(RADIATOR) PEAP request being ignored

Hugh Irvine hugh at open.com.au
Wed Jun 25 19:18:07 CDT 2003 

Hello Francisco -

You will need a default Handler at the end of the list to deal with the 
initial request:

##################
AuthPort                1812
AcctPort                1813
LogDir                  /var/log/radius
DbDir                   /etc/radius
DictionaryFile          %D/dictionary,%D/dictionary.ascend
PidFile                 /var/run/radiusd.pid
Trace                   5

<Client DEFAULT>
         Secret ####
</Client>

<Handler TunnelledByPEAP=1>
         <AuthBy FILE>
                 Filename /etc/radius/users
                 EAPType MSCHAP-V2
         </AuthBy>
</Handler>

<Handler TunnelledByTTLS=1>
         <AuthBy FILE>
                 Filename /etc/radius/users
                 EAPType PAP
                 # TLS requere a config abaixo
                 EAPTLS_CAFile /etc/radius/demoCA/cacert.pem
                 EAPTLS_CertificateFile /etc/radius/demoCA/cert-srv.pem
                 EAPTLS_CertificateType PEM
                 EAPTLS_PrivateKeyFile /etc/radius/demoCA/cert-srv.pem
                 EAPTLS_PrivateKeyPassword xpto
         </AuthBy>
</Handler>

<Handler>
	....
	<AuthBy FILE>
		....
	</AuthBy>
	....
</Handler>


regards

Hugh


On Thursday, Jun 26, 2003, at 02:17 Australia/Melbourne, Francisco 
Contreiras wrote:

> Finaly I have all the requested modules installed so no more bogus 
> error messages.
>
> but...
>
> I now see all my PEAP requests from an XP1 (SP1) client being ignored:
>
> ######### LOG FILE ########
> Wed Jun 25 18:13:24 2003: DEBUG: Reading users file /etc/radius/users
> Wed Jun 25 18:13:24 2003: DEBUG: Reading users file /etc/radius/users
> Wed Jun 25 18:13:24 2003: DEBUG: Finished reading configuration file 
> '/etc/radius/radius.cfg'
> Wed Jun 25 18:13:24 2003: DEBUG: Reading dictionary file 
> '/etc/radius/dictionary'
> Wed Jun 25 18:13:25 2003: DEBUG: Reading dictionary file 
> '/etc/radius/dictionary.ascend'
> Wed Jun 25 18:13:25 2003: DEBUG: Creating authentication port 
> 0.0.0.0:1812
> Wed Jun 25 18:13:25 2003: DEBUG: Creating accounting port 0.0.0.0:1813
> Wed Jun 25 18:13:25 2003: NOTICE: Server started: Radiator 3.6 on 
> cuco.lx.it.pt (EVALUATION)
> Wed Jun 25 18:15:55 2003: DEBUG: Packet dump:
> *** Received from 192.168.0.253 port 1645 ....
> Packet length = 117
> 01 09 00 75 a6 3b 51 a0 b2 c1 de 64 c0 26 c6 03
> 44 63 e0 94 01 07 74 65 73 74 31 0c 06 00 00 05
> 78 1e 10 30 30 30 32 2e 38 61 32 31 2e 39 31 37
> 33 1f 10 30 30 30 62 2e 66 64 36 30 2e 35 36 63
> 39 50 12 12 55 31 75 99 52 c0 fb 54 64 49 69 24
> 8b e9 74 4f 0c 02 01 00 0a 01 74 65 73 74 31 3d
> 06 00 00 00 05 05 06 00 00 01 15 04 06 c0 a8 00
> fd 20 04 61 70
> Code:       Access-Request
> Identifier: 9
> Authentic:  <166>;Q<160><178><193><222>d<192>&<198><3>Dc<224><148>
> Attributes:
>         User-Name = "test1"
>         Framed-MTU = 1400
>         Called-Station-Id = "0002.8a21.9173"
>         Calling-Station-Id = "000b.fd60.56c9"
>         Message-Authenticator = <18>U1u<153>R<192><251>TdIi$<139><233>t
>         EAP-Message = <2><1><0><10><1>test1
>         NAS-Port-Type = Virtual
>         NAS-Port = 277
>         NAS-IP-Address = 192.168.0.253
>         NAS-Identifier = "ap"
> Wed Jun 25 18:15:55 2003: WARNING: Could not find a handler for test1: 
> request is ignored
> ############33
>
> I'm using a very similar config file from the goodies:
> ##################
> AuthPort                1812
> AcctPort                1813
> LogDir                  /var/log/radius
> DbDir                   /etc/radius
> DictionaryFile          %D/dictionary,%D/dictionary.ascend
> PidFile                 /var/run/radiusd.pid
> Trace                   5
> <Client DEFAULT>
>         Secret ####
> </Client>
> <Handler TunnelledByPEAP=1>
>         <AuthBy FILE>
>                 Filename /etc/radius/users
>                 EAPType MSCHAP-V2
>         </AuthBy>
> </Handler>
> <Handler TunnelledByTTLS=1>
>         <AuthBy FILE>
>                 Filename /etc/radius/users
>                 EAPType PAP
>                 # TLS requere a config abaixo
>                 EAPTLS_CAFile /etc/radius/demoCA/cacert.pem
>                 EAPTLS_CertificateFile /etc/radius/demoCA/cert-srv.pem
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_PrivateKeyFile /etc/radius/demoCA/cert-srv.pem
>                 EAPTLS_PrivateKeyPassword xpto
>         </AuthBy>
> </Handler>
> ###################33
>
> Please help!
>
> Francisco Contreiras
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list