Linux – Command Line tool for Linux to test Windows Radius

linuxradiuswindows-ias-serverwindows-server-2003

Anyone know a tool that works to test authentication against a Windows Radius Server?

I have tried radtest with:

radtest -d /usr/share/freeradius/ kbrandt 'betYouCantGuess' theServer 10 secretIGaveforMyIP 0 192.168.254.82

But I get:

Sending Access-Request of id 120 to 192.168.254.253 port 1812
    User-Name = "kbrandt"
    User-Password = "betYouCantGuess"
    NAS-IP-Address = 192.168.254.82
    NAS-Port = 10
    Framed-Protocol = PPP
rad_recv: Access-Reject packet from host 192.168.254.253 port 1812, id=120, length=20

On the server in the log there is:

192.168.254.82,kbrandt,11/06/2009,10:38:28,IAS,THESERVER,4,192.168.254.82,5,10,7,1,4108,192.168.254.82,4116,0,4128,Kyle's Workstation,4155,1,4154,Use Windows authentication for all users,4129,MYDOMAIN\kbrandt,4127,1,4149,Connections to other access servers,25,311 1 192.168.254.253 11/06/2009 15:32:42 4,4130,mydomain.com/Users/Kyle Brandt,4136,1,4142,0
192.168.254.82,kbrandt,11/06/2009,10:38:28,IAS,THESERVER,25,311 1 192.168.254.253 11/06/2009 15:32:42 4,4130,mydomain.com/Users/Kyle Brandt,4149,Connections to other access servers,4108,192.168.254.82,4116,0,4128,Kyle's Workstation,4155,1,4154,Use Windows authentication for all users,4129,MYDOMAIN\kbrandt,4127,1,4136,3,4142,66

I'm new to Radius, so its possible I haven't configured something right. All I did was install the service, and added my ip as a RADIUS Client using Radius-Standard Vendor.

Best Answer

Got it working, I removed the policies that were there. Then added one for a group I am in, and also had to add PAP authentication. More information on why I was denied was available in the Event Viewer.

Related Solutions

Certificate Authority – RADIUS/WPA

It works. Any argument ?

most likely the certificate is deleted by some application. Sometimes the certificate is not deleted, but rather archived. To verify, please run certmgr.msc and open the certificate snap-in. Then click Certificates->View->Options and select Archive Certificates. the certificates show up again.

It could be the Live Sync program that deletes/archive the certificate. To verify, please try not to use the program on the machine and monitor if the certificate gets deleted/archived. I also found that the software FolderShare can also cause this kind of problem. If you have this software installed, please remove or disabled this software. Thank you.

To troubleshot it, I recommend we operate a clean boot the problematic machine and check it again.

To perform a clean boot, please follow these steps.

Type MSCONFIG to open system configuration console.

Go to Services tab, click the option to hide all Microsoft Services and then click the Disable All button.

Go to Startup tab, click the Disable All button.

Restart the computer.

Users loggin to 3Com switches authenticated by radius not getting admin priv and no access available with radius service down

We can login to the 3coms 45 and 55's using SSH and RADIUS authentication it is a bit of a pain to setup with IAS though.

RADIUS authentication with local failover

Here is the configuration that work on SW5500.

 sysname 5500-SI
#
 password-control length 4
 password-control history 2
 password-control login-attempt 3 exceed lock-time 120
#
 super password level 3 simple password
#
 local-server nas-ip 127.0.0.1 key 3com
#
 domain default enable 3comdevicelogin
#
 dot1x
 dot1x timer tx-period 10
 dot1x timer handshake-period 1024
 dot1x authentication-method eap
#
radius scheme system
#
radius scheme 3comapsc
 server-type standard
 primary authentication 152.67.101.23
 accounting optional
 key authentication radius
 user-name-format without-domain
 nas-ip 152.67.101.54
#
radius scheme 3ComDeviceLogin
 server-type extended
 primary authentication 152.67.101.39
 accounting optional
 key authentication radius
 user-name-format without-domain
 nas-ip 152.67.101.54
#
domain 3comdevicelogin
 scheme radius-scheme 3ComDeviceLogin local
domain apsc
 scheme radius-scheme 3comapsc
domain system
#
local-user admin
 service-type ssh telnet terminal
 level 3
 password-control aging 90
local-user manager
 service-type ssh telnet terminal
 level 2
local-user monitor
 service-type ssh telnet terminal
 level 1
#

Related Topic