(RADIATOR) Can't get PEAP to work, need help.

Mike McCauley mikem at open.com.au
Mon Jun 23 18:26:55 CDT 2003


Hello Jeremy,

thanks for the full log.

Looks like Radiator is not seeing a completed client hello from your client: 
its still waiting for the client hello to be closed off.
This is very puzzling: your client is behaving differently to other clients we 
have observed.

What PEAP client are you using?

Cheers.

On Tue, 24 Jun 2003 12:51 am, Jeje wrote:
> --On Monday, June 23, 2003 10:54:36 PM +1000 Mike McCauley 
<mikem at open.com.au> wrote:
> > HelloJerome,
> >
> > My experience with this type of behaviour is that the real cause of the
> > actually occurred long before. What happens is that Radiator declines to
> > reply to a request for  some reason, and then you see a number of
> > retransmissions.
> >
> > We will need to see _all_ of the Radiator log file from the start of the
> > authentication attempt until the end. I think then we will see why
> > Radaitor is not repsonding to the clients requests.
>
> Thanks for your help Mike,
>
> here is the full log from radiator:
>
> Mon Jun 23 14:03:02 2003: NOTICE: SIGTERM received: stopping
> Mon Jun 23 14:03:15 2003: DEBUG: AuthTEST loaded
> Mon Jun 23 14:03:15 2003: DEBUG: New Radius::AuthTEST constructed
> Mon Jun 23 14:03:15 2003: DEBUG: Reading users file
> /home/radius/conf/users-wifi Mon Jun 23 14:03:15 2003: DEBUG: Reading users
> file /home/radius/conf/users-wifi Mon Jun 23 14:03:15 2003: DEBUG: Finished
> reading configuration file '../../conf/radius-wifi.cfg'
> Mon Jun 23 14:03:15 2003: DEBUG: Reading dictionary file
> '/home/radius/conf/dictionary' Mon Jun 23 14:03:16 2003: DEBUG: Creating
> authentication port 172.30.19.3:1812 Mon Jun 23 14:03:16 2003: DEBUG:
> Creating accounting port 172.30.19.3:1813 Mon Jun 23 14:03:16 2003: NOTICE:
> Server started: Radiator 3.6 on front5.net.tiscali.fr Mon Jun 23 14:04:08
> 2003: DEBUG: Packet dump:
> *** Received from 172.30.24.10 port 1645 ....
> Code:       Access-Request
> Identifier: 214
> Authentic:  @<154>kT<9>^<21>|<22>s<229><211><188>.<25>(
> Attributes:
>         User-Name = "testUser"
>         Framed-MTU = 1400
>         Called-Station-Id = "0002.8a5b.400f"
>         Calling-Station-Id = "0060.1df0.3503"
>         NAS-Port-Type = 19
>         Signature =
> "<193><253><246>i<12><239><191><172><227><11>7j<0><151><181>W" EAP-Message
> = "<2><1><0><13><1>testUser"
>         NAS-Port-Type = Virtual
>         NAS-Port = 78
>         Service-Type = Login-User
>         NAS-IP-Address = 172.30.24.10
>         NAS-Identifier = "ap2.gre"
>
> Mon Jun 23 14:04:08 2003: DEBUG: Handling request with Handler ''
> Mon Jun 23 14:04:08 2003: DEBUG:  Deleting session for testUser,
> 172.30.24.10, 78 Mon Jun 23 14:04:08 2003: DEBUG: Handling with
> Radius::AuthFILE:
> Mon Jun 23 14:04:08 2003: DEBUG: Handling with EAP: code 2, 1, 13
> Mon Jun 23 14:04:08 2003: DEBUG: Response type 1
> Mon Jun 23 14:04:08 2003: DEBUG: jeje - Radius::EAP::EAP_TYPE_IDENTITY
> Mon Jun 23 14:04:09 2003: DEBUG: Access challenged for testUser: EAP PEAP
> Challenge Mon Jun 23 14:04:09 2003: DEBUG: Packet dump:
> *** Sending to 172.30.24.10 port 1645 ....
> Code:       Access-Challenge
> Identifier: 214
> Authentic:  @<154>kT<9>^<21>|<22>s<229><211><188>.<25>(
> Attributes:
>         EAP-Message = "<1><2><0><6><25>!"
>         Signature = "<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>"
>
> Mon Jun 23 14:04:09 2003: DEBUG: Packet dump:
> *** Received from 172.30.24.10 port 1645 ....
> Code:       Access-Request
> Identifier: 215
> Authentic:  NW<237>T?<254>DT<202><146><22>|z<4><219><161>
> Attributes:
>         User-Name = "testUser"
>         Framed-MTU = 1400
>         Called-Station-Id = "0002.8a5b.400f"
>         Calling-Station-Id = "0060.1df0.3503"
>         NAS-Port-Type = 19
>         Signature = "g<13><196><159>$OxI}i<165><140><177>M<242>6"
>         EAP-Message =
> "<2><2><0>^<25><0><22><3><1><0>S<1><0><0>O<3><1>><246><236><186>O<<12><18><
>179><172><0><146>V<2 1><202>J<233><146><149><25>9<149><2
> 7><29>
> s<202><239><208><6><3><130><0><0>(<0><22><0><19><0>f<0><21><0><18><0><10><0
>><5><0><4><0><9><0>c <0>e<0>`<0>b<0>a<0>d<0><20><0><17><0><3><0><6><0><
> 8><1>"
>         NAS-Port-Type = Virtual
>         NAS-Port = 78
>         Service-Type = Login-User
>         NAS-IP-Address = 172.30.24.10
>         NAS-Identifier = "ap2.gre"
>
> Mon Jun 23 14:04:09 2003: DEBUG: Handling request with Handler ''
> Mon Jun 23 14:04:09 2003: DEBUG:  Deleting session for testUser,
> 172.30.24.10, 78 Mon Jun 23 14:04:09 2003: DEBUG: Handling with
> Radius::AuthFILE:
> Mon Jun 23 14:04:09 2003: DEBUG: Handling with EAP: code 2, 2, 94
> Mon Jun 23 14:04:09 2003: DEBUG: Response type 25
> Mon Jun 23 14:04:09 2003: DEBUG: jeje - else2
> Mon Jun 23 14:04:09 2003: DEBUG: jeje - 25,  PEAP
> Mon Jun 23 14:04:09 2003: DEBUG: EAP TLS SSL_accept result: -1, 2, 8465
> Mon Jun 23 14:04:09 2003: ERR: jeje - want read
> Mon Jun 23 14:04:09 2003: ERR: EAP TLS error: -1, 2, 8465,
> Mon Jun 23 14:04:09 2003: DEBUG: Access challenged for testUser: EAP PEAP
> Challenge Mon Jun 23 14:04:09 2003: DEBUG: Packet dump:
> *** Sending to 172.30.24.10 port 1645 ....
> Code:       Access-Challenge
> Identifier: 215
> Authentic:  NW<237>T?<254>DT<202><146><22>|z<4><219><161>
> Attributes:
>         EAP-Message = "<4><2><0><4>"
>         Signature = "<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>"
>         EAP-Message = "<1><3><0><6><25><0>"
>
>
>
> jeje.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list