[RADIATOR] WG: Radiator evaluation software downloaded
El Abbadi, Ossama
Ossama.Elabbadi at hs-ruhrwest.de
Mon May 2 09:29:30 CDT 2011
Hi All,
Thank you for all your answers. Now I have followed your advice and get now
this logout. Unfortunately, I do not understand why I get this :" INFO:
Access rejected for vwa\elabbadi.ossama: No AuthBy found ". Have anyone an
idea how I can authenticate via Radiator and Active Directory. I have found
many half solutions in a mail archive but not really HowTo. I cannot believe
it can be difficult.
Kind regards
Ossama
-------
Code: Access-Request
Identifier: 55
Authentic: <167><210><157><238><199>06<196><148><28>YY<200><238>!4
Attributes:
User-Name = "vwa\elabbadi.ossama"
Framed-MTU = 1400
Called-Station-Id = "b4a4.e31f.abb0"
Calling-Station-Id = "0024.d6ae.5c66"
Service-Type = Login-User
Message-Authenticator =
<4><178>8<225><0>U<13>k<11><235>X<218>4<197><255><202>
EAP-Message = <2><2><0><24><1>vwa\elabbadi.ossama
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 7747
NAS-Port-Id = "7747"
NAS-IP-Address = 10.1.2.86
NAS-Identifier = "mh-ap17"
Mon May 2 11:00:16 2011: DEBUG: Handling request with Handler 'User-Name =
/^vwa\\/i ', Identifier ''
Mon May 2 11:00:16 2011: DEBUG: Deleting session for vwa\elabbadi.ossama,
10.1.2.86, 7747
Mon May 2 11:00:16 2011: INFO: Access rejected for vwa\elabbadi.ossama: No
AuthBy found
Mon May 2 11:00:16 2011: DEBUG: Packet dump:
*** Sending to 10.1.2.86 port 1645 ....
Packet length = 36
03 37 00 24 ef 94 2c 12 5a c3 48 78 5c d6 8a 50
69 fe d4 5d 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code: Access-Reject
Identifier: 55
Authentic: <239><148>,<18>Z<195>Hx\<214><138>Pi<254><212>]
Attributes:
Reply-Message = "Request Denied"
Config:
<Handler TunnelledByPEAP=1>
#, Client-Identifier=wism >
AuthByPolicy ContinueWhileIgnore
AuthBy Auth4Tunneled
</Handler>
<Handler TunnelledByTTLS=1,>
#, Client-Identifier=wism >
AuthByPolicy ContinueWhileIgnore
AuthBy Auth4Tunneled
</Handler>
<Handler Realm = /hs-rw\.local$/i>
AcctLogFileName %L/%R-%m-%Y.detail
AuthByPolicy ContinueWhileIgnore
<AuthBy NTLM>
AutoMPPEKeys 1
CachePasswordExpiry 86400
DomainFormat %0
EAPAnonymous %0
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_CAFile /root/ca/cacert.pem
EAPTLS_CertificateFile /root/ca/servercert.pem
EAPTLS_CertificateType PEM
EAPTLS_MaxFragmentSize 1000
EAPTLS_PEAPVersion 0
EAPTLS_PrivateKeyFile /root/ca/serverkey.pem
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
EAPType PEAP
EAPType TTLS
NoDefault 1
NtlmAuthProg /usr/bin/ntlm_auth
--helper-protocol=ntlm-server-1
PasswordPrompt password
SIPDigestRealm DefaultSipRealm
SSLeayTrace 2
UsernameFormat %0
</AuthBy>
</Handler>
<Handler User-Name = /^vwa\\/i >
----------------------------------------------------------------------------
---
> -----Ursprüngliche Nachricht-----
> Von: Heikki Vatiainen [mailto:hvn at open.com.au]
> Gesendet: Freitag, 29. April 2011 15:46
> An: radiator at open.com.au
> Cc: El Abbadi, Ossama
> Betreff: Re: [RADIATOR] WG: Radiator evaluation software downloaded
>
> On 04/29/2011 02:43 PM, El Abbadi, Ossama wrote:
>
> > Fri Apr 29 11:39:24 2011: DEBUG: EAP result: 1, No Handler for PEAP
> > inner authentication Fri Apr 29 11:39:24 2011: DEBUG: AuthBy NTLM
> > result: REJECT, No Handler for PEAP inner authentication Fri Apr 29
> > 11:39:24 2011: INFO: Access rejected for
> > elabbadi.ossama at vwa.hs-rw.local: No Handler for PEAP inner
> > authentication Fri Apr 29 11:39:24 2011: DEBUG: Packet dump:
> > *** Sending to 10.1.2.86 port 1645 ....
> >
> >
> > Have anyone an Idea where I can define an Handler for PEAP ?
>
> You already have this:
> <Handler TunnelledByPEAP=1, Client-Identifier=wism >
>
> Change it to this:
> <Handler TunnelledByPEAP=1>
>
> The inner authentication you are trying to match (TunnelledByPEAP) does
> not have Client-Identifier that matches 'wism'.
>
> You should do the similar change to TunnelledByTTLS handler too.
>
>
> > Thanks for Help
> >
> > --------------
> >
> > # /etc/radiator/radius.cfg
> > #
> > # Radiator configuration file
> > # Automatically generated by ServerHTTP # logged in as admin # from
> > client 192.168.105.210:1220 # on Thu Apr 28 07:56:04 2011 #
> >
> > AcctPort 1646
> > AuthPort 1645
> > BindAddress 0.0.0.0
> > DbDir /etc/radiator
> > DictionaryFile %D/dictionary
> > Foreground 0
> > LicenseExpires 2012-03-01
> > LicenseKey cefb3bd23790809524597cb15633b0e4 LicenseMaxRequests
> 1000
> > LicenseOwner Evaluation LivingstonHole 2 LivingstonMIB
> > .iso.org.dod.internet.private.enterprises.307
> > LivingstonOffs 29
> > LogDir /var/log/radius
> > LogFile %L/logfile
> > MaxChildren 0
> > PidFile %L/radiusd.pid
> > PmwhoProg /usr/local/sbin/pmwho
> > SnmpNASErrorTimeout 60
> > SnmpgetProg /usr/bin/snmpget
> > SnmpsetProg /usr/bin/snmpset
> > SnmpwalkProg /usr/bin/snmpwalk
> > Trace 6
> >
> > <AuthBy NTLM>
> > CachePasswordExpiry 86400
> > DomainFormat %R
> > EAPAnonymous anonymous
> > EAPContextTimeout 1000
> > EAPFAST_PAC_Lifetime 7776000
> > EAPFAST_PAC_Reprovision 2592000
> > EAPTLS_CertificateType PEM
> > EAPTLS_MaxFragmentSize 2048
> > EAPTLS_PEAPVersion 1
> > EAPTLS_SessionResumption 1
> > EAPTLS_SessionResumptionLimit 43200
> > EAPTLS_VerifyDepth 1
> > EAPType MSCHAP-V2
> > Identifier Auth4Tunneled
> > NoDefault 1
> > NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
> > PasswordPrompt password
> > SIPDigestRealm DefaultSipRealm
> > UsernameFormat %U
> > UsernameMatchesWithoutRealm 1
> > </AuthBy>
> >
> > <Client DEFAULT>
> > DupInterval 0
> > FramedGroupMaxPortsPerClassC 255
> > LivingstonHole 2
> > LivingstonOffs 29
> > NasType unknown
> > NoIgnoreDuplicates
> > SNMPCommunity public
> > Secret mysecret
> > </Client>
> >
> > <Client mh-ap17>
> > DupInterval 10
> > FramedGroupMaxPortsPerClassC 255
> > LivingstonHole 2
> > LivingstonOffs 29
> > NasType unknown
> > NoIgnoreDuplicates
> > SNMPCommunity public
> > Secret testing123
> > </Client>
> >
> > <Handler TunnelledByPEAP=1, Client-Identifier=wism >
> > AuthByPolicy ContinueWhileIgnore
> > AuthBy Auth4Tunneled
> > </Handler>
> >
> > <Handler TunnelledByTTLS=1, Client-Identifier=wism >
> > AuthByPolicy ContinueWhileIgnore
> > AuthBy Auth4Tunneled
> > </Handler>
> >
> > <Handler Realm = /hs-rw\.local$/i>
> > AcctLogFileName %L/%R-%m-%Y.detail
> > AuthByPolicy ContinueWhileIgnore
> >
> > <AuthBy NTLM>
> > AutoMPPEKeys 1
> > CachePasswordExpiry 86400
> > DomainFormat %0
> > EAPAnonymous %0
> > EAPContextTimeout 1000
> > EAPFAST_PAC_Lifetime 7776000
> > EAPFAST_PAC_Reprovision 2592000
> > EAPTLS_CAFile /root/ca/cacert.pem
> > EAPTLS_CertificateFile /root/ca/servercert.pem
> > EAPTLS_CertificateType PEM
> > EAPTLS_MaxFragmentSize 1000
> > EAPTLS_PEAPVersion 0
> > EAPTLS_PrivateKeyFile /root/ca/serverkey.pem
> > EAPTLS_SessionResumption 1
> > EAPTLS_SessionResumptionLimit 43200
> > EAPTLS_VerifyDepth 1
> > EAPType PEAP
> > EAPType TTLS
> > NoDefault 1
> > NtlmAuthProg /usr/bin/ntlm_auth
> > --helper-protocol=ntlm-server-1
> > PasswordPrompt password
> > SIPDigestRealm DefaultSipRealm
> > SSLeayTrace 2
> > UsernameFormat %0
> > </AuthBy>
> > </Handler>
> >
> > <Handler User-Name = /^vwa\\/i >
> >
> > <ServerHTTP >
> > BindAddress 0.0.0.0
> > DefaultPrivilegeLevel 15
> > LogMaxLines 500
> > MaxBufferSize 100000
> > Password password
> > Port 1111
> > Protocol tcp
> > SessionTimeout 3600
> > TLS_ExpectedPeerName .+
> > Trace 6
> > Username admin
> > </ServerHTTP>
> >
> >
> >
> >> -----Ursprüngliche Nachricht-----
> >> Von: Heikki Vatiainen [mailto:hvn at open.com.au]
> >> Gesendet: Donnerstag, 28. April 2011 14:35
> >> An: El Abbadi, Ossama
> >> Cc: radiator at open.com.au
> >> Betreff: Re: [RADIATOR] WG: Radiator evaluation software downloaded
> >>
> >> On 04/28/2011 02:21 PM, El Abbadi, Ossama wrote:
> >>
> >>> Here the output from my last log file. And I found this entry:
> >>>
> >>> Thu Apr 28 13:08:08 2011: ERR: Could not load EAP module
> Radius::EAP_25:
> >>> Can't locate Net/SSLeay.pm in @INC (@INC contains: . /etc/perl
> >>> /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1
> >>> /usr/lib/perl5
> >>> /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10
> >>> /usr/local/lib/site_perl .) at /usr/lib/perl5/Radius/TLS.pm line 15.
> >>> BEGIN failed--compilation aborted at /usr/lib/perl5/Radius/TLS.pm
> >>> line
> > 15.
> >>> Compilation failed in require at /usr/lib/perl5/Radius/EAP_25.pm
> >>> line
> > 24.
> >>> BEGIN failed--compilation aborted at /usr/lib/perl5/Radius/EAP_25.pm
> >>> line 24.
> >>> Compilation failed in require at (eval 57) line 3.
> >>>
> >>> Had any one an idea, why the compilation failed ?
> >>
> >> You need Net_SSLeay module. Please see
> >> http://www.open.com.au/radiator/install.html
> >>
> >> The installation instructions and the reference manual ref.pdf tell
> >> more about which modules are needed for which features. For example,
> >> if you check AuthBy LDAP2 in ref.pdf, it will tell which LDAP modules
are
> needed.
> >>
> >> Best regards,
> >> Heikki
> >>
> >> --
> >> Heikki Vatiainen <hvn at open.com.au>
> >>
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> >> TLS,
> > TTLS,
> >> PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER
> etc.
> >> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> >>
> >>
> >> _______________________________________________
> >> radiator mailing list
> >> radiator at open.com.au
> >> http://www.open.com.au/mailman/listinfo/radiator
>
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS,
> PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc.
> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6036 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20110502/4fd09d73/attachment.bin
More information about the radiator
mailing list