Re: FreeRADIUS Proxy and MS IAS
On Wed, 10 Jul 2002 12:25:31 -0400 Alan DeKok [EMAIL PROTECTED] wrote: Dimitar Peikov [EMAIL PROTECTED] wrote: In this case NAS is MS RAS on 2k Server. This is explanation of error event 'A malformed request was received from= client . The data is the packet.' OK, it may be bugs in tunnelling code, which was fixed in 0.6. If you're running an earlier version, you should upgrade. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Unfortunately I made proxy request but only PAP authentication succeed. When using CHAP complain is about bad password! As I see CHAP-Challenge and CHAP-Password are the same (perhaps secret key is the same, but the client differs). User 'mitko' is 'ASP' domain member. Event Viewer log: User mitko was denied access. Fully-Qualified-User-Name = ASP\mitko NAS-IP-Address = 192.168.202.163 NAS-Identifier = not present Called-Station-Identifier = not present Calling-Station-Identifier = 192.168.202.114 Client-Friendly-Name = 192.168.202.57 Client-IP-Address = 192.168.202.57 NAS-Port-Type = Virtual NAS-Port = 6 Policy-Name = undetermined Authentication-Type = undetermined EAP-Type = undetermined Reason-Code = 16 Reason = There was an authentication failure because of an unknown user name or a bad password. FreeRADIUS log : rad_recv: Access-Request packet from host 192.168.202.163:4803, id=51, length=176 NAS-IP-Address = 192.168.202.163 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 6 MS-RAS-Vendor = 311 MS-RAS-Version = MSRASV5.00 NAS-Port-Type = Virtual Tunnel-Type:0 = PPTP Tunnel-Medium-Type:0 = IP Calling-Station-Id = 192.168.202.114 Tunnel-Client-Endpoint:0 = 192.168.202.114 User-Name = mitko@ASP CHAP-Challenge = ;\2108\244\203G\016\317\250\255m\342\256(\302\001 CHAP-Password = 0x007a52b3ed135b71ce9357b7d05589a781 Sending Access-Request of id 7 to 192.168.202.163:1645 User-Name = mitko NAS-IP-Address = 192.168.202.163 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 6 MS-RAS-Vendor = 311 MS-RAS-Version = MSRASV5.00 NAS-Port-Type = Virtual Tunnel-Type:0 = PPTP Tunnel-Medium-Type:0 = IP Calling-Station-Id = 192.168.202.114 Tunnel-Client-Endpoint:0 = 192.168.202.114 CHAP-Challenge = ;\2108\244\203G\016\317\250\255m\342\256(\302\001 CHAP-Password = 0x007a52b3ed135b71ce9357b7d05589a781 Proxy-State = 51 --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Reject packet from host 192.168.202.163:1645, id=7, length=24 Proxy-State = 0x3531 -- Dimitar Peikov Programmer Analyst Globalization Group We Build e-Business RILA Solutions 27 Building, Acad.G.Bonchev Str. 1113 Sofia, Bulgaria phone: (+359 2) 9797320 phone: (+359 2) 9797300 fax: (+359 2) 9733355 http://www.rila.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS Proxy and MS IAS
Dimitar Peikov [EMAIL PROTECTED] wrote: Unfortunately I made proxy request but only PAP authentication succeed. When using CHAP complain is about bad password! Read the FAQ on CHAP versus PAP. The same issues apply to IAS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS Proxy and MS IAS
Hi, Did someone tryed to proxy to MS IAS on 2K Server? I've got bad success about that and need some help, or example on this. If I point directly from NAS to either FreeRADIUS ot MS IAS authentication goes alright but when try to proxy MS IAS via FreeRADIUS I get errors on MS Event viewer. Any thoughts can be useful. 10x -- Dimitar Peikov Programmer Analyst Globalization Group We Build e-Business RILA Solutions 27 Building, Acad.G.Bonchev Str. 1113 Sofia, Bulgaria phone: (+359 2) 9797320 phone: (+359 2) 9797300 fax: (+359 2) 9733355 http://www.rila.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS Proxy and MS IAS
Dimitar Peikov [EMAIL PROTECTED] wrote: If I point directly from NAS to either FreeRADIUS ot MS IAS authentication goes alright but when try to proxy MS IAS via FreeRADIUS I get errors on MS Event viewer. Which are...? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS Proxy and MS IAS
On Wed, 10 Jul 2002 12:00:18 -0400 Alan DeKok [EMAIL PROTECTED] wrote: Dimitar Peikov [EMAIL PROTECTED] wrote: If I point directly from NAS to either FreeRADIUS ot MS IAS authentication goes alright but when try to proxy MS IAS via FreeRADIUS I get errors on MS Event viewer. Which are...? Alan DeKok. In this case NAS is MS RAS on 2k Server. This is explanation of error event 'A malformed request was received from client . The data is the packet.' : 01 02 00 de 98 a2 95 68 ...Þ?¢?h 0008: a3 97 e3 ae 06 c3 0a 42 £?ã®.Ã.B 0010: 0b d8 74 bc 01 07 6d 69 .Øt¼..mi 0018: 74 6b 6f 04 06 c0 a8 ca tko..À¨Ê 0020: a3 06 06 00 00 00 02 07 £... 0028: 06 00 00 00 01 05 06 00 0030: 00 00 06 1a 0c 00 00 01 0038: 37 09 06 00 00 01 37 1a 7.7. 0040: 12 00 00 01 37 12 0c 4d 7..M 0048: 53 52 41 53 56 35 2e 30 SRASV5.0 0050: 30 3d 06 00 00 00 05 40 0=.@ 0058: 06 00 00 00 01 41 06 00 .A.. 0060: 00 00 01 1f 12 31 39 32 .192 0068: 2e 31 36 38 2e 32 30 32 .168.202 0070: 2e 31 31 34 00 42 13 31 .114.B.1 0078: 39 32 2e 31 36 38 2e 32 92.168.2 0080: 30 32 2e 31 31 34 00 1a 02.114.. 0088: 18 00 00 01 37 0b 12 59 7..Y 0090: 09 16 03 a3 41 a4 f8 9a ...£A¤ø? 0098: 7a c0 6f 5a 18 07 bf 1a zÀoZ..¿. 00a0: 3a 00 00 01 37 19 34 00 :...7.4. 00a8: 00 20 b0 02 54 7f e1 b7 . °.Tá· 00b0: 32 63 fc a4 8e 23 ca cd 2cü¤?#ÊÍ 00b8: 6c 00 00 00 00 00 00 00 l... 00c0: 00 98 98 d9 06 11 36 60 .??Ù..6` 00c8: cf ab be 91 9e ed a5 1f Ï«¾??í¥. 00d0: b5 0a 32 02 48 49 69 35 µ.2.HIi5 00d8: a0 21 04 34 31 00 !.41. -- Dimitar Peikov Programmer Analyst Globalization Group We Build e-Business RILA Solutions 27 Building, Acad.G.Bonchev Str. 1113 Sofia, Bulgaria phone: (+359 2) 9797320 phone: (+359 2) 9797300 fax: (+359 2) 9733355 http://www.rila.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS Proxy and MS IAS
Dimitar Peikov [EMAIL PROTECTED] wrote: In this case NAS is MS RAS on 2k Server. This is explanation of error event 'A malformed request was received from= client . The data is the packet.' OK, it may be bugs in tunnelling code, which was fixed in 0.6. If you're running an earlier version, you should upgrade. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html