radiusplugin-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: [Radiusplugin-users] Connection with ISA (Win2003)

From: Ralf Lübben
Subject: Re: AW: [Radiusplugin-users] Connection with ISA (Win2003)
Date: Tue, 28 Apr 2009 19:55:27 +0200
User-agent: KMail/1.11.2 (Linux/2.6.28-11-generic; KDE/4.2.2; i686; ; ) 
Hi,

I'm not sure if I got your problem.

Maybe this could be a hint:
OpenVPN needs some time to detect if a user is disconnected, so I will 
continue to send accounting data to the RADIUS server, you can prevent this by 
adding in the OpenVPN config file:

--explicit-exit-notify [n]
    In UDP client mode or point-to-point mode, send server/peer an exit 
notification if tunnel is restarted or OpenVPN process is exited. In client 
mode, on exit/restart, this option will tell the server to immediately close 
its client instance object rather than waiting for a timeout. The n parameter 
(default=1) controls the maximum number of retries that the client will 
attempt to resend the exit notification message. 


Regards
Ralf


Am Dienstag, 28. April 2009 10:40:40 schrieb LarsZ:
> Hi.
>
> I solved the problem by adding a new RAS-directive and I think I had the
> wrong authentication method turned on. Anyway it works.
>
> Next problem:
> If I connect properly the RADIUS-plugin adds the user to a map. If I
> disconnect and connect afterwards from the same machine I can type in user
> and password which are complete nonsense but he always sends the correct
> data from his map to the RADIUS-server. How can avoid that??????
>
> THANK YOU IN ADVANCE!!!!!!!!!
>
> Lars
>
> =========================================
>
>
> -----Ursprüngliche Nachricht-----
> Von: LarsZ [mailto:address@hidden
> Gesendet: Dienstag, 28. April 2009 09:03
> An: address@hidden
> Betreff: AW: [Radiusplugin-users] Connection with ISA (Win2003)
>
> Hi.
>
> Thanks for the answer!
>
> It is running on the correct ports (authentication 1812&1645, accounting
> 1813,1646). I think otherwise I wouldn't even get a connection. There is a
> connection and the server rejects the request.
> The thing is I have no idea what the RADIUS servers log-file is trying to
> tell me:
> Request:
> octus:/ # radtest lars Test1234 x.x.x.137:1812 5 123abc
> Sending Access-Request of id 23 to x.x.x.137:1812
>         User-Name = "lars"
>         User-Password = "Test1234"
>         NAS-IP-Address = octus
>         NAS-Port = 5
> rad_recv: Access-Reject packet from host x.x.x.137:1812, id=23, length=20
> octus:/ #
>
> Log for the request:
> "TRITON","IAS",04/28/2009,08:46:04,1,"lars","domain.local/AdministrativeNut
>z
> er/Lars",,,,,,"255.255.255.255",5,0,"x.x.x.161","OpenVPN-Server",,,,,,,1,"V
>e rbindungen mit anderen Zugriffsservern",0,"311 1 x.x.x.137 04/16/2009
> 01:19:50 979",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Windows-Authentifizierung
> für alle Benutzer verwenden",1,,,,
>
> "TRITON","IAS",04/28/2009,08:46:04,3,,"domain.local/AdministrativeNutzer/La
>r s",,,,,,,,0,"x.x.x.161","OpenVPN-Server",,,,,,,1,"Verbindungen mit anderen
> Zugriffsservern",66,"311 1 x.x.x.137 04/16/2009 01:19:50
> 979",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Windows-Authentifizierung für alle
> Benutzer verwenden",1,,,,
>
> Octus (.161) = OpenVPN-server and RADIUS-Client
> Triton (.137) = RADIUS-server and domain-controller
>
> Triton obviously realizes that user lars exists but what do these numbers
> mean? Password is correct, why is the request rejected??????????????
>
> Thanks again for any help!!!!
>
> Lars
>
>
> =======================================
>
>
> -----Ursprüngliche Nachricht-----
> Von: address@hidden
> [mailto:address@hidden Im Auftrag
> von William Cooley
> Gesendet: Montag, 27. April 2009 17:52
> An: address@hidden
> Betreff: Re: [Radiusplugin-users] Connection with ISA (Win2003)
>
> Make sure the IAS service is running on the correct port or define a
> custom port when testing with radtest
>
>
> =======================================
>
> LarsZ wrote:
> > Hi everybody.
> >
> > I want to use the plugin to authenticate openvpn users against active
> > directory of win2003. RADIUS server is running on win2003 machine but
> > I don’t get a positive radtest although user password and secret are
> > definitely correct.
> >
> > I have unfortunately no idea what all the stuff like service-type
> > NAS-pot-type and so on means. I don’t know what to set up in the
> > RADIUS settings of win2003.
> >
> > Has anybody ahint for me?
> >
> > Sorry but I’m absolutely inexperienced as you see.
> >
> > Thanks for any help!!!!!!!
> >
> > Lars
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Radiusplugin-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
>
>
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
reply via email to
[Prev in Thread] Current Thread [Next in Thread]