Heikki,
Found AuthWIMAX.pm in /Perl/site/lib/Radius
Changed the accounting attribute value from (C,0) to (C,1)
Wireshark trace shows it enabled but wimax device still doesn't authenticate.
Anything else I can try?
Thanks,
James Austin
Manager Technology & Projects
Crystal Commu
rsion of radiator we are running is 4.8.
Any other suggestions short of upgrading Radiator??
Regards,
Manager Technology & Projects
Crystal Communications Ltd.
281-300-8294 Mobile
281-361-5199 Office
____
From: Heikki Vatiainen [h...@open.com.au]
Sent: Thursday,
<1>
NAS-Port-Type = Wireless-IEEE-802.16
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-Offset = 0
WiMAX-Capability = <1><5>1.0<2><3><1><3><3><1><7><6><0><0><2>&
Heikki,
That seemed to work. However I am still unable to get the WiMax device to
authenticate.
Can you take a look at the attached debug file and provide your thoughts?
Regards,
James Austin
Manager Technology & Projects
Crystal Communications Ltd.
281-300-8294 Mobile
281-361-5199 Of
rk,
> key_expires) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
> ?, ?, ?)': Data too long for column 'capabilities' at row 1
> Thu Nov 7 08:56:57 2013: DEBUG: AuthBy WIMAX result: IGNORE, Failed to
> create new device_session
> Thu Nov 7 08:5
nting-Capabilities, WiMAX-FA-RK-key and Framed-MTU
attributes from Access-Accept
2. Set the Session-Timeout less than 65535 since this is the maximum value
Thanks for your help in advance...
Regards,
James Austin
Manager Technology & Projects
Crystal Communications Ltd.
281-300-8294 Mobile
281
nfiguration for now. Do you know of a way to create a fake
machine-authentication scenario so that I can test Radiator and then
get you a Trace 4? I can't figure out a way to mimic a machine-auth
request using either radpwtst or eapol_test.
Thoughts?
Thanks!
-james
On Wed, Oct 17, 2012 at
seem to log anything and simply sends the RADIUS request
to NPS without touching it / logging.
Thoughts?
Thanks!
-james
On Wed, Oct 17, 2012 at 6:39 PM, Hugh Irvine wrote:
>
> Hello James -
>
> The problem is here:
>
>
> • Mon Oct 15 01:20:47 2012
th in our
extremely unstable AD environment.
-james
On Fri, Oct 12, 2012 at 2:32 AM, Hugh Irvine wrote:
>
> We had a similar problem at the University - it turned out to be NPS
> deciding that it was a person not a machine authenticating and rejecting it
> out of hand.
>
> If y
user host/blah.somewhere.com: PEAP Authentication Failure*
Any thoughts on why this may be happening? The only difference between the
ntlm_auth wireless Radiator configuration and this one is the RADIUS proxy
directive.
-james
On Wed, Oct 10, 2012 at 5:10 AM, Heikki Vatiainen wrote:
> On
ticator in a proxied RADIUS request, does anyone have any tips on
configuring the connection request policy or the network policies?
Thanks!
-james
On Tue, Oct 9, 2012 at 2:44 PM, James Zee wrote:
> All,
>
> Thanks for the response.
>
> We've decided against using winbind / ntlm_
or append a NAS port type to the RADIUS request?
Any thoughts appreciated.
Thanks!
-james
On Mon, Oct 1, 2012 at 6:32 PM, David Zych wrote:
> > Because we're bouncing off of AD, we're relying on ntlm_auth to check a
> > user's credentials. Unfortunately our spec
someone could point me in the
right direction I'll head down that path. :)
Thanks!
-james
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
rt?
This has become extremely sevice impacting. Any thoughts on what may be
causing this would be greatly appreciated.
-james
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Hi,
Are there any published measurements on the number of transactions per second
your AAA product is capable of achieving running on a windows OS based server?
Regards,
James Austin
Manager Technology & Projects
Crystal Communications Ltd.
281-300-8294 Mobile
281-361-5199 Of
7, 0, Inconsistent lengths,
Fri May 11 14:35:26 2012: DEBUG: TacacsplusConnection disconnected
from 10.41.9.8:43379
--8<--
Any thoughts on how to go about fixing this? I'm sure I'm missing
something obvious.
Thanks!
-james
On Mon, May 7, 2012 at 4:52 AM, Patrik Forsber
ad balance with a
"least connections" or round robin LB algorithm.
Hope this helps.
-james
On Thu, May 10, 2012 at 5:15 AM, Janssen, G.H.C. (Gaston)
wrote:
> Hi,
>
> We'd like to load balance RADIUS requests over several RADIATOR servers.
> Therefor we will use an ext
Can you provide snippet of configuration for your tacacs+
configuration, if you don't mind?
-james
On Mon, Apr 30, 2012 at 19:24, David Heinz wrote:
> You could use a ClientListSQL or ClientListLDAP to store your clients and
> then instruct it to reload the client list every X seco
I generally have to bounce the daemon when I add a new device to the
TACACS+ configuration file (which happens often enough to cause
problems).
Is there a way to have radiator re-read the configuration file instead
of stopping and then starting the daemon again?
-james
On Mon, Apr 30, 2012 at
I have looked through all the archives and haven't really seen an answer for
this.
We currently use Radiator username and pwd via EAP-TTLS to authenticate WiMAX
CPE's on our WiMax network.
This works fine.
Our users would like all of their CPE's to have the same uname/pwd. The problem
we ar
We have a windows based install of Radiator.
Will this work seamlessly with Yubikey?
Is there any documentation for Yubikey integration?
Thanks,
James Austin
Houston, TX
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman
that would allow the
TACACS+ server to survive a reload? That would be very, very helpful!
-james
On Mon, Apr 16, 2012 at 07:28, Patrik Forsberg
wrote:
>> > Did another downgrade to 4.6 this time and here the issue seem to be
>> gone..
>> > I can reload/restart and th
Yes, setting the EAPTLS_PEAPVersion set to '0' seems to work.
Does this result in any sort of "less secure" communications? What is
the difference between the two PEAP draft versions?
-james
On Tue, Feb 28, 2012 at 13:06, chema wrote:
> Hi,
>
> Sometime ago, we
Adam,
Thanks for the response. I'll give that a whirl and get back.
Thanks!
-james
On Tue, Feb 28, 2012 at 12:48, Adam Bishop wrote:
> Hi,
>
> Try setting EAPTLS_PEAPVersion as 0 instead of 1 - been a while since I wrote
> my configuration but I think that was the value that
Thanks for the response.
I'm not sure how to determine that; can you give me a nudge in the
right direction?
-james
On Tue, Feb 28, 2012 at 12:49, Martin Bérubé wrote:
> Hello James,
>
> Are you using MD5 hashing for the issuer certificate ?
> Apple dropped support for MD
PEAP tunnelled packet dump:
Code: Access-Accept
Identifier: UNDEF
Authentic: <162><242><137><247><165><197>\<<169><158>L<188>5<1>f<246>
Attributes:
EAP-Message = <3><2><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Feb 28 12:27:59 2012 764406: DEBUG: EAP result: 3, EAP PEAP inner
authentication redispatched to a Handler
Tue Feb 28 12:27:59 2012 764535: DEBUG: AuthBy FILE result: CHALLENGE,
EAP PEAP inner authentication redispatched to a Handler
Tue Feb 28 12:27:59 2012 764659: DEBUG: AuthBy FILE result: CHALLENGE,
EAP PEAP inner authentication redispatched to a Handler
Tue Feb 28 12:27:59 2012 764791: DEBUG: Access challenged for
testUser: EAP PEAP inner authentication redispatched to a Handler
Tue Feb 28 12:27:59 2012 764905: DEBUG: Access challenged for
testUser: EAP PEAP inner authentication redispatched to a Handler
Tue Feb 28 12:27:59 2012 765255: DEBUG: Packet dump:
*** Sending to 10.11.55.232 port 32768
Code: Access-Challenge
Identifier: 147
Authentic: <241>:\<176><204><154>`O<196><183><201><153><173><8><247><136>
Attributes:
EAP-Message = <1><12><0>+<25><1><23><3><1><0>
@l<31><147>[<223><1>`<236><233>~<226><189><208><215>@X<248>a<210><160><213>-<8>].s<148><226><245><217><26>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Feb 28 12:27:59 2012 769812: DEBUG: Packet dump:
*** Received from 10.11.55.232 port 32768
Code: Access-Request
Identifier: 148
Authentic: <191><247><200>F<176>Q<229>!<235>P<254>g<187><229><228>t
Attributes:
User-Name = "testUser"
Calling-Station-Id = "b3-dd-ae-87-22-b3"
Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
NAS-Port = 29
cisco-avpair = "audit-session-id=0abff81600f84f4d0bcd"
NAS-IP-Address = 10.11.55.232
NAS-Identifier = "cisco-wism"
Airespace-WLAN-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 924
EAP-Message = <2><12><0>+<25><1><23><3><1><0>
c<231><169>g(<173><133><225><149>{<193><185><201><139>2<160><20><169>I<253><145><173>)<226>B<22><29>G<222>`6<183>
Message-Authenticator =
(<217><144>3I<171><10><194><28><15><8><18><242><139><198>W
Tue Feb 28 12:27:59 2012 770148: DEBUG: Handling request with Handler
'', Identifier ''
Tue Feb 28 12:27:59 2012 770331: DEBUG: Handling request with Handler
'', Identifier ''
Tue Feb 28 12:27:59 2012 770707: DEBUG: Handling with
Radius::AuthFILE: eap-outer
Tue Feb 28 12:27:59 2012 770989: DEBUG: Handling with EAP: code 2, 12, 43, 25
Tue Feb 28 12:27:59 2012 771224: DEBUG: Response type 25
Tue Feb 28 12:27:59 2012 771782: DEBUG: EAP result: 0,
Tue Feb 28 12:27:59 2012 771975: DEBUG: AuthBy FILE result: ACCEPT,
Tue Feb 28 12:27:59 2012 772145: DEBUG: AuthBy FILE result: ACCEPT,
Tue Feb 28 12:27:59 2012 772338: DEBUG: Access accepted for testUser
Tue Feb 28 12:27:59 2012 772508: DEBUG: Access accepted for testUser
Tue Feb 28 12:27:59 2012 773368: DEBUG: Packet dump:
*** Sending to 10.11.55.232 port 32768
Code: Access-Accept
Identifier: 148
Authentic: C<196><31><206><169>bF<220>j<237>K<1><183>+c<4>
Attributes:
EAP-Message = <3><12><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
MS-MPPE-Send-Key =
<131>9<217>1<158><174><131>q><23>)<182><132>*<175><161>><26>I<187><143>t<217><26><245><14>;<167>%;W<200>
MS-MPPE-Recv-Key =
<193>$B<0>sn"<10><190>_U<221>1<173>#<153><7><198>+5<188>}<200>F<251>|^<230><218>G)<175>
-->8--
Thoughts on what may be happening? I can't seem to find anything on
the web about this, but I'm also hard-pressed to believe we're the
only folks that have run into this. The client simply refuses to
connect. It's worth noting that OS X indicates the client is
"connected" with a self-assigned 169.x.x.x IP address, but the logs
really indicate that en1 (the wireless interface) continues to go
up/down and re-attempt authentication.
Any help would be greatly appreciated.
-james
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
erent group of
devices)?
-james
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Thank you both. I will try this soon. :)
I appreciate the quick and detailed responses!
-james
On Thu, Feb 17, 2011 at 16:21, Rianto Wahyudi wrote:
> Hi James,
>
>
> Make sure your computer joined to domain :
> I follow the following instruction:
> https://help.ub
Bump...and help would be greatly appreciated. :)
-james
On Wed, Feb 16, 2011 at 22:56, James wrote:
> I'm attempting to get EAP MSCHAPv2 (EAP PEAP) to work with wireless so
> that our Cisco Wireless LAN Controllers can bounce user authentication
> off of Radiator.
>
> My und
into anything of value isn't jiving right now.
Any thoughts / ideas would be appreciated! :)
-james
On Wed, Feb 16, 2011 at 20:30, Hugh Irvine wrote:
>
> Hello James -
>
> See "goodies/tacplus.txt" in the Radiator distribution.
>
> regards
>
> Hugh
&
conf file found in
the goodies directory.
Any ideas on why this is failing?
-james
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
LogFailure 1
AuthBy AD
RewriteUsername s/^([^@]+).*/$1/
SessionDatabase sessionDB
Thoughts on what's going on would be appreciated.
Thanks!
-james
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Is it possible to perform command authorization on IOS with Radiator?
If so, can anyone share any examples of how this is configure?
I don't see anything in the documentation indicating this is possible.
-james
___
radiator mailing list
rad
All,
I'm having some issues getting Radiator to bounce off of an LDAP
server with STARTTLS. Note that authentication works fine if I disable
both SSL and STARTTLS against my OpenDS LDAP server.
Here's the snippet of configuration used for :
Identifier ldapAuth
Host server.example.com
imeout = 43200,\
Port-Limit = 1
DBSource xxx
DBUsername xxx
DBAuth xxx
TableAccounting
SuccessQueryinsert into Accounting values
('%H:%M:%S','%m/%d/%Y','Success','%u','%U','%c',%1,'%a')
FailureQueryinsert into Accounting values
('%H:%M:%S','%m/%d/%Y','Failure(PAP-Auth)','%u','%U','%c',%1,'%a')
LogSuccess1
::James Nelson
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Packet dump:*** Sending to 209.68.228.179 port 1026
Code: Access-AcceptIdentifier:
171Authentic: xAttributes: Framed-IP-Address =
255.255.255.254 Service-Type = 2 Framed-Protocol =
1 Idle-Timeout = 1200
===
Thanks!
James LaszkoTFBNET[EMAIL PROTECTED]
this
I have tried this...
AcctResult ACCEPT
But this seems to do nothing... How can I simply discard these
packets???
Thanks for your help.
-James.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email
radius servers, and I need to proxy packets from one
server to another to another in order switch the networks without our
customers service being interupted.
Sorry for posting a question about this again, but I think my last post
may not have been clear.
Thanks,
James...
===
Archive at http
ckets for every
1 packet sent by qwest. I would like to let qwest worry about re-sending
the packet for me if possible.
Thanks for your help
-James
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]'
Hello,
Another question. One page 127 of the manual it says we can use any valid
Host parameter such as StripFromRequest, RewriteUsername, AddToRequest,
AddToReply, etc.
However, when I add a HostColumnDef for AddToReply, nothing happens. When
I changed the definition to AddToRequest, the attr
se contact the sender and delete the material from any
computer.
Hugh Irvine
<[EMAIL PROTECTED]To: "James Wiegand"
<[EMAIL PROTECTED]To: "James Wiegand"
m.au><[EMAIL PROTECTED]>,
"'[EMAIL
Hello,
I am trying to come up with a config where we can store the bulk of our
roaming configurations in an SQL table. There is one question that does
not seem to be obvious from the configuration. Is it possible to have to
strip the domain (or not) based on the (domain, host) key?
Here's the
Hello,
I am seeing a situation where a request comes in and is forwarded off by an
Authby RADIUS clause, and the outgoing packet has Vendor-Specific
attributes not present in the incoming packet. My customers are asking me
what these are and it is not obvious where they are coming from and how t
Hello, I am seeing the following error when using the test tool.
The RADIUS server on the other end is Cisco ACS V2.6 and this does not
occur with Cisco Secure V2.4. The authentication does work for dialup.
radpwtst -user username -password testpass -noacct -s ipaddr -secret
secretvalue
sending
the user is authenticated successfully, are
accounting records sent to the accounting server with the username
originally passed by the NAS or the rewritten username that finally got
an ACCEPT?
Thanks!
____
James Laszko - TFBnet - h
remote.radius.server.com is resolving correctly? Tried using Host instead of Host ?
Just a few ideas
James Laszko
TFBnet
[EMAIL PROTECTED]
-Original Message-
From: Jared Reimer [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 14, 2001 1:22 PM
To: Radiator Mail list
Subject
IP is making the auth request?
Thanks,
James Laszko
TFBnet
[EMAIL PROTECTED]
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Does anyone have any experience setting up WhatsUp Gold to monitor a
Radiator server? I know you have to add the WhatsUp box to the RADIUS
clients list, but what strings do you use on WhatsUp to monitor the
service and pass the authentication token so Radiator will talk to it?
Thanks,
James
keeping some of our legacy Lucent RADIUS
servers online for authentication. We would like to throw
authentication requests to the Lucent RADIUS servers from Radiator, but
still do the accounting in our Platypus SQL database. Any pointers on
this?
Thank you,
James Laszko
TFBnet
[EMAIL PROTECT
Hello everyone,
I am having the same problems that Paul is having.
We recently upgraded from Radiator 2.13 on Solaris 2.6
to Radiator 2.16.1 on Solaris 2.7. While we have had no
problems at all with authentication, our logging seems to
quit on us after just a few hours. The logfile consisten
essage=THIS IS A RESTRICTED ACCESS SYSTEM. UNAUTHORISED ACCESS
PROHIBITED.
This might work for you as well. At the time I could only find sketchy
docs on how this worked for TACACS+, and had to make an educated guess for
RADIUS.
--
++
/ James
s there a better way?
Radiator lets you do some scarry stuff...
There are examples of the time banking stuff in the complex config in the
contrib section I beleive..
We are very happy with our radiator setup..
--
James D. Butt 'J.D.' [EMAIL PROTECTED] - [EMAIL PROTECTED]
MidWest Comm
ault entry and accept them.
On Fri, 18 Jun 1999, Mike McCauley wrote:
> Hi James.
>
> On Jun 17, 12:41pm, James H. Thompson wrote:
> > Subject: Re: (RADIATOR) Simultaneous use
> > On Mon, 14 Jun 1999, Mike McCauley wrote:
> >
> > > Hi James.
> > >
sn't cumulative, you can use it only once.
You may need to add the following IOS configuration:
radius-server vsa send
--
++
/ James Pickering/
/ Email: [EMAIL PROTECTED] /
+---
We are utilising a Cosco 5200 and are having difficulties with
configuring the system for a number of customers who want permanent
internet connections with a static IP address. We have followed the
rules in the guide for the Radiator product and have found that the
configuration doesn't work.
fter the Auth request has already been denied?
Perhaps this clean up should happen on the auth request or on both
auth and acct?
Jim
On Fri, 18 Jun 1999, Mike McCauley wrote:
> Hi James.
>
> On Jun 17, 12:41pm, James H. Thompson wrote:
> > Subject: Re: (RADIATOR) Simultaneous us
In the Radiator manual at:
http://www.open.com.au/radiator/ref.html#pgfId=330971
in Section 14 it says:
14.0 Rewriting user names
You can change the User-Name attribute in each request by using the
RewriteUsername parameter. This allows you to apply separate rewriting
rules to the Use
One quick solution would be to write your own finger client for
Radiator to run. It could do things like:
use a shorter timeout
remember the state of the line from previous calls
etc.
On Fri, 11 Jun 1999, Stephen Roderick wrote:
> On Fri, 11 Jun 1999, Mike McCauley wrot
#x27;check item' column set to 'Simultaneous-Use = 2'
On Fri, 11 Jun 1999, Mike McCauley wrote:
> Hi James.
>
> For complicated reasons, that wont work the way you expect, even if you use the
> DefaultSimultaneousUse parameter I mentioned recently. I think you wil
I have only a handful of users that are allowed to do 2 simultaneous
logins. I want to restrict them to two logins, and everyone else to one.
Will this work?
In the realm:
MaxSessions 1
In the users file:
#users with dual login priv
user1 Simultaneous-Use = 2
Fall-Through = y
Your FAQ at: http://www.open.com.au/radiator/faq.html#1
says:
1. Is there a mailing list archive?
Yes, here, with thanks to the courtesy of Richard Uren.
The "here" hyperlink is broken, its written as:
http://www.thesite.com.au/~radiator/>here,
with thanks to the courtesy of Richard Uren.
sh
If you specify:
MaxSessions 1
for a realm, does a
Simultaneous-Use
item for a particular user override this?
Jim
[EMAIL PROTECTED]
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the messa
I get a 0.
The other way to fix this would be make sure that
%{NAS-Port} is never undef or an empty string when
the SQL template statements are used.
On Thu, 10 Jun 1999, Mike McCauley wrote:
> On Jun 9, 1:41am, James H. Thompson wrote:
> > Subject: Re: SessSQL errors, was: N
Fix seems to be working for me.
I'm using Mysql
On Wed, 9 Jun 1999, Mike McCauley wrote:
> Hi James,
> thanks for telling us about this, and the proposed fix. Trouble is that Im not
> sure that fix will work for _all_ SQL servers. Does it work for yours? What
> type of
I just downloaded the latest Radiator and
setup the session sql db with mysql.
We have a Nortel Aptis terminal server.
It all works great except for the admin user that is telneting
into the box has no port ID and I get the following errors in
the radiator log whenever this user logs into the box
;connect dbi:mysql:radius:localhost, username, therewasapasswordhere:
Can't
connect to local MySQL server (2)
Can't call method "getAttrByNum" on an undefined value at /usr/bin/radiusd
line 90.
--
James D.
67 matches
Mail list logo