(RADIATOR) eap-tls with interepoch AP anyone?
Luca de Marinis
loop at brainworkers.net
Wed Jul 30 16:57:34 CDT 2003
Hello,
I'm trying to authenticate the w XP client with radiator trough the
interepoch AP. I created certs and installed them in radiator and on the
client. I'm using the nightly builds of openssl, since no 0.9.8 is
available yet.
The conversation goes on with a few messages in which the AP and
radiator agree on EAP-TLS, the server sends it's certificate, the client
sends it's one, at which point in radiator's logfile (stdout actually) I
see:
Wed Jul 30 23:15:26 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Jul 30 23:15:26 2003: DEBUG: Deleting session for , 192.168.100.2,
Wed Jul 30 23:15:26 2003: DEBUG: Handling with Radius::AuthFILE:
Wed Jul 30 23:15:26 2003: DEBUG: Handling with EAP: code 2, 3, 908
Wed Jul 30 23:15:26 2003: DEBUG: Response type 13
Wed Jul 30 23:15:26 2003: INFO: Access rejected for : TLS not initialised
Wed Jul 30 23:15:26 2003: DEBUG: Packet dump:
*** Sending to 192.168.100.2 port 1812 ....
Code: Access-Reject
Identifier: 64
Authentic:
z<134><200><205><153><161>m<137><163><141><155>)<143><31><185><225>
Attributes:
Reply-Message = "Request Denied"
Any hints about how to debug TLS initialization? I tried setting
$Net::SSLeay::trace=4 in radiator code where SSLeay is used, but it
printed nothing.
Is there maybe any known issue between the interepoch AP and radiator
(or xp client)?
I append the last two packets exchanged.
Frame 7 (1052 bytes on wire, 1052 bytes captured)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x40 (64)
Length: 1010
Authenticator
Attribute value pairs
t:NAS IP Address(4) l:6, Value:192.168.100.2
t:Called Station Id(30) l:19, Value:"00-09-92-00-61-DF"
t:Calling Station Id(31) l:19, Value:"00-06-F4-00-92-84"
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:Framed MTU(12) l:6, Value:1400
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:151
EAP fragment
Extensible Authentication Protocol
Code: Response (2)
Id: 3
Length: 908
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x80): Length
Length: 898
Secure Socket Layer
TLS Record Layer: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 850
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 578
Certificates Length: 575
Certificates (575 bytes)
Certificate Length: 572
Certificate (572 bytes)
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 130
Handshake Protocol: Certificate Verify
Handshake Type: Certificate Verify (15)
Length: 130
TLS Record Layer: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.0 (0x0301)
Length: 1
Change Cipher Spec Message
TLS Record Layer: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 32
Handshake Protocol: Encrypted Handshake Message
t:Message Authenticator(80) l:18,
Value:3BAFDBEF5A4C3515F91CCB159C67C873
Frame 8 (78 bytes on wire, 78 bytes captured)
Radius Protocol
Code: Access Reject (3)
Packet identifier: 0x40 (64)
Length: 36
Authenticator
Attribute value pairs
t:Reply Message(18) l:16, Value:"Request Denied"
Thank you.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list