HEY I am want to affirm if Strongswan 5.01 support windows 2003 IAS ? The log on IAS server: Event Type: Information Event Source: IAS Event Category: None Event ID: 1 Date: 12/27/2013 Time: 12:23:12 PM User: N/A Computer: SERVER01 Description: User domain\huang.zhenxing was granted access. Fully-Qualified-User-Name = <undetermined> NAS-IP-Address = gateway-internat-ip NAS-Identifier = strongSwan Client-Friendly-Name = gw Client-IP-Address = gateway-internal-ip Calling-Station-Identifier = access-client-ip[4500] NAS-Port-Type = Virtual NAS-Port = 9 Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = <none> Authentication-Server = <undetermined> Policy-Name = <undetermined> Authentication-Type = <undetermined> EAP-Type = <undetermined>
/var/log/messages: . . . Dec 27 12:36:13 gateway charon: 07[NET] sending packet: from gateway-internal-ip [4500] to access-client-ip [4500] (1220 bytes) Dec 27 12:36:13 gateway charon: 09[NET] received packet: from access-client-ip [4500] to gateway-internal-ip [4500] (92 bytes) Dec 27 12:36:13 gateway charon: 09[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ] Dec 27 12:36:13 gateway charon: 09[IKE] received EAP identity 'domain\huang.zhenxing' Dec 27 12:36:13 gateway charon: 09[CFG] sending RADIUS Access-Request to server '192.168.1.1' Dec 27 12:36:13 gateway charon: 09[CFG] received RADIUS Access-Accept from server '192.168.1.1' Dec 27 12:36:13 gateway charon: 09[IKE] RADIUS authentication of 'domain\huang.zhenxing' failed Dec 27 12:36:13 gateway charon: 09[IKE] initiating EAP_RADIUS method failed Dec 27 12:36:13 gateway charon: 09[ENC] generating IKE_AUTH response 2 [ EAP/FAIL ] Dec 27 12:36:13 gateway charon: 09[NET] sending packet: from gateway-internal-ip [4500] to access-client-ip [4500] (68 bytes) (done) Access: Windows 2008: Use extensible authentication protocol(eap): PEAP, Use ipsec.secrets has no problem ; SO the certificate is fit for RADIUS authentication ? ------------------------------ Message: 2 Date: Mon, 23 Dec 2013 18:27:22 +0100 From: Andreas Steffen <[email protected]> Subject: Re: [strongSwan] Radius-AD-IAS To: "Huang, Zhenxing" <[email protected]>, "[email protected]" <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" Hi, it seems that your RADIUS server @ 192.168.1.1' is not responding. Please check the log on your RADIUS server. Regards Andreas On 23.12.2013 15:26, Huang, Zhenxing wrote: > Hello . I am want to use windows 2003 ad-user +ias to > authenticationthe vpn dial-in > > We are get the LOG : what is the problem ? > > Dec 23 22:15:52 gateway charon: 09[CFG] looking for peer configs > matching server-ip [%any]... client-ip[172.30.1.251] > > Dec 23 22:15:52 gateway charon: 09[CFG] selected peer config > 'eap-mschapv2-radius' > > Dec 23 22:15:52 gateway charon: 09[IKE] initiating EAP_IDENTITY method > (id 0x00) > > Dec 23 22:15:52 gateway charon: 09[IKE] peer supports MOBIKE > > Dec 23 22:15:52 gateway charon: 09[IKE] authentication of 'ca' > (myself) with RSA signature successful > > Dec 23 22:15:52 gateway charon: 09[IKE] sending end entity cert > "************" > > Dec 23 22:15:52 gateway charon: 09[ENC] generating IKE_AUTH response 1 > [ IDr CERT AUTH EAP/REQ/ID ] > > Dec 23 22:15:52 gateway charon: 09[NET] sending packet: from server-ip > [4500] to client-ip [4500] (1220 bytes) > > Dec 23 22:15:52 gateway charon: 08[NET] received packet: from > client-ip [4500] to server-ip [4500] (84 bytes) > > Dec 23 22:15:52 gateway charon: 08[ENC] parsed IKE_AUTH request 2 [ > EAP/RES/ID ] > > Dec 23 22:15:52 gateway charon: 08[IKE] received EAP identity > 'huang.zhenxing' > > Dec 23 22:15:52 gateway charon: 08[CFG] sending RADIUS Access-Request > to server '192.168.1.1' > > Dec 23 22:15:53 gateway charon: 10[MGR] ignoring request with ID 2, > already processing > > Dec 23 22:15:54 gateway charon: 12[MGR] ignoring request with ID 2, > already processing > > Dec 23 22:15:54 gateway charon: 08[CFG] retransmitting RADIUS message > > Dec 23 22:15:57 gateway charon: 08[CFG] retransmitting RADIUS message > > Dec 23 22:15:57 gateway charon: 13[MGR] ignoring request with ID 2, > already processing > > Dec 23 22:16:01 gateway charon: 08[CFG] retransmitting RADIUS message > > Dec 23 22:16:04 gateway charon: 11[MGR] ignoring request with ID 2, > already processing > > Dec 23 22:16:06 gateway charon: 08[CFG] retransmitting RADIUS message > > Dec 23 22:16:06 gateway charon: 08[CFG] RADIUS server is not > responding > > Dec 23 22:16:06 gateway charon: 08[IKE] initiating EAP_RADIUS method > failed > > Dec 23 22:16:06 gateway charon: 08[ENC] generating IKE_AUTH response 2 > [ EAP/FAIL ] > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
