Re: [RADIATOR] Configurable parameters
Does EAP-FAST and EAP-TTLS require USERNAME and Password for authentication or only Username is sufficient. Thanks Sudhir H From: Sudhir Harwalkar Sent: Tuesday, July 17, 2012 10:26 AM To: Heikki Vatiainen (h...@open.com.au) Cc: radiator@open.com.au Subject: Configurable parameters Hi Heikki, To verify all EAP types What are all things need to use as a configurable parameters e.g. Username and Password. I need Configurable parameters for following EAP Types 1.PEAPv0 and PEAPv1 2.EAP-TTLS 3.EAP-TLS 4.EAP-FAST Thanks and Regards Sudhir H Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Configurable parameters
Hi Heikki, To verify all EAP types What are all things need to use as a configurable parameters e.g. Username and Password. I need Configurable parameters for following EAP Types 1.PEAPv0 and PEAPv1 2.EAP-TTLS 3.EAP-TLS 4.EAP-FAST Thanks and Regards Sudhir H Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Security settings for Wireless Network
Hi Heikki. I need some information regarding WiFi security parameters, 1. User ID - a. Does it accept special characters such as - * ' # etc. b. What's the minimum length acceptable? 2. PAC - a. Does it accept ASCII only or hex input is okay? b. Does EAP FAST also need an username in addition to PAC? 3. What is the data cipher used in EAP TTLS? Is it similar to password or something else? Need some more details here. Regards, Sudhir H Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] EAP-TLS (Radiator)
HI Heikki, Still I am facing the same issue for EAP-TLS, does certificates are proper means TLS certificates that I am using are they old one and for this shall I need to make changes in radius server side? Thanks Sudhir H From: Sudhir Harwalkar Sent: Thursday, April 19, 2012 12:19 PM To: Heikki Vatiainen (h...@open.com.au) Cc: radiator@open.com.au Subject: EAP-TLS (Radiator) Hi Heikki, Please find the log file and wire shark screenshot for your reference, as I observed its showing the message as none of the EAP desired types are available. Thanks Sudhir H Larsen & Toubro Limited www.larsentoubro.com<https://indmail.lntinfotech.com/owa/redir.aspx?C=2b4a0c51a57b47038127dd84059c7429&URL=http%3a%2f%2fwww.larsentoubro.com> This Email may contain confidential or privileged information for the intended recipient (s). If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. Earth Day. Every Day. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] FW: ] RADIATOR: EAP-FAST-MSCHAPv2
Can we generate client log at radiator side is there any option. -Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Sudhir Harwalkar Sent: Wednesday, April 18, 2012 10:59 AM To: Heikki Vatiainen (h...@open.com.au) Cc: radiator@open.com.au Subject: [RADIATOR] FW: ] RADIATOR: EAP-FAST-MSCHAPv2 Observing same error after restarting the radius server and using the DB. So I think Radius server is remembering the PAC for this reason it's not getting authenticated. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Sudhir Harwalkar Sent: Wednesday, April 18, 2012 10:38 AM To: Heikki Vatiainen Cc: radiator@open.com.au Subject: [RADIATOR] ] RADIATOR: EAP-FAST-MSCHAPv2 Hi Heiki, Still I am not clear about the working of EAP-FAST with MSCHAPv2. In this case: Whenever I flash the code to the device(client), its generating the new PAC with this radius server and the client are authenticated successfully. If I restart the radius server means by pressing ctrl+c it stop the radius sever and again I run the same config file, at that time PAC key is same and authentication is failing. As radius server is remembering the key so it's not authenticated is this true?, if not when I restart the server it should authenticate right because for radius server it's a new PAC key that's not happening here. Note: My device(client) will generate new PAC whenever flash the code. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Wednesday, April 18, 2012 3:08 AM To: radiator@open.com.au Subject: Re: [RADIATOR] RADIATOR: EAP-FAST-MSCHAPv2 On 04/17/2012 01:29 PM, Sudhir Harwalkar wrote: > > Because previously it was working fine without any modification from client > side, does modification in EAP_43.pm is affecting for authentication? > From the client log its failing after username and Pw. See the screen shot of > the client log. The change in EAP_43.pm does one thing. If Server-Unauthenticated provisioning is done, instead of requiring just one ciphersuite (TLS_DH_anon_WITH_AES_128_CBC_SHA) the mode is entered when this ciphersuite is present with possible other suites. One such suite is TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746. If you want to go back to EAP_43.pm, just take it from Radiator distribution and copy it over to any existing EAP_43.pm you have in your system. The PAC provisioning is not affected and using SQL (SQLite in your case) for storing the PAC does not change how it is generated and provisioned. You should experiment with your client and see its logs for why it does not work. The configuration I returned to you was working and tested fine here. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] RADIATOR, EAP-TLS
Hi Heikki, How to configure the client to trust the CA certificate? What I done was, converted CA, Client and Client Pvt key to hex value because in our code we are giving as hex code. Using this I run the radius server using TLS config file its showing continuously as Challenge. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Monday, April 16, 2012 2:39 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/16/2012 11:12 AM, Sudhir Harwalkar wrote: > 1. Please guide me how to keep PACs in memory, what are all the changes need > to make in config files. You need to change the Handler for outer EAP-FAST authentication to use AuthBy SQL. See goodies/sql.cfg and look for CreateEAPFastPACQuery and GetEAPFastPACQuery. For defintion of the single table that is needed, see goodies/mysqlCreate.sql. The table is EAPFAST_PAC MySQL is not required, it is just used for an example. You could try SQLite for a simple file based DB. http://www.sqlite.org/download.html You can keep all EAPTLS_* settings the same as they are now when setting up AuthBy SQL. > 2. I tried to authenticate with the EAP-TLS, as I was seen Access challenge > message only and I haven't found any error in that case, please find the log, > and config files for this. The log shows two different messages: 1. EAP Identity from your client 2. EAP-TLS start from Radiator The client then resends the identity. Check the client settings. It seems not to accept EAP-TLS or is otherwise incorrectly configured. Note that at some point you need to configure the client to trust the CA certificate in certificates/demoCA/cacert.pem Thanks! Heikki > Regards > Sudhir H > > -Original Message- > From: radiator-boun...@open.com.au > [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen > Sent: Friday, April 13, 2012 6:00 PM > To: radiator@open.com.au > Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/12/2012 04:14 PM, Sudhir Harwalkar wrote: > >> 1. Whenever I flash the new code to the device it's generating new PAC key >> at that time it's getting authenticate with the server, >> If PACs are gone after a restart, but our device generating the same >> and send to the server so it should authenticate, why that's not happening >> here. > > If the server has lost its PACs, the client PAC are useless. It is the server > that decides if the PAC is valid. If the server refuses the PAC client sends, > then a new PAC needs to be provisioned to the client. That is my take to how > this should work. > >> 2. For EAP-TLS I took CA Certificate from >> C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for >> Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem is >> these are the correct files that I am using. > > Yes. See goodies/eap_tls.cfg for an example of EAP-TLS configuration. > > Heikki > > >> Sudhir H >> >> -Original Message- >> From: Heikki Vatiainen [mailto:h...@open.com.au] >> Sent: Thursday, April 12, 2012 2:52 PM >> To: Sudhir Harwalkar >> Subject: Re: FW: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >> >> On 04/12/2012 09:25 AM, Sudhir Harwalkar wrote: >> >>> Thanks for helping me Heikki, when I flash the new code, then start the >>> radius server it's working fine after that I restarted the radius server >>> and power on the device then it's not authenticated. >>> Again I flash the code and verified working fine. >> >> Ok. Good to hear it works. >> >>> Problem arises only if I restart the radius server. >>> This should not happen right. >> >> By default Radiator keeps PACs in memory and they are gone after a restart. >> There is a possibility to keep them in SQL so that they survive across >> reboots. >> >> Heikki >> >> >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system. >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > Heikki Vatiainen > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, E
[RADIATOR] FW: ] RADIATOR: EAP-FAST-MSCHAPv2
Observing same error after restarting the radius server and using the DB. So I think Radius server is remembering the PAC for this reason it's not getting authenticated. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Sudhir Harwalkar Sent: Wednesday, April 18, 2012 10:38 AM To: Heikki Vatiainen Cc: radiator@open.com.au Subject: [RADIATOR] ] RADIATOR: EAP-FAST-MSCHAPv2 Hi Heiki, Still I am not clear about the working of EAP-FAST with MSCHAPv2. In this case: Whenever I flash the code to the device(client), its generating the new PAC with this radius server and the client are authenticated successfully. If I restart the radius server means by pressing ctrl+c it stop the radius sever and again I run the same config file, at that time PAC key is same and authentication is failing. As radius server is remembering the key so it's not authenticated is this true?, if not when I restart the server it should authenticate right because for radius server it's a new PAC key that's not happening here. Note: My device(client) will generate new PAC whenever flash the code. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Wednesday, April 18, 2012 3:08 AM To: radiator@open.com.au Subject: Re: [RADIATOR] RADIATOR: EAP-FAST-MSCHAPv2 On 04/17/2012 01:29 PM, Sudhir Harwalkar wrote: > > Because previously it was working fine without any modification from client > side, does modification in EAP_43.pm is affecting for authentication? > From the client log its failing after username and Pw. See the screen shot of > the client log. The change in EAP_43.pm does one thing. If Server-Unauthenticated provisioning is done, instead of requiring just one ciphersuite (TLS_DH_anon_WITH_AES_128_CBC_SHA) the mode is entered when this ciphersuite is present with possible other suites. One such suite is TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746. If you want to go back to EAP_43.pm, just take it from Radiator distribution and copy it over to any existing EAP_43.pm you have in your system. The PAC provisioning is not affected and using SQL (SQLite in your case) for storing the PAC does not change how it is generated and provisioned. You should experiment with your client and see its logs for why it does not work. The configuration I returned to you was working and tested fine here. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] ] RADIATOR: EAP-FAST-MSCHAPv2
Hi Heiki, Still I am not clear about the working of EAP-FAST with MSCHAPv2. In this case: Whenever I flash the code to the device(client), its generating the new PAC with this radius server and the client are authenticated successfully. If I restart the radius server means by pressing ctrl+c it stop the radius sever and again I run the same config file, at that time PAC key is same and authentication is failing. As radius server is remembering the key so it's not authenticated is this true?, if not when I restart the server it should authenticate right because for radius server it's a new PAC key that's not happening here. Note: My device(client) will generate new PAC whenever flash the code. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Wednesday, April 18, 2012 3:08 AM To: radiator@open.com.au Subject: Re: [RADIATOR] RADIATOR: EAP-FAST-MSCHAPv2 On 04/17/2012 01:29 PM, Sudhir Harwalkar wrote: > > Because previously it was working fine without any modification from client > side, does modification in EAP_43.pm is affecting for authentication? > From the client log its failing after username and Pw. See the screen shot of > the client log. The change in EAP_43.pm does one thing. If Server-Unauthenticated provisioning is done, instead of requiring just one ciphersuite (TLS_DH_anon_WITH_AES_128_CBC_SHA) the mode is entered when this ciphersuite is present with possible other suites. One such suite is TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746. If you want to go back to EAP_43.pm, just take it from Radiator distribution and copy it over to any existing EAP_43.pm you have in your system. The PAC provisioning is not affected and using SQL (SQLite in your case) for storing the PAC does not change how it is generated and provisioned. You should experiment with your client and see its logs for why it does not work. The configuration I returned to you was working and tested fine here. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2
After creating the DB and used config files, I am getting an error as: ERR: EAP-FAST TLS Handshake unsuccessful: 1248: 1 - error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message See the DB file attached with this. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Monday, April 16, 2012 11:52 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/16/2012 06:02 PM, Sudhir Harwalkar wrote: > Please check the modification in the config ( eap_fast.cfg) file is correct > or not? Because still not authenticated DBI drivers are already installed. Try with the attached configuration file. The changes are: - Enabled so that you can keep the users in a file while keeping PACs in SQL - Changed SQLite db file location to c:/Program Files/Radiator/pacdb.sqlite You need to create c:/Program Files/Radiator/pacdb.sqlite with the following command: sqlite3.exe -init pac.sql c:/Program Files/Radiator/pacdb.sqlite This will create an empty db file with the appropriate structure for EAP-FAST. When you test with the client the log will show how Radiator creates the PAC and reads it from the db file. You can now stop radiusd without loosing PAC information. Thanks! Heikki > Regards > Sudhir H > > -Original Message----- > From: Sudhir Harwalkar > Sent: Monday, April 16, 2012 4:33 PM > To: 'Heikki Vatiainen' > Cc: radiator@open.com.au > Subject: RE: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2 > > As per your comment, I made changes for EAP-FAST MACHAPv2, If I enable AUTHBY > SQL ,its giving me an error for User Filename ERR: Unknown keyword 'Filename' > in c:\Radiator\Radiator-Locked-4.9\goodies\eap_fast.cfg line 51". > > Please see the config file and sql.cfg file. > > Regards > Sudhir H > > -Original Message- > From: radiator-boun...@open.com.au > [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen > Sent: Monday, April 16, 2012 2:39 PM > To: radiator@open.com.au > Subject: Re: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/16/2012 11:12 AM, Sudhir Harwalkar wrote: > >> 1. Please guide me how to keep PACs in memory, what are all the changes need >> to make in config files. > > You need to change the Handler for outer EAP-FAST authentication to use > AuthBy SQL. See goodies/sql.cfg and look for CreateEAPFastPACQuery and > GetEAPFastPACQuery. > > For defintion of the single table that is needed, see > goodies/mysqlCreate.sql. The table is EAPFAST_PAC > > MySQL is not required, it is just used for an example. You could try > SQLite for a simple file based DB. http://www.sqlite.org/download.html > > You can keep all EAPTLS_* settings the same as they are now when setting up > AuthBy SQL. > >> 2. I tried to authenticate with the EAP-TLS, as I was seen Access challenge >> message only and I haven't found any error in that case, please find the >> log, and config files for this. > > The log shows two different messages: > 1. EAP Identity from your client > 2. EAP-TLS start from Radiator > > The client then resends the identity. Check the client settings. It > seems not to accept EAP-TLS or is otherwise incorrectly configured. > Note that at some point you need to configure the client to trust the > CA certificate in certificates/demoCA/cacert.pem > > Thanks! > Heikki > > >> Regards >> Sudhir H >> >> -Original Message- >> From: radiator-boun...@open.com.au >> [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen >> Sent: Friday, April 13, 2012 6:00 PM >> To: radiator@open.com.au >> Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >> >> On 04/12/2012 04:14 PM, Sudhir Harwalkar wrote: >> >>> 1. Whenever I flash the new code to the device it's generating new PAC key >>> at that time it's getting authenticate with the server, >>> If PACs are gone after a restart, but our device generating the same >>> and send to the server so it should authenticate, why that's not happening >>> here. >> >> If the server has lost its PACs, the client PAC are useless. It is the >> server that decides if the PAC is valid. If the server refuses the PAC >> client sends, then a new PAC needs to be provisioned to the client. That is >> my take to how this should work. >> >>> 2. For EAP-TLS I took CA Certificate from >>> C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for >>> Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem is &g
Re: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2
Please check the modification in the config ( eap_fast.cfg) file is correct or not? Because still not authenticated DBI drivers are already installed. Regards Sudhir H -Original Message- From: Sudhir Harwalkar Sent: Monday, April 16, 2012 4:33 PM To: 'Heikki Vatiainen' Cc: radiator@open.com.au Subject: RE: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2 As per your comment, I made changes for EAP-FAST MACHAPv2, If I enable AUTHBY SQL ,its giving me an error for User Filename ERR: Unknown keyword 'Filename' in c:\Radiator\Radiator-Locked-4.9\goodies\eap_fast.cfg line 51". Please see the config file and sql.cfg file. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Monday, April 16, 2012 2:39 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/16/2012 11:12 AM, Sudhir Harwalkar wrote: > 1. Please guide me how to keep PACs in memory, what are all the changes need > to make in config files. You need to change the Handler for outer EAP-FAST authentication to use AuthBy SQL. See goodies/sql.cfg and look for CreateEAPFastPACQuery and GetEAPFastPACQuery. For defintion of the single table that is needed, see goodies/mysqlCreate.sql. The table is EAPFAST_PAC MySQL is not required, it is just used for an example. You could try SQLite for a simple file based DB. http://www.sqlite.org/download.html You can keep all EAPTLS_* settings the same as they are now when setting up AuthBy SQL. > 2. I tried to authenticate with the EAP-TLS, as I was seen Access challenge > message only and I haven't found any error in that case, please find the log, > and config files for this. The log shows two different messages: 1. EAP Identity from your client 2. EAP-TLS start from Radiator The client then resends the identity. Check the client settings. It seems not to accept EAP-TLS or is otherwise incorrectly configured. Note that at some point you need to configure the client to trust the CA certificate in certificates/demoCA/cacert.pem Thanks! Heikki > Regards > Sudhir H > > -Original Message- > From: radiator-boun...@open.com.au > [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen > Sent: Friday, April 13, 2012 6:00 PM > To: radiator@open.com.au > Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/12/2012 04:14 PM, Sudhir Harwalkar wrote: > >> 1. Whenever I flash the new code to the device it's generating new PAC key >> at that time it's getting authenticate with the server, >> If PACs are gone after a restart, but our device generating the same >> and send to the server so it should authenticate, why that's not happening >> here. > > If the server has lost its PACs, the client PAC are useless. It is the server > that decides if the PAC is valid. If the server refuses the PAC client sends, > then a new PAC needs to be provisioned to the client. That is my take to how > this should work. > >> 2. For EAP-TLS I took CA Certificate from >> C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for >> Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem is >> these are the correct files that I am using. > > Yes. See goodies/eap_tls.cfg for an example of EAP-TLS configuration. > > Heikki > > >> Sudhir H >> >> -Original Message- >> From: Heikki Vatiainen [mailto:h...@open.com.au] >> Sent: Thursday, April 12, 2012 2:52 PM >> To: Sudhir Harwalkar >> Subject: Re: FW: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >> >> On 04/12/2012 09:25 AM, Sudhir Harwalkar wrote: >> >>> Thanks for helping me Heikki, when I flash the new code, then start the >>> radius server it's working fine after that I restarted the radius server >>> and power on the device then it's not authenticated. >>> Again I flash the code and verified working fine. >> >> Ok. Good to hear it works. >> >>> Problem arises only if I restart the radius server. >>> This should not happen right. >> >> By default Radiator keeps PACs in memory and they are gone after a restart. >> There is a possibility to keep them in SQL so that they survive across >> reboots. >> >> Heikki >> >> >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system
Re: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2
As per your comment, I made changes for EAP-FAST MACHAPv2, If I enable AUTHBY SQL ,its giving me an error for User Filename ERR: Unknown keyword 'Filename' in c:\Radiator\Radiator-Locked-4.9\goodies\eap_fast.cfg line 51". Please see the config file and sql.cfg file. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Monday, April 16, 2012 2:39 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/16/2012 11:12 AM, Sudhir Harwalkar wrote: > 1. Please guide me how to keep PACs in memory, what are all the changes need > to make in config files. You need to change the Handler for outer EAP-FAST authentication to use AuthBy SQL. See goodies/sql.cfg and look for CreateEAPFastPACQuery and GetEAPFastPACQuery. For defintion of the single table that is needed, see goodies/mysqlCreate.sql. The table is EAPFAST_PAC MySQL is not required, it is just used for an example. You could try SQLite for a simple file based DB. http://www.sqlite.org/download.html You can keep all EAPTLS_* settings the same as they are now when setting up AuthBy SQL. > 2. I tried to authenticate with the EAP-TLS, as I was seen Access challenge > message only and I haven't found any error in that case, please find the log, > and config files for this. The log shows two different messages: 1. EAP Identity from your client 2. EAP-TLS start from Radiator The client then resends the identity. Check the client settings. It seems not to accept EAP-TLS or is otherwise incorrectly configured. Note that at some point you need to configure the client to trust the CA certificate in certificates/demoCA/cacert.pem Thanks! Heikki > Regards > Sudhir H > > -Original Message- > From: radiator-boun...@open.com.au > [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen > Sent: Friday, April 13, 2012 6:00 PM > To: radiator@open.com.au > Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/12/2012 04:14 PM, Sudhir Harwalkar wrote: > >> 1. Whenever I flash the new code to the device it's generating new PAC key >> at that time it's getting authenticate with the server, >> If PACs are gone after a restart, but our device generating the same >> and send to the server so it should authenticate, why that's not happening >> here. > > If the server has lost its PACs, the client PAC are useless. It is the server > that decides if the PAC is valid. If the server refuses the PAC client sends, > then a new PAC needs to be provisioned to the client. That is my take to how > this should work. > >> 2. For EAP-TLS I took CA Certificate from >> C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for >> Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem is >> these are the correct files that I am using. > > Yes. See goodies/eap_tls.cfg for an example of EAP-TLS configuration. > > Heikki > > >> Sudhir H >> >> -Original Message- >> From: Heikki Vatiainen [mailto:h...@open.com.au] >> Sent: Thursday, April 12, 2012 2:52 PM >> To: Sudhir Harwalkar >> Subject: Re: FW: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >> >> On 04/12/2012 09:25 AM, Sudhir Harwalkar wrote: >> >>> Thanks for helping me Heikki, when I flash the new code, then start the >>> radius server it's working fine after that I restarted the radius server >>> and power on the device then it's not authenticated. >>> Again I flash the code and verified working fine. >> >> Ok. Good to hear it works. >> >>> Problem arises only if I restart the radius server. >>> This should not happen right. >> >> By default Radiator keeps PACs in memory and they are gone after a restart. >> There is a possibility to keep them in SQL so that they survive across >> reboots. >> >> Heikki >> >> >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system. >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > Heikki Vatiainen > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >
[RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2
1. Please guide me how to keep PACs in memory, what are all the changes need to make in config files. 2. I tried to authenticate with the EAP-TLS, as I was seen Access challenge message only and I haven't found any error in that case, please find the log, and config files for this. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Friday, April 13, 2012 6:00 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/12/2012 04:14 PM, Sudhir Harwalkar wrote: > 1. Whenever I flash the new code to the device it's generating new PAC key at > that time it's getting authenticate with the server, > If PACs are gone after a restart, but our device generating the same and > send to the server so it should authenticate, why that's not happening here. If the server has lost its PACs, the client PAC are useless. It is the server that decides if the PAC is valid. If the server refuses the PAC client sends, then a new PAC needs to be provisioned to the client. That is my take to how this should work. > 2. For EAP-TLS I took CA Certificate from > C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for > Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem is > these are the correct files that I am using. Yes. See goodies/eap_tls.cfg for an example of EAP-TLS configuration. Heikki > Sudhir H > > -Original Message- > From: Heikki Vatiainen [mailto:h...@open.com.au] > Sent: Thursday, April 12, 2012 2:52 PM > To: Sudhir Harwalkar > Subject: Re: FW: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/12/2012 09:25 AM, Sudhir Harwalkar wrote: > >> Thanks for helping me Heikki, when I flash the new code, then start the >> radius server it's working fine after that I restarted the radius server and >> power on the device then it's not authenticated. >> Again I flash the code and verified working fine. > > Ok. Good to hear it works. > >> Problem arises only if I restart the radius server. >> This should not happen right. > > By default Radiator keeps PACs in memory and they are gone after a restart. > There is a possibility to keep them in SQL so that they survive across > reboots. > > Heikki > > > > > Larsen & Toubro Limited > > www.larsentoubro.com > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. eap_tls.cfg Description: eap_tls.cfg logfile Description: logfile ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2
Hi, When radius server gets restart, our device sending same PAC details, it should authenticate right? because for the radius server it's the new key when it get restart, it has to authenticate if radius server is not remembering the previous keys info , please correct me if I have Understood wrong. Thanks Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Friday, April 13, 2012 6:00 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/12/2012 04:14 PM, Sudhir Harwalkar wrote: > 1. Whenever I flash the new code to the device it's generating new PAC key at > that time it's getting authenticate with the server, > If PACs are gone after a restart, but our device generating the same and > send to the server so it should authenticate, why that's not happening here. If the server has lost its PACs, the client PAC are useless. It is the server that decides if the PAC is valid. If the server refuses the PAC client sends, then a new PAC needs to be provisioned to the client. That is my take to how this should work. > 2. For EAP-TLS I took CA Certificate from > C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for > Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem is > these are the correct files that I am using. Yes. See goodies/eap_tls.cfg for an example of EAP-TLS configuration. Heikki > Sudhir H > > -Original Message- > From: Heikki Vatiainen [mailto:h...@open.com.au] > Sent: Thursday, April 12, 2012 2:52 PM > To: Sudhir Harwalkar > Subject: Re: FW: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/12/2012 09:25 AM, Sudhir Harwalkar wrote: > >> Thanks for helping me Heikki, when I flash the new code, then start the >> radius server it's working fine after that I restarted the radius server and >> power on the device then it's not authenticated. >> Again I flash the code and verified working fine. > > Ok. Good to hear it works. > >> Problem arises only if I restart the radius server. >> This should not happen right. > > By default Radiator keeps PACs in memory and they are gone after a restart. > There is a possibility to keep them in SQL so that they survive across > reboots. > > Heikki > > > > > Larsen & Toubro Limited > > www.larsentoubro.com > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2
Hi Heikki, Thanks for information, 1. Please guide me how to keep PACs in memory, what are all the changes need to make in config files. 2. I tried to authenticate with the EAP-TLS, as I was seen Access challenge message only and I haven't found any error in that case, please find the log, and config files for this. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Friday, April 13, 2012 6:00 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/12/2012 04:14 PM, Sudhir Harwalkar wrote: > 1. Whenever I flash the new code to the device it's generating new PAC key at > that time it's getting authenticate with the server, > If PACs are gone after a restart, but our device generating the same and > send to the server so it should authenticate, why that's not happening here. If the server has lost its PACs, the client PAC are useless. It is the server that decides if the PAC is valid. If the server refuses the PAC client sends, then a new PAC needs to be provisioned to the client. That is my take to how this should work. > 2. For EAP-TLS I took CA Certificate from > C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for > Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem is > these are the correct files that I am using. Yes. See goodies/eap_tls.cfg for an example of EAP-TLS configuration. Heikki > Sudhir H > > -Original Message- > From: Heikki Vatiainen [mailto:h...@open.com.au] > Sent: Thursday, April 12, 2012 2:52 PM > To: Sudhir Harwalkar > Subject: Re: FW: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/12/2012 09:25 AM, Sudhir Harwalkar wrote: > >> Thanks for helping me Heikki, when I flash the new code, then start the >> radius server it's working fine after that I restarted the radius server and >> power on the device then it's not authenticated. >> Again I flash the code and verified working fine. > > Ok. Good to hear it works. > >> Problem arises only if I restart the radius server. >> This should not happen right. > > By default Radiator keeps PACs in memory and they are gone after a restart. > There is a possibility to keep them in SQL so that they survive across > reboots. > > Heikki > > > > > Larsen & Toubro Limited > > www.larsentoubro.com > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. eap_tls.cfg Description: eap_tls.cfg logfile Description: logfile ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2
Hi, 1. Whenever I flash the new code to the device it's generating new PAC key at that time it's getting authenticate with the server, If PACs are gone after a restart, but our device generating the same and send to the server so it should authenticate, why that's not happening here. 2. For EAP-TLS I took CA Certificate from C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem is these are the correct files that I am using. Sudhir H -Original Message- From: Heikki Vatiainen [mailto:h...@open.com.au] Sent: Thursday, April 12, 2012 2:52 PM To: Sudhir Harwalkar Subject: Re: FW: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/12/2012 09:25 AM, Sudhir Harwalkar wrote: > Thanks for helping me Heikki, when I flash the new code, then start the > radius server it's working fine after that I restarted the radius server and > power on the device then it's not authenticated. > Again I flash the code and verified working fine. Ok. Good to hear it works. > Problem arises only if I restart the radius server. > This should not happen right. By default Radiator keeps PACs in memory and they are gone after a restart. There is a possibility to keep them in SQL so that they survive across reboots. Heikki Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2
Do I need to add rfc5422.txt file in the doc folder because this text file is not present there so. Regards Sudhir H -Original Message- From: Sudhir Harwalkar Sent: Tuesday, April 10, 2012 4:24 PM To: radiator@open.com.au Subject: RE: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 This was not happening in case of GTC and its authenticated with the server without any issue, GTC also using same PAC details. Regards Sudhir H -Original Message- From: Sudhir Harwalkar Sent: Tuesday, April 10, 2012 4:13 PM To: 'Heikki Vatiainen'; radiator@open.com.au Subject: RE: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 In my log file I seen packey, pacinfo will be resending but I haven't seen this for GTC, means its continuously trying to connect this I saw in dock light window. Thanks Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Tuesday, April 10, 2012 3:49 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/10/2012 07:41 AM, Sudhir Harwalkar wrote: > Can you explain me how to make on " Server-Authenticated Tunneled > Authentication", because I am not getting where is that option. This depends on your client. If there are no options, the log from client might be useful determining what is happening and what the client is expecting. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2
This was not happening in case of GTC and its authenticated with the server without any issue, GTC also using same PAC details. Regards Sudhir H -Original Message- From: Sudhir Harwalkar Sent: Tuesday, April 10, 2012 4:13 PM To: 'Heikki Vatiainen'; radiator@open.com.au Subject: RE: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 In my log file I seen packey, pacinfo will be resending but I haven't seen this for GTC, means its continuously trying to connect this I saw in dock light window. Thanks Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Tuesday, April 10, 2012 3:49 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/10/2012 07:41 AM, Sudhir Harwalkar wrote: > Can you explain me how to make on " Server-Authenticated Tunneled > Authentication", because I am not getting where is that option. This depends on your client. If there are no options, the log from client might be useful determining what is happening and what the client is expecting. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2
In my log file I seen packey, pacinfo will be resending but I haven't seen this for GTC, means its continuously trying to connect this I saw in dock light window. Thanks Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Tuesday, April 10, 2012 3:49 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/10/2012 07:41 AM, Sudhir Harwalkar wrote: > Can you explain me how to make on " Server-Authenticated Tunneled > Authentication", because I am not getting where is that option. This depends on your client. If there are no options, the log from client might be useful determining what is happening and what the client is expecting. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2
Can you explain me how to make on " Server-Authenticated Tunneled Authentication", because I am not getting where is that option. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Tuesday, April 10, 2012 1:56 AM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/06/2012 03:55 PM, Sudhir Harwalkar wrote: > Please find the attached new log file, users file and config file, because > with same username and password EAP-FAST GTC has worked fine, but for > MSCHAPv2 it shows an error. Looks like there might be a problem with PAC provision. In other words, you should check your client and see if the PAC provision has worked. I suggest you try turning on support for "Server-Authenticated Tunneled Authentication" (see RFC 5422) and see if the PAC provisioning works. This is what I tried when I tested this. Thanks! Heikki > Regards > Sudhir H > > -Original Message- > From: radiator-boun...@open.com.au > [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen > Sent: Friday, April 06, 2012 4:55 PM > To: radiator@open.com.au > Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/06/2012 10:07 AM, Sudhir Harwalkar wrote: > >> I tried EAP-FAST with GTC as an inner authentication its working fine, but >> for MSCHAPv2 I saw message in log file that rejected. > > The log file you sent previously shows that the user (sudhir) was found from > the users file. MSCHAPv2 then failed which indicates the password was > incorrect or your client calculated EAP-MSCHAPv2 credentials incorrectly. I > would check the password first to see it was correctly entered. > > Heikki > > >> Regards >> Sudhir H >> >> -Original Message- >> From: radiator-boun...@open.com.au >> [mailto:radiator-boun...@open.com.au] On Behalf Of Sudhir Harwalkar >> Sent: Friday, April 06, 2012 11:20 AM >> To: radiator@open.com.au >> Subject: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >> >> >> Hi Heikki, >> >> When I run the EAP-FAST I seen rejected message in the log file is it due >> do log file config. >> Please find the attached log file. >> >> Thanks >> Sudhir H >> >> -Original Message- >> From: radiator-boun...@open.com.au >> [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen >> Sent: Thursday, April 05, 2012 4:50 PM >> To: radiator@open.com.au >> Subject: Re: [RADIATOR] RADIATOR: EAP-FAST-MSCHAPv2 >> >> On 04/05/2012 10:15 AM, Sudhir Harwalkar wrote: >> >> Hello Sudhir, >> >>> As I am verifying EAP-FAST which uses inner authentication as >>> MSCHAPv2, for this our device requires any certificates like client >>> certificates? >>> >>> I red that it requires PAC means pac key should match from both >>> sides like radius sever and our device? >> >> If the client does not send its PAC, Radiator will try to allocate one to >> it. Then client is then disconnected. Next time when the client tries to >> authenticate, it will have a PAC and the authentication should then proceed. >> By default Radiator keeps the PACs in memory with the other option being >> SQL. So do not restart Radiator unless you want to clear the PAC. >> >> Thanks! >> Heikki >> >> >> -- >> Heikki Vatiainen >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. >> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system. >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the informatio
Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2
I tried EAP-FAST with GTC as an inner authentication its working fine, but for MSCHAPv2 I saw message in log file that rejected. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Sudhir Harwalkar Sent: Friday, April 06, 2012 11:20 AM To: radiator@open.com.au Subject: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 Hi Heikki, When I run the EAP-FAST I seen rejected message in the log file is it due do log file config. Please find the attached log file. Thanks Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Thursday, April 05, 2012 4:50 PM To: radiator@open.com.au Subject: Re: [RADIATOR] RADIATOR: EAP-FAST-MSCHAPv2 On 04/05/2012 10:15 AM, Sudhir Harwalkar wrote: Hello Sudhir, > As I am verifying EAP-FAST which uses inner authentication as > MSCHAPv2, for this our device requires any certificates like client > certificates? > > I red that it requires PAC means pac key should match from both sides > like radius sever and our device? If the client does not send its PAC, Radiator will try to allocate one to it. Then client is then disconnected. Next time when the client tries to authenticate, it will have a PAC and the authentication should then proceed. By default Radiator keeps the PACs in memory with the other option being SQL. So do not restart Radiator unless you want to clear the PAC. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] RADIATOR: EAP-FAST-MSCHAPv2
Hi, As I am verifying EAP-FAST which uses inner authentication as MSCHAPv2, for this our device requires any certificates like client certificates? I red that it requires PAC means pac key should match from both sides like radius sever and our device? Thanks Sudhir Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Radiator
Hi Heikki, As I want to verify security feature PEAPv1 which uses GTC as inner authentication, but I haven't find separate config file for PEAPv1. so please respond me which config file need to use for PEAPv1. Thanks Sudhir H Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] FW: Radiator
Hi Heikki, I replaced certificates file with the certificates of the patch file, then I verified stil I am getting an error as " Thu Mar 29 14:27:32 2012: ERR: Could not load EAP module Radius::EAP_26: Can't locate Digest/MD4.pm in @INC (@INC contains: . C:/Perl/site/lib C:/Perl/lib .) at C:/Perl/site/lib/Radius/MSCHAP.pm line 47. " see the log file attached with this. Thanks Sudhir H -Original Message----- From: Sudhir Harwalkar Sent: Thursday, March 29, 2012 12:30 PM To: 'Heikki Vatiainen'; radiator@open.com.au Subject: RE: [RADIATOR] Radiator Thanks, Heikki. Could you please provide me the hyperlink to the patches? Would be much appreciated. Regards, Sudhir -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Thursday, March 29, 2012 12:21 PM To: radiator@open.com.au Subject: Re: [RADIATOR] Radiator On 03/29/2012 01:30 PM, Sudhir Harwalkar wrote: > I have given GSDEMO12 as secrete at both side means AP and radiator server, > then my board was getting reset and please see the logfile . The log shows client resplying with "sslv3 alert certificate expired". You need to download the patches. Extract the package and replace the current certificates with the certificates in the patches package. You can patch the whole distribution, but just replacing the old certificates is sufficient. Otherwise PEAP authentication seems to be starting fine. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. logfile Description: logfile ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator
Hi Heikki, I replaced certificates file with the certificates of the patch file, then I verified stil I am getting an error as " Thu Mar 29 14:27:32 2012: ERR: Could not load EAP module Radius::EAP_26: Can't locate Digest/MD4.pm in @INC (@INC contains: . C:/Perl/site/lib C:/Perl/lib .) at C:/Perl/site/lib/Radius/MSCHAP.pm line 47. " see the log file attached with this. Thanks Sudhir H -Original Message----- From: Sudhir Harwalkar Sent: Thursday, March 29, 2012 12:30 PM To: 'Heikki Vatiainen'; radiator@open.com.au Subject: RE: [RADIATOR] Radiator Thanks, Heikki. Could you please provide me the hyperlink to the patches? Would be much appreciated. Regards, Sudhir -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Thursday, March 29, 2012 12:21 PM To: radiator@open.com.au Subject: Re: [RADIATOR] Radiator On 03/29/2012 01:30 PM, Sudhir Harwalkar wrote: > I have given GSDEMO12 as secrete at both side means AP and radiator server, > then my board was getting reset and please see the logfile . The log shows client resplying with "sslv3 alert certificate expired". You need to download the patches. Extract the package and replace the current certificates with the certificates in the patches package. You can patch the whole distribution, but just replacing the old certificates is sufficient. Otherwise PEAP authentication seems to be starting fine. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. logfile Description: logfile ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator
For PEAPv1 which uses Inner Authentication GTC, for this which config file need to be used. Thanks Sudhir H -Original Message- From: Sudhir Harwalkar Sent: Thursday, March 29, 2012 5:29 PM To: radiator@open.com.au Subject: RE: [RADIATOR] Radiator Hi Heikki, As per the installation document I tried to install MD4 Perl modules but it's not supporting as I used the command as cd \Perl\bin ppm install Win32::Daemon Digest::HMAC Digest::MD4 perl-ldap. I think I am getting an error because of MD4 Perl modules were not there as I found MD5.pm file. The error found in log file is : "ERR: Could not load EAP module Radius::EAP_26: Can't locate loadable object for module Digest::MD4 in @INC". Please let me know how to resolve this. Thanks Sudhir H -Original Message- From: Sudhir Harwalkar Sent: Thursday, March 29, 2012 4:11 PM To: 'radiator@open.com.au' Subject: FW: [RADIATOR] Radiator Hi Heikki, I replaced certificates file with the certificates of the patch file, then I verified stil I am getting an error as " Thu Mar 29 14:27:32 2012: ERR: Could not load EAP module Radius::EAP_26: Can't locate Digest/MD4.pm in @INC (@INC contains: . C:/Perl/site/lib C:/Perl/lib .) at C:/Perl/site/lib/Radius/MSCHAP.pm line 47. " see the log file attached with this. Thanks Sudhir H -Original Message- From: Sudhir Harwalkar Sent: Thursday, March 29, 2012 12:30 PM To: 'Heikki Vatiainen'; radiator@open.com.au Subject: RE: [RADIATOR] Radiator Thanks, Heikki. Could you please provide me the hyperlink to the patches? Would be much appreciated. Regards, Sudhir -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Thursday, March 29, 2012 12:21 PM To: radiator@open.com.au Subject: Re: [RADIATOR] Radiator On 03/29/2012 01:30 PM, Sudhir Harwalkar wrote: > I have given GSDEMO12 as secrete at both side means AP and radiator server, > then my board was getting reset and please see the logfile . The log shows client resplying with "sslv3 alert certificate expired". You need to download the patches. Extract the package and replace the current certificates with the certificates in the patches package. You can patch the whole distribution, but just replacing the old certificates is sufficient. Otherwise PEAP authentication seems to be starting fine. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator
Hi Heikki, As per the installation document I tried to install MD4 Perl modules but it's not supporting as I used the command as cd \Perl\bin ppm install Win32::Daemon Digest::HMAC Digest::MD4 perl-ldap. I think I am getting an error because of MD4 Perl modules were not there as I found MD5.pm file. The error found in log file is : "ERR: Could not load EAP module Radius::EAP_26: Can't locate loadable object for module Digest::MD4 in @INC". Please let me know how to resolve this. Thanks Sudhir H -Original Message- From: Sudhir Harwalkar Sent: Thursday, March 29, 2012 4:11 PM To: 'radiator@open.com.au' Subject: FW: [RADIATOR] Radiator Hi Heikki, I replaced certificates file with the certificates of the patch file, then I verified stil I am getting an error as " Thu Mar 29 14:27:32 2012: ERR: Could not load EAP module Radius::EAP_26: Can't locate Digest/MD4.pm in @INC (@INC contains: . C:/Perl/site/lib C:/Perl/lib .) at C:/Perl/site/lib/Radius/MSCHAP.pm line 47. " see the log file attached with this. Thanks Sudhir H -Original Message- From: Sudhir Harwalkar Sent: Thursday, March 29, 2012 12:30 PM To: 'Heikki Vatiainen'; radiator@open.com.au Subject: RE: [RADIATOR] Radiator Thanks, Heikki. Could you please provide me the hyperlink to the patches? Would be much appreciated. Regards, Sudhir -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Thursday, March 29, 2012 12:21 PM To: radiator@open.com.au Subject: Re: [RADIATOR] Radiator On 03/29/2012 01:30 PM, Sudhir Harwalkar wrote: > I have given GSDEMO12 as secrete at both side means AP and radiator server, > then my board was getting reset and please see the logfile . The log shows client resplying with "sslv3 alert certificate expired". You need to download the patches. Extract the package and replace the current certificates with the certificates in the patches package. You can patch the whole distribution, but just replacing the old certificates is sufficient. Otherwise PEAP authentication seems to be starting fine. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator
Thanks, Heikki. Could you please provide me the hyperlink to the patches? Would be much appreciated. Regards, Sudhir -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Thursday, March 29, 2012 12:21 PM To: radiator@open.com.au Subject: Re: [RADIATOR] Radiator On 03/29/2012 01:30 PM, Sudhir Harwalkar wrote: > I have given GSDEMO12 as secrete at both side means AP and radiator server, > then my board was getting reset and please see the logfile . The log shows client resplying with "sslv3 alert certificate expired". You need to download the patches. Extract the package and replace the current certificates with the certificates in the patches package. You can patch the whole distribution, but just replacing the old certificates is sufficient. Otherwise PEAP authentication seems to be starting fine. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] FW: Radiator
Hi Heikki, 1. I verified with PEAPv0, as per your comment I made change in the user file that file is not playing a role because without that also I am getting same message, please see the screenshot attached withthis. 2. Received from 192.168.32.78 port 3124, is this is correct port that listing from AP? 3. I observed is Identifier is changing every time is that correct? 4. NAS port is 0, is that correct? 5. Every time I am getting message as Bad authenticator. In my code I made User Name as Sudhir and password as sudhir12, same changes made in users file also, is this will be the correct way and I am not getting which users file need to use. Thanks Sudhir H -Original Message- From: Sudhir Harwalkar Sent: Wednesday, March 28, 2012 11:15 AM To: 'Heikki Vatiainen'; 'radiator@open.com.au' Subject: RE: [RADIATOR] FW: Radiator Hi Heikki, For PEAPv0, in the users files I have see so many username and password, in that where exactly I need to modify. -Original Message- From: Sudhir Harwalkar Sent: Tuesday, March 27, 2012 4:25 PM To: 'Heikki Vatiainen'; radiator@open.com.au Subject: RE: [RADIATOR] FW: Radiator Hi Heikki, Also I made same in Radiator and WLAN board, this I have done for EAP-PEAPv0 MSCHAPv2. See the user file in this file I had given User Name and Password, see the user name as Sudhir and PW as sudhir12. Is this the right place to make changes. Thanks Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Tuesday, March 27, 2012 3:40 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: Radiator On 03/27/2012 11:19 AM, Sudhir Harwalkar wrote: Hello Sudhir, > I modified the file according to your changes, that works fine. > There are some queries: > > 1. In the config file if I mentioned Auth PORT and ACCTPORT then it's taking > as 1645 and 1646, and I tried with the command line means I gave authport and > acctport its taking properly. I took another look at your configuration file and noticed there is still an extra line. Remove this: since the real Client clause is just below. The extra lines was before AuthPort and AcctPort lines causing them to be parsed within Client context which is not corrrect. > 2. I gave UserName and Password for both WLAN Device and Radius Server, but > its not able to associated with the AP and Radius server, how to verify that > all three AP,WLAN Device and Radius Server are communicating with each other. When you have enabled Trace 4, you should see messages from AP in Radiator's log file. Are you seeing anything? Please reply with the log especially if there are errors or warnings in it. Thanks! Heikki > Thanks > Sudhir H > > -Original Message- > From: radiator-boun...@open.com.au > [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen > Sent: Monday, March 26, 2012 1:35 PM > To: radiator@open.com.au list > Subject: Re: [RADIATOR] Radiator > > On 03/26/2012 02:54 PM, Sudhir Harwalkar wrote: > > Hello Sudhir, > >> Please find the modified EAP-PEAPv0 file, please check once whether whatever >> changes I made are correct or not, please see the error message attached >> with this peaperror.PNG. > > Try defining your using slash '/' instead of backslash '\'. For example: > > LogDir C:/Radiator/Radiator-Locked-4.9/goodies/ > > I also recommend defining LogDir and DbDir to point to where Radiator > installed its configuration file. Typically this is: > > C:/Program Files/Radiator/ > > The directory specified with DbDir should also have file called dictionary. > If not, you need to specify DictionaryFile to point to that file. > > Other changes: You have specified files and directories with '%C:\...'. > You do not need to use '%' sign here. Use for example: > > Filename C:/Radiator/Radiator-Locked-4.9/users > instead of > Filename %C:\Radiator\Radiator-Locked-4.9/users > > Here I also recommend setting AuthBy FILE Filename to C:/Program > Files/Radiator/users if C:/Program Files/Radiator/ already contains e.g., > dictionary file. > > Related to this and your previous message. The simplest users file would have > just this one line: > > username User-Password=mypassword > > This creates users file which knows about one user 'username' and where the > user has password 'mypassword'. > > Thanks! > Heikki > > >> Thanks >> Sudhir H >> >> -Original Message- >> From: Sudhir Harwalkar >> Sent: Monday, March 26, 2012 10:53 AM >> To: 'Heikki Vatiainen' >> Subject: RE: [RADIATOR] Radiator >> >> Hi Heikki, >> >> How
Re: [RADIATOR] FW: Radiator
Hi Heikki, For PEAPv0, in the users files I have see so many username and password, in that where exactly I need to modify. -Original Message- From: Sudhir Harwalkar Sent: Tuesday, March 27, 2012 4:25 PM To: 'Heikki Vatiainen'; radiator@open.com.au Subject: RE: [RADIATOR] FW: Radiator Hi Heikki, Also I made same in Radiator and WLAN board, this I have done for EAP-PEAPv0 MSCHAPv2. See the user file in this file I had given User Name and Password, see the user name as Sudhir and PW as sudhir12. Is this the right place to make changes. Thanks Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Tuesday, March 27, 2012 3:40 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: Radiator On 03/27/2012 11:19 AM, Sudhir Harwalkar wrote: Hello Sudhir, > I modified the file according to your changes, that works fine. > There are some queries: > > 1. In the config file if I mentioned Auth PORT and ACCTPORT then it's taking > as 1645 and 1646, and I tried with the command line means I gave authport and > acctport its taking properly. I took another look at your configuration file and noticed there is still an extra line. Remove this: since the real Client clause is just below. The extra lines was before AuthPort and AcctPort lines causing them to be parsed within Client context which is not corrrect. > 2. I gave UserName and Password for both WLAN Device and Radius Server, but > its not able to associated with the AP and Radius server, how to verify that > all three AP,WLAN Device and Radius Server are communicating with each other. When you have enabled Trace 4, you should see messages from AP in Radiator's log file. Are you seeing anything? Please reply with the log especially if there are errors or warnings in it. Thanks! Heikki > Thanks > Sudhir H > > -Original Message- > From: radiator-boun...@open.com.au > [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen > Sent: Monday, March 26, 2012 1:35 PM > To: radiator@open.com.au list > Subject: Re: [RADIATOR] Radiator > > On 03/26/2012 02:54 PM, Sudhir Harwalkar wrote: > > Hello Sudhir, > >> Please find the modified EAP-PEAPv0 file, please check once whether whatever >> changes I made are correct or not, please see the error message attached >> with this peaperror.PNG. > > Try defining your using slash '/' instead of backslash '\'. For example: > > LogDir C:/Radiator/Radiator-Locked-4.9/goodies/ > > I also recommend defining LogDir and DbDir to point to where Radiator > installed its configuration file. Typically this is: > > C:/Program Files/Radiator/ > > The directory specified with DbDir should also have file called dictionary. > If not, you need to specify DictionaryFile to point to that file. > > Other changes: You have specified files and directories with '%C:\...'. > You do not need to use '%' sign here. Use for example: > > Filename C:/Radiator/Radiator-Locked-4.9/users > instead of > Filename %C:\Radiator\Radiator-Locked-4.9/users > > Here I also recommend setting AuthBy FILE Filename to C:/Program > Files/Radiator/users if C:/Program Files/Radiator/ already contains e.g., > dictionary file. > > Related to this and your previous message. The simplest users file would have > just this one line: > > username User-Password=mypassword > > This creates users file which knows about one user 'username' and where the > user has password 'mypassword'. > > Thanks! > Heikki > > >> Thanks >> Sudhir H >> >> -Original Message- >> From: Sudhir Harwalkar >> Sent: Monday, March 26, 2012 10:53 AM >> To: 'Heikki Vatiainen' >> Subject: RE: [RADIATOR] Radiator >> >> Hi Heikki, >> >> How to add device username and password in our config file.is there any >> command for that. >> >> Thanks >> Sudhir H >> >> -Original Message- >> From: Sudhir Harwalkar >> Sent: Thursday, March 22, 2012 3:49 PM >> To: 'Heikki Vatiainen' >> Subject: RE: [RADIATOR] Radiator >> >> Thanks a lot Heikki, will try and let you know. >> >> Thanks >> Sudhir H >> >> -Original Message- >> From: radiator-boun...@open.com.au >> [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen >> Sent: Thursday, March 22, 2012 3:23 PM >> To: radiator@open.com.au >> Subject: Re: [RADIATOR] Radiator >> >> On 03/22/2012 11:44 AM, Sudhir Harwalkar wrote: >>> I made all the changes you have mentione
Re: [RADIATOR] FW: Radiator
Hi Heikki, Also I made same in Radiator and WLAN board, this I have done for EAP-PEAPv0 MSCHAPv2. See the user file in this file I had given User Name and Password, see the user name as Sudhir and PW as sudhir12. Is this the right place to make changes. Thanks Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Tuesday, March 27, 2012 3:40 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: Radiator On 03/27/2012 11:19 AM, Sudhir Harwalkar wrote: Hello Sudhir, > I modified the file according to your changes, that works fine. > There are some queries: > > 1. In the config file if I mentioned Auth PORT and ACCTPORT then it's taking > as 1645 and 1646, and I tried with the command line means I gave authport and > acctport its taking properly. I took another look at your configuration file and noticed there is still an extra line. Remove this: since the real Client clause is just below. The extra lines was before AuthPort and AcctPort lines causing them to be parsed within Client context which is not corrrect. > 2. I gave UserName and Password for both WLAN Device and Radius Server, but > its not able to associated with the AP and Radius server, how to verify that > all three AP,WLAN Device and Radius Server are communicating with each other. When you have enabled Trace 4, you should see messages from AP in Radiator's log file. Are you seeing anything? Please reply with the log especially if there are errors or warnings in it. Thanks! Heikki > Thanks > Sudhir H > > -Original Message- > From: radiator-boun...@open.com.au > [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen > Sent: Monday, March 26, 2012 1:35 PM > To: radiator@open.com.au list > Subject: Re: [RADIATOR] Radiator > > On 03/26/2012 02:54 PM, Sudhir Harwalkar wrote: > > Hello Sudhir, > >> Please find the modified EAP-PEAPv0 file, please check once whether whatever >> changes I made are correct or not, please see the error message attached >> with this peaperror.PNG. > > Try defining your using slash '/' instead of backslash '\'. For example: > > LogDir C:/Radiator/Radiator-Locked-4.9/goodies/ > > I also recommend defining LogDir and DbDir to point to where Radiator > installed its configuration file. Typically this is: > > C:/Program Files/Radiator/ > > The directory specified with DbDir should also have file called dictionary. > If not, you need to specify DictionaryFile to point to that file. > > Other changes: You have specified files and directories with '%C:\...'. > You do not need to use '%' sign here. Use for example: > > Filename C:/Radiator/Radiator-Locked-4.9/users > instead of > Filename %C:\Radiator\Radiator-Locked-4.9/users > > Here I also recommend setting AuthBy FILE Filename to C:/Program > Files/Radiator/users if C:/Program Files/Radiator/ already contains e.g., > dictionary file. > > Related to this and your previous message. The simplest users file would have > just this one line: > > username User-Password=mypassword > > This creates users file which knows about one user 'username' and where the > user has password 'mypassword'. > > Thanks! > Heikki > > >> Thanks >> Sudhir H >> >> -Original Message- >> From: Sudhir Harwalkar >> Sent: Monday, March 26, 2012 10:53 AM >> To: 'Heikki Vatiainen' >> Subject: RE: [RADIATOR] Radiator >> >> Hi Heikki, >> >> How to add device username and password in our config file.is there any >> command for that. >> >> Thanks >> Sudhir H >> >> -Original Message- >> From: Sudhir Harwalkar >> Sent: Thursday, March 22, 2012 3:49 PM >> To: 'Heikki Vatiainen' >> Subject: RE: [RADIATOR] Radiator >> >> Thanks a lot Heikki, will try and let you know. >> >> Thanks >> Sudhir H >> >> -Original Message- >> From: radiator-boun...@open.com.au >> [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen >> Sent: Thursday, March 22, 2012 3:23 PM >> To: radiator@open.com.au >> Subject: Re: [RADIATOR] Radiator >> >> On 03/22/2012 11:44 AM, Sudhir Harwalkar wrote: >>> I made all the changes you have mentioned, then I run the config file, in >>> the log file I got message as follows >>> Thu Mar 22 15:00:17 2012: DEBUG: Finished reading configuration >>> file 'c:\Program Files\Radiator\radiusnew.cfg' >>> Thu Mar 22 15:00:17 2012: DEBUG: Reading dictionary file &
Re: [RADIATOR] FW: Radiator
If I delete the also Its using the port 1645 and 1646. Please find the log file and config file. Thanks Sudhir -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Tuesday, March 27, 2012 3:40 PM To: radiator@open.com.au Subject: Re: [RADIATOR] FW: Radiator On 03/27/2012 11:19 AM, Sudhir Harwalkar wrote: Hello Sudhir, > I modified the file according to your changes, that works fine. > There are some queries: > > 1. In the config file if I mentioned Auth PORT and ACCTPORT then it's taking > as 1645 and 1646, and I tried with the command line means I gave authport and > acctport its taking properly. I took another look at your configuration file and noticed there is still an extra line. Remove this: since the real Client clause is just below. The extra lines was before AuthPort and AcctPort lines causing them to be parsed within Client context which is not corrrect. > 2. I gave UserName and Password for both WLAN Device and Radius Server, but > its not able to associated with the AP and Radius server, how to verify that > all three AP,WLAN Device and Radius Server are communicating with each other. When you have enabled Trace 4, you should see messages from AP in Radiator's log file. Are you seeing anything? Please reply with the log especially if there are errors or warnings in it. Thanks! Heikki > Thanks > Sudhir H > > -Original Message- > From: radiator-boun...@open.com.au > [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen > Sent: Monday, March 26, 2012 1:35 PM > To: radiator@open.com.au list > Subject: Re: [RADIATOR] Radiator > > On 03/26/2012 02:54 PM, Sudhir Harwalkar wrote: > > Hello Sudhir, > >> Please find the modified EAP-PEAPv0 file, please check once whether whatever >> changes I made are correct or not, please see the error message attached >> with this peaperror.PNG. > > Try defining your using slash '/' instead of backslash '\'. For example: > > LogDir C:/Radiator/Radiator-Locked-4.9/goodies/ > > I also recommend defining LogDir and DbDir to point to where Radiator > installed its configuration file. Typically this is: > > C:/Program Files/Radiator/ > > The directory specified with DbDir should also have file called dictionary. > If not, you need to specify DictionaryFile to point to that file. > > Other changes: You have specified files and directories with '%C:\...'. > You do not need to use '%' sign here. Use for example: > > Filename C:/Radiator/Radiator-Locked-4.9/users > instead of > Filename %C:\Radiator\Radiator-Locked-4.9/users > > Here I also recommend setting AuthBy FILE Filename to C:/Program > Files/Radiator/users if C:/Program Files/Radiator/ already contains e.g., > dictionary file. > > Related to this and your previous message. The simplest users file would have > just this one line: > > username User-Password=mypassword > > This creates users file which knows about one user 'username' and where the > user has password 'mypassword'. > > Thanks! > Heikki > > >> Thanks >> Sudhir H >> >> -Original Message- >> From: Sudhir Harwalkar >> Sent: Monday, March 26, 2012 10:53 AM >> To: 'Heikki Vatiainen' >> Subject: RE: [RADIATOR] Radiator >> >> Hi Heikki, >> >> How to add device username and password in our config file.is there any >> command for that. >> >> Thanks >> Sudhir H >> >> -Original Message- >> From: Sudhir Harwalkar >> Sent: Thursday, March 22, 2012 3:49 PM >> To: 'Heikki Vatiainen' >> Subject: RE: [RADIATOR] Radiator >> >> Thanks a lot Heikki, will try and let you know. >> >> Thanks >> Sudhir H >> >> -Original Message- >> From: radiator-boun...@open.com.au >> [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen >> Sent: Thursday, March 22, 2012 3:23 PM >> To: radiator@open.com.au >> Subject: Re: [RADIATOR] Radiator >> >> On 03/22/2012 11:44 AM, Sudhir Harwalkar wrote: >>> I made all the changes you have mentioned, then I run the config file, in >>> the log file I got message as follows >>> Thu Mar 22 15:00:17 2012: DEBUG: Finished reading configuration >>> file 'c:\Program Files\Radiator\radiusnew.cfg' >>> Thu Mar 22 15:00:17 2012: DEBUG: Reading dictionary file >>> 'C:\Program Files\Radiator/dictionary' >>> Thu Mar 22 15:00:17 2012: DEBUG: Creating authentication >&
[RADIATOR] FW: Radiator
I modified the file according to your changes, that works fine. There are some queries: 1. In the config file if I mentioned Auth PORT and ACCTPORT then it's taking as 1645 and 1646, and I tried with the command line means I gave authport and acctport its taking properly. 2. I gave UserName and Password for both WLAN Device and Radius Server, but its not able to associated with the AP and Radius server, how to verify that all three AP,WLAN Device and Radius Server are communicating with each other. Thanks Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Monday, March 26, 2012 1:35 PM To: radiator@open.com.au list Subject: Re: [RADIATOR] Radiator On 03/26/2012 02:54 PM, Sudhir Harwalkar wrote: Hello Sudhir, > Please find the modified EAP-PEAPv0 file, please check once whether whatever > changes I made are correct or not, please see the error message attached with > this peaperror.PNG. Try defining your using slash '/' instead of backslash '\'. For example: LogDir C:/Radiator/Radiator-Locked-4.9/goodies/ I also recommend defining LogDir and DbDir to point to where Radiator installed its configuration file. Typically this is: C:/Program Files/Radiator/ The directory specified with DbDir should also have file called dictionary. If not, you need to specify DictionaryFile to point to that file. Other changes: You have specified files and directories with '%C:\...'. You do not need to use '%' sign here. Use for example: Filename C:/Radiator/Radiator-Locked-4.9/users instead of Filename %C:\Radiator\Radiator-Locked-4.9/users Here I also recommend setting AuthBy FILE Filename to C:/Program Files/Radiator/users if C:/Program Files/Radiator/ already contains e.g., dictionary file. Related to this and your previous message. The simplest users file would have just this one line: username User-Password=mypassword This creates users file which knows about one user 'username' and where the user has password 'mypassword'. Thanks! Heikki > Thanks > Sudhir H > > -Original Message- > From: Sudhir Harwalkar > Sent: Monday, March 26, 2012 10:53 AM > To: 'Heikki Vatiainen' > Subject: RE: [RADIATOR] Radiator > > Hi Heikki, > > How to add device username and password in our config file.is there any > command for that. > > Thanks > Sudhir H > > -Original Message- > From: Sudhir Harwalkar > Sent: Thursday, March 22, 2012 3:49 PM > To: 'Heikki Vatiainen' > Subject: RE: [RADIATOR] Radiator > > Thanks a lot Heikki, will try and let you know. > > Thanks > Sudhir H > > -Original Message- > From: radiator-boun...@open.com.au > [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen > Sent: Thursday, March 22, 2012 3:23 PM > To: radiator@open.com.au > Subject: Re: [RADIATOR] Radiator > > On 03/22/2012 11:44 AM, Sudhir Harwalkar wrote: >> I made all the changes you have mentioned, then I run the config file, in >> the log file I got message as follows >> Thu Mar 22 15:00:17 2012: DEBUG: Finished reading configuration file >> 'c:\Program Files\Radiator\radiusnew.cfg' >> Thu Mar 22 15:00:17 2012: DEBUG: Reading dictionary file >> 'C:\Program Files\Radiator/dictionary' >> Thu Mar 22 15:00:17 2012: DEBUG: Creating authentication >> port 0.0.0.0:1812 >>Thu Mar 22 15:00:17 2012: DEBUG: Creating accounting port >> 0.0.0.0:1813 >> Thu Mar 22 15:00:17 2012: NOTICE: Server started: >> Radiator 4.9 on EMMYS0938 (LOCKED) Is this authenticated with AP? > > Looks good. It is ready to receive messages from AP. There is no > authentication done between RADIUS server and wireless AP. The shared secret > and client IP just make sure they can communicate with each other when the > WLAN users need to be authenticated by the AP. > >> As you mentioned I haven't got message like receives from AP. > > The next step is to configure AP so that it will authenticate WLAN users. How > this is done depends on your AP. > > Thanks! > Heikki > > >> Regards >> Sudhir H >> -Original Message- >> From: radiator-boun...@open.com.au >> [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen >> Sent: Thursday, March 22, 2012 2:22 PM >> To: radiator@open.com.au >> Subject: Re: [RADIATOR] Radiator >> >> On 03/21/2012 03:58 PM, Sudhir Harwalkar wrote: >> >>> Thanks a lot for helping me out. >>> I have one query : >>> Steps that I followed for EAP-PEAPv0 Testing: >>> 1.
Re: [RADIATOR] Radiator
I made all the changes you have mentioned, then I run the config file, in the log file I got message as follows Thu Mar 22 15:00:17 2012: DEBUG: Finished reading configuration file 'c:\Program Files\Radiator\radiusnew.cfg' Thu Mar 22 15:00:17 2012: DEBUG: Reading dictionary file 'C:\Program Files\Radiator/dictionary' Thu Mar 22 15:00:17 2012: DEBUG: Creating authentication port 0.0.0.0:1812 Thu Mar 22 15:00:17 2012: DEBUG: Creating accounting port 0.0.0.0:1813 Thu Mar 22 15:00:17 2012: NOTICE: Server started: Radiator 4.9 on EMMYS0938 (LOCKED) Is this authenticated with AP? As you mentioned I haven't got message like receives from AP. Regards Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Thursday, March 22, 2012 2:22 PM To: radiator@open.com.au Subject: Re: [RADIATOR] Radiator On 03/21/2012 03:58 PM, Sudhir Harwalkar wrote: > Thanks a lot for helping me out. > I have one query : > Steps that I followed for EAP-PEAPv0 Testing: > 1. Copied eap_peap.cfg file to c:\program file Add a Client clause with your AP's address in the configuration. Also set DbDir and LogDir as I just mentioned in my other message: LogDir c:/Program Files/Radiator DbDir c:/Program Files/Radiator > 2. in the command line I typed the command "perl radiusd > -bind_address 192. . . . -auth_port 1812 -log_file filename > -config_file c:\program files\eap_peap.cfg When I run this command I > am getting an error, the error details are shown in the screenshot > named as eap_peap.PNG You do not need to set BindAddress. If set, it should be address belonging to your computer, not to the AP. You usually do not need to set this at all. > - Is there anything that I need to make change? Please see above. > -How does we know that communication happening between AP and Radius Server? The log will messages Radiator receives from AP. > -Port address that I have given in AP is 1812 is that right? Please see above. About auth_port, it should match the setting in AP. By default Radiator uses 1645 so you need to check both AP and Radiator use same port number. > -please see the config file that I have used is attached with this mail. I suggest you try seeing simple authentication without PEAP works before moving to PEAP configuration. If your AP provides a method to authenticate users with plain username and password (no PEAP involved), this would be the best method to see the basic communication between AP and Radiator works. Thanks! Heikki > > Thanks > Sudhir H > > > Larsen & Toubro Limited > > www.larsentoubro.com > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. > > > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Radiator
Hi Heikki, Thanks a lot for helping me out. I have one query : Steps that I followed for EAP-PEAPv0 Testing: 1. Copied eap_peap.cfg file to c:\program file 2. in the command line I typed the command "perl radiusd -bind_address 192. . . . -auth_port 1812 -log_file filename -config_file c:\program files\eap_peap.cfg When I run this command I am getting an error, the error details are shown in the screenshot named as eap_peap.PNG - Is there anything that I need to make change? -How does we know that communication happening between AP and Radius Server? -Port address that I have given in AP is 1812 is that right? -please see the config file that I have used is attached with this mail. Thanks Sudhir H Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. <> eap_peap.cfg Description: eap_peap.cfg ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Radiator
Hi, Thanks Heikki, I installed Net-SSLeay.ppd. 1.Please find the radius.cfg file, in that I have added AP IP address and Authentication port, is that correct way that I mentioned in the config file radius.cfg file or need to make some other things and where do I need to mention Shared Secrete. 2. send me command for running radius.cfg file, that I have stored in c:/ProgramFile. Thanks in Advance. Sudhir H Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. radius.cfg Description: radius.cfg ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator
Hi Heikki, 1. I have a Wifi Device, AP and Radius Server, AP and Radius server are communicating with the config file where we will mention IP and Security type that portion is ok, My question is how our device communicate with the Radius server , Need to give any credentials on Device side? 2. when I run the command ppm install http://www.open.com.au/radiator/free-downloads/Net-SSLeay.ppd its giving me a message as " ppm install failed: can't connect to open.com.au:80" Thanks Sudhir -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Tuesday, March 20, 2012 3:09 PM To: radiator@open.com.au Subject: Re: [RADIATOR] Radiator On 03/20/2012 11:07 AM, Sudhir Harwalkar wrote: > 1. How our device know about which security got enabled in the AP side and > how it will associate with the access point. I'm not quite sure I understood the question. If you are thinking of the shared secret, that is something you as the person configuring Radiator and AP must decide. See the reference manual ref.pdf section "5.7.1 Secret" for more. http://www.open.com.au/radiator/documentation.html > 2. please see the attached screen shot of the error message. Try running the command like this: ppm install http://www.open.com.au/radiator/free-downloads/Net-SSLeay.ppd The idea is to fetch the files from the Internet with ppm. Thanks! Heikki > Thanks > Sudhir H > -Original Message- > From: radiator-boun...@open.com.au > [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen > Sent: Tuesday, March 20, 2012 2:29 PM > To: radiator@open.com.au > Subject: Re: [RADIATOR] Radiator > > On 03/20/2012 10:21 AM, Sudhir Harwalkar wrote: > >> How our board communicate with the AP and radius server, means shall I need >> to set User ID and Password in my board. > > You need to set a shared secret and IP address both on your AP and in > Radiator configuration file. I suggest you start with goodies/radius.cfg > before moving to more advanced configuration such as ones needing Net-SSLeay. > > Copy goodies/radius.cfg to e.g., under Program Files in Windows. Edit the > example Client clause and set your AP address there. On your AP you need to > configure Radiator's IP address with the same secret. > >> How to run individual config files? > > When you start radiusd from command line, use -config_file option to specify > the config file. > >> After installing the Active perl 5.12.4 tried to install Net-SSLeay still >> I am getting as an error," error as "ppm install failed". > > Please reply with full error message. > > Thanks! > Heikki > >> Thanks >> Sudhir H >> >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system. >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > Heikki Vatiainen > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, > PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full > source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > > > Larsen & Toubro Limited > > www.larsentoubro.com > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. > > > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___
Re: [RADIATOR] Radiator
Thanks, 1. How our device know about which security got enabled in the AP side and how it will associate with the access point. 2. please see the attached screen shot of the error message. Thanks Sudhir H -Original Message- From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen Sent: Tuesday, March 20, 2012 2:29 PM To: radiator@open.com.au Subject: Re: [RADIATOR] Radiator On 03/20/2012 10:21 AM, Sudhir Harwalkar wrote: > How our board communicate with the AP and radius server, means shall I need > to set User ID and Password in my board. You need to set a shared secret and IP address both on your AP and in Radiator configuration file. I suggest you start with goodies/radius.cfg before moving to more advanced configuration such as ones needing Net-SSLeay. Copy goodies/radius.cfg to e.g., under Program Files in Windows. Edit the example Client clause and set your AP address there. On your AP you need to configure Radiator's IP address with the same secret. > How to run individual config files? When you start radiusd from command line, use -config_file option to specify the config file. > After installing the Active perl 5.12.4 tried to install Net-SSLeay still I > am getting as an error," error as "ppm install failed". Please reply with full error message. Thanks! Heikki > Thanks > Sudhir H > > > > Larsen & Toubro Limited > > www.larsentoubro.com > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. <>___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Radiator
Hi, How our board communicate with the AP and radius server, means shall I need to set User ID and Password in my board. How to run individual config files? After installing the Active perl 5.12.4 tried to install Net-SSLeay still I am getting as an error," error as "ppm install failed". Thanks Sudhir H Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator