Re: [RADIATOR] NTLM workstation authentication
I already saw this discussion but I don't understand if it's possible to do the machine authentication with Radiator. 2011/3/18 Heikki Vatiainen h...@open.com.au: On 03/18/2011 12:57 PM, Gianlu B wrote: I'm trying to configure a Wireless with NTLM Authentication for the machine/workstation (not user base Authentication). I'm not able to configure that with ntlm_auth, not even on command line. Please check Radiator list archives, I think there have been discussions related to this. Would for example this help? http://www.open.com.au/pipermail/radiator/2010-October/016742.html ### work AuthBy NTLM Identifier USERAD NtlmAuthProg /usr/sfw/bin/ntlm_auth --helper-protocol=ntlm-server-1 EAPType MSCHAP-V2 /AuthBy dont' work AuthBy NTLM Identifier MACHINEAD NtlmAuthProg /usr/sfw/bin/ntlm_auth --helper-protocol=ntlm-server-1 --workstation=Workstations EAPType MSCHAP-V2 /AuthBy regards Luca ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NTLM workstation authentication
Hi, I already saw this discussion but I don't understand if it's possible to do the machine authentication with Radiator. yes dont' work AuthBy NTLM Identifier MACHINEAD NtlmAuthProg /usr/sfw/bin/ntlm_auth --helper-protocol=ntlm-server-1 --workstation=Workstations EAPType MSCHAP-V2 /AuthBy run the server in debug level 4 and show what its error/issues are alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NTLM workstation authentication
this is the issue: ... WARNING: NTLM Could not authenticate user: No such user... Mon Mar 21 13:14:59 2011: DEBUG: Handling request with Handler 'TunnelledByPEAP=1', Identifier '' Mon Mar 21 13:14:59 2011: DEBUG: Deleting session for anonymous, 10.xx.xx.xx, 1 Mon Mar 21 13:14:59 2011: DEBUG: Handling with Radius::AuthNTLM: Mon Mar 21 13:14:59 2011: DEBUG: Handling with EAP: code 2, 8, 80, 26 Mon Mar 21 13:14:59 2011: DEBUG: Response type 26 Mon Mar 21 13:14:59 2011: DEBUG: Radius::AuthNTLM looks for match with host/x.xx.xx.xx [anonymous] Mon Mar 21 13:14:59 2011: DEBUG: Radius::AuthNTLM ACCEPT: : host/x.xx.xx.xx [anonymous] Mon Mar 21 13:14:59 2011: INFO: Starting NtlmAuthProg: /usr/sfw/bin/ntlm_auth --helper-protocol=ntlm-server-1 --workstation=host/x.xx.xx.xx Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute Request-User-Session-Key: Yes Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute Request-LanMan-Session-Key: Yes Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute LANMAN-Challenge: f5f0a6a366fdea83 Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute NT-Response: 195bff79f94ff507c01f20f89f0f1c2eb006d04cd49ccd3a Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute NT-Domain:: Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute Username:: cGMwMDAwMDgxNTck Mon Mar 21 13:14:59 2011: DEBUG: Received attribute: Authenticated: No Mon Mar 21 13:14:59 2011: DEBUG: Received attribute: Authentication-Error: No such user Mon Mar 21 13:14:59 2011: DEBUG: Received attribute: . Mon Mar 21 13:14:59 2011: WARNING: NTLM Could not authenticate user: No such user Mon Mar 21 13:14:59 2011: DEBUG: EAP result: 1, EAP MSCHAP-V2 Authentication failure Mon Mar 21 13:14:59 2011: DEBUG: AuthBy NTLM result: REJECT, EAP MSCHAP-V2 Authentication failure Mon Mar 21 13:14:59 2011: INFO: Access rejected for anonymous: EAP MSCHAP-V2 Authentication failure Mon Mar 21 13:14:59 2011: DEBUG: Returned PEAP tunnelled packet dump: Regards Luca 2011/3/21 Alan Buxey a.l.m.bu...@lboro.ac.uk: Hi, I already saw this discussion but I don't understand if it's possible to do the machine authentication with Radiator. yes dont' work AuthBy NTLM Identifier MACHINEAD NtlmAuthProg /usr/sfw/bin/ntlm_auth --helper-protocol=ntlm-server-1 --workstation=Workstations EAPType MSCHAP-V2 /AuthBy run the server in debug level 4 and show what its error/issues are alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] radpwtest for EAP/TTL, EAP/TTLS and PEAP
Hi RADIATOR team, is it possible with radpwtest to check a radiator config for EAP/TTLS-PAP? Maybe I just don't find the proper parameters for radpwtest, any hint welcome. If not already coded, please see this as a feature request. EAP/TTLS, EAP/TLS or PEAP configurations are heavily used in eduroaming institutions. Would be very helpfull if we could monitor our federation config via cron with the help of a scriptable radius checker. Best Regards Charly -- Karl Gaissmaier Kommunikations und Informationszentrum kiz der Universität Ulm Abteilung Infrastruktur SG Netzwerk und Telekommunikation 89069 Ulm Tel.: 49(0)731/50-22499 Fax : 49(0)731/50-1222499 ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] radpwtest for EAP/TTL, EAP/TTLS and PEAP
Hi, On Mon, 21 Mar 2011, Karl Gaissmaier wrote: Hi RADIATOR team, is it possible with radpwtest to check a radiator config for EAP/TTLS-PAP? Maybe I just don't find the proper parameters for radpwtest, any hint welcome. If not already coded, please see this as a feature request. EAP/TTLS, EAP/TLS or PEAP configurations are heavily used in eduroaming institutions. Would be very helpfull if we could monitor our federation config via cron with the help of a scriptable radius checker. EAP support is a bit limited in radpwtst but you can use eapol_test from the wpa_supplicant package to test most EAP methods. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] radpwtest for EAP/TTL, EAP/TTLS and PEAP
Hi, EAP/TTLS, EAP/TLS or PEAP configurations are heavily used in eduroaming institutions. Would be very helpfull if we could monitor our federation config via cron with the help of a scriptable radius checker. are your users using those methodsor is this a case of checking that your install wont bork such requests? eapol_test from the wpa_supplicant package can do lots of good things and rad_eap_test http://www.eduroam.cz/rad_eap_test is a nice shell wrapper for it that makes monitoring with eg NAGIOS a breeze alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator