/Radd.cfg'
> > Wed Jan 27 21:51:51 2010: DEBUG: Reading dictionary file '/etc/radiator/dictionary'
> > Wed Jan 27 21:51:52 2010: DEBUG: Creating authentication port 0.0.0.0:1645
> > Wed Jan 27 21:51:52 2010: ERR: Could not bind authentication socket: Address already in use
> > Wed Jan 27 21:51:52 2010: DEBUG: Creating accounting port 0.0.0.0:1646
> > Wed Jan 27 21:51:52 2010: ERR: Could not bind accounting socket: Address already in use
> > Wed Jan 27 21:51:52 2010: NOTICE: Server started: Radiator 4.4 on radiator.tsa.com.au (LOCKED)
> >
> > My question….
> >
> > What modules do I need for AD auth and what is required in the config file for this to work?
> >
> > Im aware of the dictionary issue and that is soon to be resolved J
> >
> > Thanks in advance
> >
> > Corey
> >
> >
> >
> >
> >
> >
> >
> > __________ Information from ESET NOD32 Antivirus, version of virus signature database 4811 (20100127) __________
> >
> > The message was checked by ESET NOD32 Antivirus.
> >
> > http://www.eset.com
> > _______________________________________________
> > radiator mailing list
> > radiator at open.com.au
> > http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>


*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH   Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*


More information about the radiator mailing list