[RADIATOR] radiator Digest, Vol 36, Issue 2
Jerry Yang
JerryYang at nbnco.com.au
Wed May 2 05:01:39 CDT 2012
I
Cheers,
Jerry
Sent from my phone
On 02/05/2012, at 7:30 PM, "radiator-request at open.com.au" <radiator-request at open.com.au> wrote:
> Send radiator mailing list submissions to
> radiator at open.com.au
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.open.com.au/mailman/listinfo/radiator
> or, via email, send a message with subject or body 'help' to
> radiator-request at open.com.au
>
> You can reach the person managing the list at
> radiator-owner at open.com.au
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of radiator digest..."
>
>
> Today's Topics:
>
> 1. Re: Tacacs Authentication to survive reloads ? (Heikki Vatiainen)
> 2. Re: Rewrite userna functionality for use in ldap_aps authby
> (Heikki Vatiainen)
> 3. Re: Rewrite userna functionality for use in ldap_aps authby
> (Alex Sharaz)
> 4. Re: doubt on Radiator Radius Authentication server
> (Heikki Vatiainen)
> 5. FW: doubt on Radiator Radius Authentication server
> (Santhosh Katta)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 01 May 2012 21:27:32 +0300
> From: Heikki Vatiainen <hvn at open.com.au>
> Subject: Re: [RADIATOR] Tacacs Authentication to survive reloads ?
> To: James <jtp at nc.rr.com>
> Cc: "radiator at open.com.au" <radiator at open.com.au>
> Message-ID: <4FA02B14.4090109 at open.com.au>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 05/01/2012 02:32 AM, James wrote:
>> Can you provide snippet of configuration for your tacacs+
>> configuration, if you don't mind?
>
> See goodies/sql.cfg and goodies/ldapradius.cfg for examples that come
> with Radiator.
>
> Note that you can try either one by first adding one client into e.g.,
> SQL and testing that it works when the client is removed from the config
> file. The clients Radiator knows about are the combined set of clients
> in the config file and from any ClientList* that are configured.
>
> Thanks!
> Heikki
>
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 01 May 2012 21:38:16 +0300
> From: Heikki Vatiainen <hvn at open.com.au>
> Subject: Re: [RADIATOR] Rewrite userna functionality for use in
> ldap_aps authby
> To: radiator at open.com.au
> Message-ID: <4FA02D98.8050707 at open.com.au>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 04/30/2012 07:23 PM, Alex Sharaz wrote:
>
>> root at eduroam-1-east:/var/log/radius# radpwtst -s 150.237.85.225 -secret xxxx -user alexsharaz at sharaz.info -password yyyy -auth_port 1812 -noacct -mschapv2
>>
>> although it works in that it does rewrite the username stripping off the realm and giving, in this case alexsharaz instead of alexsharaz.info, authentication fails further down the food chain
>> Which I guess is something o do with the mschapv2 and the realm in the original request
>
> I think what happens here is the client calculates MS-CHAP2-Response
> based on username with realm. Once the Handler strips the realm part,
> the respective calculation within AuthBy is done with just the username
> part. The results will not then match and the authentication fails.
>
> Can you add UsernameMatchesWithoutRealm into the AuthBy. This does the
> user information lookup without realm but does not change the username
> allowing MS-CHAP-V2 to succeed.
>
> Thanks!
> Heikki
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 1 May 2012 20:00:37 +0000
> From: Alex Sharaz <A.Sharaz at hull.ac.uk>
> Subject: Re: [RADIATOR] Rewrite userna functionality for use in
> ldap_aps authby
> To: Heikki Vatiainen <hvn at open.com.au>
> Cc: "radiator at open.com.au" <radiator at open.com.au>
> Message-ID: <E7D4645D-52F2-406C-AD52-8864F9F65656 at hull.ac.uk>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi Heikki,
> Yup worked a treat.
>
> Now I wonder if I can get my personal Sharaz.info domain linked into eduroam :-))
> Many thanks
> Alex
>
> -----------------
> sip:924110981 at sip.callwithus.com
>
>
> On 1 May 2012, at 19:38, "Heikki Vatiainen" <hvn at open.com.au> wrote:
>
>> On 04/30/2012 07:23 PM, Alex Sharaz wrote:
>>
>>> root at eduroam-1-east:/var/log/radius# radpwtst -s 150.237.85.225 -secret xxxx -user alexsharaz at sharaz.info -password yyyy -auth_port 1812 -noacct -mschapv2
>>>
>>> although it works in that it does rewrite the username stripping off the realm and giving, in this case alexsharaz instead of alexsharaz.info, authentication fails further down the food chain
>>> Which I guess is something o do with the mschapv2 and the realm in the original request
>>
>> I think what happens here is the client calculates MS-CHAP2-Response
>> based on username with realm. Once the Handler strips the realm part,
>> the respective calculation within AuthBy is done with just the username
>> part. The results will not then match and the authentication fails.
>>
>> Can you add UsernameMatchesWithoutRealm into the AuthBy. This does the
>> user information lookup without realm but does not change the username
>> allowing MS-CHAP-V2 to succeed.
>>
>> Thanks!
>> Heikki
>>
>> --
>> Heikki Vatiainen <hvn at open.com.au>
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>> NetWare etc.
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> -------------- next part --------------
> **************************************************
> To view the terms under which this email is
> distributed, please go to
> http://www2.hull.ac.uk/legal/disclaimer.aspx
> **************************************************
>
> ------------------------------
>
> Message: 4
> Date: Wed, 02 May 2012 12:23:56 +0300
> From: Heikki Vatiainen <hvn at open.com.au>
> Subject: Re: [RADIATOR] doubt on Radiator Radius Authentication server
> To: radiator at open.com.au
> Message-ID: <4FA0FD2C.1070609 at open.com.au>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 04/30/2012 04:15 PM, Santhosh Katta wrote:
>
>> Mon Apr 30 18:29:08 2012: DEBUG: Reading dictionary file './dictionary'
>> Mon Apr 30 18:29:08 2012: ERR: Could not open dictionary file './dictionary': No
>> such file or directory
>
> You can specify DictionaryFile in the configuration file like this:
> DictionaryFile C:/Program Files/Radiator/dictionary
>
> The error message indicates radiusd is looking for the dictionary file
> from the directory radiusd is started from (.). You can specify the full
> path to make sure it always finds it no matter where you start radiusd from.
>
>> Mon Apr 30 18:29:08 2012: DEBUG: *Creating authentication port 0.0.0.0:1645*
>> Mon Apr 30 18:29:08 2012: ERR: Could not bind authentication socket:
>> Only one us
>> age of each socket address (protocol/network address/port) is normally
>> permitted
>
> This indicates you have one instance of radiusd running. You may want to
> check that you do not e.g., have Radiator as Windows service enabled and
> running.
>
> Thanks!
> Heikki
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 2 May 2012 00:37:00 -0700
> From: Santhosh Katta <skatta at vocera.com>
> Subject: [RADIATOR] FW: doubt on Radiator Radius Authentication
> server
> To: "Neil Quiogue (neil at quiogue.com)" <neil at quiogue.com>
> Cc: "radiator at open.com.au" <radiator at open.com.au>
> Message-ID:
> <CFEF95E09347584988AD84EF0C7CBA833DFA1EAA26 at exchange.vocera.local>
> Content-Type: text/plain; charset="us-ascii"
>
> Since I got an error stating "Is being held until the list moderator can review it for approval", so iam resending the email so that I can get faster response.
>
> Thanks,
> Santhosh
>
> From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Santhosh Katta
> Sent: Monday, April 30, 2012 6:46 PM
> To: Neil Quiogue
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] doubt on Radiator Radius Authentication server
>
> Hi Neil,
> Thanks for your response.
>
> I have followed the steps in http://www.open.com.au/radiator/install.html document for installation on Windows 7 PC and installation went well and even installed 'ppm install win32-daemon' on the Windows 7 PC.
>
>
>
> I have changed the configuration in radius.cfg, but still I get issue as
>
>
>
> To extend your license period, contact admin at open.com.au<mailto:admin at open.com.au>
>
>
>
> Mon Apr 30 18:29:08 2012: DEBUG: Reading dictionary file './dictionary'
>
> Mon Apr 30 18:29:08 2012: ERR: Could not open dictionary file './dictionary': No
>
> such file or directory
>
> Mon Apr 30 18:29:08 2012: DEBUG: Creating authentication port 0.0.0.0:1645
>
> Mon Apr 30 18:29:08 2012: ERR: Could not bind authentication socket: Only one us
>
> age of each socket address (protocol/network address/port) is normally permitted
>
> .
>
> Mon Apr 30 18:29:08 2012: DEBUG: Creating accounting port 0.0.0.0:1646
>
> Mon Apr 30 18:29:08 2012: ERR: Could not bind accounting socket: Only one usage
>
> of each socket address (protocol/network address/port) is normally permitted.
>
> Mon Apr 30 18:29:08 2012: NOTICE: Server started: Radiator 4.9 on BL10408A (LOCK
>
> ED)
>
>
> Iam sure installation every thing is fine. I have attached the radius.cfg file which is configured in "C:\Program Files\Radiator". Can you please go through and check where is the issue.
> I will Explain you what iam looking out, so that you can help me in changing the appropriate configuration on the radius.cfg file.
> I want the my client to authenticate(either with PEAP/TLS/EAP-FAST) with Radiator Authentication server. For that I have Cisco AP with IP address 10.99.168.64 and the shared secret I have given is "radiator". I want the authentication port to be configured to 1812.
> Can you please help in configuring radius.cfg file. Should I do any changes in dictionary file which is in "C:\Program Files\Radiator" location
> Iam following the reference guide which I have downloaded and following the document, but still iam unable to do it.
> Thanks for your help.
>
> Regards,
> Santhosh
>
>
>
> From: Neil Quiogue [mailto:neil at quiogue.com]
> Sent: Saturday, April 28, 2012 12:35 PM
> To: Santhosh Katta
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] doubt on Radiator Radius Authentication server
>
>
> Hello Santhosh,
>
>
>
> Did you go through the installation document specifically the Windows section at http://www.open.com.au/radiator/install.html ?
>
>
>
> There is also reference there on where to go to for the configuration.
>
>
>
> For your #1 and #2, it is normally the radius.cfg file and located under Program Files\Radiator if you went through the instructions.
>
>
>
> And then when running it as a service though you need to have Win32::Daemon (installed as 'ppm install win32-daemon' if using ActiveState Perl). Some instructions are on Reference Manual 3.6.1
>
>
>
> Once that is installed, it's just a matter of running 'perl c:\perl\bin\radiusd -installservice'.
>
>
>
> And radpwtst is just a tool for testing RADIUS as it acts like a client. It is found either in the c:\perl\bin directory or in the installation directory (where you unzipped it).
>
>
>
> Regards,
>
>
>
> Neil
>
>
>
> Friday, April 27, 2012, 2:02:51 PM, you wrote:
>
>
>
>
> Hi All,
>
>
>
>
>
> I have installed Radiator radius on Windows 7 laptop and installation went well. But I am not getting how to configure and run Radiator for PEAP, TLS....etc authentication. I went through the document, but unable to follow on how to add Authentication port, Authentication type, Radius Client.
>
>
>
> When I give "perl radiusd" command, then below output I get
>
>
>
> Legacy library timelocal.pl will be removed from the Perl core distribution in t
>
> he next major release. Please install it from the CPAN distribution Perl4::CoreL
>
> ibs. It is being used at (eval 8), line 27.
>
> Legacy library newgetopt.pl will be removed from the Perl core distribution in t
>
> he next major release. Please install it from the CPAN distribution Perl4::CoreL
>
> ibs. It is being used at (eval 8), line 28.
>
> Fri Apr 27 15:07:12 2012: DEBUG: Finished reading configuration file 'C:\Program
>
> Files\Radiator\radius.cfg'
>
> This Radiator license will expire on 2012-08-01
>
> This Radiator license will stop operating after 1000 requests
>
> To purchase an unlimited full source version of Radiator, see
>
> http://www.open.com.au/ordering.html
>
> To extend your license period, contact admin at open.com.au<mailto:admin at open.com.au>
>
>
>
> Fri Apr 27 15:07:12 2012: DEBUG: Reading dictionary file './dictionary'
>
> Fri Apr 27 15:07:12 2012: ERR: Could not open dictionary file './dictionary': No
>
> such file or directory
>
> Fri Apr 27 15:07:12 2012: DEBUG: Creating authentication port 0.0.0.0:1645
>
> Fri Apr 27 15:07:12 2012: DEBUG: Creating accounting port 0.0.0.0:1646
>
> Fri Apr 27 15:07:12 2012: NOTICE: Server started: Radiator 4.9 on BL10408A (LOCK
>
> ED)
>
>
>
> I have below queries:
>
>
>
> 1. In which file should I configure Authentication Port, Authentication type, shared secret.
>
> 2. In Which file I should configure Radius Client.
>
> 3. Once I configure, the above info, how to run the file
>
> 4. What is "radpwtst" and what is the use of "radpwtst".
>
>
>
> Iam stuck in the basic on how to run and configure Radiator. Please help me.
>
>
>
> Regards,
>
> Santhosh
>
>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://www.open.com.au/pipermail/radiator/attachments/20120502/054343bb/attachment.html
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: radius.cfg
> Type: application/octet-stream
> Size: 10426 bytes
> Desc: radius.cfg
> Url : http://www.open.com.au/pipermail/radiator/attachments/20120502/054343bb/attachment.obj
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: ATT00001..txt
> Url: http://www.open.com.au/pipermail/radiator/attachments/20120502/054343bb/attachment.txt
>
> ------------------------------
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
> End of radiator Digest, Vol 36, Issue 2
> ***************************************
>
More information about the radiator
mailing list