Hugh,
Looks like my logging configuration may have been incorrect. Let me
keep tinkering with it and if I can't figure it out I'll start a new
thread.
Unfortunately because of the issues that host authentication is
causing we've had to move over to an NTLM-based authentication
configuration for n
Hello James -
As long as the User-Name contains "host/.…." this Handler should be called
provided another Handler doesn't catch it.
Without seeing the debug and the corresponding configuration file I can't
really say much else.
If you have "Trace 4" in your configuration file you will see the
Hugh,
Yes, that is correct. This capture was taken before the change (second link
that contains configuration in m previous post). Now I have this handler:
Host 10.136.234.80
Secret mysecret
AuthPort 1812
AcctPort 1813
The Trace 4 shows that the RADI
Hello James -
The problem is here:
• Mon Oct 15 01:20:47 2012 564812: DEBUG: Packet dump:
• *** Received from 10.136.235.240 port 32768
• Code: Access-Request
• Identifier: 47
• Authentic: %wa<14><212>v<209>S<143>a<132>z<21><194>5`
• A
Hi James -
As mentioned previously, we will need to see a copy of the Radiator
configuration file (no secrets) together with a trace 4 debug showing what is
happening.
And you should check the NPS logs of course to see what is happening at that
end.
In the case of the University, we were han
It is indeed NPS sending Radiator an ACCESS-REJECT.
I know this is completely non-Radiator related, but do you happen to
remember what had to be done on NPS to get this to work? I've been
tinkering for hours without success.
For the record, proxying to NPS works *much* better than ntlm_auth in ou
We had a similar problem at the University - it turned out to be NPS deciding
that it was a person not a machine authenticating and rejecting it out of hand.
If you could send us a copy of the configuration file and the associated trace
4 debug we'll take a look.
regards
Hugh
On 12 Oct 2012
..and what do the logs show on the NPS box (which is doing the auth) and
RADIATOR debug show when this just authentication is failing?
alan
--
This smartphone uses free WiFi around the world with eduroam, now that's what I
call smart.
___
radiator m
Thanks again for your helpful responses.
We seem to have everything working by proxying requests to NPS. We're
running into one final issue, however, that I can't seem to figure out.
Host-based authentication is failing. Specifically, Radiator is throwing an
error that indicates:
*for user host/
On 10/09/2012 09:44 PM, James Zee wrote:
> Unfortunately, however, when we proxy our EAP requests through Radiator,
> NPS sends an ACCESS-REJECT back without much logging. From what I can
> tell, NPS is not responding because the RADIUS message that is proxied
> through Radiator does not have a va
Hi,
>We've decided against using winbind / ntlm_auth. Unfortunately our AD
>environment is so sporadic and bumpy that we're desperate for another
>solution.
that really should be fixed. WHY is it dumpy and sporadic. I know
a lot of people give MS grief about their product with various
I imagine that an alternative would be to have a more broad NPS "connection
request policy" or "network policy", instead of having Radiator tag the
ACCESS-REQUEST with a fake NAS port type.
Maybe I could pose a more broad question: when configuring NPS as the final
authenticator in a proxied RADIU
All,
Thanks for the response.
We've decided against using winbind / ntlm_auth. Unfortunately our AD
environment is so sporadic and bumpy that we're desperate for another
solution.
So we're attempting to test Radiator proxying requests through to NPS.
I've set up a few NPS servers and put them b
> Because we're bouncing off of AD, we're relying on ntlm_auth to check a
> user's credentials. Unfortunately our specific Active Directory environment
> is *very* unstable with DCs randomly rebooting / being upgraded. This
> results in issues when ntlm_auth is run, such as:
>
> (a) NTLM Could not
Hello James -
I recently did a job for a large University which had the same problem.
After many, many problems with "winbind" we decided not to use it and we went
with a hybrid solution.
We eventually ended up proxying the EAP inner authentication using
"EAP_PEAP_MSCHAP_Convert" to the Micro
All,
I could use some pointers on where to go with an issue I'm having on our
Radiator servers for EAP authentication. I know that this question may
border a Samba-specific issue, but the Radiator community is pretty helpful
so I'm hoping someone may have run into something similar and can help me
16 matches
Mail list logo