(RADIATOR) WiFi Protected Access - WPA

Fernando Romão fromao at fe.up.pt
Tue Aug 5 10:39:21 CDT 2003 

   Hi,

   A case was open at Cisco and based on the logs I sent, they said:

«For your second problem (also considering debugs), it seems, Radiator
is configured for PEAP-MS-CHAPv2 but client does PEAP-GTC (as it sends
PEAP-MAC_Addr as username). PEAP-GTC is sending this users during phase
1 as identity protection.  »

      Now, my question:
            How I configure radiator for PEAP-GTC?
                        

              Thanks
           Fernando Romão

-----Original Message-----
From: Mike McCauley [mailto:mikem at open.com.au] 
Sent: terça-feira, 24 de Junho de 2003 0:46
To: Fernando Romão
Subject: Re: (RADIATOR) WiFi Protected Access - WPA


Hello Fernando ,

Thanks for sending the detailed logs.
>From the logs, it appears that Radiator behaves in exactly the same way

>for
both the WPA and the non-WPA case. It is sending back exaclty the same 
challenge to the client at the same time, but in the WPA case, the
client 
never sends another request.

Therfore I think this is a problem with your client. You should
investigate 
your client configuration. There are some suggestions in the Radiator
FAQ on 
how to get diagnostic information out of Windows XP at 
http://www.open.com.au/radiator/faq.html

Cheers.


On Tue, 24 Jun 2003 02:07 am, Fernando Romão wrote:
> Hello Mike,
>
>    I follow your advice and I installed the latest patches, but ~I've 
> the same problem.
>    Now have another problem, I can't authenticate with the old windows

> XP SP1(PEAP).
>
>    In the file logfile are the logs for WPA and in the file logfile2 
> are the logs for old Windows XP SP1 (PEAP). My config file are in file

> eap_peap38.cfg.
>
>        Have any idea what are the problem?
>
>                   Thanks
>                    Fernando
>
>
>
>    Now I have the following log in logfile when I authenticated with 
> Windows XP SP1 (PEAP) and I have the log in logfile2
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] 
> On Behalf Of Mike McCauley
> Sent: sexta-feira, 6 de Junho de 2003 0:41
> To: Fernando Romão; radiator at open.com.au
> Subject: Re: (RADIATOR) WiFi Protected Access - WPA
>
>
> Hello Fernando,
>
> On Fri, 6 Jun 2003 01:37 am, Fernando Romão wrote:
> >      Mikem,
> >
> >      These are my config files and logs.
> >
> >      Note that the user I used to login was mrs00020 and not 
> > PEAP-000B46BD5547.
> >      This strange login is PEAP + MACaddreess of the wireless
adapter.
> >      Why this happens? I don’t know.
>
> I dont know the AP is sending this request to you.
> I can tell you that this error:
>
> Thu Jun  5 12:20:43 2003: ERR: Could not load EAP module 
> Radius::EAP_2: Can't locate Radius/EAP_2.pm in @INC (@INC contains: .
> /usr/local/lib/perl5/5.8.0/i686-linux /usr/local/lib/perl5/5.8.0
> /usr/local/lib/perl5/site_perl/5.8.0/i686-linux
> /usr/local/lib/perl5/site_perl/5.8.0 /usr/local/lib/perl5/site_perl .)
> at
> (eval 53) line 3.
>
> means that you need to install the latest Radiator 3.6 patches for a 
> Cisco compatibility issue.
>
> Cheers.
>
> >        Thanks
> >       Fernando
> >
> >
> > -----Original Message-----
> > From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]
> > On Behalf Of Mike McCauley
> > Sent: quinta-feira, 5 de Junho de 2003 1:05
> > To: Fernando Romão; radiator at open.com.au
> > Subject: Re: (RADIATOR) WiFi Protected Access - WPA
> >
> >
> > Hello Fernando,
> >
> > On Thu, 5 Jun 2003 03:28 am, Fernando Romão wrote:
> > >     Hi,
> > >
> > > 	Does Radiator support WiFi Protected Access (WPA)
> >
> > Authentication?
> >
> > > 	I using a PEAP authentication with radiator and it works fine.
> > >
> > >       Today i upgraded a Cisco 1100 AP with the version 12.2(11)JA

> > > and
> > >
> > > the windows XP with WPA patch. I configure the AP with WPA and I 
> > > try
> > >
> > > to configure the Windows XP but the authentication method 
> > > MS-CHAPv2 were not present. I use other options but they didn't 
> > > work. Have the
> > >
> > > Radiator to support this new features or its possible to 
> > > workaround?
> >
> > We would not expect to see a problem with that. Will you please send

> > me your config file (no secrets) and  Radiator log file at trace 
> > level
> >
> > 4, showing
> > what happens during such a WPA authentication.
> >
> > Cheers.
> >
> > >                Thanks
> > >             Fernando
> > >
> > >
> > >
> > >
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe 
> > > radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.





===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list