On 04/29/2011 02:43 PM, El Abbadi, Ossama wrote: > Fri Apr 29 11:39:24 2011: DEBUG: EAP result: 1, No Handler for PEAP inner > authentication > Fri Apr 29 11:39:24 2011: DEBUG: AuthBy NTLM result: REJECT, No Handler for > PEAP inner authentication > Fri Apr 29 11:39:24 2011: INFO: Access rejected for > elabbadi.oss...@vwa.hs-rw.local: No Handler for PEAP inner authentication > Fri Apr 29 11:39:24 2011: DEBUG: Packet dump: > *** Sending to 10.1.2.86 port 1645 .... > > > Have anyone an Idea where I can define an Handler for PEAP ?
You already have this: <Handler TunnelledByPEAP=1, Client-Identifier=wism > Change it to this: <Handler TunnelledByPEAP=1> The inner authentication you are trying to match (TunnelledByPEAP) does not have Client-Identifier that matches 'wism'. You should do the similar change to TunnelledByTTLS handler too. > Thanks for Help > > -------------- > > # /etc/radiator/radius.cfg > # > # Radiator configuration file > # Automatically generated by ServerHTTP > # logged in as admin > # from client 192.168.105.210:1220 > # on Thu Apr 28 07:56:04 2011 > # > > AcctPort 1646 > AuthPort 1645 > BindAddress 0.0.0.0 > DbDir /etc/radiator > DictionaryFile %D/dictionary > Foreground 0 > LicenseExpires 2012-03-01 > LicenseKey cefb3bd23790809524597cb15633b0e4 > LicenseMaxRequests 1000 > LicenseOwner Evaluation > LivingstonHole 2 > LivingstonMIB .iso.org.dod.internet.private.enterprises.307 > LivingstonOffs 29 > LogDir /var/log/radius > LogFile %L/logfile > MaxChildren 0 > PidFile %L/radiusd.pid > PmwhoProg /usr/local/sbin/pmwho > SnmpNASErrorTimeout 60 > SnmpgetProg /usr/bin/snmpget > SnmpsetProg /usr/bin/snmpset > SnmpwalkProg /usr/bin/snmpwalk > Trace 6 > > <AuthBy NTLM> > CachePasswordExpiry 86400 > DomainFormat %R > EAPAnonymous anonymous > EAPContextTimeout 1000 > EAPFAST_PAC_Lifetime 7776000 > EAPFAST_PAC_Reprovision 2592000 > EAPTLS_CertificateType PEM > EAPTLS_MaxFragmentSize 2048 > EAPTLS_PEAPVersion 1 > EAPTLS_SessionResumption 1 > EAPTLS_SessionResumptionLimit 43200 > EAPTLS_VerifyDepth 1 > EAPType MSCHAP-V2 > Identifier Auth4Tunneled > NoDefault 1 > NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 > PasswordPrompt password > SIPDigestRealm DefaultSipRealm > UsernameFormat %U > UsernameMatchesWithoutRealm 1 > </AuthBy> > > <Client DEFAULT> > DupInterval 0 > FramedGroupMaxPortsPerClassC 255 > LivingstonHole 2 > LivingstonOffs 29 > NasType unknown > NoIgnoreDuplicates > SNMPCommunity public > Secret mysecret > </Client> > > <Client mh-ap17> > DupInterval 10 > FramedGroupMaxPortsPerClassC 255 > LivingstonHole 2 > LivingstonOffs 29 > NasType unknown > NoIgnoreDuplicates > SNMPCommunity public > Secret testing123 > </Client> > > <Handler TunnelledByPEAP=1, Client-Identifier=wism > > AuthByPolicy ContinueWhileIgnore > AuthBy Auth4Tunneled > </Handler> > > <Handler TunnelledByTTLS=1, Client-Identifier=wism > > AuthByPolicy ContinueWhileIgnore > AuthBy Auth4Tunneled > </Handler> > > <Handler Realm = /hs-rw\.local$/i> > AcctLogFileName %L/%R-%m-%Y.detail > AuthByPolicy ContinueWhileIgnore > > <AuthBy NTLM> > AutoMPPEKeys 1 > CachePasswordExpiry 86400 > DomainFormat %0 > EAPAnonymous %0 > EAPContextTimeout 1000 > EAPFAST_PAC_Lifetime 7776000 > EAPFAST_PAC_Reprovision 2592000 > EAPTLS_CAFile /root/ca/cacert.pem > EAPTLS_CertificateFile /root/ca/servercert.pem > EAPTLS_CertificateType PEM > EAPTLS_MaxFragmentSize 1000 > EAPTLS_PEAPVersion 0 > EAPTLS_PrivateKeyFile /root/ca/serverkey.pem > EAPTLS_SessionResumption 1 > EAPTLS_SessionResumptionLimit 43200 > EAPTLS_VerifyDepth 1 > EAPType PEAP > EAPType TTLS > NoDefault 1 > NtlmAuthProg /usr/bin/ntlm_auth > --helper-protocol=ntlm-server-1 > PasswordPrompt password > SIPDigestRealm DefaultSipRealm > SSLeayTrace 2 > UsernameFormat %0 > </AuthBy> > </Handler> > > <Handler User-Name = /^vwa\\/i > > > <ServerHTTP > > BindAddress 0.0.0.0 > DefaultPrivilegeLevel 15 > LogMaxLines 500 > MaxBufferSize 100000 > Password password > Port 1111 > Protocol tcp > SessionTimeout 3600 > TLS_ExpectedPeerName .+ > Trace 6 > Username admin > </ServerHTTP> > > > >> -----Ursprüngliche Nachricht----- >> Von: Heikki Vatiainen [mailto:h...@open.com.au] >> Gesendet: Donnerstag, 28. April 2011 14:35 >> An: El Abbadi, Ossama >> Cc: radiator@open.com.au >> Betreff: Re: [RADIATOR] WG: Radiator evaluation software downloaded >> >> On 04/28/2011 02:21 PM, El Abbadi, Ossama wrote: >> >>> Here the output from my last log file. And I found this entry: >>> >>> Thu Apr 28 13:08:08 2011: ERR: Could not load EAP module Radius::EAP_25: >>> Can't locate Net/SSLeay.pm in @INC (@INC contains: . /etc/perl >>> /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 >>> /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 >>> /usr/local/lib/site_perl .) at /usr/lib/perl5/Radius/TLS.pm line 15. >>> BEGIN failed--compilation aborted at /usr/lib/perl5/Radius/TLS.pm line > 15. >>> Compilation failed in require at /usr/lib/perl5/Radius/EAP_25.pm line > 24. >>> BEGIN failed--compilation aborted at /usr/lib/perl5/Radius/EAP_25.pm >>> line 24. >>> Compilation failed in require at (eval 57) line 3. >>> >>> Had any one an idea, why the compilation failed ? >> >> You need Net_SSLeay module. Please see >> http://www.open.com.au/radiator/install.html >> >> The installation instructions and the reference manual ref.pdf tell more >> about which modules are needed for which features. For example, if you >> check AuthBy LDAP2 in ref.pdf, it will tell which LDAP modules are needed. >> >> Best regards, >> Heikki >> >> -- >> Heikki Vatiainen <h...@open.com.au> >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, >> PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. >> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >> >> >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
