Hi Tim,
my goal is to authenticate users against our AD infrastructure which is entirly windows based. Since observium doesn't support ldap we are forced to use radius (NPS). We are using this NPS server for our entire network authentication (switches,router,vpn etc). As the NPS is a trusted member of the AD, it passes the credentials to our domain controllers and so far it works well.
It would be ideal indeed if observium supports ldap to skip a step in the authentication process, which in my case would be the radius server. I will set up a test installation of freeradius to see if it works. But however the test results will be, we cannot use it for the reasons I've mentioned above.
Thx
Chris
Am 23.10.2013 15:47, schrieb Tim Schuh:
RADIUS on Windows is horribly temperamental. If possible I would set up a temp RADIUS server on some kind of *nix and test against that. I'm willing to bet you could even do that on the machine you have Observium on. I suspect a properly configured *nix-based RADIUS (i.e. the native platform) will have no issues. Windows always had problems with LDAP, NTP, DNS and pretty much every other widely used IETF/RFC documented protocol. Once the protocol itself is eliminated we'll have a better starting point from which to begin digging through code.
-----Original Message----- From: observium [mailto:observium-bounces@observium.org] On Behalf Of Christian Hügel Sent: Wednesday, October 23, 2013 7:11 AM To: Observium Network Observation System Subject: Re: [Observium] Radius Auth on Win2k8 NPS - malformed message
Am 23-10-2013 10:15, schrieb Cameron Daniel:
On 2013-10-23 4:55 pm, Christian Hügel wrote:
Am 21-10-2013 13:46, schrieb Christian Hügel:
Hi,
I try to configure observium with radius auth against a (working) win2k8 NPS Server; this failes with the follwing error message on the server: "A malformed RADIUS message was received from client %1. The data is the RADIUS message."
http://technet.microsoft.com/en-us/library/cc735403%28v=ws.10%29.asp x
Any hints why radius auth doesn´t work in Observium?
Chris
Any hints? Thx
Chris
I don't have easy access to a RADIUS server to test against anymore but this looks like Windows being picky rather than an issue with Observium.
http://technet.microsoft.com/en-us/library/cc735403(v=ws.10).aspx
The RADIUS authentication code in Observium doesn't set the Message-Authenticator attribute and I don't think Observium needs to set it given the usage.
My suggestion is to try and configure NPS to not require that attribute, you should really be able to do that on a client group basis or something similar.
Hi Daniel,
well, that didn´t work either. I´ve tried every possible combination, I´m still getting those malformed error message in the logs.
Chris _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium