(RADIATOR) TTLS and Alfa Ariss Client
I use Windows XP SP1 with the Alfa and Aris TTLS Client Version 1.0.8. I tried to authenticate my Laptop with TTLS and it is not working. But the Debug Output shows me an Access-Accept Message. Bevor I started using TTLS I used PEAP with the Supplicant from Windows XP and had no problems with the authentication process. Her is my configuration: Foreground LogStdout LogDir . DbDir . Trace 4 AuthPort 1645 AcctPort 1646 Client DEFAULT Secret mysecret DupInterval 0 /Client ClientListSQL DBSourcedbi:mysql:radius DBUsername root DBAuth letmein /ClientListSQL AuthBy SQL Identifier SQLAccounting AuthSelect DBSourcedbi:mysql:radius DBUsername root DBAuth letmein AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address #AcctFailedLogFileName %D/missedaccounting /AuthBy AuthBy FILE Identifier OUTERAuthentication Filename %D/users EAPType PEAP,TTLS EAPTLS_CAFile %D/certificates/demoCA/cacert.pem EAPTLS_CertificateFile %D/certificates/cert-srv.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem EAPTLS_PrivateKeyPassword whatever EAPTLS_MaxFragmentSize 1000 #EAPTLS_DHFile %D/certificates/cert/dh #EAPTLS_CRLCheck #EAPTLS_CRLFile %D/certificates/crl.pem #EAPTLS_CRLFile %D/certificates/revocations.pem AutoMPPEKeys SSLeayTrace 4 /AuthBy Handler TunnelledByPEAP=1 RewriteUsername s/(.*)\\(.*)/$2/ AuthBy LDAP2 Identifier LDAPPEAPAuthentication RcryptKey whatever Host10.2.4.21 AuthDN cn=admin, dc=tgm, dc=ac, dc=at AuthPasswordsUpp.rT BaseDN ou=People,ou=admin,dc=tgm,dc=ac,dc=at UsernameAttruid PasswordAttrprofilePath AuthAttrDef radiusAuthType,GENERIC,check # You can enable debugging of the Net::LDAP # module with this: # Debug 255 EAPType MSCHAP-V2 /AuthBy /Handler Handler TunnelledByTTLS=1 RewriteUsername s/(.*)\\(.*)/$2/ AuthBy LDAP2 Identifier LDAPTTLSAuthentication RcryptKey whatever Host10.2.4.21 AuthDN cn=admin, dc=tgm, dc=ac, dc=at AuthPasswordsUpp.rT BaseDN ou=People,ou=admin,dc=tgm,dc=ac,dc=at UsernameAttruid PasswordAttrscriptPath # AuthAttrDef radiusAuthType,GENERIC,check # You can enable debugging of the Net::LDAP # module with this: # Debug 255 # EAPType MSCHAP-V2 /AuthBy /Handler Handler Request-Type = Accounting-Request AuthBy SQLAccounting /Handler Handler # AuthByPolicy ContinueWhileReject AuthBy OUTERAuthentication # AuthBy PEAPAuthentication /Handler And the Debug output: Mon Jan 5 12:53:12 2004: DEBUG: Adding Clients from SQL database Mon Jan 5 12:53:12 2004: DEBUG: Query is: 'select NASIDENTIFIER, SECRET, IGNOREACCTSIGNATURE, DUPINTERVAL, DEFAULTREALM, NASTYPE, SNMPCOMMUNITY, LIVINGSTONOFFS, LIVINGSTONHOLE, FRAMEDGROUPBASEADDRESS, FRAMEDGROUPMAXPORTSPERCLASSC, REWRITEUSERNAME, NOIGNOREDUPLICATES, PREHANDLERHOOK from RADCLIENTLIST': Mon Jan 5 12:53:12 2004: DEBUG: Reading users file ./users Mon Jan 5 12:53:16 2004: DEBUG: Finished reading configuration file 'custom.cfg' This Radiator license will expire on 2004-02-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/ordering.html To extend your evaluation period, contact [EMAIL PROTECTED] Mon Jan 5 12:53:16 2004: DEBUG: Reading dictionary file './dictionary' Mon Jan 5 12:53:18 2004: DEBUG: Creating authentication port 0.0.0.0:1645 Mon Jan 5 12:53:18 2004: DEBUG: Creating accounting port 0.0.0.0:1646 Mon Jan 5 12:53:18 2004: NOTICE: Server started: Radiator 3.7.1 on ITS-Test1 (EVALUATION) Mon Jan 5 12:53:32 2004: DEBUG: Packet dump: *** Received from 10.2.12.101 port 1112 Code: Accounting-Request Identifier: 53 Authentic:
(RADIATOR) Shutdown in a Hook
Hello there, under certain conditions, I would like Radiator to shutdown itself inside a hook. I tried: if ($@) { main::log($main::LOG_ERROR, (jeje) cannot recreate data structures from \$config_file\: [EMAIL PROTECTED] Exiting.) if $@; close CONF; main::shutdown(); } the log prints: Mon Jan 5 18:16:59 2004: NOTICE: SIGTERM received: stopping But the server doesn't really stop. It's still alive. Any idea someone ? Thanks! -- Jerome Fleury === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Shutdown in a Hook
On Mon, Jan 05, 2004 at 06:16:17PM +0100, Jerome Fleury wrote: Hello there, under certain conditions, I would like Radiator to shutdown itself inside a hook. I tried: if ($@) { main::log($main::LOG_ERROR, (jeje) cannot recreate data structures from \$config_file\: [EMAIL PROTECTED] Exiting.) if $@; close CONF; main::shutdown(); } the log prints: Mon Jan 5 18:16:59 2004: NOTICE: SIGTERM received: stopping But the server doesn't really stop. It's still alive. Any idea someone ? system('kill', '-9', $$); -- Bring me my etherkiller; Oh clouds unfold! / Bring me the magic smoke of desire I shall not cease from mental fight / Nor shall my LART rest in my hand Till we have buried the bodies / Of all the lusers in all this land -- rpg, ASR[ My homepage is http://www.trout.me.uk/ ] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Shutdown in a Hook
How about using- kill '1',$$ or if you are in a hurry- kill '9',$$ Using kill 1 should allow Radiator to execute any shutdown hooks you have and otherwise exit normally. -Frank -Original Message- From: Jerome Fleury [mailto:[EMAIL PROTECTED] Sent: Monday, January 05, 2004 12:16 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Shutdown in a Hook Hello there, under certain conditions, I would like Radiator to shutdown itself inside a hook. I tried: if ($@) { main::log($main::LOG_ERROR, (jeje) cannot recreate data structures from \$config_file\: [EMAIL PROTECTED] Exiting.) if $@; close CONF; main::shutdown(); } the log prints: Mon Jan 5 18:16:59 2004: NOTICE: SIGTERM received: stopping But the server doesn't really stop. It's still alive. Any idea someone ? Thanks! -- Jerome Fleury === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Shutdown in a Hook
On 1/5/04 1:49 PM, Frank Danielson [EMAIL PROTECTED] wrote: How about using- kill '1',$$ or if you are in a hurry- kill '9',$$ Actually if you are in that much a hurry why bother with kill when you can just exit(); -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 If the automobile had followed the same development cycle as the computer, a Rolls-Royce would today cost $100, get a million miles per gallon, and explode once a year, killing everyone inside. - Robert X. Cringely === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Cisco 1200-Radius-LDAP
We are evaluating the deployment of a wireless solution using Cisco 1200 AP's. The requirement for the deployment is to use our existing Radiator server and LDAP server. I have looked through the list archives and see LEAP is out seeing that user passwords are encrypted (SHA1) in LDAP. As far as clients, a decision has not been made yet. I would like to test both the Cisco client and the Windows client. Will any of you share your experiences in getting a similar configuration working? What's the best way to proceed? Thanks, joe. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Shutdown in a Hook
Salut Jerome - Bonne Annee! The main::shutdown routine does not itself stop the server. Have a look at the code in radiusd in the Radiator 3.8 top level distribution directory. regards Hugh On 06/01/2004, at 4:16 AM, Jerome Fleury wrote: Hello there, under certain conditions, I would like Radiator to shutdown itself inside a hook. I tried: if ($@) { main::log($main::LOG_ERROR, (jeje) cannot recreate data structures from \$config_file\: [EMAIL PROTECTED] Exiting.) if $@; close CONF; main::shutdown(); } the log prints: Mon Jan 5 18:16:59 2004: NOTICE: SIGTERM received: stopping But the server doesn't really stop. It's still alive. Any idea someone ? Thanks! -- Jerome Fleury === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) TTLS and Alfa Ariss Client
Hello Berndt - Thanks for sending the configuration and debug. As far as I can see Radiator is operating correctly, with as you say an Access-Accept being sent back to the Client. It even seems that the session starts as there is an Accounting-Start received immediately following. It may be that you will need to send some additionaly reply attributes in the Access-Accept to start the session? It is fairly usual to have to specify a Service-Type and a Framed-Protocol with something like this: AuthBy ... . AddToReply Service-Type = Framed-User, \ Framed-Protocol = PPP, \ .. . /AuthBy You sould check with the vendor to find out what reply attributes are required. regards Hugh On 05/01/2004, at 11:03 PM, Sevcik Berndt wrote: I use Windows XP SP1 with the Alfa and Aris TTLS Client Version 1.0.8. I tried to authenticate my Laptop with TTLS and it is not working. But the Debug Output shows me an Access-Accept Message. Bevor I started using TTLS I used PEAP with the Supplicant from Windows XP and had no problems with the authentication process. Her is my configuration: Foreground LogStdout LogDir . DbDir . Trace 4 AuthPort 1645 AcctPort 1646 Client DEFAULT Secret mysecret DupInterval 0 /Client ClientListSQL DBSourcedbi:mysql:radius DBUsername root DBAuth letmein /ClientListSQL AuthBy SQL Identifier SQLAccounting AuthSelect DBSourcedbi:mysql:radius DBUsername root DBAuth letmein AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address #AcctFailedLogFileName %D/missedaccounting /AuthBy AuthBy FILE Identifier OUTERAuthentication Filename %D/users EAPType PEAP,TTLS EAPTLS_CAFile %D/certificates/demoCA/cacert.pem EAPTLS_CertificateFile %D/certificates/cert-srv.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem EAPTLS_PrivateKeyPassword whatever EAPTLS_MaxFragmentSize 1000 #EAPTLS_DHFile %D/certificates/cert/dh #EAPTLS_CRLCheck #EAPTLS_CRLFile %D/certificates/crl.pem #EAPTLS_CRLFile %D/certificates/revocations.pem AutoMPPEKeys SSLeayTrace 4 /AuthBy Handler TunnelledByPEAP=1 RewriteUsername s/(.*)\\(.*)/$2/ AuthBy LDAP2 Identifier LDAPPEAPAuthentication RcryptKey whatever Host10.2.4.21 AuthDN cn=admin, dc=tgm, dc=ac, dc=at AuthPasswordsUpp.rT BaseDN ou=People,ou=admin,dc=tgm,dc=ac,dc=at UsernameAttruid PasswordAttrprofilePath AuthAttrDef radiusAuthType,GENERIC,check # You can enable debugging of the Net::LDAP # module with this: # Debug 255 EAPType MSCHAP-V2 /AuthBy /Handler Handler TunnelledByTTLS=1 RewriteUsername s/(.*)\\(.*)/$2/ AuthBy LDAP2 Identifier LDAPTTLSAuthentication RcryptKey whatever Host10.2.4.21 AuthDN cn=admin, dc=tgm, dc=ac, dc=at AuthPasswordsUpp.rT BaseDN ou=People,ou=admin,dc=tgm,dc=ac,dc=at UsernameAttruid PasswordAttrscriptPath # AuthAttrDef radiusAuthType,GENERIC,check # You can enable debugging of the Net::LDAP # module with this: # Debug 255 # EAPType MSCHAP-V2 /AuthBy /Handler Handler Request-Type = Accounting-Request AuthBy SQLAccounting /Handler Handler # AuthByPolicy ContinueWhileReject AuthBy OUTERAuthentication # AuthBy PEAPAuthentication /Handler And the Debug output: Mon Jan 5 12:53:12 2004: DEBUG: Adding Clients from SQL database Mon Jan 5 12:53:12 2004: DEBUG: Query is: 'select NASIDENTIFIER, SECRET, IGNOREACCTSIGNATURE, DUPINTERVAL, DEFAULTREALM, NASTYPE, SNMPCOMMUNITY, LIVINGSTONOFFS, LIVINGSTONHOLE, FRAMEDGROUPBASEADDRESS, FRAMEDGROUPMAXPORTSPERCLASSC, REWRITEUSERNAME, NOIGNOREDUPLICATES, PREHANDLERHOOK from RADCLIENTLIST': Mon Jan 5 12:53:12 2004: DEBUG: Reading users file ./users Mon Jan 5
Re: (RADIATOR) Cisco 1200-Radius-LDAP
Hello Joe - Pretty much your only choice with encrypted passwords in your database is TTLS-PAP. I believe the clients that support this include the MDC Aegis, Odyssey and Alfa+Ariss. See the links at: http://www.open.com.au/radiator/technical.html#wireless You will find an example configuration file in the Radiator 3.8 distribution in goodies/eap_ttls.cfg. Make sure you read the comment blocks in the example configuration file(s). regards Hugh On 06/01/2004, at 7:07 AM, Joe Honnold wrote: We are evaluating the deployment of a wireless solution using Cisco 1200 AP's. The requirement for the deployment is to use our existing Radiator server and LDAP server. I have looked through the list archives and see LEAP is out seeing that user passwords are encrypted (SHA1) in LDAP. As far as clients, a decision has not been made yet. I would like to test both the Cisco client and the Windows client. Will any of you share your experiences in getting a similar configuration working? What's the best way to proceed? Thanks, joe. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.