Dear Heikki,
Thanks for your support and guidance.
I have modified my radius.cfg as advised in your following email , but
still Access-Request results as No-Reply. Please note that I have used
the same EAP certificates from the (goodies->certificates) folder .
I tried the following radpwtst :
1. radpwtst -s 192.168.0.217 -secret xxxxx -trace 4 -auth_port 1812
2. radpwtst -s 192.168.0.217 -secret xxxxx -trace 4 -auth_port 1812
-user mikem -password fred
3. radpwtst -s 192.168.0.217 -secret xxxxx -trace 4 -auth_port 1812
-user User -password clientPass
Please advise the specific 'user and password' format to be defined in
the users file to the tested for authentication using radpwtst for our
radius.cfg . Please also advise the recommended radpwtst to be performed
as the above mentioned is still providing No-Reply to the Access-Request.
There is network connectivity between our radiator and Netgear AP
(ping). Kindly check my following configuration and advise on how to
proceed.
#Foreground
#LogStdout
AcctPort 1813
AuthPort 1812
LogDir /var/log/radius
DbDir /etc/radiator
DictionaryFile /etc/radiator/dictionary
Trace 4
<Client DEFAULT>
Secret xxxxx
DupInterval 0
</Client>
# Our Netgear AP for testing
<Client 192.168.0.217>
Secret xxxxx
DupInterval 0
</Client>
<AuthLog FILE>
Identifier myauthlogger
Filename %L/authlog
LogSuccess 1
LogFailure 1
</AuthLog>
<Handler Request-Type="Access-Request",TunnelledByPEAP=1>
Identifier EAP-MSCHAP-V2
<AuthBy FILE>
Filename /etc/radiator/users
# This tells the PEAP client what types of inner EAP requests
# we will honour
EAPType MSCHAP-V2
</AuthBy>
# Log authentication success and failure to the a file
AuthLog myauthlogger
# PostAuthHook
file:"/root/Desktop/Radiator-Locked-4.14/goodies/eap_anon_hook.pl"
</Handler>
<Handler Request-Type="Access-Request">
Identifier EAP-PEAP
<AuthBy FILE>
Filename %D/users
EAPType PEAP
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
EAPTLS_PEAPVersion 0
</AuthBy>
AuthLog myauthlogger
#PreProcessingHook
file:"/root/Desktop/Radiator-Locked-4.14/goodies/eap_anon_hook.pl"
AcctLogFileName /etc/radiator/detail
</Handler>
Best Regards,
Thomas Kurian
Information Security Engineer,Pre-Sales.
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E: tho...@kccg.com
Subject: radiator Digest, Vol 70, Issue 3
Date: Mon, 02 Mar 2015 12:00:01 -0600
From: radiator-requ...@open.com.au
Reply-To: radiator@open.com.au
To: radiator@open.com.au
Message: 2
Date: Mon, 02 Mar 2015 17:23:00 +0200
From: Heikki Vatiainen <h...@open.com.au>
Subject: Re: [RADIATOR] User Auth settings: Netgear AP + Radiator
To: radiator@open.com.au
Message-ID: <54f48054.6070...@open.com.au>
Content-Type: text/plain; charset=windows-1252
On 02/28/2015 12:11 PM, Thomas Kurian wrote:
We want to make our wifi users connecting via Netgear wnr2000v3 wireless
router, to authenticate using radiator RADIUS server (172.16.0.205).
Please let me know what more need to be done further to our following
radius.cfg & default users file in order to ensure our wifi users get
forced to authenticate with our radiator server.
Please see goodies/eap_peap.cfg for PEAP example. PEAP is one of the
protocols WPA/WPA2 Enterprise uses.
Also please advise if it is radiator's /var/log/radius/logfile the only
place to test & check if the authentication is happening, once the user
connects via the router using the credentials mentioned in radiator's
user file?
You can configure <AuthLog ...>, for example, AuthLog FILE to log
authentication success and failure events. See goodies/authlog.cfg for
an example.
The Radiator logfile is useful for debugging and monitoring for errors,
but AuthLog logs just authentication events.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
------------------------------
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
End of radiator Digest, Vol 70, Issue 3
***************************************
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator