[RADIATOR] WG: Radiator evaluation software downloaded

Heikki Vatiainen hvn at open.com.au
Fri Apr 29 08:45:33 CDT 2011 

On 04/29/2011 02:43 PM, El Abbadi, Ossama wrote:

> Fri Apr 29 11:39:24 2011: DEBUG: EAP result: 1, No Handler for PEAP inner
> authentication
> Fri Apr 29 11:39:24 2011: DEBUG: AuthBy NTLM result: REJECT, No Handler for
> PEAP inner authentication
> Fri Apr 29 11:39:24 2011: INFO: Access rejected for
> elabbadi.ossama at vwa.hs-rw.local: No Handler for PEAP inner authentication
> Fri Apr 29 11:39:24 2011: DEBUG: Packet dump:
> *** Sending to 10.1.2.86 port 1645 ....
> 
> 
> Have anyone an Idea where I can define an Handler for PEAP ?

You already have this:
<Handler TunnelledByPEAP=1, Client-Identifier=wism >

Change it to this:
<Handler TunnelledByPEAP=1>

The inner authentication you are trying to match (TunnelledByPEAP) does
not have Client-Identifier that matches 'wism'.

You should do the similar change to TunnelledByTTLS handler too.


> Thanks for Help
> 
> --------------
> 
> # /etc/radiator/radius.cfg
> #
> # Radiator configuration file
> # Automatically generated by ServerHTTP
> # logged in as admin
> # from client 192.168.105.210:1220
> # on Thu Apr 28 07:56:04 2011
> #
> 
> AcctPort 1646
> AuthPort 1645
> BindAddress 0.0.0.0
> DbDir /etc/radiator
> DictionaryFile %D/dictionary
> Foreground 0
> LicenseExpires 2012-03-01
> LicenseKey cefb3bd23790809524597cb15633b0e4
> LicenseMaxRequests 1000
> LicenseOwner Evaluation
> LivingstonHole 2
> LivingstonMIB .iso.org.dod.internet.private.enterprises.307
> LivingstonOffs 29
> LogDir /var/log/radius
> LogFile %L/logfile
> MaxChildren 0
> PidFile %L/radiusd.pid
> PmwhoProg /usr/local/sbin/pmwho
> SnmpNASErrorTimeout 60
> SnmpgetProg /usr/bin/snmpget
> SnmpsetProg /usr/bin/snmpset
> SnmpwalkProg /usr/bin/snmpwalk
> Trace 6
> 
> <AuthBy NTLM>
>         CachePasswordExpiry 86400
>         DomainFormat %R
>         EAPAnonymous anonymous
>         EAPContextTimeout 1000
>         EAPFAST_PAC_Lifetime 7776000
>         EAPFAST_PAC_Reprovision 2592000
>         EAPTLS_CertificateType PEM
>         EAPTLS_MaxFragmentSize 2048
>         EAPTLS_PEAPVersion 1
>         EAPTLS_SessionResumption 1
>         EAPTLS_SessionResumptionLimit 43200
>         EAPTLS_VerifyDepth 1
>         EAPType MSCHAP-V2
>         Identifier Auth4Tunneled
>         NoDefault 1
>         NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
>         PasswordPrompt password
>         SIPDigestRealm DefaultSipRealm
>         UsernameFormat %U
>         UsernameMatchesWithoutRealm 1
> </AuthBy>
> 
> <Client DEFAULT>
>         DupInterval 0
>         FramedGroupMaxPortsPerClassC 255
>         LivingstonHole 2
>         LivingstonOffs 29
>         NasType unknown
>         NoIgnoreDuplicates
>         SNMPCommunity public
>         Secret mysecret
> </Client>
> 
> <Client mh-ap17>
>         DupInterval 10
>         FramedGroupMaxPortsPerClassC 255
>         LivingstonHole 2
>         LivingstonOffs 29
>         NasType unknown
>         NoIgnoreDuplicates
>         SNMPCommunity public
>         Secret testing123
> </Client>
> 
> <Handler TunnelledByPEAP=1, Client-Identifier=wism >
>         AuthByPolicy ContinueWhileIgnore
>         AuthBy Auth4Tunneled
> </Handler>
> 
> <Handler TunnelledByTTLS=1, Client-Identifier=wism >
>         AuthByPolicy ContinueWhileIgnore
>         AuthBy Auth4Tunneled
> </Handler>
> 
> <Handler Realm = /hs-rw\.local$/i>
>         AcctLogFileName %L/%R-%m-%Y.detail
>         AuthByPolicy ContinueWhileIgnore
> 
>         <AuthBy NTLM>
>                 AutoMPPEKeys 1
>                 CachePasswordExpiry 86400
>                 DomainFormat %0
>                 EAPAnonymous %0
>                 EAPContextTimeout 1000
>                 EAPFAST_PAC_Lifetime 7776000
>                 EAPFAST_PAC_Reprovision 2592000
>                 EAPTLS_CAFile /root/ca/cacert.pem
>                 EAPTLS_CertificateFile /root/ca/servercert.pem
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_MaxFragmentSize 1000
>                 EAPTLS_PEAPVersion 0
>                 EAPTLS_PrivateKeyFile /root/ca/serverkey.pem
>                 EAPTLS_SessionResumption 1
>                 EAPTLS_SessionResumptionLimit 43200
>                 EAPTLS_VerifyDepth 1
>                 EAPType PEAP
>                 EAPType TTLS
>                 NoDefault 1
>                 NtlmAuthProg /usr/bin/ntlm_auth
> --helper-protocol=ntlm-server-1
>                 PasswordPrompt password
>                 SIPDigestRealm DefaultSipRealm
>                 SSLeayTrace 2
>                 UsernameFormat %0
>         </AuthBy>
> </Handler>
> 
> <Handler User-Name = /^vwa\\/i >
> 
> <ServerHTTP >
>         BindAddress 0.0.0.0
>         DefaultPrivilegeLevel 15
>         LogMaxLines 500
>         MaxBufferSize 100000
>         Password password
>         Port 1111
>         Protocol tcp
>         SessionTimeout 3600
>         TLS_ExpectedPeerName .+
>         Trace 6
>         Username admin
> </ServerHTTP>
> 
> 
> 
>> -----Ursprüngliche Nachricht-----
>> Von: Heikki Vatiainen [mailto:hvn at open.com.au]
>> Gesendet: Donnerstag, 28. April 2011 14:35
>> An: El Abbadi, Ossama
>> Cc: radiator at open.com.au
>> Betreff: Re: [RADIATOR] WG: Radiator evaluation software downloaded
>>
>> On 04/28/2011 02:21 PM, El Abbadi, Ossama wrote:
>>
>>> Here the output from my last log file. And I found this entry:
>>>
>>> Thu Apr 28 13:08:08 2011: ERR: Could not load EAP module Radius::EAP_25:
>>> Can't locate Net/SSLeay.pm in @INC (@INC contains: . /etc/perl
>>> /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5
>>> /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10
>>> /usr/local/lib/site_perl .) at /usr/lib/perl5/Radius/TLS.pm line 15.
>>> BEGIN failed--compilation aborted at /usr/lib/perl5/Radius/TLS.pm line
> 15.
>>> Compilation failed in require at /usr/lib/perl5/Radius/EAP_25.pm line
> 24.
>>> BEGIN failed--compilation aborted at /usr/lib/perl5/Radius/EAP_25.pm
>>> line 24.
>>> Compilation failed in require at (eval 57) line 3.
>>>
>>> Had any one an idea, why the compilation failed ?
>>
>> You need Net_SSLeay module. Please see
>> http://www.open.com.au/radiator/install.html
>>
>> The installation instructions and the reference manual ref.pdf tell more
>> about which modules are needed for which features. For example, if you
>> check AuthBy LDAP2 in ref.pdf, it will tell which LDAP modules are needed.
>>
>> Best regards,
>> Heikki
>>
>> --
>> Heikki Vatiainen <hvn at open.com.au>
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS,
>> PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc.
>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list