(RADIATOR) Can't get PEAP to work, need help.

Bon sy bon at bunny.cs.qc.edu
Thu Jun 19 10:44:57 CDT 2003


Jerome,

It seems like the request did not reach the server, or the server dropped
the request. We have similar problems at one point with Windows 2000
when using the Windows 2000 built-in client with Cisco 350. It turned out
we needed zero configuration, Service pack 3 and 802.11b authentication
patch on the client side. We have not tried Funk Odyssey. But if
our environment setup infor may be useful to you, you may want to check
out:

http://bonnet2.geol.qc.edu/wireless/wirelessEap-2.htm

which is our How-To for PEAP auth in our environment.

Good luck!


Bon



On Thu, 19 Jun 2003, Jerome Fleury wrote:

> Here is the test config:
> 
> Client: Cisco Aironet/Orinoco
> 802.1X client: 2000+hotfix/Funk Odyssey
> AP: Cisco Aironet 1100
> 
> I use the test config from goodies/eap_peap.cfg with this modification:
> 
>  Filename %D/users-wifi
> 
> (is there any special entry to put in this file ? anonymous user ?)
> 
> As soon as I enter my credentials (802.1X identification window from Windows 2000 appears), the
> radius request launches from the AP:
> 
> .Jun 19 13:42:01.250: dot11_dot1x_run_rfsm: current state CLIENT_WAIT, received CLIENT_REPLY,
> mac: 0060.1df0.3503
> .Jun 19 13:42:01.250: dot11_dot1x_send_response_to_server: Sending client data to server
> .Jun 19 13:42:01.251: RADIUS/ENCODE(00003489): acct_session_id: 13473
> .Jun 19 13:42:01.251: RADIUS(00003489): sending
> .Jun 19 13:42:01.252: RADIUS: Send to unknown id 44 172.30.19.3:1812, Access-Request, len 128
> .Jun 19 13:42:01.252: RADIUS:  authenticator 52 44 49 1C E4 86 B3 78 - E9 F8 87 6C B1 59 CA FF
> .Jun 19 13:42:01.252: RADIUS:  User-Name           [1]   5   "ben"
> .Jun 19 13:42:01.252: RADIUS:  Framed-MTU          [12]  6   1400                      
> .Jun 19 13:42:01.252: RADIUS:  Called-Station-Id   [30]  16  "0002.8a5b.400f"
> .Jun 19 13:42:01.252: RADIUS:  Calling-Station-Id  [31]  16  "0060.1df0.3503"
> .Jun 19 13:42:01.252: RADIUS:  NAS-Port-Type       [61]  6   802.11 wireless           [19]
> .Jun 19 13:42:01.252: RADIUS:  Message-Authenticato[80]  18  *
> .Jun 19 13:42:01.252: RADIUS:  EAP-Message         [79]  8   
> .Jun 19 13:42:01.253: RADIUS:   02 03 00 06                                      [????]
> .Jun 19 13:42:01.253: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
> .Jun 19 13:42:01.253: RADIUS:  NAS-Port            [5]   6   159                       
> .Jun 19 13:42:01.253: RADIUS:  Service-Type        [6]   6   Login                     [1]
> .Jun 19 13:42:01.254: RADIUS:  NAS-IP-Address      [4]   6   172.30.24.10              
> .Jun 19 13:42:01.254: RADIUS:  Nas-Identifier      [32]  9   "ap2.gre"
> .Jun 19 13:42:06.253: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44
> .Jun 19 13:42:12.056: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44
> .Jun 19 13:42:17.057: RADIUS: Retransmit to (172.30.19.3:1812,1813) for id 44
> .Jun 19 13:42:21.899: dot11_dot1x_parse_client_pak: Received EAPOL packet from 0060.1df0.3503
> .Jun 19 13:42:21.899: EAPOL pak dump rx
> .Jun 19 13:42:21.899: EAPOL Version: 0x1  type: 0x1  length: 0x0000
> 00E126C0:          01010000                        ....        
> .Jun 19 13:42:21.899: dot11_dot1x_run_rfsm: current state SERVER_WAIT, received EAP_START, mac:
> 0060.1df0.3503
> .Jun 19 13:42:21.900: dot11_dot1x_ignore_event: Ignore event: do nothing
> .Jun 19 13:42:22.188: RADIUS: Tried all servers.
> .Jun 19 13:42:22.188: RADIUS: No valid server found. Trying any viable server
> .Jun 19 13:42:22.188: RADIUS: Tried all servers.
> .Jun 19 13:42:22.188: RADIUS: No response from (172.30.19.3:1812,1813) for id 44
> .Jun 19 13:42:22.188: RADIUS/DECODE: parse response no app start; FAIL
> .Jun 19 13:42:22.188: RADIUS/DECODE: parse response; FAIL
> 
> 
> As you can see, the Radius server seems not to respond, and AP retransmits. 
> 
> Here are the logs on Radiator:
> 
> Code:       Access-Request
> Identifier: 44
> Authentic:  RDI<28><228><134><179>x<233><248><135>l<177>Y<202><255>
> Attributes:
>         User-Name = "ben"
>         Framed-MTU = 1400
>         Called-Station-Id = "0002.8a5b.400f"
>         Calling-Station-Id = "0060.1df0.3503"
>         NAS-Port-Type = 19
>         Signature = "<14><184>;<197>Q<12>;<219>Y5<209><240><179>%<181><184>"
>         EAP-Message = "<2><3><0><6><25>"
>         NAS-Port-Type = Virtual
>         NAS-Port = 159
>         Service-Type = Login-User
>         NAS-IP-Address = 172.30.24.10
>         NAS-Identifier = "ap2.gre"
> 
> Thu Jun 19 15:42:17 2003: DEBUG: Handling request with Handler ''
> Thu Jun 19 15:42:17 2003: DEBUG:  Deleting session for ben, 172.30.24.10, 159
> Thu Jun 19 15:42:17 2003: DEBUG: Handling with Radius::AuthFILE: 
> Thu Jun 19 15:42:17 2003: DEBUG: Handling with EAP: code 2, 3, 6
> Thu Jun 19 15:42:17 2003: DEBUG: Response type 25
> 
> and that's pretty all. No error to help me out.
> 
> Has anybody any clue about that ?
> 
> Thanks.
> --
> Jerome Fleury
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list