12.09.2009 20:56:53
samir321
Posts: 12
|
Hi EveryBody
I have just downloaded the tekradius. I want to configure Tekradius as a radius along with the firewall (Fortigate 400A from fortinet). I have configured the tekradius as per the instruction given in the manual. But when I provide the credentials it says invalid user name password. Kindly help
|
|
0
• permalink
|
13.09.2009 15:37:37
Admin
Administrator
Posts: 1684
|
Hi,
Can you send configured attributes in user profile with TekRADIUS.log entries for this session?
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
14.09.2009 10:28:45
samir321
Posts: 12
|
Hi
I have solved the problem. I am using Tekradius in authorization mode only . Is there any way so that Tekradius will also check the password along with the user-id in authorization mode ?
|
|
0
• permalink
|
14.09.2009 10:55:31
Admin
Administrator
Posts: 1684
|
Hi,
TekRADIUS only checks User-Name in authorization-only mode currently.
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
14.09.2009 11:05:31
samir321
Posts: 12
|
Hi Yasin
Thanks for the reply. Roughly how many users we can configure in Tekradius ?
|
|
0
• permalink
|
14.09.2009 11:20:36
Admin
Administrator
Posts: 1684
|
Hi,
There is no theoric limit.
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
20.09.2009 06:10:05
samir321
Posts: 12
|
Hi YASIN
Is there any web interface through which I can controll the Tekradius remotely. ?
|
|
0
• permalink
|
21.09.2009 16:37:46
Admin
Administrator
Posts: 1684
|
Hi,
There is not a web interface for remote control currently.
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
12.10.2009 15:40:36
samir321
Posts: 12
|
Hi Yasin
I have come to know that new version of Tekradius is released. If so what r the new feature in the recent release?
|
|
0
• permalink
|
12.10.2009 15:54:25
Admin
Administrator
Posts: 1684
|
Version 3.4 introduces a new reply type. If you would like to provide restricted access to unauthenticated users add Failure-Reply attributes to user or group profiles. TekRADIUS will reply with Access-Accept containing message Failure-Reply attributes if user or group profile has Failure-Reply attributes when authentication fails. If user or group profile has not Failure-Reply attributes, TekRADIUS will reply with Access-Reject message.
TekRADIUS automatically generates Encryption Keys for authenticated L2TP and PPTP sessions when incoming RADIUS Access-Request has Tunnel-Type (64) attribute with value PPTP or L2TP. You can alter this behavior by adding Generate-MS-MPPE-Keys attribute to user or group profiles. If this attribute exists in user or group profiles and its value set to “No” TekRADIUS will not generate encryption keys. If this attribute exists in user or group profile and its value set to “Yes”, even TekRADIUS does not receive Tunnel-Type attribute in Access-Request, TekRADIUS will generate encryption keys if user is authenticated via Microsoft authentication methods.
|
|
0
• permalink
|
10.06.2010 00:39:59
dfkosek
Posts: 4
|
I have a Cisco wireless network environment, Cisco 1200 APs, 2 Cisco WiSM WLC, and the WCS running. TEKRadius is installed on a Windows 2003 R2 server and I have the database instance running on a SQL server. The connection test to the SQL DB is successful.
I would like to setup TEKRadius to control the authentication to the wireless network using LDAP. I have the changes made in the data network on the Cisco WLC and from the WLC I send and recieve pings from the TEKRadius server. But thats as far as I can get. Can I get any assistance in the configuration of the TEKRadius server?
|
|
0
• permalink
|
10.06.2010 11:40:04
Admin
Administrator
Posts: 1684
|
Hi,
Please set Logging level to Debug at Settings / Service Parameters and examine TekRADIUS.
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
10.06.2010 17:32:21
dfkosek
Posts: 4
|
Is there anything that needs to be done on the machine that is trying to authenticate to the AP?
|
|
0
• permalink
|
10.06.2010 23:43:18
dfkosek
Posts: 4
|
I am trying to connect to the wireless network on a notebook running Win XP SVC PK 3. Is there anything that needs to be configured on the notebook?
I changed the logging to debug and the log is showing...
RadAuth req. from : 172.16.50.5:32768 - 6/10/2010 11:08:04 AM
Size : 198 / 198
Identifier : 221
Attributes :
6/10/2010 11:08:04 AM - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring...
6/10/2010 11:08:04 AM - Invalid Auth. packet received from : 172.16.50.5 (Invalid Message-Authenticator).
6/10/2010 11:08:06 AM - Invalid Auth. packet received from : 172.16.50.5
6/10/2010 11:08:06 AM - Invalid Auth. packet received from : 172.16.50.5
|
|
0
• permalink
|
11.06.2010 08:29:54
Admin
Administrator
Posts: 1684
|
Have you add a RADIUS client entry for 172.16.50.5 in RADIUS clients tab?
|
|
0
• permalink
|
15.06.2010 21:44:24
dfkosek
Posts: 4
|
I added the client with IP 172.16.50.5 and I generated a certificate with TekCERT for testing. I installed it on the server and client machine. I then edited the wireless client on the user machine by selecting the wireless network and clicking on Properties.
On the Association tab…
Network Authentication: WPA
Data encryption: TKIP.
On the Authentication tab…
EAP type: Protected EAP (PEAP)
I open Properties (under EAP type: ) and changed…
Trusted Root Certification Authorities: the new certificate.
Under Select Authentication Method:
Secured password (EAP-MSCHAP-v2)
I then clicked on Configure (next to Select Authentication Method: ) and checked…
"Automatically use my Windows... if any)."
I could only get connected to the wireless network after putting my domain password in the TekRadius server (for my user). I thought I could use TekRadius to authenticate with Active Directory.
What am I missing? Will TekRadius use active directory to authenticate users?
|
|
0
• permalink
|
16.06.2010 08:18:16
Admin
Administrator
Posts: 1684
|
TekRADIUS does not support EAP authentication types with Active Directory.
|
|
0
• permalink
|
29.10.2010 12:32:55
tony
Posts: 2
|
Hi!
I've been testing the TekRADIUS and it turned out really good, I've managed to authenticate the manually defined users on laptops with PEAP fine. 
However I've been trying to do an integration with Win 2003 AD, but I've read that the CHAP authentication won't work with LDAP.
My question is this: do you have any plans to implement a functionality that could get the user credentials from LDAP and then authenticate the user by using PEAP?
|
|
0
• permalink
|
29.10.2010 19:10:13
Admin
Administrator
Posts: 1684
|
Hi,
TekRADIUS needs to access clear text password stored in AD for CHAP or PEAP. Unfortunately this is not possible currently.
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
02.11.2010 14:14:57
tony
Posts: 2
|
Thank you.
Keep up the good work!
|
|
0
• permalink
|