[RADIATOR] radiator never gets to the 2nd authentication phase in PEAP - MSCHAPv2
Heikki Vatiainen
hvn at open.com.au
Thu Jan 28 11:35:01 CST 2016
On 01/26/2016 06:05 PM, Hugo Veiga wrote:
> Also tried another certificate but it's doing the same, it gets stuck
> and never reaches the inner handler.
I don't think this is a certificate or handler problem now. Previously
AuthBy INTERNAL was dropping the request, but now when you changed the
configuration, the responses from Radiator are sent back to the Wi-Fi
controller.
This might be a problem with network connectivity, Wi-Fi controller
configuration or something that prevents the Wi-Fi controller from
receiving or processing the responses Radiator sends.
Here's the EAP identity response that starts the authentication. This
comes from the Wi-Fi client side:
> Code: Access-Request
> Identifier: 180
> Authentic: <139><3>(<143><10><139>N<158><F<172><194><163><168><135>O
This is the response from Radiator that tells to start PEAP.
> Code: Access-Challenge
> Identifier: 180
This is where things do not go as expected. The first message is resent
to Radiator:
> Code: Access-Request
> Identifier: 180
> Authentic: <139><3>(<143><10><139>N<158><F<172><194><163><168><135>O
Radiator notices this and retransmits its previous reply
> Tue Jan 26 15:54:57 2016: INFO: Duplicate request id 180 received from
> 10.240.1.1(20004): retransmit reply
> Tue Jan 26 15:54:57 2016: DEBUG: Packet dump:
> *** Sending to 10.240.1.1 port 20004 ....
There are multiple retransmits back and forth and the authentication
does not proceed.
I would check the Wi-Fi controller logs and make sure it is receiving
the responses from Radiator.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list