(RADIATOR) Can't get PEAP to work, need help.

Hugh Irvine hugh at open.com.au
Thu Jun 19 19:10:46 CDT 2003 

Salut Jerome -

It looks like Radiator is crashing if the log stops as shown. You will 
need to look at the Perl output to see what the error is, but it is 
usually a missing module that has not been loaded. The easiest way to 
see what is happening is to run radiusd from the command line like this:

	perl radiusd -foreground -log_stdout -trace 4 -config_file .....

where "...." is the name of your configuration file.

Note the list of prerequisite modules that are listed in the comment 
block at the top of the "eap_peap.cfg" file.

regards

Hugh


On Thursday, Jun 19, 2003, at 23:49 Australia/Melbourne, Jerome Fleury 
wrote:

> Here is the test config:
>
> Client: Cisco Aironet/Orinoco
> 802.1X client: 2000+hotfix/Funk Odyssey
> AP: Cisco Aironet 1100
>
> I use the test config from goodies/eap_peap.cfg with this modification:
>
>  Filename %D/users-wifi
>
> (is there any special entry to put in this file ? anonymous user ?)
>
> As soon as I enter my credentials (802.1X identification window from 
> Windows 2000 appears), the
> radius request launches from the AP:
>
> .Jun 19 13:42:01.250: dot11_dot1x_run_rfsm: current state CLIENT_WAIT, 
> received CLIENT_REPLY,
> mac: 0060.1df0.3503
> .Jun 19 13:42:01.250: dot11_dot1x_send_response_to_server: Sending 
> client data to server
> .Jun 19 13:42:01.251: RADIUS/ENCODE(00003489): acct_session_id: 13473
> .Jun 19 13:42:01.251: RADIUS(00003489): sending
> .Jun 19 13:42:01.252: RADIUS: Send to unknown id 44 172.30.19.3:1812, 
> Access-Request, len 128
> .Jun 19 13:42:01.252: RADIUS:  authenticator 52 44 49 1C E4 86 B3 78 - 
> E9 F8 87 6C B1 59 CA FF
> .Jun 19 13:42:01.252: RADIUS:  User-Name           [1]   5   "ben"
> .Jun 19 13:42:01.252: RADIUS:  Framed-MTU          [12]  6   1400
> .Jun 19 13:42:01.252: RADIUS:  Called-Station-Id   [30]  16  
> "0002.8a5b.400f"
> .Jun 19 13:42:01.252: RADIUS:  Calling-Station-Id  [31]  16  
> "0060.1df0.3503"
> .Jun 19 13:42:01.252: RADIUS:  NAS-Port-Type       [61]  6   802.11 
> wireless           [19]
> .Jun 19 13:42:01.252: RADIUS:  Message-Authenticato[80]  18  *
> .Jun 19 13:42:01.252: RADIUS:  EAP-Message         [79]  8
> .Jun 19 13:42:01.253: RADIUS:   02 03 00 06                            
>           [????]
> .Jun 19 13:42:01.253: RADIUS:  NAS-Port-Type       [61]  6   Virtual   
>                 [5]
> .Jun 19 13:42:01.253: RADIUS:  NAS-Port            [5]   6   159
> .Jun 19 13:42:01.253: RADIUS:  Service-Type        [6]   6   Login     
>                 [1]
> .Jun 19 13:42:01.254: RADIUS:  NAS-IP-Address      [4]   6   
> 172.30.24.10
> .Jun 19 13:42:01.254: RADIUS:  Nas-Identifier      [32]  9   "ap2.gre"
> .Jun 19 13:42:06.253: RADIUS: Retransmit to (172.30.19.3:1812,1813) 
> for id 44
> .Jun 19 13:42:12.056: RADIUS: Retransmit to (172.30.19.3:1812,1813) 
> for id 44
> .Jun 19 13:42:17.057: RADIUS: Retransmit to (172.30.19.3:1812,1813) 
> for id 44
> .Jun 19 13:42:21.899: dot11_dot1x_parse_client_pak: Received EAPOL 
> packet from 0060.1df0.3503
> .Jun 19 13:42:21.899: EAPOL pak dump rx
> .Jun 19 13:42:21.899: EAPOL Version: 0x1  type: 0x1  length: 0x0000
> 00E126C0:          01010000                        ....
> .Jun 19 13:42:21.899: dot11_dot1x_run_rfsm: current state SERVER_WAIT, 
> received EAP_START, mac:
> 0060.1df0.3503
> .Jun 19 13:42:21.900: dot11_dot1x_ignore_event: Ignore event: do 
> nothing
> .Jun 19 13:42:22.188: RADIUS: Tried all servers.
> .Jun 19 13:42:22.188: RADIUS: No valid server found. Trying any viable 
> server
> .Jun 19 13:42:22.188: RADIUS: Tried all servers.
> .Jun 19 13:42:22.188: RADIUS: No response from (172.30.19.3:1812,1813) 
> for id 44
> .Jun 19 13:42:22.188: RADIUS/DECODE: parse response no app start; FAIL
> .Jun 19 13:42:22.188: RADIUS/DECODE: parse response; FAIL
>
>
> As you can see, the Radius server seems not to respond, and AP 
> retransmits.
>
> Here are the logs on Radiator:
>
> Code:       Access-Request
> Identifier: 44
> Authentic:  RDI<28><228><134><179>x<233><248><135>l<177>Y<202><255>
> Attributes:
>         User-Name = "ben"
>         Framed-MTU = 1400
>         Called-Station-Id = "0002.8a5b.400f"
>         Calling-Station-Id = "0060.1df0.3503"
>         NAS-Port-Type = 19
>         Signature = 
> "<14><184>;<197>Q<12>;<219>Y5<209><240><179>%<181><184>"
>         EAP-Message = "<2><3><0><6><25>"
>         NAS-Port-Type = Virtual
>         NAS-Port = 159
>         Service-Type = Login-User
>         NAS-IP-Address = 172.30.24.10
>         NAS-Identifier = "ap2.gre"
>
> Thu Jun 19 15:42:17 2003: DEBUG: Handling request with Handler ''
> Thu Jun 19 15:42:17 2003: DEBUG:  Deleting session for ben, 
> 172.30.24.10, 159
> Thu Jun 19 15:42:17 2003: DEBUG: Handling with Radius::AuthFILE:
> Thu Jun 19 15:42:17 2003: DEBUG: Handling with EAP: code 2, 3, 6
> Thu Jun 19 15:42:17 2003: DEBUG: Response type 25
>
> and that's pretty all. No error to help me out.
>
> Has anybody any clue about that ?
>
> Thanks.
> --
> Jerome Fleury
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list