[RADIATOR] User Auth settings: Netgear AP + Radiator

Thomas Kurian thomas at kccg.com
Fri Mar 6 11:46:11 CST 2015 

Dear Heikki,
Thanks for your support and guidance.
I have modified my radius.cfg as advised in your following email , but 
still Access-Request results as No-Reply. Please note that I have used 
the same EAP certificates from the (goodies->certificates) folder .

I tried the following radpwtst :

 1. radpwtst -s 192.168.0.217 -secret xxxxx -trace 4 -auth_port 1812
 2. radpwtst -s 192.168.0.217 -secret xxxxx -trace 4 -auth_port 1812
    -user mikem -password fred
 3. radpwtst -s 192.168.0.217 -secret xxxxx -trace 4 -auth_port 1812
    -user User -password clientPass

Please advise the specific 'user and password' format to be defined in 
the users file to the tested for authentication using radpwtst for our 
radius.cfg . Please also advise the recommended radpwtst to be performed 
as the above mentioned is still providing No-Reply to the Access-Request.

There is network connectivity between our radiator and Netgear AP 
(ping).  Kindly check my following configuration and advise on how to 
proceed.

#Foreground
#LogStdout

AcctPort 1813
AuthPort 1812

LogDir        /var/log/radius
DbDir        /etc/radiator
DictionaryFile /etc/radiator/dictionary

Trace         4

<Client DEFAULT>
     Secret    xxxxx
     DupInterval 0
</Client>

# Our Netgear AP for testing
<Client 192.168.0.217>
     Secret    xxxxx
     DupInterval 0
</Client>

<AuthLog FILE>
     Identifier myauthlogger
     Filename %L/authlog
     LogSuccess 1
     LogFailure 1
</AuthLog>

<Handler Request-Type="Access-Request",TunnelledByPEAP=1>
     Identifier EAP-MSCHAP-V2
     <AuthBy FILE>
         Filename /etc/radiator/users

         # This tells the PEAP client what types of inner EAP requests
         # we will honour
         EAPType MSCHAP-V2
     </AuthBy>

     # Log authentication success and failure to the a file
     AuthLog myauthlogger

#    PostAuthHook 
file:"/root/Desktop/Radiator-Locked-4.14/goodies/eap_anon_hook.pl"
</Handler>

<Handler Request-Type="Access-Request">
     Identifier EAP-PEAP
     <AuthBy FILE>
         Filename %D/users

         EAPType PEAP
         EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
         EAPTLS_CertificateFile %D/certificates/cert-srv.pem
         EAPTLS_CertificateType PEM
         EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
         EAPTLS_PrivateKeyPassword whatever
         EAPTLS_MaxFragmentSize 1000
         AutoMPPEKeys

         EAPTLS_PEAPVersion 0

     </AuthBy>

     AuthLog myauthlogger

#PreProcessingHook 
file:"/root/Desktop/Radiator-Locked-4.14/goodies/eap_anon_hook.pl"
     AcctLogFileName /etc/radiator/detail
</Handler>




Best Regards,

Thomas Kurian
Information Security Engineer,Pre-Sales.
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E: thomas at kccg.com




Subject: 	radiator Digest, Vol 70, Issue 3
Date: 	Mon, 02 Mar 2015 12:00:01 -0600
From: 	radiator-request at open.com.au
Reply-To: 	radiator at open.com.au
To: 	radiator at open.com.au




Message: 2
Date: Mon, 02 Mar 2015 17:23:00 +0200
From: Heikki Vatiainen <hvn at open.com.au>
Subject: Re: [RADIATOR] User Auth settings: Netgear AP + Radiator
To: radiator at open.com.au
Message-ID: <54F48054.6070602 at open.com.au>
Content-Type: text/plain; charset=windows-1252

On 02/28/2015 12:11 PM, Thomas Kurian wrote:

> We want to make our wifi users connecting via Netgear wnr2000v3 wireless
> router, to authenticate using radiator RADIUS server (172.16.0.205).
> Please let me know what more need to be done further to our following
> radius.cfg & default users file  in order to ensure our wifi users get
> forced to authenticate with our radiator server.

Please see goodies/eap_peap.cfg for PEAP example. PEAP is one of the
protocols WPA/WPA2 Enterprise uses.

> Also please advise if it is radiator's /var/log/radius/logfile the only
> place to test & check if the authentication is happening, once the user
> connects via the router using the credentials mentioned in radiator's
> user file?

You can configure <AuthLog ...>, for example, AuthLog FILE to log
authentication success and failure events. See goodies/authlog.cfg for
an example.

The Radiator logfile is useful for debugging and monitoring for errors,
but AuthLog logs just authentication events.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


------------------------------

_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator

End of radiator Digest, Vol 70, Issue 3
***************************************



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20150306/397e997e/attachment.html

More information about the radiator mailing list