[strongSwan] Users Digest, Vol 47, Issue 26

Huang, Zhenxing huang.zhenxing at eco-schulte.cn
Fri Dec 27 05:51:42 CET 2013 

HEY
I am want to affirm if Strongswan 5.01 support windows 2003 IAS ?

The log on IAS server:
 Event Type:	Information  Event Source:	IAS
Event Category:	None   Event ID:	1
Date:		12/27/2013   Time:		12:23:12 PM
User:		N/A        Computer:	SERVER01
Description:
User domain\huang.zhenxing was granted access.
 Fully-Qualified-User-Name = <undetermined> 
 NAS-IP-Address = gateway-internat-ip
 NAS-Identifier = strongSwan
 Client-Friendly-Name = gw
 Client-IP-Address = gateway-internal-ip
 Calling-Station-Identifier = access-client-ip[4500]
 NAS-Port-Type = Virtual
 NAS-Port = 9
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = <none> 
 Authentication-Server = <undetermined> 
 Policy-Name = <undetermined> 
 Authentication-Type = <undetermined> 
 EAP-Type = <undetermined> 

/var/log/messages:
.
.
.
Dec 27 12:36:13 gateway charon: 07[NET] sending packet: from gateway-internal-ip [4500] to access-client-ip [4500] (1220 bytes)
Dec 27 12:36:13 gateway charon: 09[NET] received packet: from access-client-ip [4500] to gateway-internal-ip [4500] (92 bytes)
Dec 27 12:36:13 gateway charon: 09[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Dec 27 12:36:13 gateway charon: 09[IKE] received EAP identity 'domain\huang.zhenxing'
Dec 27 12:36:13 gateway charon: 09[CFG] sending RADIUS Access-Request to server '192.168.1.1'
Dec 27 12:36:13 gateway charon: 09[CFG] received RADIUS Access-Accept from server '192.168.1.1'
Dec 27 12:36:13 gateway charon: 09[IKE] RADIUS authentication of 'domain\huang.zhenxing' failed
Dec 27 12:36:13 gateway charon: 09[IKE] initiating EAP_RADIUS method failed
Dec 27 12:36:13 gateway charon: 09[ENC] generating IKE_AUTH response 2 [ EAP/FAIL ]
Dec 27 12:36:13 gateway charon: 09[NET] sending packet: from gateway-internal-ip [4500] to access-client-ip [4500] (68 bytes)
(done)


Access:
Windows 2008:
Use extensible authentication protocol(eap): PEAP,

Use  ipsec.secrets has no problem ; SO the certificate is fit for RADIUS authentication ?

------------------------------

Message: 2
Date: Mon, 23 Dec 2013 18:27:22 +0100
From: Andreas Steffen <andreas.steffen at strongswan.org>
Subject: Re: [strongSwan] Radius-AD-IAS
To: "Huang, Zhenxing" <huang.zhenxing at eco-schulte.cn>,
	"users at lists.strongswan.org" <users at lists.strongswan.org>
Message-ID: <52B8727A.7000802 at strongswan.org>
Content-Type: text/plain; charset="iso-8859-1"

Hi,

it seems that your RADIUS server @ 192.168.1.1'
is not responding. Please check the log on your RADIUS server.

Regards

Andreas

On 23.12.2013 15:26, Huang, Zhenxing wrote:
> Hello . I am want to use windows 2003 ad-user +ias  to 
> authenticationthe vpn dial-in
>
> We are get the LOG : what is the problem ?
>
> Dec 23 22:15:52 gateway charon: 09[CFG] looking for peer configs 
> matching server-ip [%any]... client-ip[172.30.1.251]
>
> Dec 23 22:15:52 gateway charon: 09[CFG] selected peer config 
> 'eap-mschapv2-radius'
>
> Dec 23 22:15:52 gateway charon: 09[IKE] initiating EAP_IDENTITY method 
> (id 0x00)
>
> Dec 23 22:15:52 gateway charon: 09[IKE] peer supports MOBIKE
>
> Dec 23 22:15:52 gateway charon: 09[IKE] authentication of 'ca' 
> (myself) with RSA signature successful
>
> Dec 23 22:15:52 gateway charon: 09[IKE] sending end entity cert 
> "************"
>
> Dec 23 22:15:52 gateway charon: 09[ENC] generating IKE_AUTH response 1 
> [ IDr CERT AUTH EAP/REQ/ID ]
>
> Dec 23 22:15:52 gateway charon: 09[NET] sending packet: from server-ip 
> [4500] to client-ip [4500] (1220 bytes)
>
> Dec 23 22:15:52 gateway charon: 08[NET] received packet: from 
> client-ip [4500] to server-ip [4500] (84 bytes)
>
> Dec 23 22:15:52 gateway charon: 08[ENC] parsed IKE_AUTH request 2 [ 
> EAP/RES/ID ]
>
> Dec 23 22:15:52 gateway charon: 08[IKE] received EAP identity 
> 'huang.zhenxing'
>
> Dec 23 22:15:52 gateway charon: 08[CFG] sending RADIUS Access-Request 
> to server '192.168.1.1'
>
> Dec 23 22:15:53 gateway charon: 10[MGR] ignoring request with ID 2, 
> already processing
>
> Dec 23 22:15:54 gateway charon: 12[MGR] ignoring request with ID 2, 
> already processing
>
> Dec 23 22:15:54 gateway charon: 08[CFG] retransmitting RADIUS message
>
> Dec 23 22:15:57 gateway charon: 08[CFG] retransmitting RADIUS message
>
> Dec 23 22:15:57 gateway charon: 13[MGR] ignoring request with ID 2, 
> already processing
>
> Dec 23 22:16:01 gateway charon: 08[CFG] retransmitting RADIUS message
>
> Dec 23 22:16:04 gateway charon: 11[MGR] ignoring request with ID 2, 
> already processing
>
> Dec 23 22:16:06 gateway charon: 08[CFG] retransmitting RADIUS message
>
> Dec 23 22:16:06 gateway charon: 08[CFG] RADIUS server is not 
> responding
>
> Dec 23 22:16:06 gateway charon: 08[IKE] initiating EAP_RADIUS method 
> failed
>
> Dec 23 22:16:06 gateway charon: 08[ENC] generating IKE_AUTH response 2 
> [ EAP/FAIL ]
>

More information about the Users mailing list