Hi everyone!
I have a pppoe server with MT. With local accounts (MT users) it's work great.
I like to create a RADIUS to authenticate user, account etc...I installed IAS one of my servers...I searched the internet and I found something very useful:
http://support.packeteer.com/documentat ... htm#groups
So I create the radius like this, with some changes:
Enter vendor code: 2334 --------> 14988
Conforms to RADIUS RFC: Yes
Click Configure Attribute, and enter the following information:
Vendor-assigned attribute number: 8
Attribute format: String
Attribute value: 128k/512k
After I create this, I add user to the group, but when i like to connect from a client, the username and the password incorrect.
In the MT I can see request and reject no accepted...
I try
server/user
user
I dont' like to use Active Directory. Only local users, but I registered the IAS in the AD. Is this problem?
If somewhere a working IAS please help me...Config , screen copy or something. What am I doing wrong.
This is the log:
172.31.0.200,santaj,01/17/2006,10:08:42,IAS,SERVER,25,311 1 172.31.0.14 01/09/2006 11:20:18 125,4127,4,4130,DOMAIN\santaj,4129,DOMAIN\santaj,4154,Use Windows authentication for all users,4155,1,4128,RADIUS,4116,0,4108,172.31.0.200,4136,3,4142,16
Thanks in advice.
santajosh
I Created another IAS server (not a domain member).
The new server name: AEGRADIUS (172.31.0.201)
user (local windows user dial in allowed): santaj
And in the logs:
"AEGRADIUS","IAS",01/17/2006,14:35:32,1,"santaj","AEGRADIUS\santaj","asp","00:06:1B:CE:27:CD",,,"MikroTik","172.31.0.200",237,0,"172.31.0.200","MT",,,15,,1,2,4,,0,"311 1 172.31.0.201 01/17/2006 13:17:41 30",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"aegradius",,,,1,,,,
"AEGRADIUS","IAS",01/17/2006,14:35:32,3,,"AEGRADIUS\santaj",,,,,,,,0,"172.31.0.200","MT",,,,,,,4,"PPPOE",66,"311 1 172.31.0.201 01/17/2006 13:17:41 30",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"AEGRADIUS","IAS",01/17/2006,14:36:32,1,"santaj","AEGRADIUS\santaj","asp","00:06:1B:CE:27:CD",,,"MikroTik","172.31.0.200",238,0,"172.31.0.200","MT",,,15,,1,2,4,,0,"311 1 172.31.0.201 01/17/2006 13:17:41 31",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"aegradius",,,,1,,,,
"AEGRADIUS","IAS",01/17/2006,14:36:32,3,,"AEGRADIUS\santaj",,,,,,,,0,"172.31.0.200","MT",,,,,,,4,"PPPOE",66,"311 1 172.31.0.201 01/17/2006 13:17:41 31",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"AEGRADIUS","IAS",01/17/2006,14:37:32,1,"santaj","AEGRADIUS\santaj","asp","00:06:1B:CE:27:CD",,,"MikroTik","172.31.0.200",239,0,"172.31.0.200","MT",,,15,,1,2,4,,0,"311 1 172.31.0.201 01/17/2006 13:17:41 32",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"aegradius",,,,1,,,,
"AEGRADIUS","IAS",01/17/2006,14:37:32,3,,"AEGRADIUS\santaj",,,,,,,,0,"172.31.0.200","MT",,,,,,,4,"PPPOE",66,"311 1 172.31.0.201 01/17/2006 13:17:41 32",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
So what am I doing wrong?
PAP (SPAP) and CHAP authentication selected in the access policy.
Thanks....
The new server name: AEGRADIUS (172.31.0.201)
user (local windows user dial in allowed): santaj
And in the logs:
"AEGRADIUS","IAS",01/17/2006,14:35:32,1,"santaj","AEGRADIUS\santaj","asp","00:06:1B:CE:27:CD",,,"MikroTik","172.31.0.200",237,0,"172.31.0.200","MT",,,15,,1,2,4,,0,"311 1 172.31.0.201 01/17/2006 13:17:41 30",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"aegradius",,,,1,,,,
"AEGRADIUS","IAS",01/17/2006,14:35:32,3,,"AEGRADIUS\santaj",,,,,,,,0,"172.31.0.200","MT",,,,,,,4,"PPPOE",66,"311 1 172.31.0.201 01/17/2006 13:17:41 30",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"AEGRADIUS","IAS",01/17/2006,14:36:32,1,"santaj","AEGRADIUS\santaj","asp","00:06:1B:CE:27:CD",,,"MikroTik","172.31.0.200",238,0,"172.31.0.200","MT",,,15,,1,2,4,,0,"311 1 172.31.0.201 01/17/2006 13:17:41 31",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"aegradius",,,,1,,,,
"AEGRADIUS","IAS",01/17/2006,14:36:32,3,,"AEGRADIUS\santaj",,,,,,,,0,"172.31.0.200","MT",,,,,,,4,"PPPOE",66,"311 1 172.31.0.201 01/17/2006 13:17:41 31",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"AEGRADIUS","IAS",01/17/2006,14:37:32,1,"santaj","AEGRADIUS\santaj","asp","00:06:1B:CE:27:CD",,,"MikroTik","172.31.0.200",239,0,"172.31.0.200","MT",,,15,,1,2,4,,0,"311 1 172.31.0.201 01/17/2006 13:17:41 32",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"aegradius",,,,1,,,,
"AEGRADIUS","IAS",01/17/2006,14:37:32,3,,"AEGRADIUS\santaj",,,,,,,,0,"172.31.0.200","MT",,,,,,,4,"PPPOE",66,"311 1 172.31.0.201 01/17/2006 13:17:41 32",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
So what am I doing wrong?
PAP (SPAP) and CHAP authentication selected in the access policy.
Thanks....
Hi!
Answer myself
So int the PPPOE server (pppoe authentication -> PAP (only) and int the IAS set the authentication to pap (SPAP). And now it's working. I create local groups (384/128 and 512/128) add users to this group, make a policy to the 512 and the 384 bandwith (rate limit).
Is there anybody who is using chap? If I change to chap (in the MT and in IAS - only chap) from pap the users can't connect ...why?
Is this secure (pap)?
If i try mschap1 or mschap2 do it work for me?
Next project is to connect to an MS SQL, and store data there.
So how can I put user traffic data to SQL? If a user connect to pppoe I like to put the traffic to SQL? How can I do this? Script?
Thanks!
Answer myself
So int the PPPOE server (pppoe authentication -> PAP (only) and int the IAS set the authentication to pap (SPAP). And now it's working. I create local groups (384/128 and 512/128) add users to this group, make a policy to the 512 and the 384 bandwith (rate limit).
Is there anybody who is using chap? If I change to chap (in the MT and in IAS - only chap) from pap the users can't connect ...why?
Is this secure (pap)?
If i try mschap1 or mschap2 do it work for me?
Next project is to connect to an MS SQL, and store data there.
So how can I put user traffic data to SQL? If a user connect to pppoe I like to put the traffic to SQL? How can I do this? Script?
Thanks!
The IAS logs in text file. It 's ok. But when I try use SQL, the users couldn't connect and there is an error message is the W2003 server.
Access request for user santa was discarded.
Fully-Qualified-User-Name =
NAS-IP-Address = 172.31.0.200
NAS-Identifier = MikroTik
Called-Station-Identifier = asp
Calling-Station-Identifier = 00:06:1B:CE:27:CD
Client-Friendly-Name = RADIUS
Client-IP-Address = 172.31.0.200
NAS-Port-Type = Ethernet
NAS-Port = 119
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Reason-Code = 80
Reason = The authentication or accounting record could not be written to the log file location. Ensure that the log file location is accessible, has available space, can be written to, and that the directory or SQL server name is valid.
In the Remote access logging select SQL - try with indows nt integrated, specific user name and the conenction test all ok. I can reach the database.
Should I manually create tables? Or what?
thanks!
I hope this is working for me one day....
I anybody uses IAS please contact me....
Access request for user santa was discarded.
Fully-Qualified-User-Name =
NAS-IP-Address = 172.31.0.200
NAS-Identifier = MikroTik
Called-Station-Identifier = asp
Calling-Station-Identifier = 00:06:1B:CE:27:CD
Client-Friendly-Name = RADIUS
Client-IP-Address = 172.31.0.200
NAS-Port-Type = Ethernet
NAS-Port = 119
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Reason-Code = 80
Reason = The authentication or accounting record could not be written to the log file location. Ensure that the log file location is accessible, has available space, can be written to, and that the directory or SQL server name is valid.
In the Remote access logging select SQL - try with indows nt integrated, specific user name and the conenction test all ok. I can reach the database.
Should I manually create tables? Or what?
thanks!
I hope this is working for me one day....
I anybody uses IAS please contact me....