[RADIATOR] question about machine based authentication

Heikki Vatiainen hvn at open.com.au
Tue Nov 15 12:49:24 CST 2011


On 11/15/2011 07:43 PM, Joy Veronneau wrote:

> I've made some progress on this. The windows 7 machine is now contacting
> the radius server, but its username starts with "host/" and radiator
> doesn't seem to like that. Should the machine be sending some sort of
> different username? I don't think I can get the request to the correct
> handler until I fix this problem?

Radiator will recognize host/ and do the authentication with correct
username. The machine seems to be sending the username correctly, so
that's not the problem.

Tue Nov 15 12:41:42 2011: INFO: Access rejected for
host/CIT-JV11GTEST2.cit.cornell.edu: Invalid character in User-Name

Your configuration file has UsernameCharset specified so that it does
not include /

If you change UsernameCharset this problem will go away.

Thanks!
Heikki


> The network settings on the windows 7 machine are:
> Security type: WPA2 Enterprise
> encryption type: TKIP
> Network authentication method: microsoft: smartcard or other certificate
> (Settings-> Use a certificate on this computer, use simple certificate
> selection)
> advanced settings: 802.1x Specify authentication mode: Computer
> authentication.
> 
> 
> Here is what I see on the radius logs:
> 
>         User-Name = "host/CIT-JV11GTEST2.cit.cornell.edu"
>         NAS-IP-Address = 132.236.115.218
>         NAS-Port = 1
>         NAS-Identifier = "cit.redrover.secure"
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Calling-Station-Id = "0014D1EA856B"
>         Called-Station-Id = "000B866222B0"
>         Service-Type = Login-User
>         Framed-MTU = 1100
>         EAP-Message = <2><1><0>(<1>host/CIT-JV11GTEST2.cit.cornell.edu
>         Aruba-Essid-Name = "eduroam-test"
>         Aruba-Location-Id = "test-rhodes-745-ap"
>         Message-Authenticator =
> ]<179>:f<223><241><242>Z<13>:<204><222><150><130>J<181>
> 
> Tue Nov 15 12:41:42 2011: DEBUG: Handling request with Handler '',
> Identifier ''
> Tue Nov 15 12:41:42 2011: INFO: Access rejected for
> host/CIT-JV11GTEST2.cit.cornell.edu: Invalid character in User-Name
> Tue Nov 15 12:41:42 2011: DEBUG: Packet dump:
> *** Sending to 132.236.115.218 port 33004 ....
> Code:       Access-Reject
> Identifier: 219
> Authentic:  <138>5<9><254><236><131>3<184>xLU?N4<139><225>
> Attributes:
>         Reply-Message = "Request Denied"
> 
> Thanks again,
> 
> Joy


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list