(RADIATOR) Re: cant connect Win XP to Orinoco AP-2000 via 802.1x (continue)
Mike McCauley
mikem at open.com.au
Mon Sep 8 07:16:44 CDT 2003
Helo Pavel,
On Mon, 8 Sep 2003 09:50 pm, Pavel Paprok wrote:
> Today I got answer from technicians from Proxim, they are using
> in own office AP-2000 fw v.2.2.2 and 2.1.3 with EAP-PEAP without problems.
> But are not using Radiator radius because "is not RFC 2285/2866 compliant".
2285 is 'Benchmarking Terminology for LAN Switching Devices'
not compliant :-)
Prob you mean 2865 and 2866.
Its compliant.
Have you tested against an AP that is configured correctly and known to work?
I still think there may be a configuration problem with the AP you tested
with.
>
> Has a Radiator some RFC compliance problem? And can it be a cause?
No.
Cheers.
>
> P.
>
> Pavel Paprok wrote:
> > Mike McCauley wrote:
> >> Hello Pavel,
> >>
> >> On Sat, 23 Aug 2003 01:01 am, Pavel Paprok wrote:
> >>> Mike McCauley wrote:
> >>>> Hello Pavel,
> >>>>
> >>>> On Thu, 21 Aug 2003 10:40 pm, Pavel Paprok wrote:
> >>>>> Mike McCauley wrote:
> >>>>>> On Wed, 20 Aug 2003 08:42 pm, Pavel Paprok wrote:
> >>>>>>> Hallo,
> >>>>>>>
> >>>>>>> I am trying to get work wifi access point Orinoco/Proxim AP-2000
> >>>>>>> with
> >>>>>>> 802.1x EAP/PEAP user auth by Radiator:
> >>>>>>> - Radiator 3.6 eval version RPM on RedHat 9, configured for
> >>>>>>> EAP/PEAP
> >>>>>>> with demo certificates.
> >>>>>>> - Orinoco/Proxim AP-2000 (latest firmware 2.1.3)
> >>>>>>> - Test client is notebook Dell with Win XP (all patches applied),
> >>>>>>> wireless card Orinoco Silver
> >>>>>>> and/or builtin Intel Pro/WirelessLAN 2100 3A
> >>>>>>>
> >>>>>>> After all known install and config issues I meet (described in FAQ,
> >>>>>>> archive and UtahGeeks) I moved to status where
> >>>>>>> user is authenticated OK and radius send "Access-Accept". But
> >>>>>>> its last
> >>>>>>> info from radius log, no real connection follows, no accounting
> >>>>>>> on log.
> >>>>>>> Especially basic UtahGeeks config of Access point is pretty
> >>>>>>> closed to
> >>>>>>> our config, but unfortunatelly there are not published Radiator
> >>>>>>> configuration so here maybe I have a problem. Or problem is in
> >>>>>>> using
> >>>>>>> different wifi client? Please help me somebody where is a
> >>>>>>> problem?
> >>>>>>
> >>>>>> That sounds a lot like the client is not configured to expect a
> >>>>>> dynamic
> >>>>>> WEP key, but your Radiator is configured to send themto the AP.
> >>>>>>
> >>>>>> Check the 'WEP key will be provided for me' option in your client
> >>>>>> configuration.
> >>>>>
> >>>>> of course, as I have written below in Windows XP client config:
> >>>>>
> >>>>> "- Key is provided for me automatically ON"
> >>>>> yesterday i also turn on eap tracing in WinXP, see log below,
> >>>>> interesting
> >>>>> is last line:
> >>>>>
> >>>>> "We got a EAP_failure after we got a PEAP_SUCCESS. Failing auth."
> >>>>>
> >>>>> ...i dont know what it means.
> >>>>
> >>>> That is very curious, since the last thing sent by Radiator is
> >>>> clearly an EAP Success.
> >>>> Perhaps the EAP Failure is being sent by the AP?
> >>>>
> >>>> I wonder if your AP needs some configuration so that it will support
> >>>> dynamic WEP?
> >>>>
> >>>> Cheers.
> >>>
> >>> I just try to use AP Signamax 22Mbps in 802.1x with same radiator and
> >>> windows xp client configuration
> >>> and client connected ok! So there should be no general problem with
> >>> client and radius configuration,
> >>> problem is likely in Avaya or its configuration. Or in EAP
> >>> compatibility
> >>> of Avaya?
> >>
> >> Sounds like the problem is there.
> >> We found when we tested the Orinoco AP-2000 here that you had to
> >> have the _latest_ firmware installed else it would not work properly.
> >> see the Radiator FAQ for more details.
> >> http://www.open.com.au/radiator/faq.html
> >>
> >>> I noted that I must set a "IgnoreAcctSignature" option to "yes" for
> >>> Avaya or I get "Bad EAP Message-Authenticator" warnings in log and auth
> >>> failed. Signamax works ok both with or without this option ....maybe
> >>> there is a start of problems?
> >>
> >> Sounds like there is a shared secret problem between Radiator and the
> >> Avaya?
> >
> > I thing that in this case should not accepted any
> > radius packet from other side for processing and there
> > should be no communication and request/reply exchange
> > at all. Or is it not true?
> >
> > P.
> >
> >>> Are there some AddToReply which I would try to add to reply for Avaya?
> >>> Have Avaya AP-2000 working with 802.1x somebody to help me with
> >>> configuratio? Article in FAQ
> >>> about it does not help me, I dont know where is mistake so exact AP
> >>> configure dump of real working device welcomed.
> >>
> >> Cheers.
> >>
> >>> Pavel
> >>>
> >>>>> Pavel
> >>>>>
> >>>>>> Cheers.
> >>>>>>
> >>>>>>> My configuration:
> >>>>>>>
> >>>>>>> ------ users ------
> >>>>>>> wifitest User-Password=wifi
> >>>>>>> Session-Timeout=60
> >>>>>>>
> >>>>>>>
> >>>>>>> ------ radius.cfg ------
> >>>>>>> AuthPort 1812
> >>>>>>> AcctPort 1813
> >>>>>>>
> >>>>>>> LogStdout
> >>>>>>> LogDir /var/log/radius
> >>>>>>> DbDir /etc/radiator
> >>>>>>>
> >>>>>>> Trace 5
> >>>>>>>
> >>>>>>> <Client XXX.XXX.XXX.XXX>
> >>>>>>> Secret XXXXX
> >>>>>>> Identifier wifi-testnet
> >>>>>>> IgnoreAcctSignature yes
> >>>>>>> </Client>
> >>>>>>> # now core config from eap_peap.cfg example:
> >>>>>>>
> >>>>>>> <Handler TunnelledByPEAP=1>
> >>>>>>> AcctLogFileName %L/detail
> >>>>>>> <AuthBy FILE>
> >>>>>>> Filename %D/users
> >>>>>>> EAPType MSCHAP-V2
> >>>>>>> </AuthBy>
> >>>>>>> </Handler>
> >>>>>>> <Handler>
> >>>>>>> <AuthBy FILE>
> >>>>>>> Filename %D/users
> >>>>>>> EAPType PEAP
> >>>>>>> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> >>>>>>>
> >>>>>>> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> >>>>>>> EAPTLS_CertificateType PEM
> >>>>>>>
> >>>>>>> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> >>>>>>> EAPTLS_PrivateKeyPassword whatever
> >>>>>>>
> >>>>>>> EAPTLS_MaxFragmentSize 1024
> >>>>>>>
> >>>>>>> AutoMPPEKeys
> >>>>>>> # i did try also
> >>>>>>> #AddToReply MS-MPPE-Encryption-Policy =
> >>>>>>> Encryption-Allowed,\
> >>>>>>> # MS-MPPE-Encryption-Types =
> >>>>>>> Encryption-Any SSLeayTrace 4
> >>>>>>>
> >>>>>>> </AuthBy>
> >>>>>>> </Handler>
> >>>>>>>
> >>>>>>>
> >>>>>>> ------ WinXP client configuration ------
> >>>>>>>
> >>>>>>> - Data encryption (WEP enabled) ON
> >>>>>>> - Network Authentication (Shared mode) OFF
> >>>>>>> - Key is provided for me automatically ON
> >>>>>>> - Adhoc network OFF
> >>>>>>> - Enable 802.1x auth ON
> >>>>>>> - EAP type: PEAP
> >>>>>>> -Authenticate as computer OFF
> >>>>>>> - Authenticate as guest OFF
> >>>>>>> - Validate server certificate OFF
> >>>>>>> - Authentication method: EAP-MSCHAP v2 (automatically use
> >>>>>>> Windows logon
> >>>>>>> name OFF)
> >>>>>>> - Enable fast reconnect OFF
> >>>>>>>
> >>>>>>> ----- something from Orinoco-2000 config -----
> >>>>>>>
> >>>>>>> Operational Mode
> >>>>>>> Wireless A: 802.11bg
> >>>>>>> physical iface 802.11g OFDM / DSSS 2.4 GHz, enable auto channel
> >>>>>>> select ON, transmit rate: auto fallback,
> >>>>>>> dtim period: 1 rts/cts medium reservation: 2347, enable closed
> >>>>>>> system: OFF
> >>>>>>>
> >>>>>>>
> >>>>>>> Wireless B: 802.11b only
> >>>>>>> physical iface 802.11b DSSS 2.4 GHz enable auto channel select
> >>>>>>> ON,
> >>>>>>> mcast rate: 2mbit,
> >>>>>>> dtim period: 1 rts/cts medium reservation: 2347, dist AP: large,
> >>>>>>> enable closed system: OFF,
> >>>>>>> enable load balancing: ON, enable medium density distribution: ON
> >>>>>>>
> >>>>>>> MAC access control: OFF
> >>>>>>>
> >>>>>>> Authentication:
> >>>>>>> wireless slot A: mode 802.1x, rekeying interval: 900, encr key
> >>>>>>> lenght: 64bits
> >>>>>>> wireless slot B: mode 802.1x, rekeying interval: 900, encr key
> >>>>>>> lenght: 64bits
> >>>>>>>
> >>>>>>> Radius auth:
> >>>>>>> enable radius mac access control: OFF, enable primary
> >>>>>>> radius: ON,
> >>>>>>> enable backup radius: OFF,
> >>>>>>> auth lifetime: 900sec, primary radius server ip, port and
> >>>>>>> shared
> >>>>>>> secret set properly, resp time: 3sec,
> >>>>>>> max retr: 3
> >>>>>>>
> >>>>>>> Radius acct:
> >>>>>>> enable radius accounting: ON, enable primary radius: ON, enable
> >>>>>>> backup radius: OFF,
> >>>>>>> primary radius server ip, port and shared secret set properly,
> >>>>>>> resp time: 3sec,
> >>>>>>> max retr: 3
> >>>>>>> DHCP server:
> >>>>>>> enabled
> >>>>>>>
> >>>>>>>
> >>>>>>> ------ radius log recorded ------ (tainted, only last lines,
> >>>>>>> real ip
> >>>>>>> of radiator and AP replaced, there are no ERROR lines in log...)
> >>>>>>>
> >>>>>>>
> >>>>>>> Packet length = 163
> >>>>>>> 01 0a 00 a3 35 01 00 00 d3 70 00 00 ea 7f 00 00
> >>>>>>> fc 20 00 00 01 0a 77 69 66 69 74 65 73 74 04 06
> >>>>>>> d5 c2 c2 5e 1e 13 30 30 2d 32 30 2d 61 36 2d 34
> >>>>>>> 38 2d 65 37 2d 33 66 1f 13 30 30 2d 30 34 2d 32
> >>>>>>> 33 2d 34 38 2d 66 31 2d 66 33 20 13 4f 52 69 4e
> >>>>>>> 4f 43 4f 2d 41 50 2d 32 30 30 30 41 45 0c 06 00
> >>>>>>> 00 05 78 3d 06 00 00 00 13 4f 28 02 0b 00 26 19
> >>>>>>> 00 17 03 01 00 1b 21 3a 80 0e 47 22 d7 62 48 7e
> >>>>>>> 9e 6c 5f 02 a9 68 ba 5f 5d 43 03 a4 20 bb 7d 3c
> >>>>>>> 04 50 12 4d 14 ad 48 15 4e 0b 5a da b5 23 9f ab
> >>>>>>> a0 b4 b8
> >>>>>>> Code: Access-Request
> >>>>>>> Identifier: 10
> >>>>>>> Authentic: 5<1><0><0><211>p<0><0><234><127><0><0><252> <0><0>
> >>>>>>> Attributes:
> >>>>>>> User-Name = "wifitest"
> >>>>>>> NAS-IP-Address = ORI.NO.CO.IP
> >>>>>>> Called-Station-Id = "00-20-a6-48-e7-3f"
> >>>>>>> Calling-Station-Id = "00-04-23-48-f1-f3"
> >>>>>>> NAS-Identifier = "ORiNOCO-AP-2000AE"
> >>>>>>> Framed-MTU = 1400
> >>>>>>> NAS-Port-Type = Wireless-IEEE-802-11
> >>>>>>> EAP-Message =
> >>>>>>> <2><11><0>&<25><0><23><3><1><0><27>!:<128><14>G"<215>bH~<158>l_<2><
> >>>>>>>169> h< 18 6>_]C<3><164> <187>}<<4>
> >>>>>>> Message-Authenticator =
> >>>>>>> M<20><173>H<21>N<11>Z<218><181>#<159><171><160><180><184>
> >>>>>>>
> >>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Handling request with Handler ''
> >>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Deleting session for wifitest,
> >>>>>>> ORI.NO.CO.IP ,
> >>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Handling with Radius::AuthFILE:
> >>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Handling with EAP: code 2, 11, 38
> >>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Response type 25
> >>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Access accepted for wifitest
> >>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Packet dump:
> >>>>>>> *** Sending to ORI.NO.CO.IP port 6001 ....
> >>>>>>>
> >>>>>>> Packet length = 160
> >>>>>>> 02 0a 00 a0 16 83 b2 81 33 aa 76 f3 c4 8c bd f6
> >>>>>>> 80 76 b9 ea 1a 3a 00 00 01 37 10 34 ed 16 5d 7f
> >>>>>>> 0e 74 a1 73 03 45 9c 75 15 67 22 90 c7 3d b5 b1
> >>>>>>> 71 60 1d ba be d4 29 00 42 83 18 62 b0 2f 61 c6
> >>>>>>> ca db b1 02 2d f4 76 4e 67 65 2c 98 f2 ea 1a 3a
> >>>>>>> 00 00 01 37 11 34 87 c2 87 6c 05 9a 2e c2 87 c5
> >>>>>>> 39 89 e5 45 73 57 63 e9 02 be 82 f2 21 84 ea 0d
> >>>>>>> f9 8e cc fd 4d 72 8e d9 4b 72 37 5e 55 e9 f7 65
> >>>>>>> 87 79 8d 45 2d 79 46 99 4f 06 03 0b 00 04 50 12
> >>>>>>> 9d 85 0f 55 3f ea 50 c9 85 db 50 75 01 92 67 ec
> >>>>>>> Code: Access-Accept
> >>>>>>> Identifier: 10
> >>>>>>> Authentic: 5<1><0><0><211>p<0><0><234><127><0><0><252> <0><0>
> >>>>>>> Attributes:
> >>>>>>> MS-MPPE-Send-Key =
> >>>>>>> "<237><22>]<127><14>t<161>s<3>E<156>u<21>g"<144><199>=<181><177>q`<
> >>>>>>>29>< 18 6>
> >>>>>>> <190><212>)<0>B<131><24>b<176>/a<198><202><219><177><2>-<244>vNge,<
> >>>>>>>152> < 242> <234>"
> >>>>>>>
> >>>>>>> MS-MPPE-Recv-Key =
> >>>>>>> "<135><194><135>l<5><154>.<194><135><197>9<137><229>EsWc<233><2><19
> >>>>>>>0><1 30
> >>>>>>>
> >>>>>>>> <
> >>>>>>>
> >>>>>>> 242>!<132><234><13><249><142><204><253>Mr<142><217>Kr7^U<233><247>e
> >>>>>>><135
> >>>>>>>
> >>>>>>>> y<14 1>E-yF<153>"
> >>>>>>>
> >>>>>>> EAP-Message = <3><11><0><4>
> >>>>>>> Message-Authenticator =
> >>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>>>
> >>>>> log from windows xp 802.1x client:
> >>>>>
> >>>>> [5584] 12:58:01:192: PeapReadConnectionData
> >>>>> [5584] 12:58:01:192: PeapReadUserData
> >>>>> [5584] 12:58:01:192: RasEapGetInfo
> >>>>> [5584] 12:58:01:192: PeapReDoUserData
> >>>>> [5584] 12:58:30:234: PeapReadConnectionData
> >>>>> [5584] 12:58:30:234: PeapReadUserData
> >>>>> [5584] 12:58:30:244: RasEapGetInfo
> >>>>> [5584] 12:58:30:244: PeapReDoUserData
> >>>>> [5584] 12:58:43:203: EapPeapBegin
> >>>>> [5584] 12:58:43:203: PeapReadConnectionData
> >>>>> [5584] 12:58:43:203: PeapReadUserData
> >>>>> [5584] 12:58:43:203:
> >>>>> [5584] 12:58:43:203: EapTlsBegin(wifitest)
> >>>>> [5584] 12:58:43:203: State change to Initial
> >>>>> [5584] 12:58:43:203: EapTlsBegin: Detected 8021X authentication
> >>>>> [5584] 12:58:43:203: EapTlsBegin: Detected PEAP authentication
> >>>>> [5584] 12:58:43:203: MaxTLSMessageLength is now 16384
> >>>>> [5584] 12:58:43:203: EapPeapBegin done
> >>>>> [5584] 12:58:43:203: EapPeapMakeMessage
> >>>>> [5584] 12:58:43:203: EapPeapCMakeMessage
> >>>>> [5584] 12:58:43:203: PEAP:PEAP_STATE_INITIAL
> >>>>> [5584] 12:58:43:203: EapTlsCMakeMessage
> >>>>> [5584] 12:58:43:203: EapTlsReset
> >>>>> [5584] 12:58:43:203: State change to Initial
> >>>>> [5584] 12:58:43:203: GetCredentials
> >>>>> [5584] 12:58:43:203: Flag is Client and Store is Current User
> >>>>> [5584] 12:58:43:203: GetCachedCredentials
> >>>>> [5584] 12:58:43:203: PEAP GetCachedCredentials: Using cached
> >>>>> credentials.
> >>>>> [5584] 12:58:43:203: MakeReplyMessage
> >>>>> [5584] 12:58:43:203: SecurityContextFunction
> >>>>> [5584] 12:58:43:243: InitializeSecurityContext returned 0x90312
> >>>>> [5584] 12:58:43:243: State change to SentHello
> >>>>> [5584] 12:58:43:243: BuildPacket
> >>>>> [5584] 12:58:43:243: << Sending Response (Code: 2) packet: Id: 4,
> >>>>> Length: 80, Type: 13, TLS blob length: 70. Flags: L
> >>>>> [5584] 12:58:43:243: EapPeapCMakeMessage done
> >>>>> [5584] 12:58:43:243: EapPeapMakeMessage done
> >>>>> [5584] 12:58:43:263: EapPeapMakeMessage
> >>>>> [5584] 12:58:43:263: EapPeapCMakeMessage
> >>>>> [5584] 12:58:43:263: PEAP:PEAP_STATE_TLS_INPROGRESS
> >>>>> [5584] 12:58:43:263: EapTlsCMakeMessage
> >>>>> [5584] 12:58:43:263: MakeReplyMessage
> >>>>> [5584] 12:58:43:263: Reallocating input TLS blob buffer
> >>>>> [5584] 12:58:43:263: BuildPacket
> >>>>> [5584] 12:58:43:263: << Sending Response (Code: 2) packet: Id: 5,
> >>>>> Length: 6, Type: 13, TLS blob length: 0. Flags:
> >>>>> [5584] 12:58:43:263: EapPeapCMakeMessage done
> >>>>> [5584] 12:58:43:263: EapPeapMakeMessage done
> >>>>> [5584] 12:58:43:323: EapPeapMakeMessage
> >>>>> [5584] 12:58:43:323: EapPeapCMakeMessage
> >>>>> [5584] 12:58:43:323: PEAP:PEAP_STATE_TLS_INPROGRESS
> >>>>> [5584] 12:58:43:323: EapTlsCMakeMessage
> >>>>> [5584] 12:58:43:323: MakeReplyMessage
> >>>>> [5584] 12:58:43:323: BuildPacket
> >>>>> [5584] 12:58:43:323: << Sending Response (Code: 2) packet: Id: 6,
> >>>>> Length: 6, Type: 13, TLS blob length: 0. Flags:
> >>>>> [5584] 12:58:43:323: EapPeapCMakeMessage done
> >>>>> [5584] 12:58:43:323: EapPeapMakeMessage done
> >>>>> [5584] 12:58:43:333: EapPeapMakeMessage
> >>>>> [5584] 12:58:43:333: EapPeapCMakeMessage
> >>>>> [5584] 12:58:43:333: PEAP:PEAP_STATE_TLS_INPROGRESS
> >>>>> [5584] 12:58:43:333: EapTlsCMakeMessage
> >>>>> [5584] 12:58:43:333: MakeReplyMessage
> >>>>> [5584] 12:58:43:333: SecurityContextFunction
> >>>>> [5584] 12:58:43:393: InitializeSecurityContext returned 0x90312
> >>>>> [5584] 12:58:43:393: State change to SentFinished
> >>>>> [5584] 12:58:43:393: BuildPacket
> >>>>> [5584] 12:58:43:393: << Sending Response (Code: 2) packet: Id: 7,
> >>>>> Length: 199, Type: 13, TLS blob length: 189. Flags: L
> >>>>> [5584] 12:58:43:393: EapPeapCMakeMessage done
> >>>>> [5584] 12:58:43:393: EapPeapMakeMessage done
> >>>>> [5584] 12:58:43:413: EapPeapMakeMessage
> >>>>> [5584] 12:58:43:413: EapPeapCMakeMessage
> >>>>> [5584] 12:58:43:413: PEAP:PEAP_STATE_TLS_INPROGRESS
> >>>>> [5584] 12:58:43:413: EapTlsCMakeMessage
> >>>>> [5584] 12:58:43:413: MakeReplyMessage
> >>>>> [5584] 12:58:43:413: SecurityContextFunction
> >>>>> [5584] 12:58:43:413: InitializeSecurityContext returned 0x0
> >>>>> [5584] 12:58:43:413: AuthenticateServer
> >>>>> [5584] 12:58:43:413: CreateMPPEKeyAttributes
> >>>>> [5584] 12:58:43:413: State change to RecdFinished
> >>>>> [5584] 12:58:43:413: BuildPacket
> >>>>> [5584] 12:58:43:413: << Sending Response (Code: 2) packet: Id: 8,
> >>>>> Length: 6, Type: 13, TLS blob length: 0. Flags:
> >>>>> [5584] 12:58:43:413: EapPeapCMakeMessage done
> >>>>> [5584] 12:58:43:413: EapPeapMakeMessage done
> >>>>> [5584] 12:58:43:423: EapPeapMakeMessage
> >>>>> [5584] 12:58:43:423: EapPeapCMakeMessage
> >>>>> [5584] 12:58:43:423: PEAP:PEAP_STATE_TLS_INPROGRESS
> >>>>> [5584] 12:58:43:423: EapTlsCMakeMessage
> >>>>> [5584] 12:58:43:423: Negotiation successful
> >>>>> [5584] 12:58:43:423: PeapGetTunnelProperties
> >>>>> [5584] 12:58:43:423: Successfully negotiated TLS with following
> >>>>> parametersdwProtocol = 0x80, Cipher= 0x6801,
> >>>>> CipherStrength=0x80,Hash=0x8003 [5584] 12:58:43:423:
> >>>>> PeapGetTunnelProperties done
> >>>>> [5584] 12:58:43:423: PeapClientDecryptTunnelData
> >>>>> [5584] 12:58:43:423: IsDuplicatePacket
> >>>>> [5584] 12:58:43:423: PeapDecryptTunnelData dwSizeofData = 0x16,
> >>>>> pData =
> >>>>> 0x4261ff4
> >>>>> [5584] 12:58:43:423: PeapDecryptTunnelData completed with status 0x0
> >>>>> [5584] 12:58:43:423: PeapEncryptTunnelData
> >>>>> [5584] 12:58:43:423: PeapEncryptTunnelData completed with status 0x0
> >>>>> [5584] 12:58:43:423: EapPeapCMakeMessage done
> >>>>> [5584] 12:58:43:423: EapPeapMakeMessage done
> >>>>> [5584] 12:58:43:483: EapPeapMakeMessage
> >>>>> [5584] 12:58:43:483: EapPeapCMakeMessage
> >>>>> [5584] 12:58:43:483: PEAP:PEAP_STATE_IDENTITY_RESPONSE_SENT
> >>>>> [5584] 12:58:43:483: PeapClientDecryptTunnelData
> >>>>> [5584] 12:58:43:483: IsDuplicatePacket
> >>>>> [5584] 12:58:43:483: PeapDecryptTunnelData dwSizeofData = 0x38,
> >>>>> pData =
> >>>>> 0x4261ff4
> >>>>> [5584] 12:58:43:483: PeapDecryptTunnelData completed with status 0x0
> >>>>> [5584] 12:58:43:483: PeapEncryptTunnelData
> >>>>> [5584] 12:58:43:483: PeapEncryptTunnelData completed with status 0x0
> >>>>> [5584] 12:58:43:483: EapPeapCMakeMessage done
> >>>>> [5584] 12:58:43:483: EapPeapMakeMessage done
> >>>>> [5584] 12:58:43:503: EapPeapMakeMessage
> >>>>> [5584] 12:58:43:503: EapPeapCMakeMessage
> >>>>> [5584] 12:58:43:503: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
> >>>>> [5584] 12:58:43:503: PeapClientDecryptTunnelData
> >>>>> [5584] 12:58:43:503: IsDuplicatePacket
> >>>>> [5584] 12:58:43:503: PeapDecryptTunnelData dwSizeofData = 0x4e,
> >>>>> pData =
> >>>>> 0x4261ff4
> >>>>> [5584] 12:58:43:503: PeapDecryptTunnelData completed with status 0x0
> >>>>> [5584] 12:58:43:503: PeapEncryptTunnelData
> >>>>> [5584] 12:58:43:503: PeapEncryptTunnelData completed with status 0x0
> >>>>> [5584] 12:58:43:503: EapPeapCMakeMessage done
> >>>>> [5584] 12:58:43:503: EapPeapMakeMessage done
> >>>>> [5584] 12:58:43:513: EapPeapMakeMessage
> >>>>> [5584] 12:58:43:513: EapPeapCMakeMessage
> >>>>> [5584] 12:58:43:513: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
> >>>>> [5584] 12:58:43:513: PeapClientDecryptTunnelData
> >>>>> [5584] 12:58:43:513: IsDuplicatePacket
> >>>>> [5584] 12:58:43:513: PeapDecryptTunnelData dwSizeofData = 0x20,
> >>>>> pData =
> >>>>> 0x4261ff4
> >>>>> [5584] 12:58:43:513: PeapDecryptTunnelData completed with status 0x0
> >>>>> [5584] 12:58:43:513: GetPEAPTLVStatusMessageValue
> >>>>> [5584] 12:58:43:523: CreatePEAPTLVStatusMessage
> >>>>> [5584] 12:58:43:523: PeapEncryptTunnelData
> >>>>> [5584] 12:58:43:523: PeapEncryptTunnelData completed with status 0x0
> >>>>> [5584] 12:58:43:523: EapPeapCMakeMessage done
> >>>>> [5584] 12:58:43:523: EapPeapMakeMessage done
> >>>>> [5584] 12:58:43:533: EapPeapMakeMessage
> >>>>> [5584] 12:58:43:533: EapPeapCMakeMessage
> >>>>> [5584] 12:58:43:533: PEAP:PEAP_STATE_PEAP_SUCCESS_SEND
> >>>>> [5584] 12:58:43:533: We got a EAP_failure after we got a
> >>>>> PEAP_SUCCESS.
> >>>>> Failing auth.
> >>>>> [5584] 12:58:43:533: EapPeapCMakeMessage done
> >>>>> [5584] 12:58:43:533: EapPeapMakeMessage done
> >>>>> [5584] 12:59:43:349: EapPeapEnd
> >>>>> [5584] 12:59
> >>>
> >>> ===
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list