(RADIATOR) LDAP and PEAP

Sevcik Berndt berndt.sevcik at tgm.ac.at
Fri Dec 19 12:59:34 CST 2003 

I am really new to radiator and have problems to understand the
configuration files. I tries the ldap.cfg config and it workes (with
fred/fred). I tried the eap_peap.cfg and worked to (mikem/fred). Then I
tried to connect the two and now the problems start. Can someone help me
to build my first configuration from where I can than go further on.

Here my not working config (PEAP with MS-CHAPv2 und LDAP:

Foreground
LogStdout
LogDir          .
DbDir           .
 
Trace           4
  
<Client DEFAULT>
        Secret  xxx
        DupInterval 0
</Client>
 
<Handler TunnelledByPEAP=1>
   
  RewriteUsername s/^(.*)\\(.*)/$2/
   
  <Realm DEFAULT>
        <AuthBy LDAP2>server
                Host            10.2.4.21
                AuthDN          cn=admin, dc=tgm, dc=ac, dc=at
                AuthPassword    password
                BaseDN          dc=tgm, dc=ac, dc=at 
                UsernameAttr    cn
                PasswordAttr    ntPassword
                Debug 255
                EAPType MSCHAP-V2
        </AuthBy>
  </Realm>
</Handler>
 
<Handler>
        <AuthBy FILE>
                Filename %D/users
                EAPType PEAP
                EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
                EAPTLS_CertificateFile %D/certificates/cert-srv.pem
                EAPTLS_CertificateType PEM
                EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
                EAPTLS_PrivateKeyPassword whatever
                EAPTLS_MaxFragmentSize 1000
                AutoMPPEKeys
                SSLeayTrace 4
        </AuthBy>
</Handler>

The output:

Fri Dec 19 20:49:23 2003: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1112 ....
Code:       Access-Request
Identifier: 152
Authentic:  <238>C<0><0>k<26><0><0>K@<0><0>F><0><0>
Attributes:
        Message-Authenticator =
[<239><212><138>Ebm!m<199>:<167><10><233><153><25>
        User-Name = "ACER-SEVCIK\sevcikb"
        NAS-IP-Address = 10.2.12.101
        NAS-Port = 2
        NAS-Port-Type = Wireless-IEEE-802-11
        Calling-Station-Id = "00-04-23-77-4b-a3"
        EAP-Message = <2><2><0><24><1>ACER-SEVCIK\sevcikb
        Framed-MTU = 1000
 
Fri Dec 19 20:49:23 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Dec 19 20:49:23 2003: DEBUG:  Deleting session for
ACER-SEVCIK\sevcikb, 10.2.12.101, 2
Fri Dec 19 20:49:23 2003: DEBUG: Handling with Radius::AuthLDAP2:
Fri Dec 19 20:49:23 2003: DEBUG: Handling with EAP: code 2, 2, 24
Fri Dec 19 20:49:23 2003: DEBUG: Response type 1
Fri Dec 19 20:49:23 2003: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Fri Dec 19 20:49:23 2003: DEBUG: Access challenged for
ACER-SEVCIK\sevcikb: EAP MSCHAP-V2 Challenge
Fri Dec 19 20:49:23 2003: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1112 ....
Code:       Access-Challenge
Identifier: 152
Authentic:  <238>C<0><0>k<26><0><0>K@<0><0>F><0><0>
Attributes:
        EAP-Message =
<1><3><0>#<26><1><3><0><30><16><202>;+YY<227><233>KJ<136>[<172><159><197><147><130>ITS-Test1
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
 
Fri Dec 19 20:49:23 2003: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1112 ....
Code:       Access-Request
Identifier: 153
Authentic:  <190>(<0><0><213><18><0><0>><18><0><0><153>r<0><0>
Attributes:
        Message-Authenticator =
2avy<165>Y<232><175>Y9<195><144><180>Hk<161>
        User-Name = "ACER-SEVCIK\sevcikb"
        State = ""
        NAS-IP-Address = 10.2.12.101
        NAS-Port = 2
        NAS-Port-Type = Wireless-IEEE-802-11
        Calling-Station-Id = "00-04-23-77-4b-a3"
        Framed-MTU = 1000
        EAP-Message = <2><3><0><6><3><25>
 
Fri Dec 19 20:49:23 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Dec 19 20:49:23 2003: DEBUG:  Deleting session for
ACER-SEVCIK\sevcikb, 10.2.12.101, 2
Fri Dec 19 20:49:23 2003: DEBUG: Handling with Radius::AuthLDAP2:
Fri Dec 19 20:49:23 2003: DEBUG: Handling with EAP: code 2, 3, 6
Fri Dec 19 20:49:23 2003: DEBUG: Response type 3
Fri Dec 19 20:49:23 2003: INFO: EAP Nak desires type 25
Fri Dec 19 20:49:23 2003: DEBUG: EAP result: 1, Desired EAP type 25 not
permitted
Fri Dec 19 20:49:23 2003: INFO: Access rejected for ACER-SEVCIK\sevcikb:
Desired EAP type 25 not permitted
Fri Dec 19 20:49:23 2003: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1112 ....
Code:       Access-Reject
Identifier: 153
Authentic:  <190>(<0><0><213><18><0><0>><18><0><0><153>r<0><0>
Attributes:
        Reply-Message = "Request Denied"

Thanks
Berndt

-- 
Diese Message wurde erstellt mit freundlicher Unterstuetzung
eines freilaufenden Pinguins aus artgerechter Freilandhaltung.
Sie ist garantiert frei von Microsoftschen Viren.
 
-----------------------------------------
TGM - Die Schule der Technik
IT-Service
A-1200 Wien, Wexstr. 19-23
Tel. +43(1)33126/316 Fax: +43(1)33126/154
E-Mail: berndt.sevcik at tgm.ac.at
-----------------------------------------


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list