(RADIATOR) Radiator hangs with EAP (PEAP)

Mike McCauley mikem at open.com.au
Tue Oct 14 16:55:26 CDT 2003 

Hello,

On Wed, 15 Oct 2003 05:50 am, Christian Wiedmann wrote:
> I think your problem is actually at the access point or client.
>
> The last thing Radiator is doing is sending a message back.  This
> message is a PEAP start message.  The trace looks normal to this
> point.
>
> If you can, check the client side to see if the packet is getting
> through.  You might also want to double-check your access point
> configuration.

I agree with this and also Hughs remarks. BTW, I have seen this sort of 
behaviour fromXP it you change EAP authentication type in the wireless config 
dialogs and dont reboot the client machine.

Cheers.

> 	-Christian
>
> On Tue, 14 Oct 2003, Mark Verwoerd wrote:
> > Date: Tue, 14 Oct 2003 12:33:21 +0200
> > From: Mark Verwoerd <verwoerd.mf at stu.hsbrabant.nl>
> > To: radiator at open.com.au
> > Subject: (RADIATOR) Radiator hangs with EAP (PEAP)
> >
> > Hello Hugh,
> >
> > On work we want to setup a wireless network with 802.1x that
> > authenticates users to our LDAP server with Radiator 3.7.1.
> > The LDAP and Wireless parts work fine, but the EAP PEAP part in
> > radiator doesn't.
> >
> > The AccessPoints are propperly configured, the shared secret is correct
> > and 802.1x is enabled.
> > For testing i'm using the eap_peap.cfg from the goodies, only changed
> > the log en pid stuff. So it Auths by File (%D/users)
> >
> > CFG:
> > LogDir          /var/log/radiator
> > LogFile         %L/%Y/%m%d.log
> > PidFile         /var/log/radiator/radiator.pid
> > DbDir           /usr/local/radiator
> > Trace           4
> >
> > AuthPort        1645
> > AcctPort        1646
> >
> > #Accesspoints:
> > <Client 145.48.64.5>
> >         Secret testing123
> >         IgnoreAcctSignature
> > </Client>
> >
> > <Client DEFAULT>
> >         Secret  mysecret
> >         DupInterval 0
> > </Client>
> >
> > <Handler TunnelledByPEAP=1>
> >         <AuthBy FILE>
> >                 Filename %D/users
> >                 EAPType PEAP,MSCHAP-V2
> >         </AuthBy>
> > </Handler>
> >
> > <Realm DEFAULT>
> >         <AuthBy FILE>
> >                 Filename %D/users
> >                 EAPType PEAP
> >                 EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> >                 EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> >                 EAPTLS_CertificateType PEM
> >                 EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> >                 EAPTLS_PrivateKeyPassword whatever
> >                 EAPTLS_MaxFragmentSize 1000
> >                 AutoMPPEKeys
> >                 SSLeayTrace 4
> >         </AuthBy>
> > </Realm>
> >
> >
> > On a laptop with WinxP Pro the 'WEP key will be provided for me' option
> > is checked. And EAP-Type = EAP (PEAP)
> > When my laptop finds the AccessPoint (Avaya AP-1000) it asks for a
> > username & password, i fill in fred with password fred and it hangs
> > ....
> >
> > LOG:
> >
> > Tue Oct 14 12:06:39 2003: DEBUG: Packet dump:
> > *** Received from 145.48.64.5 port 192 ....
> > Code:       Access-Request
> > Identifier: 11
> > Authentic:
> > T=r<246><229><9><196><246>9<187><196><239><3><189><192><153>
> > Attributes:
> >         User-Name = "fred"
> >         NAS-IP-Address = 145.48.64.5
> >         Called-Station-Id = "00022d75a1ac"
> >         Calling-Station-Id = "00601df7f7d0"
> >         NAS-Identifier = "AP-1000-HSB-05"
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         Framed-MTU = 1400
> >         EAP-Message = <2><1><0><9><1>fred
> >         Message-Authenticator =
> > <166><197><<21><15><208>oT|<128><206><193><255><232>+<234>
> >
> > Tue Oct 14 12:06:39 2003: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Tue Oct 14 12:06:39 2003: DEBUG:  Deleting session for fred,
> > 145.48.64.5,
> > Tue Oct 14 12:06:39 2003: DEBUG: Handling with Radius::AuthFILE:
> > Tue Oct 14 12:06:39 2003: DEBUG: Handling with EAP: code 2, 1, 9
> > Tue Oct 14 12:06:39 2003: DEBUG: Response type 1
> > Tue Oct 14 12:06:39 2003: DEBUG: EAP result: 3, EAP PEAP Challenge
> > Tue Oct 14 12:06:39 2003: DEBUG: Access challenged for fred: EAP PEAP
> > Challenge
> > Tue Oct 14 12:06:39 2003: DEBUG: Packet dump:
> > *** Sending to 145.48.64.5 port 192 ....
> > Code:       Access-Challenge
> > Identifier: 11
> > Authentic:
> > T=r<246><229><9><196><246>9<187><196><239><3><189><192><153>
> > Attributes:
> >         EAP-Message = <1><2><0><6><25>!
> >         Message-Authenticator =
> > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Where is it waiting on ? or .. what is wrong with the cfg ? or .. what
> > do i miss here :x
> >
> >
> > Thanks for your time,
> >
> > Mark
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list