I Cheers, Jerry Sent from my phone On 02/05/2012, at 7:30 PM, "[email protected]" <[email protected]> wrote:
> Send radiator mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.open.com.au/mailman/listinfo/radiator > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of radiator digest..." > > > Today's Topics: > > 1. Re: Tacacs Authentication to survive reloads ? (Heikki Vatiainen) > 2. Re: Rewrite userna functionality for use in ldap_aps authby > (Heikki Vatiainen) > 3. Re: Rewrite userna functionality for use in ldap_aps authby > (Alex Sharaz) > 4. Re: doubt on Radiator Radius Authentication server > (Heikki Vatiainen) > 5. FW: doubt on Radiator Radius Authentication server > (Santhosh Katta) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 01 May 2012 21:27:32 +0300 > From: Heikki Vatiainen <[email protected]> > Subject: Re: [RADIATOR] Tacacs Authentication to survive reloads ? > To: James <[email protected]> > Cc: "[email protected]" <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > On 05/01/2012 02:32 AM, James wrote: >> Can you provide snippet of configuration for your tacacs+ >> configuration, if you don't mind? > > See goodies/sql.cfg and goodies/ldapradius.cfg for examples that come > with Radiator. > > Note that you can try either one by first adding one client into e.g., > SQL and testing that it works when the client is removed from the config > file. The clients Radiator knows about are the combined set of clients > in the config file and from any ClientList* that are configured. > > Thanks! > Heikki > > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > > > ------------------------------ > > Message: 2 > Date: Tue, 01 May 2012 21:38:16 +0300 > From: Heikki Vatiainen <[email protected]> > Subject: Re: [RADIATOR] Rewrite userna functionality for use in > ldap_aps authby > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > On 04/30/2012 07:23 PM, Alex Sharaz wrote: > >> root@eduroam-1-east:/var/log/radius# radpwtst -s 150.237.85.225 -secret xxxx >> -user [email protected] -password yyyy -auth_port 1812 -noacct >> -mschapv2 >> >> although it works in that it does rewrite the username stripping off the >> realm and giving, in this case alexsharaz instead of alexsharaz.info, >> authentication fails further down the food chain >> Which I guess is something o do with the mschapv2 and the realm in the >> original request > > I think what happens here is the client calculates MS-CHAP2-Response > based on username with realm. Once the Handler strips the realm part, > the respective calculation within AuthBy is done with just the username > part. The results will not then match and the authentication fails. > > Can you add UsernameMatchesWithoutRealm into the AuthBy. This does the > user information lookup without realm but does not change the username > allowing MS-CHAP-V2 to succeed. > > Thanks! > Heikki > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > > > ------------------------------ > > Message: 3 > Date: Tue, 1 May 2012 20:00:37 +0000 > From: Alex Sharaz <[email protected]> > Subject: Re: [RADIATOR] Rewrite userna functionality for use in > ldap_aps authby > To: Heikki Vatiainen <[email protected]> > Cc: "[email protected]" <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Hi Heikki, > Yup worked a treat. > > Now I wonder if I can get my personal Sharaz.info domain linked into eduroam > :-)) > Many thanks > Alex > > ----------------- > sip:[email protected] > > > On 1 May 2012, at 19:38, "Heikki Vatiainen" <[email protected]> wrote: > >> On 04/30/2012 07:23 PM, Alex Sharaz wrote: >> >>> root@eduroam-1-east:/var/log/radius# radpwtst -s 150.237.85.225 -secret >>> xxxx -user [email protected] -password yyyy -auth_port 1812 -noacct >>> -mschapv2 >>> >>> although it works in that it does rewrite the username stripping off the >>> realm and giving, in this case alexsharaz instead of alexsharaz.info, >>> authentication fails further down the food chain >>> Which I guess is something o do with the mschapv2 and the realm in the >>> original request >> >> I think what happens here is the client calculates MS-CHAP2-Response >> based on username with realm. Once the Handler strips the realm part, >> the respective calculation within AuthBy is done with just the username >> part. The results will not then match and the authentication fails. >> >> Can you add UsernameMatchesWithoutRealm into the AuthBy. This does the >> user information lookup without realm but does not change the username >> allowing MS-CHAP-V2 to succeed. >> >> Thanks! >> Heikki >> >> -- >> Heikki Vatiainen <[email protected]> >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, >> NetWare etc. >> _______________________________________________ >> radiator mailing list >> [email protected] >> http://www.open.com.au/mailman/listinfo/radiator > -------------- next part -------------- > ************************************************** > To view the terms under which this email is > distributed, please go to > http://www2.hull.ac.uk/legal/disclaimer.aspx > ************************************************** > > ------------------------------ > > Message: 4 > Date: Wed, 02 May 2012 12:23:56 +0300 > From: Heikki Vatiainen <[email protected]> > Subject: Re: [RADIATOR] doubt on Radiator Radius Authentication server > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > On 04/30/2012 04:15 PM, Santhosh Katta wrote: > >> Mon Apr 30 18:29:08 2012: DEBUG: Reading dictionary file './dictionary' >> Mon Apr 30 18:29:08 2012: ERR: Could not open dictionary file >> './dictionary': No >> such file or directory > > You can specify DictionaryFile in the configuration file like this: > DictionaryFile C:/Program Files/Radiator/dictionary > > The error message indicates radiusd is looking for the dictionary file > from the directory radiusd is started from (.). You can specify the full > path to make sure it always finds it no matter where you start radiusd from. > >> Mon Apr 30 18:29:08 2012: DEBUG: *Creating authentication port 0.0.0.0:1645* >> Mon Apr 30 18:29:08 2012: ERR: Could not bind authentication socket: >> Only one us >> age of each socket address (protocol/network address/port) is normally >> permitted > > This indicates you have one instance of radiusd running. You may want to > check that you do not e.g., have Radiator as Windows service enabled and > running. > > Thanks! > Heikki > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > > > ------------------------------ > > Message: 5 > Date: Wed, 2 May 2012 00:37:00 -0700 > From: Santhosh Katta <[email protected]> > Subject: [RADIATOR] FW: doubt on Radiator Radius Authentication > server > To: "Neil Quiogue ([email protected])" <[email protected]> > Cc: "[email protected]" <[email protected]> > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Since I got an error stating "Is being held until the list moderator can > review it for approval", so iam resending the email so that I can get faster > response. > > Thanks, > Santhosh > > From: [email protected] [mailto:[email protected]] On > Behalf Of Santhosh Katta > Sent: Monday, April 30, 2012 6:46 PM > To: Neil Quiogue > Cc: [email protected] > Subject: Re: [RADIATOR] doubt on Radiator Radius Authentication server > > Hi Neil, > Thanks for your response. > > I have followed the steps in http://www.open.com.au/radiator/install.html > document for installation on Windows 7 PC and installation went well and even > installed 'ppm install win32-daemon' on the Windows 7 PC. > > > > I have changed the configuration in radius.cfg, but still I get issue as > > > > To extend your license period, contact > [email protected]<mailto:[email protected]> > > > > Mon Apr 30 18:29:08 2012: DEBUG: Reading dictionary file './dictionary' > > Mon Apr 30 18:29:08 2012: ERR: Could not open dictionary file './dictionary': > No > > such file or directory > > Mon Apr 30 18:29:08 2012: DEBUG: Creating authentication port 0.0.0.0:1645 > > Mon Apr 30 18:29:08 2012: ERR: Could not bind authentication socket: Only one > us > > age of each socket address (protocol/network address/port) is normally > permitted > > . > > Mon Apr 30 18:29:08 2012: DEBUG: Creating accounting port 0.0.0.0:1646 > > Mon Apr 30 18:29:08 2012: ERR: Could not bind accounting socket: Only one > usage > > of each socket address (protocol/network address/port) is normally permitted. > > Mon Apr 30 18:29:08 2012: NOTICE: Server started: Radiator 4.9 on BL10408A > (LOCK > > ED) > > > Iam sure installation every thing is fine. I have attached the radius.cfg > file which is configured in "C:\Program Files\Radiator". Can you please go > through and check where is the issue. > I will Explain you what iam looking out, so that you can help me in changing > the appropriate configuration on the radius.cfg file. > I want the my client to authenticate(either with PEAP/TLS/EAP-FAST) with > Radiator Authentication server. For that I have Cisco AP with IP address > 10.99.168.64 and the shared secret I have given is "radiator". I want the > authentication port to be configured to 1812. > Can you please help in configuring radius.cfg file. Should I do any changes > in dictionary file which is in "C:\Program Files\Radiator" location > Iam following the reference guide which I have downloaded and following the > document, but still iam unable to do it. > Thanks for your help. > > Regards, > Santhosh > > > > From: Neil Quiogue [mailto:[email protected]] > Sent: Saturday, April 28, 2012 12:35 PM > To: Santhosh Katta > Cc: [email protected] > Subject: Re: [RADIATOR] doubt on Radiator Radius Authentication server > > > Hello Santhosh, > > > > Did you go through the installation document specifically the Windows section > at http://www.open.com.au/radiator/install.html ? > > > > There is also reference there on where to go to for the configuration. > > > > For your #1 and #2, it is normally the radius.cfg file and located under > Program Files\Radiator if you went through the instructions. > > > > And then when running it as a service though you need to have Win32::Daemon > (installed as 'ppm install win32-daemon' if using ActiveState Perl). Some > instructions are on Reference Manual 3.6.1 > > > > Once that is installed, it's just a matter of running 'perl > c:\perl\bin\radiusd -installservice'. > > > > And radpwtst is just a tool for testing RADIUS as it acts like a client. It > is found either in the c:\perl\bin directory or in the installation directory > (where you unzipped it). > > > > Regards, > > > > Neil > > > > Friday, April 27, 2012, 2:02:51 PM, you wrote: > > > > > Hi All, > > > > > > I have installed Radiator radius on Windows 7 laptop and installation went > well. But I am not getting how to configure and run Radiator for PEAP, > TLS....etc authentication. I went through the document, but unable to follow > on how to add Authentication port, Authentication type, Radius Client. > > > > When I give "perl radiusd" command, then below output I get > > > > Legacy library timelocal.pl will be removed from the Perl core distribution > in t > > he next major release. Please install it from the CPAN distribution > Perl4::CoreL > > ibs. It is being used at (eval 8), line 27. > > Legacy library newgetopt.pl will be removed from the Perl core distribution > in t > > he next major release. Please install it from the CPAN distribution > Perl4::CoreL > > ibs. It is being used at (eval 8), line 28. > > Fri Apr 27 15:07:12 2012: DEBUG: Finished reading configuration file > 'C:\Program > > Files\Radiator\radius.cfg' > > This Radiator license will expire on 2012-08-01 > > This Radiator license will stop operating after 1000 requests > > To purchase an unlimited full source version of Radiator, see > > http://www.open.com.au/ordering.html > > To extend your license period, contact > [email protected]<mailto:[email protected]> > > > > Fri Apr 27 15:07:12 2012: DEBUG: Reading dictionary file './dictionary' > > Fri Apr 27 15:07:12 2012: ERR: Could not open dictionary file './dictionary': > No > > such file or directory > > Fri Apr 27 15:07:12 2012: DEBUG: Creating authentication port 0.0.0.0:1645 > > Fri Apr 27 15:07:12 2012: DEBUG: Creating accounting port 0.0.0.0:1646 > > Fri Apr 27 15:07:12 2012: NOTICE: Server started: Radiator 4.9 on BL10408A > (LOCK > > ED) > > > > I have below queries: > > > > 1. In which file should I configure Authentication Port, Authentication > type, shared secret. > > 2. In Which file I should configure Radius Client. > > 3. Once I configure, the above info, how to run the file > > 4. What is "radpwtst" and what is the use of "radpwtst". > > > > Iam stuck in the basic on how to run and configure Radiator. Please help me. > > > > Regards, > > Santhosh > > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://www.open.com.au/pipermail/radiator/attachments/20120502/054343bb/attachment.html > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: radius.cfg > Type: application/octet-stream > Size: 10426 bytes > Desc: radius.cfg > Url : > http://www.open.com.au/pipermail/radiator/attachments/20120502/054343bb/attachment.obj > -------------- next part -------------- > An embedded and charset-unspecified text was scrubbed... > Name: ATT00001..txt > Url: > http://www.open.com.au/pipermail/radiator/attachments/20120502/054343bb/attachment.txt > > ------------------------------ > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > > End of radiator Digest, Vol 36, Issue 2 > *************************************** > _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
