AW: AW: [Radiusplugin-users] Connection with ISA (Win2003)

[LarsZ]

Hi.

Thanks for the hint.

In principle it sounds really great what this command should do but it
doesn't seem to work. In the end I wasn't able any more to make a openvpn
connection because "...the address is already in use..." :-(

So I deleted the line from the client config file. After restarting my pc I
can now again connect to the openvpn server. But the problem remains:
After disconnect I can reconnect with any senseless user/password data, as
long as they are not empty, because "RADIUS-PLUGIN: FOREGROUND: Don't add
the user to the map, it is a rekeying."... :-(
Is it possible to avoid putting user in a map, or is it necessary because
the RADIUS server is asking for the login data from time to time?

Any other advices?

Thank you very much in advance!!!!

Lars




-----Ursprüngliche Nachricht-----
Von: Ralf Lübben [mailto:address@hidden 
Gesendet: Dienstag, 28. April 2009 19:55
An: address@hidden
Cc: address@hidden
Betreff: Re: AW: [Radiusplugin-users] Connection with ISA (Win2003)

Hi,

I'm not sure if I got your problem.

Maybe this could be a hint:
OpenVPN needs some time to detect if a user is disconnected, so I will 
continue to send accounting data to the RADIUS server, you can prevent this
by 
adding in the OpenVPN config file:

--explicit-exit-notify [n]
    In UDP client mode or point-to-point mode, send server/peer an exit 
notification if tunnel is restarted or OpenVPN process is exited. In client 
mode, on exit/restart, this option will tell the server to immediately close

its client instance object rather than waiting for a timeout. The n
parameter 
(default=1) controls the maximum number of retries that the client will 
attempt to resend the exit notification message. 


Regards
Ralf


Am Dienstag, 28. April 2009 10:40:40 schrieb LarsZ:
> Hi.
>
> I solved the problem by adding a new RAS-directive and I think I had the
> wrong authentication method turned on. Anyway it works.
>
> Next problem:
> If I connect properly the RADIUS-plugin adds the user to a map. If I
> disconnect and connect afterwards from the same machine I can type in user
> and password which are complete nonsense but he always sends the correct
> data from his map to the RADIUS-server. How can avoid that??????
>
> THANK YOU IN ADVANCE!!!!!!!!!
>
> Lars
>
> =========================================
>
>
> -----Ursprüngliche Nachricht-----
> Von: LarsZ [mailto:address@hidden
> Gesendet: Dienstag, 28. April 2009 09:03
> An: address@hidden
> Betreff: AW: [Radiusplugin-users] Connection with ISA (Win2003)
>
> Hi.
>
> Thanks for the answer!
>
> It is running on the correct ports (authentication 1812&1645, accounting
> 1813,1646). I think otherwise I wouldn't even get a connection. There is a
> connection and the server rejects the request.
> The thing is I have no idea what the RADIUS servers log-file is trying to
> tell me:
> Request:
> octus:/ # radtest lars Test1234 x.x.x.137:1812 5 123abc
> Sending Access-Request of id 23 to x.x.x.137:1812
>         User-Name = "lars"
>         User-Password = "Test1234"
>         NAS-IP-Address = octus
>         NAS-Port = 5
> rad_recv: Access-Reject packet from host x.x.x.137:1812, id=23, length=20
> octus:/ #
>
> Log for the request:
>
"TRITON","IAS",04/28/2009,08:46:04,1,"lars","domain.local/AdministrativeNut
>z
>
er/Lars",,,,,,"255.255.255.255",5,0,"x.x.x.161","OpenVPN-Server",,,,,,,1,"V
>e rbindungen mit anderen Zugriffsservern",0,"311 1 x.x.x.137 04/16/2009
> 01:19:50 979",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Windows-Authentifizierung
> für alle Benutzer verwenden",1,,,,
>
>
"TRITON","IAS",04/28/2009,08:46:04,3,,"domain.local/AdministrativeNutzer/La
>r s",,,,,,,,0,"x.x.x.161","OpenVPN-Server",,,,,,,1,"Verbindungen mit
anderen
> Zugriffsservern",66,"311 1 x.x.x.137 04/16/2009 01:19:50
> 979",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Windows-Authentifizierung für alle
> Benutzer verwenden",1,,,,
>
> Octus (.161) = OpenVPN-server and RADIUS-Client
> Triton (.137) = RADIUS-server and domain-controller
>
> Triton obviously realizes that user lars exists but what do these numbers
> mean? Password is correct, why is the request rejected??????????????
>
> Thanks again for any help!!!!
>
> Lars
>
>
> =======================================
>
>
> -----Ursprüngliche Nachricht-----
> Von: address@hidden
> [mailto:address@hidden Im Auftrag
> von William Cooley
> Gesendet: Montag, 27. April 2009 17:52
> An: address@hidden
> Betreff: Re: [Radiusplugin-users] Connection with ISA (Win2003)
>
> Make sure the IAS service is running on the correct port or define a
> custom port when testing with radtest
>
>
> =======================================
>
> LarsZ wrote:
> > Hi everybody.
> >
> > I want to use the plugin to authenticate openvpn users against active
> > directory of win2003. RADIUS server is running on win2003 machine but
> > I don’t get a positive radtest although user password and secret are
> > definitely correct.
> >
> > I have unfortunately no idea what all the stuff like service-type
> > NAS-pot-type and so on means. I don’t know what to set up in the
> > RADIUS settings of win2003.
> >
> > Has anybody ahint for me?
> >
> > Sorry but I’m absolutely inexperienced as you see.
> >
> > Thanks for any help!!!!!!!
> >
> > Lars
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Radiusplugin-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
>
>
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users