|
31.08.2008 13:59:37
|
misano
Posts 1
|
Hi Yasin.
I am evaluating your radius server and I have some questions:
1. your project will become open source or commercial ?
2. is it stable ?
3. have someone tested it with mikrotik devices ?
4. how many users are using your software ?
thanks and congratualtions for your software.
Misano
|
|
31.08.2008 15:19:36
|
admin
Posts 110
|
Hi,
Please find answer below;
1. There may be a commercial version I'll keep freeware version with all current features.
2. TekRADIUS is designed to provide maximum stability and TekRADIUS provides sufficient service
availbility according to feedbacks I've received.
3. Yes, TekRADIUS is tested with Mikrotik and works fine.
4. I can not give an exact number; it's downloaded more than 6000 times and I've issued nealry 2000
licenses.
Best regards,
Yasin KAPLAN
|
|
15.10.2008 21:20:38
|
patriciols
Posts 3
|
I´m trying to use TekRADIUS to authenticate pptp users from a mikrotik. I configure the client and one user with some attributes. The problem is that I get the error 778: It was not possible to verify the identity of the server. (Acct-Terminate-Cause = NAS-Error)
Here is my configuration:
NAS: 192.168.2.10, Secret: alpha, Vendor: ietf, Enable:Yes
Group: Defult
Attribute: Framed-Compression Type: Reply Value: VJ-TCP/IP-Header
Attribute: Service-Type Type: Reply Value: Framed
Attribute: Port-Limit Type: Reply Value: 1
Attribute: Framed-Protocol Type: Reply Value: PPP
Users: Usermane: test Group: Default
Attribute: User-Password Type:Check Value: test
Hope to hear form you soon.
Patrick
|
|
15.10.2008 22:36:31
|
admin
Posts 110
|
You can authenticate and authorize incoming PPTP and L2TP connection requests. Supported key-strength for tunnel session keys is only 128 bits. You can use CHAP, MS-CHAP v1, MS-CHAP v2, EAP-MD5 and PEAPv0-EAP-MS-CHAP v2 authentication methods on client side. Please check if client side configuration matches supported authentication methods.
Regards,
Yasin KAPLAN
patriciols wrote:
I´m trying to use TekRADIUS to authenticate pptp users from a mikrotik. I configure the client and one user with some attributes. The problem is that I get the error 778: It was not possible to verify the identity of the server. (Acct-Terminate-Cause = NAS-Error)
Here is my configuration:
NAS: 192.168.2.10, Secret: alpha, Vendor: ietf, Enable:Yes
Group: Defult
Attribute: Framed-Compression Type: Reply Value: VJ-TCP/IP-Header
Attribute: Service-Type Type: Reply Value: Framed
Attribute: Port-Limit Type: Reply Value: 1
Attribute: Framed-Protocol Type: Reply Value: PPP
Users: Usermane: test Group: Default
Attribute: User-Password Type:Check Value: test
Hope to hear form you soon.
Patrick
|
|
15.10.2008 23:32:22
|
patriciols
Posts 3
|
I found out that it works only with PAP/CHAP, but not with MS-CHAP or MS-CHAP v2. Is tehre any attribute I can set for this to worh?
Mi mikrotik debug says "encryption negotiation not possible" and the TekRADIUS debug:
Framed-IP-Address = 192.168.4.5
Acct-Status-Type = Start
Calling-Station-Id = 172.20.0.186
NAS-Port-Type = Virtual
Acct-Authentic = RADIUS
Called-Station-Id = 192.168.2.50
User-Name = test
Acct-Session-Id = 81900000
Acct-Delay-Time = 0
NAS-Identifier = IP Publico
Service-Type = Framed
NAS-Port = 74
NAS-IP-Address = 192.168.2.56
Framed-Protocol = PPP
Framed-Protocol = PPP
Acct-Output-Gigawords = 0
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Called-Station-Id = 192.168.2.50
User-Name = test
Acct-Delay-Time = 0
Acct-Input-Packets = 0
NAS-IP-Address = 192.168.2.56
Acct-Input-Octets = 0
NAS-Identifier = IP Publico
Acct-Input-Gigawords = 0
Service-Type = Framed
Calling-Station-Id = 172.20.0.186
Acct-Output-Octets = 10
Acct-Terminate-Cause = User-Request
NAS-Port = 74
Acct-Output-Packets = 1
Acct-Session-Id = 81900000
NAS-Port-Type = Virtual
Acct-Session-Time = 0
Framed-IP-Address = 192.168.4.5
With the same error (778)
Best regards,
Patrick
|
|
16.10.2008 00:18:23
|
admin
Posts 110
|
Hi,
Please check client connection properties in Start / Settings / Network Connections.
Select Advanced Settings at Security tab. Select Optional encryption. Allow only PAP and CHAP methods.
Regards,
Yasin KAPLAN
|
|
16.10.2008 01:20:12
|
patriciols
Posts 3
|
It works fine!, but I have over 600 clients with Typical (recommended settings) or Advanced (custom settings) with Microsoft CHAP (MS-CHAP) and Microsoft CHAP Version 2 (MS-CHAP v2) Checked.
Mikrotik uses MPPE128 stateless encoding I don’t know if it is useful. Is there a way to use this kind of validation?
The error has changed: Acct-Terminate-Cause = NAS-Error
15/10/2008 05:01:19 p.m. - Debug Message : (Radius Accounting)
Violation of PRIMARY KEY constraint 'PK_Accounting'. Cannot insert duplicate key in object 'dbo.Accounting'.
The statement has been terminated.
Framed-IP-Address = 192.168.4.5
Acct-Status-Type = Start
Calling-Station-Id = 172.20.0.186
NAS-Port-Type = Virtual
Acct-Authentic = RADIUS
Called-Station-Id = 192.168.2.50
User-Name = test
Acct-Session-Id = 81300000
Acct-Delay-Time = 0
NAS-Identifier = IP Publico
Service-Type = Framed
NAS-Port = 18
NAS-IP-Address = 192.168.2.56
Framed-Protocol = PPP
RadAcct req. from : 192.168.2.56 - 15/10/2008 05:01:19 p.m.
Size : 181 / 181
Identifier : 19
Attributes :
Framed-Protocol = PPP
Acct-Output-Gigawords = 0
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Called-Station-Id = 192.168.2.50
User-Name = test
Acct-Delay-Time = 0
Acct-Input-Packets = 0
NAS-IP-Address = 192.168.2.56
Acct-Input-Octets = 0
NAS-Identifier = IP Publico
Acct-Input-Gigawords = 0
Service-Type = Framed
Calling-Station-Id = 172.20.0.186
Acct-Output-Octets = 10
Acct-Terminate-Cause = NAS-Error
NAS-Port = 18
Acct-Output-Packets = 1
Acct-Session-Id = 81300000
NAS-Port-Type = Virtual
Acct-Session-Time = 0
Framed-IP-Address = 192.168.4.5
Thanks for your time and help!
Best regards,
Patrick
|
|
16.10.2008 11:45:04
|
admin
Posts 110
|
Hi,
I see an error in Accounting log. You can remove primary key and set an index on TimeStamp field at Accounting table
to omit this error.
Best regards,
Yasin KAPLAN
|
|
pages:
1 |
|---|