(RADIATOR) PEAP request being ignored

Mike McCauley mikem at open.com.au
Wed Jun 25 19:17:44 CDT 2003 

Hello Francisco,

The config file is the problem.
You have not copied enough of the example config file, so you dont have a 
Handler for the outer authentication.
If you check the example goodies/eap_peap.cfg, you will see 

<Handler>
	<AuthBy FILE>
	.....
	</AuthBy>
</Handler>

which handles every incoming request, unpacks the PEAP ones and passes them to 
the <Handler TunnelledByPEAP=1> clause

I suggest you _start_ with the example eap_peap.cfg  config file, make sure it 
works, and then modify it to suit your needs.

Cheers.


On Thu, 26 Jun 2003 02:17 am, Francisco Contreiras wrote:
> Finaly I have all the requested modules installed so no more bogus error
> messages.
>
> but...
>
> I now see all my PEAP requests from an XP1 (SP1) client being ignored:
>
> ######### LOG FILE ########
> Wed Jun 25 18:13:24 2003: DEBUG: Reading users file /etc/radius/users
> Wed Jun 25 18:13:24 2003: DEBUG: Reading users file /etc/radius/users
> Wed Jun 25 18:13:24 2003: DEBUG: Finished reading configuration file
> '/etc/radius/radius.cfg' Wed Jun 25 18:13:24 2003: DEBUG: Reading
> dictionary file '/etc/radius/dictionary' Wed Jun 25 18:13:25 2003: DEBUG:
> Reading dictionary file '/etc/radius/dictionary.ascend' Wed Jun 25 18:13:25
> 2003: DEBUG: Creating authentication port 0.0.0.0:1812 Wed Jun 25 18:13:25
> 2003: DEBUG: Creating accounting port 0.0.0.0:1813 Wed Jun 25 18:13:25
> 2003: NOTICE: Server started: Radiator 3.6 on cuco.lx.it.pt (EVALUATION)
> Wed Jun 25 18:15:55 2003: DEBUG: Packet dump:
> *** Received from 192.168.0.253 port 1645 ....
> Packet length = 117
> 01 09 00 75 a6 3b 51 a0 b2 c1 de 64 c0 26 c6 03
> 44 63 e0 94 01 07 74 65 73 74 31 0c 06 00 00 05
> 78 1e 10 30 30 30 32 2e 38 61 32 31 2e 39 31 37
> 33 1f 10 30 30 30 62 2e 66 64 36 30 2e 35 36 63
> 39 50 12 12 55 31 75 99 52 c0 fb 54 64 49 69 24
> 8b e9 74 4f 0c 02 01 00 0a 01 74 65 73 74 31 3d
> 06 00 00 00 05 05 06 00 00 01 15 04 06 c0 a8 00
> fd 20 04 61 70
> Code:       Access-Request
> Identifier: 9
> Authentic:  <166>;Q<160><178><193><222>d<192>&<198><3>Dc<224><148>
> Attributes:
>         User-Name = "test1"
>         Framed-MTU = 1400
>         Called-Station-Id = "0002.8a21.9173"
>         Calling-Station-Id = "000b.fd60.56c9"
>         Message-Authenticator = <18>U1u<153>R<192><251>TdIi$<139><233>t
>         EAP-Message = <2><1><0><10><1>test1
>         NAS-Port-Type = Virtual
>         NAS-Port = 277
>         NAS-IP-Address = 192.168.0.253
>         NAS-Identifier = "ap"
> Wed Jun 25 18:15:55 2003: WARNING: Could not find a handler for test1:
> request is ignored ############33
>
> I'm using a very similar config file from the goodies:
> ##################
> AuthPort                1812
> AcctPort                1813
> LogDir                  /var/log/radius
> DbDir                   /etc/radius
> DictionaryFile          %D/dictionary,%D/dictionary.ascend
> PidFile                 /var/run/radiusd.pid
> Trace                   5
> <Client DEFAULT>
>         Secret ####
> </Client>
> <Handler TunnelledByPEAP=1>
>         <AuthBy FILE>
>                 Filename /etc/radius/users
>                 EAPType MSCHAP-V2
>         </AuthBy>
> </Handler>
> <Handler TunnelledByTTLS=1>
>         <AuthBy FILE>
>                 Filename /etc/radius/users
>                 EAPType PAP
>                 # TLS requere a config abaixo
>                 EAPTLS_CAFile /etc/radius/demoCA/cacert.pem
>                 EAPTLS_CertificateFile /etc/radius/demoCA/cert-srv.pem
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_PrivateKeyFile /etc/radius/demoCA/cert-srv.pem
>                 EAPTLS_PrivateKeyPassword xpto
>         </AuthBy>
> </Handler>
> ###################33
>
> Please help!
>
> Francisco Contreiras
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list