It's funny that you found radius
support, but managed to skip over the LDAP and AD options...
Tom
On 23/10/2013 17:42, Christian Hügel wrote:
Hi Tim,
my goal is to authenticate users against our AD infrastructure which is
entirly windows based. Since observium doesn't support ldap we are
forced to use radius (NPS). We are using this NPS server for our entire
network authentication (switches,router,vpn etc).
As the NPS is a trusted member of the AD, it passes the credentials to
our domain controllers and so far it works well.
It would be ideal indeed if observium supports ldap to skip a step in
the authentication process, which in my case would be the radius server.
I will set up a test installation of freeradius to see if it works. But
however the test results will be, we cannot use it for the reasons I've
mentioned above.
Thx
Chris
Am 23.10.2013 15:47, schrieb Tim Schuh:
RADIUS on Windows is horribly temperamental. If possible I would set up a temp RADIUS server on some kind of *nix and test against that. I'm willing to bet you could even do that on the machine you have Observium on. I suspect a properly configured *nix-based RADIUS (i.e. the native platform) will have no issues. Windows always had problems with LDAP, NTP, DNS and pretty much every other widely used IETF/RFC documented protocol. Once the protocol itself is eliminated we'll have a better starting point from which to begin digging through code.
-----Original Message-----
From: observium [mailto:observium-bounces@observium.org] On Behalf Of Christian Hügel
Sent: Wednesday, October 23, 2013 7:11 AM
To: Observium Network Observation System
Subject: Re: [Observium] Radius Auth on Win2k8 NPS - malformed message
Am 23-10-2013 10:15, schrieb Cameron Daniel:
On 2013-10-23 4:55 pm, Christian Hügel wrote:
Am 21-10-2013 13:46, schrieb Christian Hügel:
Hi,
I try to configure observium with radius auth against a (working)
win2k8 NPS Server; this failes with the follwing error message on
the
server:
"A malformed RADIUS message was received from client %1. The data is
the RADIUS message."
http://technet.microsoft.com/en-us/library/cc735403%28v=ws.10%29.asp
x
Any hints why radius auth doesn´t work in Observium?
Chris
Any hints? Thx
Chris
I don't have easy access to a RADIUS server to test against anymore
but this looks like Windows being picky rather than an issue with
Observium.
http://technet.microsoft.com/en-us/library/cc735403(v=ws.10).aspx
The RADIUS authentication code in Observium doesn't set the
Message-Authenticator attribute and I don't think Observium needs to
set it given the usage.
My suggestion is to try and configure NPS to not require that
attribute, you should really be able to do that on a client group
basis or something similar.
Hi Daniel,
well, that didn´t work either. I´ve tried every possible combination, I´m still getting those malformed error message in the logs.
Chris
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium