Command Line tool for Linux to test Windows Radius

Question

Anyone know a tool that works to test authentication against a Windows Radius Server?

I have tried radtest with:

radtest -d /usr/share/freeradius/ kbrandt 'betYouCantGuess' theServer 10 secretIGaveforMyIP 0 192.168.254.82

But I get:

Sending Access-Request of id 120 to 192.168.254.253 port 1812
    User-Name = "kbrandt"
    User-Password = "betYouCantGuess"
    NAS-IP-Address = 192.168.254.82
    NAS-Port = 10
    Framed-Protocol = PPP
rad_recv: Access-Reject packet from host 192.168.254.253 port 1812, id=120, length=20

On the server in the log there is:

192.168.254.82,kbrandt,11/06/2009,10:38:28,IAS,THESERVER,4,192.168.254.82,5,10,7,1,4108,192.168.254.82,4116,0,4128,Kyle's Workstation,4155,1,4154,Use Windows authentication for all users,4129,MYDOMAIN\kbrandt,4127,1,4149,Connections to other access servers,25,311 1 192.168.254.253 11/06/2009 15:32:42 4,4130,mydomain.com/Users/Kyle Brandt,4136,1,4142,0
192.168.254.82,kbrandt,11/06/2009,10:38:28,IAS,THESERVER,25,311 1 192.168.254.253 11/06/2009 15:32:42 4,4130,mydomain.com/Users/Kyle Brandt,4149,Connections to other access servers,4108,192.168.254.82,4116,0,4128,Kyle's Workstation,4155,1,4154,Use Windows authentication for all users,4129,MYDOMAIN\kbrandt,4127,1,4136,3,4142,66

I'm new to Radius, so its possible I haven't configured something right. All I did was install the service, and added my ip as a RADIUS Client using Radius-Standard Vendor.

Maybe I need to add a Remote Access Policy (The defaults are not enough)? — Kyle Brandt, Nov 06 '09 at 15:52
Also, any tool that tells me what all those fields in the IAS log mean? — Kyle Brandt, Nov 06 '09 at 15:59

score 2 · Accepted Answer · answered Nov 06 '09 at 16:23

2

Got it working, I removed the policies that were there. Then added one for a group I am in, and also had to add PAP authentication. More information on why I was denied was available in the Event Viewer.

answered Nov 06 '09 at 16:23

Kyle Brandt

82,107
71
302
444

You should read up on Remote Access Policies. They're a little bit counter-intuitive, but you can do some really cool stuff with them. – Evan Anderson Nov 06 '09 at 16:33
Evan: Ya, trying to find something short and to the point. I think with this little project of mine (I think you get the idea from my recent posts), is that all I want is authentication, and the router would handle the rest. Does that seem right? – Kyle Brandt Nov 06 '09 at 16:53
There are a lot of features of Remote Access Policies you won't be using in a RADIUS situation, so knowing how the policies are evaluated and applied is probably the gist of what you need to know. – Evan Anderson Nov 08 '09 at 22:54

Command Line tool for Linux to test Windows Radius

1 Answers1