[RADIATOR] SIP2 + Fortigate setup

Chad Roseburg croseburg at ncrl.org
Fri Feb 14 18:42:06 CST 2014


I have an evaluation version of Radiator 4.12.1. I need to set up a web
captive portal on a Fortigate 60D that uses SIP2 authentication.

The SIP2 part works ...tests successful:

Ex.
perl radpwtst -noacct -user 29030pretend -password secrets
sending Access-Request...
OK

On RADIUS server I see:
-------------------------------------
Fri Feb 14 16:07:47 2014: DEBUG: SIP2 send '2300020140214
 160747AONCRL|AA29030pretend|ACterminal password|ADsecrets|'
Fri Feb 14 16:07:47 2014: DEBUG: SIP2 read '24              00020140214
 160727AEJOE SMITH|AA29030pretend|BLY|CQY|AFGreetings. |AONCRL|'
Fri Feb 14 16:07:47 2014: DEBUG: Radius::AuthSIP2 ACCEPT: : 29030pretend
[29030pretend]
Fri Feb 14 16:07:47 2014: DEBUG: AuthBy SIP2 result: ACCEPT

But the second part is that I need to connect the fortigate to the RADIUS
server. I add the fortigate as a client in the config using IP and a
'Secret'

Here's some edited output when I test from the fortigate using the same
creds:
Fri Feb 14 16:23:44 2014: DEBUG: SIP2 send '2300020140214
 162344AONCRL|AA29030pretend|ACterminal password|AD|'
Fri Feb 14 16:23:44 2014: DEBUG: SIP2 read '24              00020140214
 162323AEJOE SMITH|AA29030pretend|BLY|CQN|AFGreetings. |AONCRL|'
Fri Feb 14 16:23:44 2014: DEBUG: Radius::AuthSIP2 REJECT: Bad password:
29030002429839 [29030002429839]
Fri Feb 14 16:23:44 2014: DEBUG: AuthBy SIP2 result: REJECT, Bad password

It looks like it's not sending the password. Also, at the top of the
transmission there's mention of a MS-CHAP-Challenge:
Attributes:
        NAS-Identifier = "Fortinet_RTR"
        MS-CHAP-Challenge =
b<137><238><146>4<165><145>.9<229><163>j<129>"<220>M
        Acct-Session-Id = "00000021"
        Connect-Info = "test"
        Fortinet-Vdom-Name = "root"

This is the Client config:
<Client 192.x.x.99>
        Secret  secretspass
        DupInterval 0
</Client>

Thanks for any advice!

-- 
Chad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20140214/b912e71a/attachment.html 


More information about the radiator mailing list