[RADIATOR] WG: Radiator evaluation software downloaded

El Abbadi, Ossama Ossama.Elabbadi at hs-ruhrwest.de
Mon May 2 09:29:30 CDT 2011


Hi All,

Thank you for all your answers. Now I have followed your advice and get now
this logout. Unfortunately, I do not understand why I get this :" INFO:
Access rejected for vwa\elabbadi.ossama: No AuthBy found ". Have anyone an
idea how I can authenticate via Radiator and Active Directory. I have found
many half solutions in a mail archive but not really HowTo. I cannot believe
it can be difficult.

Kind regards 
Ossama

-------

Code:       Access-Request
Identifier: 55
Authentic:  <167><210><157><238><199>06<196><148><28>YY<200><238>!4
Attributes:
	User-Name = "vwa\elabbadi.ossama"
	Framed-MTU = 1400
	Called-Station-Id = "b4a4.e31f.abb0"
	Calling-Station-Id = "0024.d6ae.5c66"
	Service-Type = Login-User
	Message-Authenticator =
<4><178>8<225><0>U<13>k<11><235>X<218>4<197><255><202>
	EAP-Message = <2><2><0><24><1>vwa\elabbadi.ossama
	NAS-Port-Type = Wireless-IEEE-802-11
	NAS-Port = 7747
	NAS-Port-Id = "7747"
	NAS-IP-Address = 10.1.2.86
	NAS-Identifier = "mh-ap17"

Mon May  2 11:00:16 2011: DEBUG: Handling request with Handler 'User-Name =
/^vwa\\/i ', Identifier ''
Mon May  2 11:00:16 2011: DEBUG:  Deleting session for vwa\elabbadi.ossama,
10.1.2.86, 7747
Mon May  2 11:00:16 2011: INFO: Access rejected for vwa\elabbadi.ossama: No
AuthBy found
Mon May  2 11:00:16 2011: DEBUG: Packet dump:
*** Sending to 10.1.2.86 port 1645 ....

Packet length = 36
03 37 00 24 ef 94 2c 12 5a c3 48 78 5c d6 8a 50
69 fe d4 5d 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 55
Authentic:  <239><148>,<18>Z<195>Hx\<214><138>Pi<254><212>]
Attributes:
	Reply-Message = "Request Denied"

Config:

<Handler TunnelledByPEAP=1>
#, Client-Identifier=wism >
	AuthByPolicy ContinueWhileIgnore
	AuthBy Auth4Tunneled
</Handler>

<Handler TunnelledByTTLS=1,>
#, Client-Identifier=wism >
	AuthByPolicy ContinueWhileIgnore
	AuthBy Auth4Tunneled
</Handler>

<Handler Realm = /hs-rw\.local$/i>
	AcctLogFileName %L/%R-%m-%Y.detail
	AuthByPolicy ContinueWhileIgnore

	<AuthBy NTLM>
		AutoMPPEKeys 1
		CachePasswordExpiry 86400
		DomainFormat %0
		EAPAnonymous %0
		EAPContextTimeout 1000
		EAPFAST_PAC_Lifetime 7776000
		EAPFAST_PAC_Reprovision 2592000
		EAPTLS_CAFile /root/ca/cacert.pem
		EAPTLS_CertificateFile /root/ca/servercert.pem
		EAPTLS_CertificateType PEM
		EAPTLS_MaxFragmentSize 1000
		EAPTLS_PEAPVersion 0
		EAPTLS_PrivateKeyFile /root/ca/serverkey.pem
		EAPTLS_SessionResumption 1
		EAPTLS_SessionResumptionLimit 43200
		EAPTLS_VerifyDepth 1
		EAPType PEAP
		EAPType TTLS
		NoDefault 1
		NtlmAuthProg /usr/bin/ntlm_auth
--helper-protocol=ntlm-server-1
		PasswordPrompt password
		SIPDigestRealm DefaultSipRealm
		SSLeayTrace 2
		UsernameFormat %0
	</AuthBy>
</Handler>

<Handler User-Name = /^vwa\\/i >


----------------------------------------------------------------------------
---



> -----Ursprüngliche Nachricht-----
> Von: Heikki Vatiainen [mailto:hvn at open.com.au]
> Gesendet: Freitag, 29. April 2011 15:46
> An: radiator at open.com.au
> Cc: El Abbadi, Ossama
> Betreff: Re: [RADIATOR] WG: Radiator evaluation software downloaded
> 
> On 04/29/2011 02:43 PM, El Abbadi, Ossama wrote:
> 
> > Fri Apr 29 11:39:24 2011: DEBUG: EAP result: 1, No Handler for PEAP
> > inner authentication Fri Apr 29 11:39:24 2011: DEBUG: AuthBy NTLM
> > result: REJECT, No Handler for PEAP inner authentication Fri Apr 29
> > 11:39:24 2011: INFO: Access rejected for
> > elabbadi.ossama at vwa.hs-rw.local: No Handler for PEAP inner
> > authentication Fri Apr 29 11:39:24 2011: DEBUG: Packet dump:
> > *** Sending to 10.1.2.86 port 1645 ....
> >
> >
> > Have anyone an Idea where I can define an Handler for PEAP ?
> 
> You already have this:
> <Handler TunnelledByPEAP=1, Client-Identifier=wism >
> 
> Change it to this:
> <Handler TunnelledByPEAP=1>
> 
> The inner authentication you are trying to match (TunnelledByPEAP) does
> not have Client-Identifier that matches 'wism'.
> 
> You should do the similar change to TunnelledByTTLS handler too.
> 
> 
> > Thanks for Help
> >
> > --------------
> >
> > # /etc/radiator/radius.cfg
> > #
> > # Radiator configuration file
> > # Automatically generated by ServerHTTP # logged in as admin # from
> > client 192.168.105.210:1220 # on Thu Apr 28 07:56:04 2011 #
> >
> > AcctPort 1646
> > AuthPort 1645
> > BindAddress 0.0.0.0
> > DbDir /etc/radiator
> > DictionaryFile %D/dictionary
> > Foreground 0
> > LicenseExpires 2012-03-01
> > LicenseKey cefb3bd23790809524597cb15633b0e4 LicenseMaxRequests
> 1000
> > LicenseOwner Evaluation LivingstonHole 2 LivingstonMIB
> > .iso.org.dod.internet.private.enterprises.307
> > LivingstonOffs 29
> > LogDir /var/log/radius
> > LogFile %L/logfile
> > MaxChildren 0
> > PidFile %L/radiusd.pid
> > PmwhoProg /usr/local/sbin/pmwho
> > SnmpNASErrorTimeout 60
> > SnmpgetProg /usr/bin/snmpget
> > SnmpsetProg /usr/bin/snmpset
> > SnmpwalkProg /usr/bin/snmpwalk
> > Trace 6
> >
> > <AuthBy NTLM>
> >         CachePasswordExpiry 86400
> >         DomainFormat %R
> >         EAPAnonymous anonymous
> >         EAPContextTimeout 1000
> >         EAPFAST_PAC_Lifetime 7776000
> >         EAPFAST_PAC_Reprovision 2592000
> >         EAPTLS_CertificateType PEM
> >         EAPTLS_MaxFragmentSize 2048
> >         EAPTLS_PEAPVersion 1
> >         EAPTLS_SessionResumption 1
> >         EAPTLS_SessionResumptionLimit 43200
> >         EAPTLS_VerifyDepth 1
> >         EAPType MSCHAP-V2
> >         Identifier Auth4Tunneled
> >         NoDefault 1
> >         NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
> >         PasswordPrompt password
> >         SIPDigestRealm DefaultSipRealm
> >         UsernameFormat %U
> >         UsernameMatchesWithoutRealm 1
> > </AuthBy>
> >
> > <Client DEFAULT>
> >         DupInterval 0
> >         FramedGroupMaxPortsPerClassC 255
> >         LivingstonHole 2
> >         LivingstonOffs 29
> >         NasType unknown
> >         NoIgnoreDuplicates
> >         SNMPCommunity public
> >         Secret mysecret
> > </Client>
> >
> > <Client mh-ap17>
> >         DupInterval 10
> >         FramedGroupMaxPortsPerClassC 255
> >         LivingstonHole 2
> >         LivingstonOffs 29
> >         NasType unknown
> >         NoIgnoreDuplicates
> >         SNMPCommunity public
> >         Secret testing123
> > </Client>
> >
> > <Handler TunnelledByPEAP=1, Client-Identifier=wism >
> >         AuthByPolicy ContinueWhileIgnore
> >         AuthBy Auth4Tunneled
> > </Handler>
> >
> > <Handler TunnelledByTTLS=1, Client-Identifier=wism >
> >         AuthByPolicy ContinueWhileIgnore
> >         AuthBy Auth4Tunneled
> > </Handler>
> >
> > <Handler Realm = /hs-rw\.local$/i>
> >         AcctLogFileName %L/%R-%m-%Y.detail
> >         AuthByPolicy ContinueWhileIgnore
> >
> >         <AuthBy NTLM>
> >                 AutoMPPEKeys 1
> >                 CachePasswordExpiry 86400
> >                 DomainFormat %0
> >                 EAPAnonymous %0
> >                 EAPContextTimeout 1000
> >                 EAPFAST_PAC_Lifetime 7776000
> >                 EAPFAST_PAC_Reprovision 2592000
> >                 EAPTLS_CAFile /root/ca/cacert.pem
> >                 EAPTLS_CertificateFile /root/ca/servercert.pem
> >                 EAPTLS_CertificateType PEM
> >                 EAPTLS_MaxFragmentSize 1000
> >                 EAPTLS_PEAPVersion 0
> >                 EAPTLS_PrivateKeyFile /root/ca/serverkey.pem
> >                 EAPTLS_SessionResumption 1
> >                 EAPTLS_SessionResumptionLimit 43200
> >                 EAPTLS_VerifyDepth 1
> >                 EAPType PEAP
> >                 EAPType TTLS
> >                 NoDefault 1
> >                 NtlmAuthProg /usr/bin/ntlm_auth
> > --helper-protocol=ntlm-server-1
> >                 PasswordPrompt password
> >                 SIPDigestRealm DefaultSipRealm
> >                 SSLeayTrace 2
> >                 UsernameFormat %0
> >         </AuthBy>
> > </Handler>
> >
> > <Handler User-Name = /^vwa\\/i >
> >
> > <ServerHTTP >
> >         BindAddress 0.0.0.0
> >         DefaultPrivilegeLevel 15
> >         LogMaxLines 500
> >         MaxBufferSize 100000
> >         Password password
> >         Port 1111
> >         Protocol tcp
> >         SessionTimeout 3600
> >         TLS_ExpectedPeerName .+
> >         Trace 6
> >         Username admin
> > </ServerHTTP>
> >
> >
> >
> >> -----Ursprüngliche Nachricht-----
> >> Von: Heikki Vatiainen [mailto:hvn at open.com.au]
> >> Gesendet: Donnerstag, 28. April 2011 14:35
> >> An: El Abbadi, Ossama
> >> Cc: radiator at open.com.au
> >> Betreff: Re: [RADIATOR] WG: Radiator evaluation software downloaded
> >>
> >> On 04/28/2011 02:21 PM, El Abbadi, Ossama wrote:
> >>
> >>> Here the output from my last log file. And I found this entry:
> >>>
> >>> Thu Apr 28 13:08:08 2011: ERR: Could not load EAP module
> Radius::EAP_25:
> >>> Can't locate Net/SSLeay.pm in @INC (@INC contains: . /etc/perl
> >>> /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1
> >>> /usr/lib/perl5
> >>> /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10
> >>> /usr/local/lib/site_perl .) at /usr/lib/perl5/Radius/TLS.pm line 15.
> >>> BEGIN failed--compilation aborted at /usr/lib/perl5/Radius/TLS.pm
> >>> line
> > 15.
> >>> Compilation failed in require at /usr/lib/perl5/Radius/EAP_25.pm
> >>> line
> > 24.
> >>> BEGIN failed--compilation aborted at /usr/lib/perl5/Radius/EAP_25.pm
> >>> line 24.
> >>> Compilation failed in require at (eval 57) line 3.
> >>>
> >>> Had any one an idea, why the compilation failed ?
> >>
> >> You need Net_SSLeay module. Please see
> >> http://www.open.com.au/radiator/install.html
> >>
> >> The installation instructions and the reference manual ref.pdf tell
> >> more about which modules are needed for which features. For example,
> >> if you check AuthBy LDAP2 in ref.pdf, it will tell which LDAP modules
are
> needed.
> >>
> >> Best regards,
> >> Heikki
> >>
> >> --
> >> Heikki Vatiainen <hvn at open.com.au>
> >>
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> >> TLS,
> > TTLS,
> >> PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER
> etc.
> >> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> >>
> >>
> >> _______________________________________________
> >> radiator mailing list
> >> radiator at open.com.au
> >> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> --
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS,
> PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc.
> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6036 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20110502/4fd09d73/attachment.bin 


More information about the radiator mailing list