(RADIATOR) Radiator hangs with EAP (PEAP)

Mark Verwoerd verwoerd.mf at stu.hsbrabant.nl
Tue Oct 14 05:33:21 CDT 2003


Hello Hugh,

On work we want to setup a wireless network with 802.1x that
authenticates users to our LDAP server with Radiator 3.7.1.
The LDAP and Wireless parts work fine, but the EAP PEAP part in
radiator doesn't.

The AccessPoints are propperly configured, the shared secret is correct
and 802.1x is enabled.
For testing i'm using the eap_peap.cfg from the goodies, only changed
the log en pid stuff. So it Auths by File (%D/users)

CFG:
LogDir          /var/log/radiator
LogFile         %L/%Y/%m%d.log
PidFile         /var/log/radiator/radiator.pid
DbDir           /usr/local/radiator
Trace           4

AuthPort        1645
AcctPort        1646

#Accesspoints:
<Client 145.48.64.5>
        Secret testing123
        IgnoreAcctSignature
</Client>

<Client DEFAULT>
        Secret  mysecret
        DupInterval 0
</Client>

<Handler TunnelledByPEAP=1>
        <AuthBy FILE>
                Filename %D/users
                EAPType PEAP,MSCHAP-V2
        </AuthBy>
</Handler>

<Realm DEFAULT>
        <AuthBy FILE>        
                Filename %D/users     
                EAPType PEAP            
                EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
                EAPTLS_CertificateFile %D/certificates/cert-srv.pem
                EAPTLS_CertificateType PEM
                EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
                EAPTLS_PrivateKeyPassword whatever
                EAPTLS_MaxFragmentSize 1000
                AutoMPPEKeys
                SSLeayTrace 4
        </AuthBy>
</Realm>


On a laptop with WinxP Pro the 'WEP key will be provided for me' option
is checked. And EAP-Type = EAP (PEAP)
When my laptop finds the AccessPoint (Avaya AP-1000) it asks for a
username & password, i fill in fred with password fred and it hangs
....

LOG:

Tue Oct 14 12:06:39 2003: DEBUG: Packet dump:
*** Received from 145.48.64.5 port 192 ....
Code:       Access-Request
Identifier: 11
Authentic: 
T=r<246><229><9><196><246>9<187><196><239><3><189><192><153>
Attributes:
        User-Name = "fred"
        NAS-IP-Address = 145.48.64.5
        Called-Station-Id = "00022d75a1ac"
        Calling-Station-Id = "00601df7f7d0"
        NAS-Identifier = "AP-1000-HSB-05"
        NAS-Port-Type = Wireless-IEEE-802-11
        Framed-MTU = 1400
        EAP-Message = <2><1><0><9><1>fred
        Message-Authenticator =
<166><197><<21><15><208>oT|<128><206><193><255><232>+<234>

Tue Oct 14 12:06:39 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Oct 14 12:06:39 2003: DEBUG:  Deleting session for fred,
145.48.64.5,
Tue Oct 14 12:06:39 2003: DEBUG: Handling with Radius::AuthFILE:
Tue Oct 14 12:06:39 2003: DEBUG: Handling with EAP: code 2, 1, 9
Tue Oct 14 12:06:39 2003: DEBUG: Response type 1
Tue Oct 14 12:06:39 2003: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Oct 14 12:06:39 2003: DEBUG: Access challenged for fred: EAP PEAP
Challenge
Tue Oct 14 12:06:39 2003: DEBUG: Packet dump:
*** Sending to 145.48.64.5 port 192 ....
Code:       Access-Challenge
Identifier: 11
Authentic: 
T=r<246><229><9><196><246>9<187><196><239><3><189><192><153>
Attributes:
        EAP-Message = <1><2><0><6><25>!
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Where is it waiting on ? or .. what is wrong with the cfg ? or .. what
do i miss here :x


Thanks for your time,

Mark
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list