(RADIATOR) PEAP ms-chap-v2 "Desired EAP type 25 not permitted"

Mobic.com tore at mobic.com
Wed Jun 11 06:55:41 CDT 2003 

Hi

I am testing different eap methods, and I have successfully tested:

eap-md5
eap-tls
eap-ttls (ms-chap-v2)

using the Odyssey supplicant.

But I have problems testing peap (ms-chap-v2), the log says "Access rejected
for testUser: Desired EAP type 25 not permitted" (se log file below).

I am using the eap_multi.cfg configuration and the demo certificates. I am
using the Zyxel B-1000 AP.

Any ideas how to resolv this?

This is what I get from the log:

Code:       Access-Request
Identifier: 227
Authentic:  Q<236>o<156>GjC<226><150>e<179><16><30><251>Ba
Attributes:
	User-Name = "testUser"
	NAS-IP-Address = 195.134.48.28
	NAS-Identifier = "WI_test"
	Framed-MTU = 1496
	Called-Station-Id = "00-a0-c5-37-3e-62:Wireless"
	Calling-Station-Id = "00-04-75-df-ae-e3"
	NAS-Port-Type = Wireless-IEEE-802-11
	EAP-Message = <2>)<0><6><13><0>
	Message-Authenticator =
8}<150><137><138><239><232><29><136><14>><21>;<243><241><6>

Wed Jun 11 12:54:08 2003: DEBUG: Handling request with Handler
'TunnelledByPEAP=1'
Wed Jun 11 12:54:08 2003: DEBUG: Rewrote user name to testUser
Wed Jun 11 12:54:08 2003: DEBUG:  Deleting session for testUser,
195.134.48.28,
Wed Jun 11 12:54:08 2003: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 11 12:54:08 2003: DEBUG: Handling with EAP: code 2, 41, 6
Wed Jun 11 12:54:08 2003: DEBUG: Response type 13
Wed Jun 11 12:54:08 2003: DEBUG: Radius::AuthFILE looks for match with
testUser
Wed Jun 11 12:54:08 2003: DEBUG: Radius::AuthFILE ACCEPT:
Wed Jun 11 12:54:08 2003: DEBUG: Access accepted for testUser
Wed Jun 11 12:54:08 2003: DEBUG: Packet dump:
*** Sending to 195.134.48.28 port 1026 ....
Code:       Access-Accept
Identifier: 227
Authentic:  Q<236>o<156>GjC<226><150>e<179><16><30><251>Ba
Attributes:
	EAP-Message = <3>)<0><4>
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Jun 11 12:54:35 2003: DEBUG: Packet dump:
*** Received from 195.134.48.28 port 1026 ....
Code:       Access-Request
Identifier: 228
Authentic:  Z<208><199><142><252>5<139>d<199><187><213>w<127><203>40
Attributes:
	User-Name = "testUser"
	NAS-IP-Address = 195.134.48.28
	NAS-Identifier = "WI_test"
	Framed-MTU = 1496
	Called-Station-Id = "00-a0-c5-37-3e-62:Wireless"
	Calling-Station-Id = "00-04-75-df-ae-e3"
	NAS-Port-Type = Wireless-IEEE-802-11
	EAP-Message = <2>*<0><13><1>testUser
	Message-Authenticator =
<130><194><168>'<178><146><147><156><142>x+<189><190><18>'*

Wed Jun 11 12:54:35 2003: DEBUG: Handling request with Handler
'TunnelledByPEAP=1'
Wed Jun 11 12:54:35 2003: DEBUG: Rewrote user name to testUser
Wed Jun 11 12:54:35 2003: DEBUG:  Deleting session for testUser,
195.134.48.28,
Wed Jun 11 12:54:35 2003: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 11 12:54:35 2003: DEBUG: Handling with EAP: code 2, 42, 13
Wed Jun 11 12:54:35 2003: DEBUG: Response type 1
Wed Jun 11 12:54:35 2003: DEBUG: Access challenged for testUser: EAP
MSCHAP-V2 Challenge
Wed Jun 11 12:54:35 2003: DEBUG: Packet dump:
*** Sending to 195.134.48.28 port 1026 ....
Code:       Access-Challenge
Identifier: 228
Authentic:  Z<208><199><142><252>5<139>d<199><187><213>w<127><203>40
Attributes:
	EAP-Message =
<1>+<0>/<26><1>+<0>*<16>G4<193>lC:<216><191><12><189><133>|<244><22>!<227>in
novasjon.mobinor.no
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Jun 11 12:54:35 2003: DEBUG: Packet dump:
*** Received from 195.134.48.28 port 1026 ....
Code:       Access-Request
Identifier: 229
Authentic:  <164><254>}w<153><236>?M<139><166><149>/<254><239><180><253>
Attributes:
	User-Name = "testUser"
	NAS-IP-Address = 195.134.48.28
	NAS-Identifier = "WI_test"
	Framed-MTU = 1496
	Called-Station-Id = "00-a0-c5-37-3e-62:Wireless"
	Calling-Station-Id = "00-04-75-df-ae-e3"
	NAS-Port-Type = Wireless-IEEE-802-11
	EAP-Message = <2>+<0><6><3><25>
	Message-Authenticator =
<180>h<24><219>a<149>,<159><201><249><236>rk<<161><28>

Wed Jun 11 12:54:35 2003: DEBUG: Handling request with Handler
'TunnelledByPEAP=1'
Wed Jun 11 12:54:35 2003: DEBUG: Rewrote user name to testUser
Wed Jun 11 12:54:35 2003: DEBUG:  Deleting session for testUser,
195.134.48.28,
Wed Jun 11 12:54:35 2003: DEBUG: Handling with Radius::AuthFILE:
Wed Jun 11 12:54:35 2003: DEBUG: Handling with EAP: code 2, 43, 6
Wed Jun 11 12:54:35 2003: DEBUG: Response type 3
Wed Jun 11 12:54:35 2003: INFO: EAP Nak desires type 25
Wed Jun 11 12:54:35 2003: INFO: Access rejected for testUser: Desired EAP
type 25 not permitted
Wed Jun 11 12:54:35 2003: DEBUG: Packet dump:
*** Sending to 195.134.48.28 port 1026 ....
Code:       Access-Reject
Identifier: 229
Authentic:  <164><254>}w<153><236>?M<139><166><149>/<254><239><180><253>
Attributes:
	Reply-Message = "Request Denied"

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list