[ previous ] [ next ] [ threads ]
 
 From:  " m0n0wall at 1fineday" <m0n0wall at 1fineday>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Cc:  "barry mathers" <barry dot mather at dorecentres dot com dot au>
 Subject:  radius200.exe & NTLM auth
 Date:  Sun, 28 Nov 2004 23:19:31 -0600
Ok, I discovered radius200.exe and have it working using the flatfile "users" database.

But, now I want to have it proxy to NTLM any auth requests that can't be fulfilled from the
radius200 "users" file. In
other words, the Win2K server where radius200.exe is running has some users in it's local SAM ; it
is not an AD (domain)
server. Is it possible to have radius200.exe forward auth requests via NTLM with a "users" file
entry like this:

  DEFAULT Auth-Type = System
   Class = "class1"

That's how the radius200.exe documentation shows that it should be done. However, it doesn't appear
to be working for
me. I haven't yet learned how to troubleshoot NTLM auth, so I'm not sure where the "DEFAULT
Auth-Type = System" action
is failing. The only thing that the radius200.exe log shows is:

    11/28/04 : 23:05:31
    rad_recv() called for auth
    11/28/04 : 23:05:32
    Debug : Authentication Failed

I have a NAS that has a NTLM client itself and it can auth to the Win2K server, so I know that NTLM
works on the Win2K
server. However, I want radius200.exe do the NTLM auth because radius200.exe can return additional
parameters (like the
Class item).

Thanks for any help with this.

Regards - Tom

----- Original Message ----- 
To: <m0n0wall at lists dot m0n0 dot ch>
From: "Barry Mather" <barry dot mather at dorecentres dot com dot au>
Subject: RE: [m0n0wall] WIN32 Radius Server howto
Date: Thu, 30 Sep 2004 10:32:19 +1000

Its pretty straight forward

Get the software (just google radius200.exe and download from
multi-tech)
Install onto you win32 machine, I have it working on both winxp sp2, and
win2k3 server.

If you installed to a default location, open c:\program files\multi-tech
systems\radius server2.00

Open the users file with notepad

Remove all the users in there, I have the following line for a user

Username Auth-Type = Local, Password = "userspassword"

The username is the 'username' in the line above is the actual username
you want to use.

The realms file can be empty

The radius program will create a my-users file based on the users file
you just edited, leave this alone

Dictionary file can be left as is

The clients file needs to be edited to include the ip address of the
m0n0wall, and the radius access password, my file looks like this :

172.16.1.1 password

That's it, v simple

No more files to edit.
It installs itself as a win32 service, just stop the service, restart
it, and it loads all the settings / users ..

Now enable the captive portal, telling it to use the ip address of the
win32 machine this radius server is installed on, and the password to
use, in this case password.

Make sure that your local win32 firewall is either not on, or is
allowing port 1812 through for radius !

And bob is your proverbial uncle, or aunt ... ;)

Cheers

Barry