[squid-users] RADIUS authentication

From: Ignacio Vidal <ividal@dont-contact.us>
Date: Tue, 31 Dec 2002 11:07:31 -0300

Hello:
I was trying to configure RADIUS authentication using "squid_rad_auth" from Marc van Selm (found it in Squid Related Software's page).
When I test the program against a "pure" RADIUS server, it authenticates right OK, but when I try to authenticate against a RADIUS service in a W2K domain, it seems not to work at all (every inquiries result in ERR status).

I've got the following 2 records from W2K server:

(1)
-----------------------------------------------------
User ividal was denied access.
 Fully-Qualified-User-Name = BIYCSA\ividal
 NAS-IP-Address = 192.168.113.4
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = <not present>
 Client-Friendly-Name = prxprueba
 Client-IP-Address = 192.168.113.4
 NAS-Port-Type = <not present>
 NAS-Port = 111
 Policy-Name = <undetermined>
 Authentication-Type = <undetermined>
 EAP-Type = <undetermined>
 Reason-Code = 16
 Reason = There was an authentication failure because of an unknown user name or a bad password.
-----------------------------------------------------

(2)
-----------------------------------------------------
User hgomez was granted access.
 Fully-Qualified-User-Name = biycsa.net/Biycsa/Usuarios/Piso 9 Reconquista/Hector Gomez
 NAS-IP-Address = <not present>
 NAS-Identifier = <not present>
 Client-Friendly-Name = Proxy1
 Client-IP-Address = 192.168.113.1
 NAS-Port-Type = <not present>
 NAS-Port = <not present>
 Policy-Name = Politica
 Authentication-Type = PAP
 EAP-Type = <undetermined>
-----------------------------------------------------

The first record is the result from a failed authentication process, I can see some entries that doesn't repeat in the second record (which is from a successful authentication).

Does anybody has any hint to point?
Is it possible that in the first case something is lost in the configuration of the Win2000 domain server?

I'll appreciate very much any help!
Regards

Ignacio
Received on Tue Dec 31 2002 - 07:05:12 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:16 MST