I am attempting to setup RADIUS authentication and mapping user roles with attribute matching. Our RADIUS server is M$ IAS and it is sending weird characters as a class string whether or not I configure one. According to TAC, they have come across this before and recommend suing other attributes. I am looking for a solution or suggestions for us to tie a users AD group membership to a user role in NAC. Even an explanation of what is happening will help. The RADIUS logs including weird character strings (2nd to last line):
2009-06-23 15:58:49.372 -0400 TRACE com.perfigo.wlan.web.auth.clients.RadiusUtil - Access_Accept 2009-06-23 15:58:49.373 -0400 TRACE com.perfigo.wlan.web.auth.clients.RadiusUtil - Attributes returned from server: Class (25), Length: 7, Data: [Staff], 0x5374616666 Framed-Protocol (7), Length: 6, Data: [# 1 (PPP)], 0x00000001 Service-Type (6), Length: 6, Data: [# 2 (Framed)], 0x00000002 Class (25), Length: 32, Data: 0x58F50680000001370001C76F730B01C9D8A45F8D2DB6000000000000007D Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-MPPE-Recv-Key (17), Length: 36, Data: 0x80A***********************************************673444F942838BADD1 Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-MPPE-Send-Key (16), Length: 36, Data: 0x80B***********************************************38CAB8DC673702 Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-CHAP2-Success (26), Length: 45, Data: [¸S=C766255A664A962B3F20D8A0C243C14FD0D28D03], 0xB85******************************************************31344644304432384 43033 Vendor-Specific ID: Microsoft (311), VSA Count: 1 MS-CHAP-Domain (10), Length: 10, Data: [¸NSU_LAN], 0xB**********14E 2009-06-23 15:58:49.373 -0400 TRACE com.perfigo.wlan.web.auth.clients.RadiusUtil - VendorId:0, AttrId:178, AttrForceDataType:0, AttrArraySize:0 2009-06-23 15:58:49.373 -0400 TRACE com.perfigo.wlan.web.auth.clients.RadiusUtil - VendorId:0, AttrId:25, AttrForceDataType:0, AttrArraySize:2 2009-06-23 15:58:49.373 -0400 TRACE com.perfigo.wlan.web.auth.clients.RadiusUtil - STR:Staff 2009-06-23 15:58:49.373 -0400 TRACE com.perfigo.wlan.web.auth.clients.RadiusUtil - STR:X��7�os �ؤ_�-�} 2009-06-23 15:58:49.572 -0400 TRACE com.perfigo.wlan.web.admin.ManagerBuildInfo - ServerBuildInfo - init : No such file or directory Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 700 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Fax: 757-823-2128 Email: <mailto:[email protected]> [email protected] <http://security.nsu.edu> http://security.nsu.edu
smime.p7s
Description: S/MIME cryptographic signature
