Re: [RADIATOR] User Auth settings: Netgear AP + Radiator

Fri, 06 Mar 2015 09:47:16 -0800 

Dear Heikki,
Thanks for your support and guidance.
I have modified my radius.cfg as advised in your following email , but still Access-Request results as No-Reply. Please note that I have used the same EAP certificates from the (goodies->certificates) folder . 

I tried the following radpwtst :

1. radpwtst -s 192.168.0.217 -secret xxxxx -trace 4 -auth_port 1812
2. radpwtst -s 192.168.0.217 -secret xxxxx -trace 4 -auth_port 1812
   -user mikem -password fred
3. radpwtst -s 192.168.0.217 -secret xxxxx -trace 4 -auth_port 1812
   -user User -password clientPass


Please advise the specific 'user and password' format to be defined in 
the users file to the tested for authentication using radpwtst for our 
radius.cfg . Please also advise the recommended radpwtst to be performed 
as the above mentioned is still providing No-Reply to the Access-Request.



There is network connectivity between our radiator and Netgear AP 
(ping).  Kindly check my following configuration and advise on how to 
proceed.


#Foreground
#LogStdout

AcctPort 1813
AuthPort 1812

LogDir        /var/log/radius
DbDir        /etc/radiator
DictionaryFile /etc/radiator/dictionary

Trace         4

<Client DEFAULT>
    Secret    xxxxx
    DupInterval 0
</Client>

# Our Netgear AP for testing
<Client 192.168.0.217>
    Secret    xxxxx
    DupInterval 0
</Client>

<AuthLog FILE>
    Identifier myauthlogger
    Filename %L/authlog
    LogSuccess 1
    LogFailure 1
</AuthLog>

<Handler Request-Type="Access-Request",TunnelledByPEAP=1>
    Identifier EAP-MSCHAP-V2
    <AuthBy FILE>
        Filename /etc/radiator/users

        # This tells the PEAP client what types of inner EAP requests
        # we will honour
        EAPType MSCHAP-V2
    </AuthBy>

    # Log authentication success and failure to the a file
    AuthLog myauthlogger


#    PostAuthHook 
file:"/root/Desktop/Radiator-Locked-4.14/goodies/eap_anon_hook.pl"

</Handler>

<Handler Request-Type="Access-Request">
    Identifier EAP-PEAP
    <AuthBy FILE>
        Filename %D/users

        EAPType PEAP
        EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
        EAPTLS_CertificateFile %D/certificates/cert-srv.pem
        EAPTLS_CertificateType PEM
        EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
        EAPTLS_PrivateKeyPassword whatever
        EAPTLS_MaxFragmentSize 1000
        AutoMPPEKeys

        EAPTLS_PEAPVersion 0

    </AuthBy>

    AuthLog myauthlogger


#PreProcessingHook 
file:"/root/Desktop/Radiator-Locked-4.14/goodies/eap_anon_hook.pl"

    AcctLogFileName /etc/radiator/detail
</Handler>




Best Regards,

Thomas Kurian
Information Security Engineer,Pre-Sales.
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E: tho...@kccg.com




Subject:        radiator Digest, Vol 70, Issue 3
Date:   Mon, 02 Mar 2015 12:00:01 -0600
From:   radiator-requ...@open.com.au
Reply-To:       radiator@open.com.au
To:     radiator@open.com.au




Message: 2
Date: Mon, 02 Mar 2015 17:23:00 +0200
From: Heikki Vatiainen <h...@open.com.au>
Subject: Re: [RADIATOR] User Auth settings: Netgear AP + Radiator
To: radiator@open.com.au
Message-ID: <54f48054.6070...@open.com.au>
Content-Type: text/plain; charset=windows-1252

On 02/28/2015 12:11 PM, Thomas Kurian wrote:


We want to make our wifi users connecting via Netgear wnr2000v3 wireless
router, to authenticate using radiator RADIUS server (172.16.0.205).
Please let me know what more need to be done further to our following
radius.cfg & default users file  in order to ensure our wifi users get
forced to authenticate with our radiator server.


Please see goodies/eap_peap.cfg for PEAP example. PEAP is one of the
protocols WPA/WPA2 Enterprise uses.


Also please advise if it is radiator's /var/log/radius/logfile the only
place to test & check if the authentication is happening, once the user
connects via the router using the credentials mentioned in radiator's
user file?


You can configure <AuthLog ...>, for example, AuthLog FILE to log
authentication success and failure events. See goodies/authlog.cfg for
an example.

The Radiator logfile is useful for debugging and monitoring for errors,
but AuthLog logs just authentication events.

Thanks,
Heikki

--
Heikki Vatiainen <h...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


------------------------------

_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

End of radiator Digest, Vol 70, Issue 3
***************************************




_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator





















					Reply via email to