[RADIATOR] NTLM workstation authentication
Hi, I'm trying to configure a Wireless with NTLM Authentication for the machine/workstation (not user base Authentication). I'm not able to configure that with ntlm_auth, not even on command line. ### work Identifier USERAD NtlmAuthProg /usr/sfw/bin/ntlm_auth --helper-protocol=ntlm-server-1 EAPType MSCHAP-V2 dont' work Identifier MACHINEAD NtlmAuthProg /usr/sfw/bin/ntlm_auth --helper-protocol=ntlm-server-1 --workstation="Workstations" EAPType MSCHAP-V2 regards Luca ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NTLM workstation authentication
I already saw this discussion but I don't understand if it's possible to do the machine authentication with Radiator. 2011/3/18 Heikki Vatiainen : > On 03/18/2011 12:57 PM, Gianlu B wrote: > >> I'm trying to configure a Wireless with NTLM Authentication for the >> machine/workstation (not user base Authentication). >> I'm not able to configure that with ntlm_auth, not even on command line. > > Please check Radiator list archives, I think there have been discussions > related to this. Would for example this help? > > http://www.open.com.au/pipermail/radiator/2010-October/016742.html > >> ### work >> >> Identifier USERAD >> NtlmAuthProg /usr/sfw/bin/ntlm_auth --helper-protocol=ntlm-server-1 >> EAPType MSCHAP-V2 >> >> >> dont' work >> >> Identifier MACHINEAD >> NtlmAuthProg /usr/sfw/bin/ntlm_auth >> --helper-protocol=ntlm-server-1 --workstation="Workstations" >> EAPType MSCHAP-V2 >> >> >> >> regards >> Luca >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > Heikki Vatiainen > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NTLM workstation authentication
this is the issue: ... WARNING: NTLM Could not authenticate user: No such user... Mon Mar 21 13:14:59 2011: DEBUG: Handling request with Handler 'TunnelledByPEAP=1', Identifier '' Mon Mar 21 13:14:59 2011: DEBUG: Deleting session for anonymous, 10.xx.xx.xx, 1 Mon Mar 21 13:14:59 2011: DEBUG: Handling with Radius::AuthNTLM: Mon Mar 21 13:14:59 2011: DEBUG: Handling with EAP: code 2, 8, 80, 26 Mon Mar 21 13:14:59 2011: DEBUG: Response type 26 Mon Mar 21 13:14:59 2011: DEBUG: Radius::AuthNTLM looks for match with host/x.xx.xx.xx [anonymous] Mon Mar 21 13:14:59 2011: DEBUG: Radius::AuthNTLM ACCEPT: : host/x.xx.xx.xx [anonymous] Mon Mar 21 13:14:59 2011: INFO: Starting NtlmAuthProg: /usr/sfw/bin/ntlm_auth --helper-protocol=ntlm-server-1 --workstation=host/x.xx.xx.xx Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute Request-User-Session-Key: Yes Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute Request-LanMan-Session-Key: Yes Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute LANMAN-Challenge: f5f0a6a366fdea83 Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute NT-Response: 195bff79f94ff507c01f20f89f0f1c2eb006d04cd49ccd3a Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute NT-Domain:: Mon Mar 21 13:14:59 2011: DEBUG: Passing attribute Username:: cGMwMDAwMDgxNTck Mon Mar 21 13:14:59 2011: DEBUG: Received attribute: Authenticated: No Mon Mar 21 13:14:59 2011: DEBUG: Received attribute: Authentication-Error: No such user Mon Mar 21 13:14:59 2011: DEBUG: Received attribute: . Mon Mar 21 13:14:59 2011: WARNING: NTLM Could not authenticate user: No such user Mon Mar 21 13:14:59 2011: DEBUG: EAP result: 1, EAP MSCHAP-V2 Authentication failure Mon Mar 21 13:14:59 2011: DEBUG: AuthBy NTLM result: REJECT, EAP MSCHAP-V2 Authentication failure Mon Mar 21 13:14:59 2011: INFO: Access rejected for anonymous: EAP MSCHAP-V2 Authentication failure Mon Mar 21 13:14:59 2011: DEBUG: Returned PEAP tunnelled packet dump: Regards Luca 2011/3/21 Alan Buxey : > Hi, > >> I already saw this discussion but I don't understand if it's possible >> to do the machine authentication with Radiator. > > yes > >> >> dont' work >> >> >> >> Identifier MACHINEAD >> >> NtlmAuthProg /usr/sfw/bin/ntlm_auth >> >> --helper-protocol=ntlm-server-1 --workstation="Workstations" >> >> EAPType MSCHAP-V2 >> >> > > run the server in debug level 4 and show what its error/issues are > > alan > ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
