Re: AW: AW: [Radiusplugin-users] Connection with ISA (Win2003)

radiusplugin-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: AW: [Radiusplugin-users] Connection with ISA (Win2003)

From:	Ralf Lübben
Subject:	Re: AW: AW: [Radiusplugin-users] Connection with ISA (Win2003)
Date:	Wed, 29 Apr 2009 20:36:04 +0200
User-agent:	KMail/1.11.2 (Linux/2.6.28-11-generic; KDE/4.2.2; i686; ; )

Right, this is a bug.

I shouldn't be possible. The login works but I wasn't able to exchange data 
even if the login succeed with a wrong username/password.

The new beta version v2.1_beta3 should fix the problem.

Can you try if it fixes your problem?

Thanks.
Ralf



Am Mittwoch, 29. April 2009 10:26:45 schrieb LarsZ:
> Hi.
>
> Thanks for the hint.
>
> In principle it sounds really great what this command should do but it
> doesn't seem to work. In the end I wasn't able any more to make a openvpn
> connection because "...the address is already in use..." :-(
>
> So I deleted the line from the client config file. After restarting my pc I
> can now again connect to the openvpn server. But the problem remains:
> After disconnect I can reconnect with any senseless user/password data, as
> long as they are not empty, because "RADIUS-PLUGIN: FOREGROUND: Don't add
> the user to the map, it is a rekeying."... :-(
> Is it possible to avoid putting user in a map, or is it necessary because
> the RADIUS server is asking for the login data from time to time?
>
> Any other advices?
>
> Thank you very much in advance!!!!
>
> Lars
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Ralf Lübben [mailto:address@hidden
> Gesendet: Dienstag, 28. April 2009 19:55
> An: address@hidden
> Cc: address@hidden
> Betreff: Re: AW: [Radiusplugin-users] Connection with ISA (Win2003)
>
> Hi,
>
> I'm not sure if I got your problem.
>
> Maybe this could be a hint:
> OpenVPN needs some time to detect if a user is disconnected, so I will
> continue to send accounting data to the RADIUS server, you can prevent this
> by
> adding in the OpenVPN config file:
>
> --explicit-exit-notify [n]
>     In UDP client mode or point-to-point mode, send server/peer an exit
> notification if tunnel is restarted or OpenVPN process is exited. In client
> mode, on exit/restart, this option will tell the server to immediately
> close
>
> its client instance object rather than waiting for a timeout. The n
> parameter
> (default=1) controls the maximum number of retries that the client will
> attempt to resend the exit notification message.
>
>
> Regards
> Ralf
>
> Am Dienstag, 28. April 2009 10:40:40 schrieb LarsZ:
> > Hi.
> >
> > I solved the problem by adding a new RAS-directive and I think I had the
> > wrong authentication method turned on. Anyway it works.
> >
> > Next problem:
> > If I connect properly the RADIUS-plugin adds the user to a map. If I
> > disconnect and connect afterwards from the same machine I can type in
> > user and password which are complete nonsense but he always sends the
> > correct data from his map to the RADIUS-server. How can avoid that??????
> >
> > THANK YOU IN ADVANCE!!!!!!!!!
> >
> > Lars
> >
> > =========================================
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: LarsZ [mailto:address@hidden
> > Gesendet: Dienstag, 28. April 2009 09:03
> > An: address@hidden
> > Betreff: AW: [Radiusplugin-users] Connection with ISA (Win2003)
> >
> > Hi.
> >
> > Thanks for the answer!
> >
> > It is running on the correct ports (authentication 1812&1645, accounting
> > 1813,1646). I think otherwise I wouldn't even get a connection. There is
> > a connection and the server rejects the request.
> > The thing is I have no idea what the RADIUS servers log-file is trying to
> > tell me:
> > Request:
> > octus:/ # radtest lars Test1234 x.x.x.137:1812 5 123abc
> > Sending Access-Request of id 23 to x.x.x.137:1812
> >         User-Name = "lars"
> >         User-Password = "Test1234"
> >         NAS-IP-Address = octus
> >         NAS-Port = 5
> > rad_recv: Access-Reject packet from host x.x.x.137:1812, id=23, length=20
> > octus:/ #
> >
> > Log for the request:
>
> "TRITON","IAS",04/28/2009,08:46:04,1,"lars","domain.local/AdministrativeNut
>
> >z
>
> er/Lars",,,,,,"255.255.255.255",5,0,"x.x.x.161","OpenVPN-Server",,,,,,,1,"V
>
> >e rbindungen mit anderen Zugriffsservern",0,"311 1 x.x.x.137 04/16/2009
> > 01:19:50 979",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Windows-Authentifizierung
> > für alle Benutzer verwenden",1,,,,
>
> "TRITON","IAS",04/28/2009,08:46:04,3,,"domain.local/AdministrativeNutzer/La
>
> >r s",,,,,,,,0,"x.x.x.161","OpenVPN-Server",,,,,,,1,"Verbindungen mit
>
> anderen
>
> > Zugriffsservern",66,"311 1 x.x.x.137 04/16/2009 01:19:50
> > 979",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Windows-Authentifizierung für alle
> > Benutzer verwenden",1,,,,
> >
> > Octus (.161) = OpenVPN-server and RADIUS-Client
> > Triton (.137) = RADIUS-server and domain-controller
> >
> > Triton obviously realizes that user lars exists but what do these numbers
> > mean? Password is correct, why is the request rejected??????????????
> >
> > Thanks again for any help!!!!
> >
> > Lars
> >
> >
> > =======================================
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: address@hidden
> > [mailto:address@hidden Im Auftrag
> > von William Cooley
> > Gesendet: Montag, 27. April 2009 17:52
> > An: address@hidden
> > Betreff: Re: [Radiusplugin-users] Connection with ISA (Win2003)
> >
> > Make sure the IAS service is running on the correct port or define a
> > custom port when testing with radtest
> >
> >
> > =======================================
> >
> > LarsZ wrote:
> > > Hi everybody.
> > >
> > > I want to use the plugin to authenticate openvpn users against active
> > > directory of win2003. RADIUS server is running on win2003 machine but
> > > I dont get a positive radtest although user password and secret are
> > > definitely correct.
> > >
> > > I have unfortunately no idea what all the stuff like service-type
> > > NAS-pot-type and so on means. I dont know what to set up in the
> > > RADIUS settings of win2003.
> > >
> > > Has anybody ahint for me?
> > >
> > > Sorry but Im absolutely inexperienced as you see.
> > >
> > > Thanks for any help!!!!!!!
> > >
> > > Lars
> > >
> > > -----------------------------------------------------------------------
> > >-
> > >
> > > _______________________________________________
> > > Radiusplugin-users mailing list
> > > address@hidden
> > > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> >
> > _______________________________________________
> > Radiusplugin-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> >
> >
> >
> > _______________________________________________
> > Radiusplugin-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users

[Prev in Thread]

Current Thread

[Next in Thread]

[Radiusplugin-users] Connection with ISA (Win2003), LarsZ, 2009/04/27
- Re: [Radiusplugin-users] Connection with ISA (Win2003), William Cooley, 2009/04/27
  - AW: [Radiusplugin-users] Connection with ISA (Win2003), LarsZ, 2009/04/28
  - AW: [Radiusplugin-users] Connection with ISA (Win2003), LarsZ, 2009/04/28
    - Re: AW: [Radiusplugin-users] Connection with ISA (Win2003), Ralf Lübben, 2009/04/28
    - AW: AW: [Radiusplugin-users] Connection with ISA (Win2003), LarsZ, 2009/04/29
    - Re: AW: AW: [Radiusplugin-users] Connection with ISA (Win2003), Ralf Lübben <=

Prev by Date: AW: AW: [Radiusplugin-users] Connection with ISA (Win2003)
Previous by thread: AW: AW: [Radiusplugin-users] Connection with ISA (Win2003)
Next by thread: [Radiusplugin-users] Bugfix - radiusplugin_v2.1_beta2
Index(es):
- Date
- Thread