28.09.2009 13:39:23
n3R0
Posts: 6
|
Hi guys,
I have a problem to add an RADIUS-Client in the TekRADIUS-Software...
I tried to add the IP of the AccessPoint (LANCOM L-54 Wireless) using the TekRADIUS Manager in the Clients-Tab. But after clicking the Add/Update Button the Error-Message "Syntax-Error in the INSERT INTO-Command" was displayed.
After that i tried to do this using the Batch-Command who was descriped in the Installation-Manual....
C:\Programme\TekRADIUS>trcli -c add 192.168.20.191 test
But this Command caused the following error:
Unbehandelte Ausnahme: System.SystemException: Die Vertrauensstellung zwischen d
ieser Arbeitsstation und der primären Domäne konnte nicht hergestellt werden.
bei System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(Identi
tyReferenceCollection sourceSids, Boolean& someFailed)
bei System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceC
ollection sourceSids, Type targetType, Boolean& someFailed)
bei System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceC
ollection sourceSids, Type targetType, Boolean forceSuccess)
bei System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
bei h.b()
Here a few information about my system and my environment:
- Windows XP OS using a domain-user with local administrator-rights
- MS SQL 2003 Server on localhost
- TekRADIUS 3.4.0.0
- RADIUS-User sync via an existing ActiveDirectory DC (don't know yet if it is working)
I hope someone of you guys can help me with my problem, if you need more information just say it ;D
--
network administration trainee from good old germany ;P
|
|
0
• permalink
|
28.09.2009 14:20:27
Admin
Administrator
Posts: 1684
|
Hi,
Please make sure that your Windows user write access to TekRADIUS application directory and the files in the application directory.
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
28.09.2009 16:51:18
n3R0
Posts: 6
|
Thanks for the fast answer! 
But this can't be the problem... I have r/w access to the directroy and the files in it. I have tried to run the command as the domain-admin, too. But that gived me the same error-message such as with my normal user. Only while running it as the local-admin I get an other error : "You do not have administrative priviledges".
So I don't think, that this is the problem... =/
Any other ideas?
--
network administration trainee from good old germany ;P
|
|
0
• permalink
|
28.09.2009 16:57:56
Admin
Administrator
Posts: 1684
|
Hi,
Which version of TekRADIUS do you use?
Are you logged on a AD Domain?
Can you send me a screen capture showing how do you add RADIUS client using TekRADIUS Manager?
Yasin
|
|
0
• permalink
|
28.09.2009 17:44:01
n3R0
Posts: 6
|
OK, I wanted to take the screeny but this time it worked to add the client ;D
But the trcli-command didn't worked anyway...
Nice my biggest problem is solved now, although I haven't done anything^^
To your other questions...
Yes, I'm working in an ActiveDirectory Domain
and my TekRADIUS is in the version 3.4.0.0
But now I have some other questions...
The Vendor of my AP isn't present at the Vendor Dictionary, will the defalt Vendor "ietf" work,too?
And can I may activate a more detailed logging? I tried to do this with changing the Logging-Value at the Service Parameters but it didn't change anything, the Log still only display the Start/Stop messages...
Big Thanks for your help! =)
--
network administration trainee from good old germany ;P
|
|
0
• permalink
|
28.09.2009 17:49:42
Admin
Administrator
Posts: 1684
|
Hi,
As far as I understand from the error messages there is an issue with AD priviliges. But I need to simulate your envrionment.
This will take some time.
You can use ietf as your vendor. You can also add your vendor and RADIUS dictionary using Dİctionary Editor of TekRADIUS Manager.
The most detailed log is provided with Logging-Level = Debug.
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
07.10.2009 17:14:41
n3R0
Posts: 6
|
Hi again ;D
I had a lot to do in the last days... But I'm still trying to get RADIUS working. I have changed my project-environment a bit. The TekRADIUS Software is now running under the MS WinServer 2003 OS and my user-profiles are all local now. And I had updated the Firmware of my AP, too.
But the Authentification still don't work! I think my problem now is the encryption method between TekRADIUS and the AP. =/
I have taken a few screenshots of my TekRADIUS and the AP Configuration-Tool, maybe someone find the failure?!
Here an additional info...
The IP of the TekRADIUS-Server is: 192.168.20.192
The IP of the AccessPoint is: 192.168.20.191
My TekRADIUS:
 
My AccessPoint configuration:
  
PS: The Debug-Logging still don't work... =/
--
network administration trainee from good old germany ;P
|
|
0
• permalink
|
07.10.2009 17:25:05
Admin
Administrator
Posts: 1684
|
Hi,
You can use Active Directory Proxy only with PAP authentication method. TekRADIUS does not support PEAP with Active Directory
Proxy. You need to have local user profiles created in TekRADIUS.
Best regards,
Yasin KAPLAN
|
|
0
• permalink
|
07.10.2009 18:15:07
n3R0
Posts: 6
|
hey 
Thanks for the help, but where can I set it to PAP? Which settings I have to change, I don't see anything like PAP there...
And about the user profiles, do I really have to create all users of the Active Directory DC again in TekRADIUS? And do I have to set their passwords too? :O
--
network administration trainee from good old germany ;P
|
|
0
• permalink
|
07.10.2009 18:38:36
Admin
Administrator
Posts: 1684
|
Your RADIUS client (Lancom) must support PAP.
PAP is plain password authentication method and I do not think that sour RADIUS client supports.
Unfortunately you need to create all user accounts in TekRADIUS or you can consider using Microsoft IAS.
|
|
0
• permalink
|
07.10.2009 18:58:47
n3R0
Posts: 6
|
Uhm.. thats not good.
Ok, so I have to try my luck with Microsoft IAS ^^
But thanks for your help, TekRADIUS is a nice project ;D
...only not for my project now
--
network administration trainee from good old germany ;P
|
|
0
• permalink
|