(RADIATOR) Radiator hangs with EAP (PEAP)

Christian Wiedmann cw_radiator at wiedmann.org
Tue Oct 14 14:50:07 CDT 2003


I think your problem is actually at the access point or client.

The last thing Radiator is doing is sending a message back.  This
message is a PEAP start message.  The trace looks normal to this
point.

If you can, check the client side to see if the packet is getting
through.  You might also want to double-check your access point
configuration.
	-Christian

On Tue, 14 Oct 2003, Mark Verwoerd wrote:

> Date: Tue, 14 Oct 2003 12:33:21 +0200
> From: Mark Verwoerd <verwoerd.mf at stu.hsbrabant.nl>
> To: radiator at open.com.au
> Subject: (RADIATOR) Radiator hangs with EAP (PEAP)
> 
> Hello Hugh,
> 
> On work we want to setup a wireless network with 802.1x that
> authenticates users to our LDAP server with Radiator 3.7.1.
> The LDAP and Wireless parts work fine, but the EAP PEAP part in
> radiator doesn't.
> 
> The AccessPoints are propperly configured, the shared secret is correct
> and 802.1x is enabled.
> For testing i'm using the eap_peap.cfg from the goodies, only changed
> the log en pid stuff. So it Auths by File (%D/users)
> 
> CFG:
> LogDir          /var/log/radiator
> LogFile         %L/%Y/%m%d.log
> PidFile         /var/log/radiator/radiator.pid
> DbDir           /usr/local/radiator
> Trace           4
> 
> AuthPort        1645
> AcctPort        1646
> 
> #Accesspoints:
> <Client 145.48.64.5>
>         Secret testing123
>         IgnoreAcctSignature
> </Client>
> 
> <Client DEFAULT>
>         Secret  mysecret
>         DupInterval 0
> </Client>
> 
> <Handler TunnelledByPEAP=1>
>         <AuthBy FILE>
>                 Filename %D/users
>                 EAPType PEAP,MSCHAP-V2
>         </AuthBy>
> </Handler>
> 
> <Realm DEFAULT>
>         <AuthBy FILE>        
>                 Filename %D/users     
>                 EAPType PEAP            
>                 EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>                 EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>                 EAPTLS_PrivateKeyPassword whatever
>                 EAPTLS_MaxFragmentSize 1000
>                 AutoMPPEKeys
>                 SSLeayTrace 4
>         </AuthBy>
> </Realm>
> 
> 
> On a laptop with WinxP Pro the 'WEP key will be provided for me' option
> is checked. And EAP-Type = EAP (PEAP)
> When my laptop finds the AccessPoint (Avaya AP-1000) it asks for a
> username & password, i fill in fred with password fred and it hangs
> ....
> 
> LOG:
> 
> Tue Oct 14 12:06:39 2003: DEBUG: Packet dump:
> *** Received from 145.48.64.5 port 192 ....
> Code:       Access-Request
> Identifier: 11
> Authentic: 
> T=r<246><229><9><196><246>9<187><196><239><3><189><192><153>
> Attributes:
>         User-Name = "fred"
>         NAS-IP-Address = 145.48.64.5
>         Called-Station-Id = "00022d75a1ac"
>         Calling-Station-Id = "00601df7f7d0"
>         NAS-Identifier = "AP-1000-HSB-05"
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Framed-MTU = 1400
>         EAP-Message = <2><1><0><9><1>fred
>         Message-Authenticator =
> <166><197><<21><15><208>oT|<128><206><193><255><232>+<234>
> 
> Tue Oct 14 12:06:39 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Oct 14 12:06:39 2003: DEBUG:  Deleting session for fred,
> 145.48.64.5,
> Tue Oct 14 12:06:39 2003: DEBUG: Handling with Radius::AuthFILE:
> Tue Oct 14 12:06:39 2003: DEBUG: Handling with EAP: code 2, 1, 9
> Tue Oct 14 12:06:39 2003: DEBUG: Response type 1
> Tue Oct 14 12:06:39 2003: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Oct 14 12:06:39 2003: DEBUG: Access challenged for fred: EAP PEAP
> Challenge
> Tue Oct 14 12:06:39 2003: DEBUG: Packet dump:
> *** Sending to 145.48.64.5 port 192 ....
> Code:       Access-Challenge
> Identifier: 11
> Authentic: 
> T=r<246><229><9><196><246>9<187><196><239><3><189><192><153>
> Attributes:
>         EAP-Message = <1><2><0><6><25>!
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Where is it waiting on ? or .. what is wrong with the cfg ? or .. what
> do i miss here :x
> 
> 
> Thanks for your time,
> 
> Mark
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list