(RADIATOR) Strange behavior with PEAP
Pascal Beauregard
Pascal.Beauregard at USherbrooke.ca
Tue Apr 29 15:28:21 CDT 2008
Hi,
I am trying to make PEAP work with Radiator 4.2. Strangely, in my setup,
PEAP work fine with WZC but it's not working with my Intel client on my
laptop and with a 7921 Cisco IP phone.
Here is the results of my testing so far.
1. WZC using my laptop and my Intel wireless card works great with EAP-TTLS
and PEAP.
2. My Intel client (I upgrade the driver of the card and the client this
week) works only in EAP-TTLS mode (not PEAP).
3. A Cisco wireless IP Phone 7921 that I am trying to authenticate to the
wireless network in PEAP fail.
In fact in PEAP, both the Intel client and the 7921 succeed to authenticate.
Radiator sends the Access-Accept with the keys, but the client (7921 or the
Intel client) cannot obtain an Ip address from the DHCP server. I have tried
to set a static IP on the wireless card of my laptop and try to ping the
default gatway of the wireless network with no success.
It's like if all the authentication process succeed but the encryption key
transmitted does not match between the AP and the client.
I also have to add that I have tried on wireless network from 2 different
vendors (Colubris and Cisco) with the same result.
Thanks!
#radius_cta.cfg
<Handler TunnelledByPEAP=1>
WtmpFileName %L/wtmp
AcctLogFileName %L/accounting
<AuthBy FILE>
Filename /etc/radiator/ctabrp/usersdb
EAPType MSCHAP-V2
</AuthBy>
AuthLog Defaut
</Handler>
#SSID - WLAN_CISCO_TEST
# ===---------------------------------------------
<Handler Called-Station-Id = /.*CTA_Sans_fil/ >
WtmpFileName %L/wtmp
AcctLogFileName %L/accounting
<AuthBy FILE>
Filename /etc/radiator/eaptest/eapanonymoususer
#type de EAP supporte
EAPType TTLS, PEAP
#l'emplacemenet du certificat CA
EAPTLS_CAFile
/etc/radiator/SelfCert/radius_testCA.sti.usherbrooke.ca.pem
#l'emplacement du certificat du serveur
EAPTLS_CertificateFile
/etc/radiator/SelfCert/cas2.sti.usherbrooke.ca.pem
EAPTLS_CertificateType PEM
#l'emplacement du fichier de cle privee du serveur
EAPTLS_PrivateKeyFile
/etc/radiator/SelfCert/cas2.sti.usherbrooke.ca.key
EAPTLS_PrivateKeyPassword radiusCA
EAPTLS_MaxFragmentSize 1000
EAPAnonymous %0
AutoMPPEKeys
SSLeayTrace 4
</AuthBy>
AuthLog Defaut
</Handler>
#
## CTA LDAP Users
#
<Handler User-Name=/^[a-zA-Z]{4}[0-9]{4}$/,NAS-Identifier =
"P1-1012-WL4402A">
MaxSessions 2
WtmpFileName %L/wtmp
AcctLogFileName %L/accounting
<AuthBy GROUP>
AuthByPolicy ContinueUntilAccept
<AuthBy LDAP2>
Host ldapr1.usherbrooke.ca
AuthDN uid=lectureparradius,ou=autres,dc=usherbrooke,dc=ca
AuthPassword kBub68Rc
BaseDN dc=usherbrooke,dc=ca
Scope sub
ServerChecksPassword
UseTLS
SSLVerify none
SSLCAFile /usr/share/ssl/certs/ca-bundle.crt
Debug 255
</AuthBy>
<AuthBy LDAP2>
Host ldapr2.usherbrooke.ca
AuthDN uid=lectureparradius,ou=autres,dc=usherbrooke,dc=ca
AuthPassword kBub68Rc
BaseDN dc=usherbrooke,dc=ca
Scope sub
ServerChecksPassword
UseTLS
SSLVerify none
SSLCAFile /usr/share/ssl/certs/ca-bundle.crt
Debug 255
</AuthBy>
</AuthBy>
AuthLog Defaut
</Handler>
#
# Accounting Handler CTA
#
<Handler Called-Station-Id = "10.51.31.240",NAS-IP-Address = 10.51.31.240,
Acct-Status-Type = Start|Alive>
WtmpFileName %L/wtmp
AcctLogFileName %L/accounting
<AuthBy INTERNAL>
AuthResult ACCEPT
AcctStartResult ACCEPT
AcctStopResult ACCEPT
DefaultResult ACCEPT
</AuthBy>
AuthLog Defaut
</Handler>
Pascal Beauregard
Analyste en télécommunications
Université de Sherbrooke
(819)821-7770
www.usherbrooke.ca <http://www.usherbrooke.ca/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080429/5c347a7d/attachment.html>
More information about the radiator
mailing list