I am having problems configuring Radiator v2.18.2 to authenticate to a Cisco
VPN 5001.
I have been testing the using the following configuration files:
goodies\simple2.cfg:
# simple2.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with
# a simple system. You can then add and change features.
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration.
#
# This example will authenticate from a standard users file in
# the current directory and log accounting to a file in the current
# directory.
# It will accept requests from any client and try to handle request
# for any realm.
# And it will print out what its doing in great detail.
#
# See radius.cfg for more complete examples of features and
# syntax, and refer to the reference manual for a complete description
# of all the features and syntax.
#
# You should consider this file to be a starting point only
# $Id: simple.cfg,v 1.4 2001/04/25 23:47:13 mikem Exp $
Foreground
LogStdout
LogDir .
DbDir .
DictionaryFile ./dictionary
# User a lower trace level in production systems:
Trace 4
# Added by Howard Jares
AuthPort 1812
AcctPort 1813
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client DEFAULT>
Secret *****
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy FILE>
Filename ./users2
</AuthBy>
# Log accounting to a detail file
AcctLogFileName ./detail
</Realm>
Users2:
DEFAULT Service-Type = Administrative-User, Auth-Type = System
Idle-Timeout = 2000,
DEFAULT Service-Type = Login-User, Expiration = "Feb 2 2010"
Idle-Timeout = 2001,
Fall-Through = yes
# User-Password can be in a number of formats: plaintext,
# UNIX encrypted,
# SHA encrypted (as used in Netscape LDAP), or Linux MD5 password
# defaults to plaintext
pwtest1 User-Password = "fred"
pwtest2 User-Password = "{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc="
pwtest3 User-Password = "{crypt}1xMKc0GIVUNbE"
pwtest4 User-Password = "$1$cTpht$Obu9PLSMst1TDou.mN5bk0"
# Encrypted-Password can by in a variety of encryption standards too
# but defaults to Unix crypt
pwtest5 Encrypted-Password = "{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc="
pwtest6 Encrypted-Password = "{crypt}1xMKc0GIVUNbE"
pwtest7 Encrypted-Password = "$1$cTpht$Obu9PLSMst1TDou.mN5bk0"
pwtest8 Encrypted-Password = "1xMKc0GIVUNbE"
pwtest9 Encrypted-Password = "{MD5}VwqQv7+MfqtdxdTiaDLVsQ=="
pwtest10 User-Password = "{MD5}VwqQv7+MfqtdxdTiaDLVsQ=="
[EMAIL PROTECTED] User-Password=fred
cisco-VPNGroupInfo=Test,
cisco-VPNPassword=fred
# Connect-Info = "Test"
I modified the standard dictionary file to include:
#HJ
VENDORATTR 9 cisco-VPNPassword 66 string
VENDORATTR 9 cisco-VPNGroupInfo 67 string
#HJ
On the server running Radiator:
F:\Radiator-2.18.2>perl radiusd -config=goodies\simple2.cfg
Wed Sep 5 16:35:13 2001: DEBUG: Reading users file ./users2
Wed Sep 5 16:35:13 2001: INFO: Server started: Radiator 2.18.2 on ks1
Wed Sep 5 16:35:24 2001: DEBUG: Packet dump:
*** Received from 129.7.209.253 port 2050 ....
Code: Access-Request
Identifier: 41
Authentic: z<190><244>T<25><144><143><7>L1A<15><143>v<27><3>
Attributes:
NAS-IP-Address = 129.7.209.253
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
NAS-Port = 268435459
User-Name = "[EMAIL PROTECTED]"
CHAP-Password = ^Y<18><<228><239><246><230>G^46h1<136>(<243>
Wed Sep 5 16:35:24 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Sep 5 16:35:24 2001: DEBUG: Deleting session for [EMAIL PROTECTED],
129.7.209.253, 268435459
Wed Sep 5 16:35:24 2001: DEBUG: Handling with Radius::AuthFILE
Wed Sep 5 16:35:24 2001: DEBUG: Radius::AuthFILE looks for match with
[EMAIL PROTECTED]
Wed Sep 5 16:35:24 2001: DEBUG: Radius::AuthFILE ACCEPT:
Wed Sep 5 16:35:24 2001: DEBUG: Access accepted for [EMAIL PROTECTED]
Wed Sep 5 16:35:24 2001: DEBUG: Packet dump:
*** Sending to 129.7.209.253 port 2050 ....
Code: Access-Accept
Identifier: 41
Authentic: z<190><244>T<25><144><143><7>L1A<15><143>v<27><3>
Attributes:
cisco-VPNGroupInfo = "Test"
cisco-VPNPassword = "fred"
Connect-Info = "Test"
On 129.7.225.8 I am using the Cisco VPN client version 5.1.1. When I try to
connect using [EMAIL PROTECTED], the system sits there and then eventually times
out.
On the Cisco VPN 5001, I do a
show sys log buffer
and I get:
Notice 9/5/01 16:35:21 New IKE connection: [129.7.225.8]:1284:[EMAIL PROTECTED]
Debug 9/5/01 16:35:24 Received RADIUS challenge resp. from [EMAIL PROTECTED] at
129.7.225.8, contacting server
Debug 9/5/01 16:35:24 No Connect-Info for [EMAIL PROTECTED]
Debug 9/5/01 16:35:24 Bad config from RADIUS server for [EMAIL PROTECTED]
Error 9/5/01 16:35:24 No Policy, "", for user, [EMAIL PROTECTED]
Notice 9/5/01 16:35:24 <No ifp> ([EMAIL PROTECTED]) reset due to connection
failure.
On the Cisco VPN I am running VPN 5001 Concentrator V6.0.19.0001.
I know I am missing something, but I really don't understand why this
doesn't work.
Any help you could provide would be appreciated.
If we can make this work we are hoping to associate users with particular
groups with assigned VPNs. This would be our remote access service to the
university.
Howard Jares
University of Houston
[EMAIL PROTECTED]
713-743-1565
Due to the current budget constraints, the light at the end of the tunnel
will be turned off until further notice.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
