IT Answers » Radius

NPS RADIUS auth problem

I486dx266 — Tue, 19 Apr 2011 11:38:16 +0000

We have an NPS RADIUS auth. problem. Currently we are running a site with 1 RODC and 1 RWDC in paralell as we are transfering all the services to the new RWDC and preparing to demote the RODC. What is left to transfer before i demote RODC is NPS. We were testing RADIUS yesterday evening by powering of the old RODC and switching RADIUS server IPs on the APs. I installed NPS on RWDC and ”copied” the settings to match RODC. Made a wireless policy and created the RADIUS client entries. Checked Shared secret on both AP and NPS. Added RWDC to RAS and IAS servers group, rebooted and requested RAS and IAS server certificate. Checked certificates. Trusted Root Certification Authorities match and Intermediate Certification Authorities match on both DC’s. BUT… We can’t get the clients to auth. The clients Wifi NIC hangs on ”confirming identity” when RADIUS server is set to the RWDC in the AP the client is connecting to. RODC or our backup NPS in a remote site works. Must be something i’m missing…
Ran wireshark on the client NIC as it was connecting.

Tacacs and authentication on Cisco routers

Ekansh — Tue, 28 Dec 2010 07:58:45 +0000

We have ACS 3.X server for tacacs + and radius authentication in our lan switches. right now i am able to login through tacacs+ only. I want to enable tacacs+ as well as local telnet login . This will help me to login in switches if the tacacs will fail.

RADIUS Server Authentication

Wireless90 — Sat, 20 Nov 2010 15:28:48 +0000

Hi Im in a dilemma on how this process works,especially about the shared key.

Im currently learning Fundamentals of Network Security and came across this chapter on access-control protocols where they talk about RADIUS,TACACS+ nad Kerberos.
I have never set up a Radius system before.

This is what the book says that got me confused.
“The shared secret is never sent out in the network”.

If its never sent out how dpes the authentication happen? How does the R.Server knows that the R.Client is trustable by not exchanging secret key? How is the password encrypted?

These are the 2 websites that got me even confused. 1 stated that the secret key is used for encryption with MD5 together with a random Request Authenticator string and then the resulting hash would be XORed with the password.

The other stated the password would just directly go through a MD5 algorithm.

http://www.untruth.org/~josh/security/radius/radius-auth.html

http://www.giac.org/resources/whitepaper/access/157.php

Deploying IP address authentication in Radius server

Akashost — Tue, 20 Apr 2010 07:48:55 +0000

Dear All,

Please provide me a solution, where we want to bind IP address with MAC ID of the wireless client and should be authenticated by Radius Server.

Is this solution exist?

I will be very thankful if you could provide me the solutions.

Akash

Guest Access on an 802.11x network

Jrubinstein — Sun, 19 Oct 2008 11:15:38 +0000

I am trying to set up 802.11x security on our network. The domain machines authenticate fine but a guest machine isn’t able to get access. I have set up a policy for it on the Radius server using it’s Mac address and the Wireless access point recognises the assigned VLAN but lists it as not allowing forwarding, consequently the guest machine can’t get anywhere even on it’s own VLAN.

Any suggestions gratefully recieved.

AP-5131 WAP RADIUS Configuration?

erin0201 — Tue, 29 Jul 2008 16:22:53 +0000

New Discussion Post by

Hardware needed for implementing a call termination company?

Unified Communications ATE — Thu, 03 Apr 2008 13:25:22 +0000

I plan on implementing a call termination company in Latin America and I have looked at the Hypermedia GSM gateway as a potential component. Is there any additional hardware I need in order to start selling minutes? Do I need a billing/RADIUS solution and how would this work? Would the radius solution authenticate with the hypermedia gateway?

Cisco AcessControlServer – Authentication

Stefan600 — Wed, 26 Mar 2008 22:10:32 +0000

Hi
I’m configuring a Cisco ACS for our diploma thesis and now i have this problem:

The Authentication of the IETF Radius-server operates properlym but the authentication of the nac doesn’t work. All clients come in my quarantine-vlan.
In the logs there is the SharedRAC: Quarantine_RAC displayed.

I had configure 3 components in “Shared Profile Components – RADIUS Authorization Components”:

Healthy_RAC:
IETF Session-Timeout (27) 3600
IETF Termination-Action (29) RADIUS-Request (1)
IETF Tunnel-Type (64) [T1] VLAN (13)
IETF Tunnel-Medium-Type (65) [T1] 802 (6)
IETF Tunnel-Private-Group-ID (81) [T1]secure_lan

Quarantine_RAC:
IETF Session-Timeout (27) 3600
IETF Termination-Action (29) RADIUS-Request (1)
I ETF Tunnel-Type (64) [T1] VLAN (13)
IETF Tunnel-Medium-Type (65) [T1] 802 (6)
IETF Tunnel-Private-Group-ID (81) [T1] quarantine

Transition_RAC:
IETF Session-Timeout (27) 30
IETF Termination-Action (29) RADIUS-Request (1)

After that i created a Network Access Profile named nac_802.1x. For Testing i disabled the machinepostures in the authentication.

my authoriziation rules:
*User Group: student
System Posture Token: Healthy
Deny Access: No
Shared RAC: Healthy_RAC
ACL: deacitvated

*If a condition is not defined or there is no matched condition: Quarantine_RAC

Has anyone an idea what the problem is?
In windows xp i selected 802.1x peap authentication with eap-mschapv2. Also i checked that the pc is authenticated as a computer.

Here’s a cut of the acs-log file(Passed Authentications):
http://www.datei-upload.eu/file.php?id=e532ee9671a10ba82567b d156f12ebf8

In the logs there occur three times the Healthy_RAC, there i configured the option “If a condition is not defined or there is no matched condition” to Healthy.

One more question.. is the CTA Client for the postures needed? some people said that it’s not, but others say it’s important.

in advance. thanks for answers

__________________

http://net08.wordpress.com/

Poblem Setting Radius Attribibute 22 (Framed-Route)

Rounds1981 — Thu, 01 Nov 2007 05:30:21 +0000

Hello,

Can anybody tell me where to set the radius attribute 22 (framed-route) on a windows 2000 IAS server.

Thanks

Can’t Find IAS Attribute 22

Rounds1981 — Thu, 18 Oct 2007 02:45:59 +0000

Hello, I am trying to create a new Remote Access policy. The policy will be for a single user, whose account will be used to log on from a 3G Wireless router, with other computers behind it. To achive this without using NAT on the router I need to set up some attributes under the advanced tab of the profile I have created. These include
Attribute 8 – Framed IP Address
Attribute 9 Framed IP Netmask
Attribute 22 Framed Route

The problem is that I see no setting for Attribute 22 – Framed route. Anyone know how this can be set on a windows 2000 server?

Thanks for any help