I Cheers, Jerry Sent from my phone On 02/05/2012, at 7:30 PM, "radiator-requ...@open.com.au" <radiator-requ...@open.com.au> wrote:
> Send radiator mailing list submissions to > radiator@open.com.au > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.open.com.au/mailman/listinfo/radiator > or, via email, send a message with subject or body 'help' to > radiator-requ...@open.com.au > > You can reach the person managing the list at > radiator-ow...@open.com.au > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of radiator digest..." > > > Today's Topics: > > 1. Re: Tacacs Authentication to survive reloads ? (Heikki Vatiainen) > 2. Re: Rewrite userna functionality for use in ldap_aps authby > (Heikki Vatiainen) > 3. Re: Rewrite userna functionality for use in ldap_aps authby > (Alex Sharaz) > 4. Re: doubt on Radiator Radius Authentication server > (Heikki Vatiainen) > 5. FW: doubt on Radiator Radius Authentication server > (Santhosh Katta) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 01 May 2012 21:27:32 +0300 > From: Heikki Vatiainen <h...@open.com.au> > Subject: Re: [RADIATOR] Tacacs Authentication to survive reloads ? > To: James <j...@nc.rr.com> > Cc: "radiator@open.com.au" <radiator@open.com.au> > Message-ID: <4fa02b14.4090...@open.com.au> > Content-Type: text/plain; charset=ISO-8859-1 > > On 05/01/2012 02:32 AM, James wrote: >> Can you provide snippet of configuration for your tacacs+ >> configuration, if you don't mind? > > See goodies/sql.cfg and goodies/ldapradius.cfg for examples that come > with Radiator. > > Note that you can try either one by first adding one client into e.g., > SQL and testing that it works when the client is removed from the config > file. The clients Radiator knows about are the combined set of clients > in the config file and from any ClientList* that are configured. > > Thanks! > Heikki > > > -- > Heikki Vatiainen <h...@open.com.au> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > > > ------------------------------ > > Message: 2 > Date: Tue, 01 May 2012 21:38:16 +0300 > From: Heikki Vatiainen <h...@open.com.au> > Subject: Re: [RADIATOR] Rewrite userna functionality for use in > ldap_aps authby > To: radiator@open.com.au > Message-ID: <4fa02d98.8050...@open.com.au> > Content-Type: text/plain; charset=ISO-8859-1 > > On 04/30/2012 07:23 PM, Alex Sharaz wrote: > >> root@eduroam-1-east:/var/log/radius# radpwtst -s 150.237.85.225 -secret xxxx >> -user alexsha...@sharaz.info -password yyyy -auth_port 1812 -noacct >> -mschapv2 >> >> although it works in that it does rewrite the username stripping off the >> realm and giving, in this case alexsharaz instead of alexsharaz.info, >> authentication fails further down the food chain >> Which I guess is something o do with the mschapv2 and the realm in the >> original request > > I think what happens here is the client calculates MS-CHAP2-Response > based on username with realm. Once the Handler strips the realm part, > the respective calculation within AuthBy is done with just the username > part. The results will not then match and the authentication fails. > > Can you add UsernameMatchesWithoutRealm into the AuthBy. This does the > user information lookup without realm but does not change the username > allowing MS-CHAP-V2 to succeed. > > Thanks! > Heikki > > -- > Heikki Vatiainen <h...@open.com.au> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > > > ------------------------------ > > Message: 3 > Date: Tue, 1 May 2012 20:00:37 +0000 > From: Alex Sharaz <a.sha...@hull.ac.uk> > Subject: Re: [RADIATOR] Rewrite userna functionality for use in > ldap_aps authby > To: Heikki Vatiainen <h...@open.com.au> > Cc: "radiator@open.com.au" <radiator@open.com.au> > Message-ID: <e7d4645d-52f2-406c-ad52-8864f9f65...@hull.ac.uk> > Content-Type: text/plain; charset="us-ascii" > > Hi Heikki, > Yup worked a treat. > > Now I wonder if I can get my personal Sharaz.info domain linked into eduroam > :-)) > Many thanks > Alex > > ----------------- > sip:924110...@sip.callwithus.com > > > On 1 May 2012, at 19:38, "Heikki Vatiainen" <h...@open.com.au> wrote: > >> On 04/30/2012 07:23 PM, Alex Sharaz wrote: >> >>> root@eduroam-1-east:/var/log/radius# radpwtst -s 150.237.85.225 -secret >>> xxxx -user alexsha...@sharaz.info -password yyyy -auth_port 1812 -noacct >>> -mschapv2 >>> >>> although it works in that it does rewrite the username stripping off the >>> realm and giving, in this case alexsharaz instead of alexsharaz.info, >>> authentication fails further down the food chain >>> Which I guess is something o do with the mschapv2 and the realm in the >>> original request >> >> I think what happens here is the client calculates MS-CHAP2-Response >> based on username with realm. Once the Handler strips the realm part, >> the respective calculation within AuthBy is done with just the username >> part. The results will not then match and the authentication fails. >> >> Can you add UsernameMatchesWithoutRealm into the AuthBy. This does the >> user information lookup without realm but does not change the username >> allowing MS-CHAP-V2 to succeed. >> >> Thanks! >> Heikki >> >> -- >> Heikki Vatiainen <h...@open.com.au> >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, >> NetWare etc. >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > -------------- next part -------------- > ************************************************** > To view the terms under which this email is > distributed, please go to > http://www2.hull.ac.uk/legal/disclaimer.aspx > ************************************************** > > ------------------------------ > > Message: 4 > Date: Wed, 02 May 2012 12:23:56 +0300 > From: Heikki Vatiainen <h...@open.com.au> > Subject: Re: [RADIATOR] doubt on Radiator Radius Authentication server > To: radiator@open.com.au > Message-ID: <4fa0fd2c.1070...@open.com.au> > Content-Type: text/plain; charset=ISO-8859-1 > > On 04/30/2012 04:15 PM, Santhosh Katta wrote: > >> Mon Apr 30 18:29:08 2012: DEBUG: Reading dictionary file './dictionary' >> Mon Apr 30 18:29:08 2012: ERR: Could not open dictionary file >> './dictionary': No >> such file or directory > > You can specify DictionaryFile in the configuration file like this: > DictionaryFile C:/Program Files/Radiator/dictionary > > The error message indicates radiusd is looking for the dictionary file > from the directory radiusd is started from (.). You can specify the full > path to make sure it always finds it no matter where you start radiusd from. > >> Mon Apr 30 18:29:08 2012: DEBUG: *Creating authentication port 0.0.0.0:1645* >> Mon Apr 30 18:29:08 2012: ERR: Could not bind authentication socket: >> Only one us >> age of each socket address (protocol/network address/port) is normally >> permitted > > This indicates you have one instance of radiusd running. You may want to > check that you do not e.g., have Radiator as Windows service enabled and > running. > > Thanks! > Heikki > > -- > Heikki Vatiainen <h...@open.com.au> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > > > ------------------------------ > > Message: 5 > Date: Wed, 2 May 2012 00:37:00 -0700 > From: Santhosh Katta <ska...@vocera.com> > Subject: [RADIATOR] FW: doubt on Radiator Radius Authentication > server > To: "Neil Quiogue (n...@quiogue.com)" <n...@quiogue.com> > Cc: "radiator@open.com.au" <radiator@open.com.au> > Message-ID: > <CFEF95E09347584988AD84EF0C7CBA833DFA1EAA26@exchange.vocera.local> > Content-Type: text/plain; charset="us-ascii" > > Since I got an error stating "Is being held until the list moderator can > review it for approval", so iam resending the email so that I can get faster > response. > > Thanks, > Santhosh > > From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On > Behalf Of Santhosh Katta > Sent: Monday, April 30, 2012 6:46 PM > To: Neil Quiogue > Cc: radiator@open.com.au > Subject: Re: [RADIATOR] doubt on Radiator Radius Authentication server > > Hi Neil, > Thanks for your response. > > I have followed the steps in http://www.open.com.au/radiator/install.html > document for installation on Windows 7 PC and installation went well and even > installed 'ppm install win32-daemon' on the Windows 7 PC. > > > > I have changed the configuration in radius.cfg, but still I get issue as > > > > To extend your license period, contact > ad...@open.com.au<mailto:ad...@open.com.au> > > > > Mon Apr 30 18:29:08 2012: DEBUG: Reading dictionary file './dictionary' > > Mon Apr 30 18:29:08 2012: ERR: Could not open dictionary file './dictionary': > No > > such file or directory > > Mon Apr 30 18:29:08 2012: DEBUG: Creating authentication port 0.0.0.0:1645 > > Mon Apr 30 18:29:08 2012: ERR: Could not bind authentication socket: Only one > us > > age of each socket address (protocol/network address/port) is normally > permitted > > . > > Mon Apr 30 18:29:08 2012: DEBUG: Creating accounting port 0.0.0.0:1646 > > Mon Apr 30 18:29:08 2012: ERR: Could not bind accounting socket: Only one > usage > > of each socket address (protocol/network address/port) is normally permitted. > > Mon Apr 30 18:29:08 2012: NOTICE: Server started: Radiator 4.9 on BL10408A > (LOCK > > ED) > > > Iam sure installation every thing is fine. I have attached the radius.cfg > file which is configured in "C:\Program Files\Radiator". Can you please go > through and check where is the issue. > I will Explain you what iam looking out, so that you can help me in changing > the appropriate configuration on the radius.cfg file. > I want the my client to authenticate(either with PEAP/TLS/EAP-FAST) with > Radiator Authentication server. For that I have Cisco AP with IP address > 10.99.168.64 and the shared secret I have given is "radiator". I want the > authentication port to be configured to 1812. > Can you please help in configuring radius.cfg file. Should I do any changes > in dictionary file which is in "C:\Program Files\Radiator" location > Iam following the reference guide which I have downloaded and following the > document, but still iam unable to do it. > Thanks for your help. > > Regards, > Santhosh > > > > From: Neil Quiogue [mailto:n...@quiogue.com] > Sent: Saturday, April 28, 2012 12:35 PM > To: Santhosh Katta > Cc: radiator@open.com.au > Subject: Re: [RADIATOR] doubt on Radiator Radius Authentication server > > > Hello Santhosh, > > > > Did you go through the installation document specifically the Windows section > at http://www.open.com.au/radiator/install.html ? > > > > There is also reference there on where to go to for the configuration. > > > > For your #1 and #2, it is normally the radius.cfg file and located under > Program Files\Radiator if you went through the instructions. > > > > And then when running it as a service though you need to have Win32::Daemon > (installed as 'ppm install win32-daemon' if using ActiveState Perl). Some > instructions are on Reference Manual 3.6.1 > > > > Once that is installed, it's just a matter of running 'perl > c:\perl\bin\radiusd -installservice'. > > > > And radpwtst is just a tool for testing RADIUS as it acts like a client. It > is found either in the c:\perl\bin directory or in the installation directory > (where you unzipped it). > > > > Regards, > > > > Neil > > > > Friday, April 27, 2012, 2:02:51 PM, you wrote: > > > > > Hi All, > > > > > > I have installed Radiator radius on Windows 7 laptop and installation went > well. But I am not getting how to configure and run Radiator for PEAP, > TLS....etc authentication. I went through the document, but unable to follow > on how to add Authentication port, Authentication type, Radius Client. > > > > When I give "perl radiusd" command, then below output I get > > > > Legacy library timelocal.pl will be removed from the Perl core distribution > in t > > he next major release. Please install it from the CPAN distribution > Perl4::CoreL > > ibs. It is being used at (eval 8), line 27. > > Legacy library newgetopt.pl will be removed from the Perl core distribution > in t > > he next major release. Please install it from the CPAN distribution > Perl4::CoreL > > ibs. It is being used at (eval 8), line 28. > > Fri Apr 27 15:07:12 2012: DEBUG: Finished reading configuration file > 'C:\Program > > Files\Radiator\radius.cfg' > > This Radiator license will expire on 2012-08-01 > > This Radiator license will stop operating after 1000 requests > > To purchase an unlimited full source version of Radiator, see > > http://www.open.com.au/ordering.html > > To extend your license period, contact > ad...@open.com.au<mailto:ad...@open.com.au> > > > > Fri Apr 27 15:07:12 2012: DEBUG: Reading dictionary file './dictionary' > > Fri Apr 27 15:07:12 2012: ERR: Could not open dictionary file './dictionary': > No > > such file or directory > > Fri Apr 27 15:07:12 2012: DEBUG: Creating authentication port 0.0.0.0:1645 > > Fri Apr 27 15:07:12 2012: DEBUG: Creating accounting port 0.0.0.0:1646 > > Fri Apr 27 15:07:12 2012: NOTICE: Server started: Radiator 4.9 on BL10408A > (LOCK > > ED) > > > > I have below queries: > > > > 1. In which file should I configure Authentication Port, Authentication > type, shared secret. > > 2. In Which file I should configure Radius Client. > > 3. Once I configure, the above info, how to run the file > > 4. What is "radpwtst" and what is the use of "radpwtst". > > > > Iam stuck in the basic on how to run and configure Radiator. Please help me. > > > > Regards, > > Santhosh > > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://www.open.com.au/pipermail/radiator/attachments/20120502/054343bb/attachment.html > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: radius.cfg > Type: application/octet-stream > Size: 10426 bytes > Desc: radius.cfg > Url : > http://www.open.com.au/pipermail/radiator/attachments/20120502/054343bb/attachment.obj > -------------- next part -------------- > An embedded and charset-unspecified text was scrubbed... > Name: ATT00001..txt > Url: > http://www.open.com.au/pipermail/radiator/attachments/20120502/054343bb/attachment.txt > > ------------------------------ > > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > > End of radiator Digest, Vol 36, Issue 2 > *************************************** > _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator