[RADIATOR] Authby LSA and groups not working (redux)

Johnson, Neil M neil-johnson at uiowa.edu
Fri Oct 1 08:45:32 CDT 2010


Mike,

I'm running with my domain account (which has Administrator privileges) on the server with the "Act as part of the operating system" flag set.

Authentication works as long as I don't use a "Group" Directive.

I'm not sure how to proceed in debugging this.

-Neil


-- 
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
Work: 319 384-0938
Mobile: 319 540-2081
Fax: 319 355-2618
E-mail: neil-johnson at uiowa.edu


> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: Thursday, September 30, 2010 7:03 PM
> To: Johnson, Neil M
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] Authby LSA and groups not working (redux)
> 
> Hello Neil,
> 
> On Friday 01 October 2010 12:15:43 am Johnson, Neil M wrote:
> > No, I'm running it on a member server.
> >
> > Our AD administrators are very reluctant to run applications on PDC's
> and
> > BDC's. I can ask but I don't think I will get permission.
> >
> > Will it work on a BDC ?
> >
> > If not, do I have any other options ? Currently I'm using Radiator to
> proxy
> > 802.1X requests to Juniper Steel-Belted Radius in order to re-write
> VLAN
> > attributes. I was kind of hoping to eliminate SBR in part to simplify
> > support for Eduroam.
> 
> Tests here show that it works OK on any domain member provided that the
> user
> who is running the script is logged in to the domain.
> 
> Cheers.
> 
> >
> > Thanks.
> >
> > -Neil
> >
> > --
> > Neil Johnson
> > Network Engineer
> > Information Technology Services
> > The University of Iowa
> > Work: 319 384-0938
> > Mobile: 319 540-2081
> > Fax: 319 355-2618
> > E-mail: neil-johnson at uiowa.edu
> >
> >
> > -----Original Message-----
> > From: radiator-bounces at open.com.au [mailto:radiator-
> bounces at open.com.au] On
> > Behalf Of Mike McCauley Sent: Wednesday, September 29, 2010 9:22 PM
> > To: radiator at open.com.au
> > Subject: Re: [RADIATOR] Authby LSA and groups not working (redux)
> >
> > Hello Neil,
> >
> > tests here show that your script (suitably modified) works provided
> you run
> > it on the PDC as the administrator.
> >
> > Is that how you are testing?
> >
> > Cheers.
> >
> > On Thursday 30 September 2010 03:18:24 am Johnson, Neil M wrote:
> > > I whipped up a script based on what I could find in the source code
> to
> > > test group membership and it doesn't seem to matter if the group is
> local
> > > or global, it can't find it:
> > >
> > > #!c:\perl64\bin\perl.exe
> > >
> > > use strict;
> > > use Win32::NetAdmin;
> > >
> > > my $User = "nmjoo";
> > > my $Group = "ITS-WIRELESS";
> > > my $Domain = "IOWA";
> > > my $Server = "";
> > >
> > > print "Getting Domain Controller\n";
> > > Win32::NetAdmin::GetDomainController ("", $Domain, $Server);
> > > print "Domain Controller for Domain $Domain is $Server\n";
> > >
> > > print "Checking to see if user: $User is member of Group:
> $Group\n";
> > > if ( Win32::NetAdmin::GroupIsMember($Server, $Group, $User)
> > >
> > >                 || Win32::NetAdmin::LocalGroupIsMember($Server,
> $Group,
> > >                 || $User)) {
> > >
> > >                 print "$User is Member of group $Group";
> > > }
> > > else {
> > >                 print "$User is not Member of group $Group";
> > > }
> > >
> > > Output:
> > >
> > > C:\Program Files\Radiator>test2.pl
> > > Getting Domain Controller
> > > Domain Controller for Domain IOWA is \\IOWADC1
> > > Checking to see if user: nmjoo is member of Group: ITS-WIRELESS
> > > nmjoo is not Member of group ITS-WIRELESS
> > > C:\Program Files\Radiator>
> > > --
> > > Neil Johnson
> > > Network Engineer
> > > Information Technology Services
> > > The University of Iowa
> > > Work: 319 384-0938
> > > Mobile: 319 540-2081
> > > Fax: 319 355-2618
> > > E-mail: neil-johnson at uiowa.edu
> 
> 
> 
> --
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> http://www.open.com.au
> Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.


More information about the radiator mailing list