(RADIATOR) Can't get PEAP to work, need help.

Mike McCauley mikem at open.com.au
Mon Jun 23 18:27:41 CDT 2003


On Tue, 24 Jun 2003 09:26 am, Mike McCauley wrote:
> Hello Jeremy,

Sorry: Jerome

>
> thanks for the full log.
>
> Looks like Radiator is not seeing a completed client hello from your
> client: its still waiting for the client hello to be closed off.
> This is very puzzling: your client is behaving differently to other clients
> we have observed.
>
> What PEAP client are you using?
>
> Cheers.
>
> On Tue, 24 Jun 2003 12:51 am, Jeje wrote:
> > --On Monday, June 23, 2003 10:54:36 PM +1000 Mike McCauley
>
> <mikem at open.com.au> wrote:
> > > HelloJerome,
> > >
> > > My experience with this type of behaviour is that the real cause of the
> > > actually occurred long before. What happens is that Radiator declines
> > > to reply to a request for  some reason, and then you see a number of
> > > retransmissions.
> > >
> > > We will need to see _all_ of the Radiator log file from the start of
> > > the authentication attempt until the end. I think then we will see why
> > > Radaitor is not repsonding to the clients requests.
> >
> > Thanks for your help Mike,
> >
> > here is the full log from radiator:
> >
> > Mon Jun 23 14:03:02 2003: NOTICE: SIGTERM received: stopping
> > Mon Jun 23 14:03:15 2003: DEBUG: AuthTEST loaded
> > Mon Jun 23 14:03:15 2003: DEBUG: New Radius::AuthTEST constructed
> > Mon Jun 23 14:03:15 2003: DEBUG: Reading users file
> > /home/radius/conf/users-wifi Mon Jun 23 14:03:15 2003: DEBUG: Reading
> > users file /home/radius/conf/users-wifi Mon Jun 23 14:03:15 2003: DEBUG:
> > Finished reading configuration file '../../conf/radius-wifi.cfg'
> > Mon Jun 23 14:03:15 2003: DEBUG: Reading dictionary file
> > '/home/radius/conf/dictionary' Mon Jun 23 14:03:16 2003: DEBUG: Creating
> > authentication port 172.30.19.3:1812 Mon Jun 23 14:03:16 2003: DEBUG:
> > Creating accounting port 172.30.19.3:1813 Mon Jun 23 14:03:16 2003:
> > NOTICE: Server started: Radiator 3.6 on front5.net.tiscali.fr Mon Jun 23
> > 14:04:08 2003: DEBUG: Packet dump:
> > *** Received from 172.30.24.10 port 1645 ....
> > Code:       Access-Request
> > Identifier: 214
> > Authentic:  @<154>kT<9>^<21>|<22>s<229><211><188>.<25>(
> > Attributes:
> >         User-Name = "testUser"
> >         Framed-MTU = 1400
> >         Called-Station-Id = "0002.8a5b.400f"
> >         Calling-Station-Id = "0060.1df0.3503"
> >         NAS-Port-Type = 19
> >         Signature =
> > "<193><253><246>i<12><239><191><172><227><11>7j<0><151><181>W"
> > EAP-Message = "<2><1><0><13><1>testUser"
> >         NAS-Port-Type = Virtual
> >         NAS-Port = 78
> >         Service-Type = Login-User
> >         NAS-IP-Address = 172.30.24.10
> >         NAS-Identifier = "ap2.gre"
> >
> > Mon Jun 23 14:04:08 2003: DEBUG: Handling request with Handler ''
> > Mon Jun 23 14:04:08 2003: DEBUG:  Deleting session for testUser,
> > 172.30.24.10, 78 Mon Jun 23 14:04:08 2003: DEBUG: Handling with
> > Radius::AuthFILE:
> > Mon Jun 23 14:04:08 2003: DEBUG: Handling with EAP: code 2, 1, 13
> > Mon Jun 23 14:04:08 2003: DEBUG: Response type 1
> > Mon Jun 23 14:04:08 2003: DEBUG: jeje - Radius::EAP::EAP_TYPE_IDENTITY
> > Mon Jun 23 14:04:09 2003: DEBUG: Access challenged for testUser: EAP PEAP
> > Challenge Mon Jun 23 14:04:09 2003: DEBUG: Packet dump:
> > *** Sending to 172.30.24.10 port 1645 ....
> > Code:       Access-Challenge
> > Identifier: 214
> > Authentic:  @<154>kT<9>^<21>|<22>s<229><211><188>.<25>(
> > Attributes:
> >         EAP-Message = "<1><2><0><6><25>!"
> >         Signature = "<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>"
> >
> > Mon Jun 23 14:04:09 2003: DEBUG: Packet dump:
> > *** Received from 172.30.24.10 port 1645 ....
> > Code:       Access-Request
> > Identifier: 215
> > Authentic:  NW<237>T?<254>DT<202><146><22>|z<4><219><161>
> > Attributes:
> >         User-Name = "testUser"
> >         Framed-MTU = 1400
> >         Called-Station-Id = "0002.8a5b.400f"
> >         Calling-Station-Id = "0060.1df0.3503"
> >         NAS-Port-Type = 19
> >         Signature = "g<13><196><159>$OxI}i<165><140><177>M<242>6"
> >         EAP-Message =
> > "<2><2><0>^<25><0><22><3><1><0>S<1><0><0>O<3><1>><246><236><186>O<<12><18
> >>< 179><172><0><146>V<2 1><202>J<233><146><149><25>9<149><2
> > 7><29>
> > s<202><239><208><6><3><130><0><0>(<0><22><0><19><0>f<0><21><0><18><0><10>
> ><0
> >
> >><5><0><4><0><9><0>c <0>e<0>`<0>b<0>a<0>d<0><20><0><17><0><3><0><6><0><
> >
> > 8><1>"
> >         NAS-Port-Type = Virtual
> >         NAS-Port = 78
> >         Service-Type = Login-User
> >         NAS-IP-Address = 172.30.24.10
> >         NAS-Identifier = "ap2.gre"
> >
> > Mon Jun 23 14:04:09 2003: DEBUG: Handling request with Handler ''
> > Mon Jun 23 14:04:09 2003: DEBUG:  Deleting session for testUser,
> > 172.30.24.10, 78 Mon Jun 23 14:04:09 2003: DEBUG: Handling with
> > Radius::AuthFILE:
> > Mon Jun 23 14:04:09 2003: DEBUG: Handling with EAP: code 2, 2, 94
> > Mon Jun 23 14:04:09 2003: DEBUG: Response type 25
> > Mon Jun 23 14:04:09 2003: DEBUG: jeje - else2
> > Mon Jun 23 14:04:09 2003: DEBUG: jeje - 25,  PEAP
> > Mon Jun 23 14:04:09 2003: DEBUG: EAP TLS SSL_accept result: -1, 2, 8465
> > Mon Jun 23 14:04:09 2003: ERR: jeje - want read
> > Mon Jun 23 14:04:09 2003: ERR: EAP TLS error: -1, 2, 8465,
> > Mon Jun 23 14:04:09 2003: DEBUG: Access challenged for testUser: EAP PEAP
> > Challenge Mon Jun 23 14:04:09 2003: DEBUG: Packet dump:
> > *** Sending to 172.30.24.10 port 1645 ....
> > Code:       Access-Challenge
> > Identifier: 215
> > Authentic:  NW<237>T?<254>DT<202><146><22>|z<4><219><161>
> > Attributes:
> >         EAP-Message = "<4><2><0><4>"
> >         Signature = "<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>"
> >         EAP-Message = "<1><3><0><6><25><0>"
> >
> >
> >
> > jeje.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list