Re: [RADIATOR] eap auth against active directory

Wed, 17 Oct 2012 15:39:41 -0700 

Hello James -

The problem is here:


        • Mon Oct 15 01:20:47 2012 564812: DEBUG: Packet dump:
        • *** Received from 10.136.235.240 port 32768 ....
        • Code:       Access-Request
        • Identifier: 47
        • Authentic:  %wa<14><212>v<209>S<143>a<132>z<21><194>5`
        • Attributes:

        •     User-Name = "/DLAR-PBBZNB8.some.tld"


The User-Name attribute does not have "host" at the beginning, so you never use 
the host-specific Handler.

What is happening in the debug is this inner authentication is being converted 
and only the MS-CHAP is being proxied, leading to the problem I have described 
previously with NPS thinking this is a user not a machine.

regards

Hugh


On 18 Oct 2012, at 05:05, James Zee <jamesze...@gmail.com> wrote:

> Hugh,
> 
> I had previously responded to the thread with the requested information, but 
> the email response was too large and seems to have gotten lost in the mailing 
> list approval process.
> 
> I've pasted the requested information here:
> 
> http://pastebin.com/rbXq2Y5Y
> 
> It's worth noting I've made some progress. The link below has the requested 
> information (new configuration file) where a username beginning with "host" 
> is immediately proxied to NPS.
> 
> http://pastebin.com/059A7Zk7
> 
> I feel I'm getting closer.
> 
> Two questions:
> 
> (a) is anything wrong with this machine authentication handler or does it 
> look like the correct way to proxy these sorts of requests?
> 
> (b) is there a way to force Radiator to log information about the RADIUS 
> request even though we're proxying it via RADIUS to NPS?
> 
> I'm still not having luck with machine-based authentication, but I believe 
> this may be a configuration issue on NPS.
> 
> Thoughts appreciated.
> 
> Thanks!
> -james
> _______________________________________________
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to