This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN + Radius

Hello,

I have a Small Business Server 2003 with IAS running on it.
I am able to authenticate without probelms with the server (Http Proxy, webadmin authentication). But for some reason i am not able to authenticate using SSL VPN. I also added the the RADIUS USERS Group.

The Server 2003 say that the Users has been granted access. But i receive a authetication failure in the VPN Client.

Astaro Live Log: User authentication daemon

2007:09:19-20:19:56 (none) aua[24312]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="0.0.0.0" user="" caller="openvpn" engine="radius"

Astaro VPN Log

2007:09:19-20:19:56 (none) openvpn[4061]: 192.168.3.201:1071 [] Peer Connection Initiated with 192.168.3.201:1071
2007:09:19-20:19:57 (none) openvpn[4061]: 192.168.3.201:1071 TCPv4_SERVER READ [104] from 192.168.3.201:1071: P_CONTROL_V1 kid=0 [ ] pid=26 DATA len=90
2007:09:19-20:19:57 (none) openvpn[4061]: 192.168.3.201:1071 PUSH: Received control message: 'PUSH_REQUEST'
2007:09:19-20:19:57 (none) openvpn[4061]: 192.168.3.201:1071 SENT CONTROL []: 'AUTH_FAILED' (status=1)
2007:09:19-20:19:57 (none) openvpn[4061]: 192.168.3.201:1071 Delayed exit in 5 seconds
2007:09:19-20:19:57 (none) openvpn[4061]: 192.168.3.201:1071 TCPv4_SERVER WRITE [22] to 192.168.3.201:1071: P_ACK_V1 kid=0 [ 26 ]
2007:09:19-20:19:57 (none) openvpn[4061]: 192.168.3.201:1071 TCPv4_SERVER WRITE [104] to 192.168.3.201:1071: P_CONTROL_V1 kid=0 [ ] pid=29 DATA len=90
2007:09:19-20:19:58 (none) openvpn[4061]: 192.168.3.201:1071 Connection reset, restarting [0]
2007:09:19-20:19:58 (none) openvpn[4061]: 192.168.3.201:1071 SIGUSR1[soft,connection-reset] received, client-instance restarting
2007:09:19-20:19:58 (none) openvpn[4061]: TCP/UDP: Closing socket

Windows 2003 Server

Benutzer "" wurde Zugriff gewährt.
Vollqualifizierter Benutzername = NATHAN.local/Users/
NAS-IP-Adresse =
NAS-Kennung = ssl
Clientanzeigename = firewall
Client-IP-Adresse = 192.168.3.99
Kennung der Anruferstation =
NAS-Porttyp =
NAS-Port =
Proxyrichtlinienname = Windows-Authentifizierung für alle Benutzer verwenden
Authentifizierungsanbieter = Windows
Authentifizierungsserver =
Richtlinienname = Radius User VPN
Authentifizierungstyp = PAP
EAP-Typ =

This thread was automatically locked due to age.

Parents

0 BrucekConvergent over 18 years ago

Try adding the individual users in the allowed users box for the PPTP config... I've had problems using user groups in the SSL and IPSEC configs before, not sure if it's fixed in the latest updates.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 alasc over 18 years ago in reply to BrucekConvergent

I do so with AD authentication and it seems that the group definition doesn ´t work even with V7.009.

Try as BrucekConvergent already says putting the users in there instead.

Regards,

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 18 years ago in reply to alasc

Yep, Groups are busted

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 MastaPuffy over 18 years ago in reply to BrucekConvergent

Thanks I will try what when I am at home.
Groups would be nice though [:(]
Cancel
Vote Up 0 Vote Down

Cancel
0 alasc over 18 years ago in reply to MastaPuffy

Yes, would be nice.

I didn´t figured out why it doesn´t work.

Maybe fixed in V7.100.

Regards

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 MastaPuffy over 18 years ago in reply to alasc

it seems that the User authentication daemon works. "Authentication successful"
But the information isnt passed correctly to the openvpn server.

2007:09:19-20:19:56 (none) aua[24312]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="0.0.0.0" user="" caller="openvpn" engine="radius"
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 18 years ago in reply to MastaPuffy

Time to start a support case with Astaro.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 18 years ago in reply to MastaPuffy

Time to start a support case with Astaro.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data