(RADIATOR) LEAP, Cisco 1200 AP, and Bad Authenticator message
Mike McCauley
mikem at open.com.au
Thu Nov 13 21:15:15 CST 2003
Hello John,
Ooops, we accidentally left the example leap.cfg out of the distribution. It
is now available in the patches area, and attached to this email. Sorry about
that.
The most likely cause of the error you are seeing is that the shared secrets
between Radiator and your NAS are not the same, which is detected as an
incorrect EAP signature.
Cheers.
On Fri, 14 Nov 2003 01:57 pm, John Hoarty wrote:
> I have Cisco 1200 APs and Panasonic Toughbook tablet PCs which are LEAP
> compatible. I get the
> Following error in my log file:
>
> *** Received from 10.192.10.26 port 1100 ....
> Code: Access-Request
> Identifier: 51
> Authentic: <1>$<248>7<224>>O<202><157>h<232><9><243><199><213><252>
> Attributes:
> User-Name = "n733uf"
> cisco-avpair = "ssid=*******"
> NAS-IP-Address = 10.192.10.26
> Called-Station-Id = "000dbd59562d"
> Calling-Station-Id = "0004235db36a"
> NAS-Identifier = "AP1200-59562d"
> NAS-Port = 37
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-IEEE-802-11
> Service-Type = Login-User
> EAP-Message = <2><24><0><11><1>n733uf
> Message-Authenticator =
> 71<6><209><180><146>)<0><197><233><245><149><27>h<23><168>
>
> Thu Nov 13 21:19:38 2003: WARNING: Bad EAP Message-Authenticator
> Thu Nov 13 21:19:38 2003: WARNING: Bad authenticator in request from
> DEFAULT (10.192.10.26)
>
> And I'm using <AuthBy FILE> with a single user configured as follows:
>
> <Client n733uf>
> Secret ************
> DupInterval 0
> IgnoreAcctSignature
> Service-Type = Framed-User
> eapType LEAP
> </Client>
>
> I can't find any information on using LEAP with Radiator. There is
> documentation that indicates a sample config file
> Exists in the "goodies" directory of the patch, but it's not there. Help!
> (Radiator running on Windows 2000 Server)
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
-------------- next part --------------
# leap.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with
# LEAP authentication.
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration.
#
# This example will authenticate from a standard users file in
# the current directory.
# It will negotiate LEAP authentication with any radus client
# that requests EAP authentication.
#
# It will accept requests from any client and try to handle request
# for any realm.
# And it will print out what its doing in great detail.
#
# See radius.cfg for more complete examples of features and
# syntax, and refer to the reference manual for a complete description
# of all the features and syntax.
#
# You should consider this file to be a starting point only
# $Id: simple.cfg,v 1.4 2001/04/25 23:47:13 mikem Exp $
Foreground
LogStdout
LogDir .
DbDir .
# User a lower trace level in production systems:
Trace 4
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy FILE>
# This says to handle all EAP requests with LEAP
EAPType LEAP
# Authenticate from the users file.
# Caution: only plaintext passwords are supported
Filename %D/users
</AuthBy>
</Realm>
More information about the radiator
mailing list