[Zope] RADIUS on Windows
Toby Dickenson
tdickenson@geminidataloggers.com
Tue, 18 Jun 2002 17:48:42 +0100
On Tuesday 18 Jun 2002 3:45 pm, Pieter Biemond (prive wrote:
> Yep. Two quick suggestions:
> - make sure your radiusauth_secret is the same on both machines
definitely yes
> - make sure every user in IAS has "Dialin access", otherwise RADIUS
> authentication is not allowed.
Thanks for this tip.
I tried turning this on, and it started working. Then I checked it with a=
n old=20
password, and that worked too! Then it stopped working again for no good=20
reason.=20
I cant see any pattern to how it has been behaving since then. Arghhh.
> If this doens't solve your problems, give me more information about
> your setup/configuration.
The IAS server is NT 4 with latest service packs. It is a BDC.
I have been testing using the raw radius.py library, outside of Zope.
On the client I see:
* sometimes the server responds with rejection packet.
* sometimes the server responds with an acceptance packet. (even if the =20
password is an old one, and with restarting the IAS service in between)
* sometimes the server does not respond at all. This often (but not only,
or always) happens when the username provided does not exist
On the event log I see a mix of the following four types of entry. Im not=
sure=20
why the server is sometimes logging requests, and sometimes logging=20
responses.
Failed authentication: Source =3D 192.168.0.3:2113
Code =3D Access-Request
Identifier =3D 2
User-Name =3D tdickenson
Password =3D ******
Failed authentication: Source =3D 192.168.0.3:2113
Code =3D Access-Reject
Identifier =3D 84
Successful authentication: Source =3D 192.168.0.3:2113
Code =3D Access-Request
Identifier =3D 40
User-Name =3D tdickenson
Password =3D ******
Successful authentication: Source =3D 192.168.0.3:2113
Code =3D Access-Accept
Identifier =3D 30