Hi All, Thank you for all your answers. Now I have followed your advice and get now this logout. Unfortunately, I do not understand why I get this :" INFO: Access rejected for vwa\elabbadi.ossama: No AuthBy found ". Have anyone an idea how I can authenticate via Radiator and Active Directory. I have found many half solutions in a mail archive but not really HowTo. I cannot believe it can be difficult.
Kind regards Ossama ------- Code: Access-Request Identifier: 55 Authentic: <167><210><157><238><199>06<196><148><28>YY<200><238>!4 Attributes: User-Name = "vwa\elabbadi.ossama" Framed-MTU = 1400 Called-Station-Id = "b4a4.e31f.abb0" Calling-Station-Id = "0024.d6ae.5c66" Service-Type = Login-User Message-Authenticator = <4><178>8<225><0>U<13>k<11><235>X<218>4<197><255><202> EAP-Message = <2><2><0><24><1>vwa\elabbadi.ossama NAS-Port-Type = Wireless-IEEE-802-11 NAS-Port = 7747 NAS-Port-Id = "7747" NAS-IP-Address = 10.1.2.86 NAS-Identifier = "mh-ap17" Mon May 2 11:00:16 2011: DEBUG: Handling request with Handler 'User-Name = /^vwa\\/i ', Identifier '' Mon May 2 11:00:16 2011: DEBUG: Deleting session for vwa\elabbadi.ossama, 10.1.2.86, 7747 Mon May 2 11:00:16 2011: INFO: Access rejected for vwa\elabbadi.ossama: No AuthBy found Mon May 2 11:00:16 2011: DEBUG: Packet dump: *** Sending to 10.1.2.86 port 1645 .... Packet length = 36 03 37 00 24 ef 94 2c 12 5a c3 48 78 5c d6 8a 50 69 fe d4 5d 12 10 52 65 71 75 65 73 74 20 44 65 6e 69 65 64 Code: Access-Reject Identifier: 55 Authentic: <239><148>,<18>Z<195>Hx\<214><138>Pi<254><212>] Attributes: Reply-Message = "Request Denied" Config: <Handler TunnelledByPEAP=1> #, Client-Identifier=wism > AuthByPolicy ContinueWhileIgnore AuthBy Auth4Tunneled </Handler> <Handler TunnelledByTTLS=1,> #, Client-Identifier=wism > AuthByPolicy ContinueWhileIgnore AuthBy Auth4Tunneled </Handler> <Handler Realm = /hs-rw\.local$/i> AcctLogFileName %L/%R-%m-%Y.detail AuthByPolicy ContinueWhileIgnore <AuthBy NTLM> AutoMPPEKeys 1 CachePasswordExpiry 86400 DomainFormat %0 EAPAnonymous %0 EAPContextTimeout 1000 EAPFAST_PAC_Lifetime 7776000 EAPFAST_PAC_Reprovision 2592000 EAPTLS_CAFile /root/ca/cacert.pem EAPTLS_CertificateFile /root/ca/servercert.pem EAPTLS_CertificateType PEM EAPTLS_MaxFragmentSize 1000 EAPTLS_PEAPVersion 0 EAPTLS_PrivateKeyFile /root/ca/serverkey.pem EAPTLS_SessionResumption 1 EAPTLS_SessionResumptionLimit 43200 EAPTLS_VerifyDepth 1 EAPType PEAP EAPType TTLS NoDefault 1 NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 PasswordPrompt password SIPDigestRealm DefaultSipRealm SSLeayTrace 2 UsernameFormat %0 </AuthBy> </Handler> <Handler User-Name = /^vwa\\/i > ---------------------------------------------------------------------------- --- > -----Ursprüngliche Nachricht----- > Von: Heikki Vatiainen [mailto:h...@open.com.au] > Gesendet: Freitag, 29. April 2011 15:46 > An: radiator@open.com.au > Cc: El Abbadi, Ossama > Betreff: Re: [RADIATOR] WG: Radiator evaluation software downloaded > > On 04/29/2011 02:43 PM, El Abbadi, Ossama wrote: > > > Fri Apr 29 11:39:24 2011: DEBUG: EAP result: 1, No Handler for PEAP > > inner authentication Fri Apr 29 11:39:24 2011: DEBUG: AuthBy NTLM > > result: REJECT, No Handler for PEAP inner authentication Fri Apr 29 > > 11:39:24 2011: INFO: Access rejected for > > elabbadi.oss...@vwa.hs-rw.local: No Handler for PEAP inner > > authentication Fri Apr 29 11:39:24 2011: DEBUG: Packet dump: > > *** Sending to 10.1.2.86 port 1645 .... > > > > > > Have anyone an Idea where I can define an Handler for PEAP ? > > You already have this: > <Handler TunnelledByPEAP=1, Client-Identifier=wism > > > Change it to this: > <Handler TunnelledByPEAP=1> > > The inner authentication you are trying to match (TunnelledByPEAP) does > not have Client-Identifier that matches 'wism'. > > You should do the similar change to TunnelledByTTLS handler too. > > > > Thanks for Help > > > > -------------- > > > > # /etc/radiator/radius.cfg > > # > > # Radiator configuration file > > # Automatically generated by ServerHTTP # logged in as admin # from > > client 192.168.105.210:1220 # on Thu Apr 28 07:56:04 2011 # > > > > AcctPort 1646 > > AuthPort 1645 > > BindAddress 0.0.0.0 > > DbDir /etc/radiator > > DictionaryFile %D/dictionary > > Foreground 0 > > LicenseExpires 2012-03-01 > > LicenseKey cefb3bd23790809524597cb15633b0e4 LicenseMaxRequests > 1000 > > LicenseOwner Evaluation LivingstonHole 2 LivingstonMIB > > .iso.org.dod.internet.private.enterprises.307 > > LivingstonOffs 29 > > LogDir /var/log/radius > > LogFile %L/logfile > > MaxChildren 0 > > PidFile %L/radiusd.pid > > PmwhoProg /usr/local/sbin/pmwho > > SnmpNASErrorTimeout 60 > > SnmpgetProg /usr/bin/snmpget > > SnmpsetProg /usr/bin/snmpset > > SnmpwalkProg /usr/bin/snmpwalk > > Trace 6 > > > > <AuthBy NTLM> > > CachePasswordExpiry 86400 > > DomainFormat %R > > EAPAnonymous anonymous > > EAPContextTimeout 1000 > > EAPFAST_PAC_Lifetime 7776000 > > EAPFAST_PAC_Reprovision 2592000 > > EAPTLS_CertificateType PEM > > EAPTLS_MaxFragmentSize 2048 > > EAPTLS_PEAPVersion 1 > > EAPTLS_SessionResumption 1 > > EAPTLS_SessionResumptionLimit 43200 > > EAPTLS_VerifyDepth 1 > > EAPType MSCHAP-V2 > > Identifier Auth4Tunneled > > NoDefault 1 > > NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 > > PasswordPrompt password > > SIPDigestRealm DefaultSipRealm > > UsernameFormat %U > > UsernameMatchesWithoutRealm 1 > > </AuthBy> > > > > <Client DEFAULT> > > DupInterval 0 > > FramedGroupMaxPortsPerClassC 255 > > LivingstonHole 2 > > LivingstonOffs 29 > > NasType unknown > > NoIgnoreDuplicates > > SNMPCommunity public > > Secret mysecret > > </Client> > > > > <Client mh-ap17> > > DupInterval 10 > > FramedGroupMaxPortsPerClassC 255 > > LivingstonHole 2 > > LivingstonOffs 29 > > NasType unknown > > NoIgnoreDuplicates > > SNMPCommunity public > > Secret testing123 > > </Client> > > > > <Handler TunnelledByPEAP=1, Client-Identifier=wism > > > AuthByPolicy ContinueWhileIgnore > > AuthBy Auth4Tunneled > > </Handler> > > > > <Handler TunnelledByTTLS=1, Client-Identifier=wism > > > AuthByPolicy ContinueWhileIgnore > > AuthBy Auth4Tunneled > > </Handler> > > > > <Handler Realm = /hs-rw\.local$/i> > > AcctLogFileName %L/%R-%m-%Y.detail > > AuthByPolicy ContinueWhileIgnore > > > > <AuthBy NTLM> > > AutoMPPEKeys 1 > > CachePasswordExpiry 86400 > > DomainFormat %0 > > EAPAnonymous %0 > > EAPContextTimeout 1000 > > EAPFAST_PAC_Lifetime 7776000 > > EAPFAST_PAC_Reprovision 2592000 > > EAPTLS_CAFile /root/ca/cacert.pem > > EAPTLS_CertificateFile /root/ca/servercert.pem > > EAPTLS_CertificateType PEM > > EAPTLS_MaxFragmentSize 1000 > > EAPTLS_PEAPVersion 0 > > EAPTLS_PrivateKeyFile /root/ca/serverkey.pem > > EAPTLS_SessionResumption 1 > > EAPTLS_SessionResumptionLimit 43200 > > EAPTLS_VerifyDepth 1 > > EAPType PEAP > > EAPType TTLS > > NoDefault 1 > > NtlmAuthProg /usr/bin/ntlm_auth > > --helper-protocol=ntlm-server-1 > > PasswordPrompt password > > SIPDigestRealm DefaultSipRealm > > SSLeayTrace 2 > > UsernameFormat %0 > > </AuthBy> > > </Handler> > > > > <Handler User-Name = /^vwa\\/i > > > > > <ServerHTTP > > > BindAddress 0.0.0.0 > > DefaultPrivilegeLevel 15 > > LogMaxLines 500 > > MaxBufferSize 100000 > > Password password > > Port 1111 > > Protocol tcp > > SessionTimeout 3600 > > TLS_ExpectedPeerName .+ > > Trace 6 > > Username admin > > </ServerHTTP> > > > > > > > >> -----Ursprüngliche Nachricht----- > >> Von: Heikki Vatiainen [mailto:h...@open.com.au] > >> Gesendet: Donnerstag, 28. April 2011 14:35 > >> An: El Abbadi, Ossama > >> Cc: radiator@open.com.au > >> Betreff: Re: [RADIATOR] WG: Radiator evaluation software downloaded > >> > >> On 04/28/2011 02:21 PM, El Abbadi, Ossama wrote: > >> > >>> Here the output from my last log file. And I found this entry: > >>> > >>> Thu Apr 28 13:08:08 2011: ERR: Could not load EAP module > Radius::EAP_25: > >>> Can't locate Net/SSLeay.pm in @INC (@INC contains: . /etc/perl > >>> /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 > >>> /usr/lib/perl5 > >>> /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 > >>> /usr/local/lib/site_perl .) at /usr/lib/perl5/Radius/TLS.pm line 15. > >>> BEGIN failed--compilation aborted at /usr/lib/perl5/Radius/TLS.pm > >>> line > > 15. > >>> Compilation failed in require at /usr/lib/perl5/Radius/EAP_25.pm > >>> line > > 24. > >>> BEGIN failed--compilation aborted at /usr/lib/perl5/Radius/EAP_25.pm > >>> line 24. > >>> Compilation failed in require at (eval 57) line 3. > >>> > >>> Had any one an idea, why the compilation failed ? > >> > >> You need Net_SSLeay module. Please see > >> http://www.open.com.au/radiator/install.html > >> > >> The installation instructions and the reference manual ref.pdf tell > >> more about which modules are needed for which features. For example, > >> if you check AuthBy LDAP2 in ref.pdf, it will tell which LDAP modules are > needed. > >> > >> Best regards, > >> Heikki > >> > >> -- > >> Heikki Vatiainen <h...@open.com.au> > >> > >> Radiator: the most portable, flexible and configurable RADIUS server > >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, > >> TLS, > > TTLS, > >> PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER > etc. > >> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > >> > >> > >> _______________________________________________ > >> radiator mailing list > >> radiator@open.com.au > >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > Heikki Vatiainen <h...@open.com.au> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, > PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. > Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator