<div>Hi,<br></div><div><br></div><div>Is it fine to do some jugglery with the user-name and convert it to a format which can be proxied to home server ? </div><div><br></div><div>Thanks,</div><div>Chidanand</div><br><div class="gmail_quote">
On Wed, Oct 20, 2010 at 4:52 PM, Chidanand Gangur <span dir="ltr"><<a href="mailto:chidanand.gangur@gmail.com">chidanand.gangur@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div>Hi,<br clear="all"></div><div><br></div><div>I have following setup</div><div><br></div><div>where windows host is connected to Cisco 2960 which is connected to Microsoft AD via RADIUS proxy</div><div><br></div><div>
Windows host (XP SP3) -> Cisco 2960 -> freeRADIUS proxy (2.1.10) -> Microsoft AD (2003)</div><div><br></div><div>In the above setup user authentication goes fine. I am using PEAP v1 authentication. </div><div><br>
</div><div>I am struggling hard to make host authentication successful. </div><div><br></div><div>When the machine boots I see radius Access-Request with User-Name = "host/<a href="http://radhost1.testad1.com" target="_blank">radhost1.testad1.com</a>" which qualifies to IPASS type realm and searches for realm as "host" and things do not work. </div>
<div><br></div><div><div>Please point me to links/docs or give me pointer where/how to start.</div></div><div><br></div><div>rad_recv: Access-Request packet from host 192.168.6.200 port 1645, id=141, length=165<br> User-Name = "host/<a href="http://radhost1.testad1.com" target="_blank">radhost1.testad1.com</a>"<br>
Service-Type = Framed-User<br> Framed-MTU = 1500<br> Called-Station-Id = "00-21-D7-00-51-89"<br> Calling-Station-Id = "00-13-20-38-33-27"<br> EAP-Message = 0x021a001e01686f73742f726164686f7374312e746573746164312e636f6d<br>
Message-Authenticator = 0x2deded3294b409a59441b3e5777a9a87<br> NAS-Port-Type = Ethernet<br> NAS-Port = 50009<br> NAS-IP-Address = 192.168.6.200<br>Wed Oct 20 07:27:48 2010 : Info: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default<br>
Wed Oct 20 07:27:48 2010 : Info: +- entering group authorize {...}<br>Wed Oct 20 07:27:48 2010 : Info: ++[preprocess] returns ok<br>Wed Oct 20 07:27:48 2010 : Info: ++[chap] returns noop<br>Wed Oct 20 07:27:48 2010 : Info: ++[mschap] returns noop<br>
Wed Oct 20 07:27:48 2010 : Info: [IPASS] Looking up realm "host" for User-Name = "host/<a href="http://radhost1.testad1.com" target="_blank">radhost1.testad1.com</a>"<br>Wed Oct 20 07:27:48 2010 : Info: [IPASS] Found realm "DEFAULT"<br>
Wed Oct 20 07:27:48 2010 : Info: [IPASS] Adding Stripped-User-Name = "<a href="http://radhost1.testad1.com" target="_blank">radhost1.testad1.com</a>"<br>Wed Oct 20 07:27:48 2010 : Info: [IPASS] Adding Realm = "DEFAULT"<br>
Wed Oct 20 07:27:48 2010 : Info: [IPASS] Authentication realm is LOCAL.<br>Wed Oct 20 07:27:48 2010 : Info: ++[IPASS] returns ok<br>Wed Oct 20 07:27:48 2010 : Info: [suffix] Request already proxied. Ignoring.<br>Wed Oct 20 07:27:48 2010 : Info: ++[suffix] returns ok<br>
Wed Oct 20 07:27:48 2010 : Info: [ntdomain] Request already proxied. Ignoring.<br>Wed Oct 20 07:27:48 2010 : Info: ++[ntdomain] returns ok<br>Wed Oct 20 07:27:48 2010 : Info: [realmpercent] Request already proxied. Ignoring.<br>
Wed Oct 20 07:27:48 2010 : Info: ++[realmpercent] returns ok<br>Wed Oct 20 07:27:48 2010 : Info: [eap] EAP packet type response id 26 length 30<br>Wed Oct 20 07:27:48 2010 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation<br>
Wed Oct 20 07:27:48 2010 : Info: ++[eap] returns updated<br>Wed Oct 20 07:27:48 2010 : Info: ++[unix] returns notfound<br>Wed Oct 20 07:27:48 2010 : Info: ++[files] returns noop<br>Wed Oct 20 07:27:48 2010 : Info: ++[expiration] returns noop<br>
Wed Oct 20 07:27:48 2010 : Info: ++[logintime] returns noop<br>Wed Oct 20 07:27:48 2010 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>Wed Oct 20 07:27:48 2010 : Info: ++[pap] returns noop<br>
Wed Oct 20 07:27:48 2010 : Info: Found Auth-Type = EAP<br>Wed Oct 20 07:27:48 2010 : Info: # Executing group from file /usr/local/etc/raddb/sites-enabled/default<br>Wed Oct 20 07:27:48 2010 : Info: +- entering group authenticate {...}<br>
Wed Oct 20 07:27:48 2010 : Info: [eap] EAP Identity<br>Wed Oct 20 07:27:48 2010 : Info: [eap] processing type md5<br>Wed Oct 20 07:27:48 2010 : Debug: rlm_eap_md5: Issuing Challenge<br>Wed Oct 20 07:27:48 2010 : Info: ++[eap] returns handled<br>
Sending Access-Challenge of id 141 to 192.168.6.200 port 1645<br> EAP-Message = 0x011b001604100675c546c11b2ad0f1a7341b757af909<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x6d4e1d1a6d5519217cdc7f95e535c25b<br>
Wed Oct 20 07:27:48 2010 : Info: Finished request 48.<br>Wed Oct 20 07:27:48 2010 : Debug: Going to the next request<br>Wed Oct 20 07:27:48 2010 : Debug: Waking up in 4.9 seconds.<br></div><div><br></div><div><br></div><div>
Thanks & Regards</div><div><br></div><font color="#888888">-- <br>Chidanand Gangur<br>Pune.<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Chidanand Gangur<br>Pune.<br>