Hello Dordaneh -
Have you installed the latest Radiator 3.6 patches? There was a problem with reply attributes that was fixed some time ago.
regards
Hugh
On Monday, Sep 15, 2003, at 19:41 Australia/Melbourne, Arangeh, Dordaneh wrote:
Hello - Thanks for your answer. With dictionary every thing is fine. I activated a log file for DB to see weather it sends the desired attributes or not. DB is sending them, it is radiator which is not giving them further to the client. I tested my DB by means of radpwtst with all three optins (-mschap -mschap2 and -eapmd5). In all three cases , three attributes are sent correctly. Unfortunately I have no opting to test the thing with radpwtst and peap because there is no possibility to check radpwtst with peap and peap is the only option one can use for 802.1x authentication, or am I wrong in this? Please correct me if it is so. Any further tip, what the 802.1x authentication problem could be?
Thanking you in advance
-----Original Message----- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Samstag, 13. September 2003 09:26 To: Arangeh, Dordaneh Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) 802.1x and vlan assignment
Hello -
You should check your Radiator dictionary to make sure the attributes you are using are defined (they are in the standard Radiator 3.6 dictionary).
The trace debug doesn't show the reply attributes at all, so I suspect there is a problem with the database response.
regards
Hugh
On Friday, Sep 12, 2003, at 23:19 Australia/Melbourne, Dordaneh Arangeh wrote:
fileHello everybody, I have configured the cfg file for radiator for authenticating with eap-peap. Furthermore I have added a part under auth PLsql, so as the radiator sends three attributes (Vlan identity) to the client. cfgis included at the end of the message. The client is a Windows2000onedefinedand the authentication part of its LAN connection is configured to use EAP-PEAP. When the PC is connected to the Switch (which is naturally configured for 802.1x) , it sends access request to the radiator and every thing is fine. Client is authenticated. Problems:
1. The vlan assignment doesn't work. Three attributes which areto be returned by radiator (Tunnel-Type = VLAN , Tunnel-Medium-Type = 802 ,Tunnel-Private-Group-ID = xxxxxxx) , are not returned. Instead of these attributes I see in the trace following strings: (xxxxxx is what
remainsI put for the sake of having shorter email!!)
.......... Code: Access-Accept Identifier: 235 Authentic: <3>&<10><190><4><1><3><203><10><23>%e%<128><9><199> Attributes: MS-MPPE-Send-Key = "xxxxxxxx" MS-MPPE-Recv-Key = xxxxxxxxxx EAP-Message = <3><10><0><4> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
..................
So the vlan assignment is not done.
2. The windows in the client side is saving the username and password somewhere and one can not change it any more . It means I can not try with any other username !!
3. Client is sending priodically an access request with a very funny username which I never anywhere configured. Some thing like: User-Name = "azbycx" and then starts for Access chanllenge andthere, neither reject nor accept.
Thanking you in advance for helps and tips.
Dordaneh -------------------------------------------- cfg File -------------------------------------------- Foreground LogStdout LogDir . DbDir . Trace 4 <Client DEFAULT> Secret xxxxxxx DupInterval 0 </Client> <Handler TunnelledByPEAP=1> <AuthBy PLSQL> NoDefault DBSource dbi:Oracle:xx.xxxx DBUxsername xxxx DBAuth xxxx
# Authentication AuthBlock BEGIN \ NETngRadius.getUserData ('%n',:passwd,:reply_item);\ END;
AuthParamDef :passwd, User-Password, check AuthParamDef :reply_item, GENERIC, reply </AuthBy> </Handler>
<Handler> <AuthBy PLSQL> NoDefault DBSource dbi:Oracle:xx.xxxxx DBUsername xxxxx DBAuth xxxxx
# Authentication AuthBlock BEGIN \ NETngRadius.getUserData ('%n',:passwd,:reply_item);\ END;
AuthParamDef :passwd, User-Password, check AuthParamDef :reply_item, GENERIC, reply EAPType PEAP EAPTLS_CAFile %D/certificates/demoCA/cacert.pem EAPTLS_CertificateFile %D/certificates/cert-srv.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem EAPTLS_PrivateKeyPassword whatever EAPTLS_MaxFragmentSize 1024 AutoMPPEKeys
SSLeayTrace 4 </AuthBy> </Handler>
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
