(RADIATOR) PEAP

Hugh Irvine hugh at open.com.au
Wed Dec 11 14:51:14 CST 2002 

Hello Boontje -

Mike and I both suspect an incorrect shared secret between the Access 
Point and Radiator.

regards

Hugh


On Thursday, Dec 12, 2002, at 07:45 Australia/Melbourne, Mike McCauley 
wrote:

> Hi Hugh,
>
>
> On Thu, 12 Dec 2002 07:23, Hugh Irvine wrote:
>> Mikey -
>>
>> Could you look at this please?
>
> probably a bad shared secret.
> Note that both the EAP authenticator and the Radius authenticator are 
> reported
> as incorrect.
> Cheers.
>
>
>>
>> ta
>>
>> Hugh
>>
>> Begin forwarded message:
>>> From: "Boontje, R." <R.Boontje at uva.nl>
>>> Date: Thu Dec 12, 2002  06:01:41 Australia/Melbourne
>>> To: <radiator at open.com.au>
>>> Subject: (RADIATOR) PEAP
>>>
>>>
>>> I have problems setting up the 802.1x/PEAP model with radiator.
>>>
>>> Does anyone have suggestions what is going wrong.
>>>
>>> Thanks in advance for ractions.
>>>
>>>
>>> Configuration
>>> -------------
>>>
>>> Radiator 3.3.4 on Solaris 5.8 (patches.3-3.4 installed)
>>> 	- configuration file ../goodies/eap-peap.cfg
>>>       - server certificate produced with ../goodies/mkcertificate.sh
>>>
>>> CISCO Access-point 11.23T
>>> CISCO wireless clientadapter on WindowsXP
>>> 	- Configured the adapter via WindowsXP
>>> 		PEAP (authentication method: Secured password (EAP-MSCHAP-v2)
>>>
>>> The access-points logs:
>>> -----------------------
>>>
>>> Station [lap-datel]000b46ebd524 Associated with Encryption, then
>>> attempted to send an Unencrypted packet to [bg1-ap1]004096434d8d
>>> (length 354)
>>>
>>>
>>> radiusd -auth_port 1645 -acct_port 1646 -foreground -log_stdout 
>>> -trace
>>> 6 -config_file /opt/src/radiator/Radiator-3.4/eap-peap.cfg
>>> <jerome:242> sh start-radius
>>> Wed Dec 11 19:26:43 2002: DEBUG: Reading users file
>>> /opt/src/radiator/Radiator-3.4/users
>>> Wed Dec 11 19:26:43 2002: DEBUG: Reading users file
>>> /opt/src/radiator/Radiator-3.4/users
>>> Wed Dec 11 19:26:44 2002: DEBUG: Creating authentication port
>>> 0.0.0.0:1645
>>> Wed Dec 11 19:26:44 2002: DEBUG: Creating accounting port 
>>> 0.0.0.0:1646
>>> Wed Dec 11 19:26:44 2002: INFO: Server started: Radiator 3.4 on 
>>> jerome
>>> Wed Dec 11 19:28:26 2002: DEBUG: Packet dump:
>>> *** Received from 145.18.146.66 port 1247 ....
>>>
>>> Packet length = 120
>>> 01 61 00 78 85 ae 86 b3 07 a7 e2 60 96 b5 62 42
>>> 16 ad 9f a7 01 08 72 6f 6e 61 6c 64 04 06 91 12
>>> 92 42 1e 0e 30 30 34 30 39 36 34 33 34 64 38 64
>>> 1f 0e 30 30 30 62 34 36 65 62 64 35 32 34 20 09
>>> 62 67 31 2d 61 70 31 05 06 00 00 00 25 0c 06 00
>>> 00 05 78 3d 06 00 00 00 13 4f 0d 02 02 00 0b 01
>>> 72 6f 6e 61 6c 64 50 12 6d 94 0f 1f 70 ab 67 7d
>>> 71 fd 26 c1 9a 1c b5 c3
>>> Code:       Access-Request
>>> Identifier: 97
>>> Authentic:
>>> <133><174><134><179><7><167><226>`<150><181>bB<22><173><159><167>
>>> Attributes:
>>>         User-Name = "ronald"
>>>         NAS-IP-Address = 145.18.146.66
>>>         Called-Station-Id = "004096434d8d"
>>>         Calling-Station-Id = "000b46ebd524"
>>>         NAS-Identifier = "bg1-ap1"
>>>         NAS-Port = 37
>>>         Framed-MTU = 1400
>>>         NAS-Port-Type = 19
>>>         EAP-Message = <2><2><0><11><1>ronald
>>>         Message-Authenticator =
>>> m<148><15><31>p<171>g}q<253>&<193><154><28><181><195>
>>>
>>> Wed Dec 11 19:28:26 2002: WARNING: Bad EAP Message-Authenticator
>>> Wed Dec 11 19:28:26 2002: WARNING: Bad authenticator in request from
>>> bg1-ap1.localnet.uva.nl (145.18.146.66)
>>> Wed Dec 11 19:28:27 2002: DEBUG: Packet dump:
>>> *** Received from 145.18.146.66 port 1247 ....
>>>
>>> Packet length = 120
>>> 01 61 00 78 85 ae 86 b3 07 a7 e2 60 96 b5 62 42
>>> 16 ad 9f a7 01 08 72 6f 6e 61 6c 64 04 06 91 12
>>> 92 42 1e 0e 30 30 34 30 39 36 34 33 34 64 38 64
>>> 1f 0e 30 30 30 62 34 36 65 62 64 35 32 34 20 09
>>> 62 67 31 2d 61 70 31 05 06 00 00 00 25 0c 06 00
>>> 00 05 78 3d 06 00 00 00 13 4f 0d 02 02 00 0b 01
>>> 72 6f 6e 61 6c 64 50 12 6d 94 0f 1f 70 ab 67 7d
>>> 71 fd 26 c1 9a 1c b5 c3
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list