(RADIATOR) Re: cant connect Win XP to Orinoco AP-2000 via 802.1x (continue)
Bret Jordan
bret.jordan at utah.edu
Wed Sep 10 16:29:12 CDT 2003
We have Proxim AP2000s working with PEAP in a limited area. It does
work with Radiator, it just a pain.
Bret
Mike McCauley wrote:
>Helo Pavel,
>
>
>On Mon, 8 Sep 2003 09:50 pm, Pavel Paprok wrote:
>
>
>>Today I got answer from technicians from Proxim, they are using
>>in own office AP-2000 fw v.2.2.2 and 2.1.3 with EAP-PEAP without problems.
>>But are not using Radiator radius because "is not RFC 2285/2866 compliant".
>>
>>
>
>2285 is 'Benchmarking Terminology for LAN Switching Devices'
>not compliant :-)
>
>Prob you mean 2865 and 2866.
>Its compliant.
>
>Have you tested against an AP that is configured correctly and known to work?
>I still think there may be a configuration problem with the AP you tested
>with.
>
>
>
>>Has a Radiator some RFC compliance problem? And can it be a cause?
>>
>>
>No.
>
>Cheers.
>
>
>
>>P.
>>
>>Pavel Paprok wrote:
>>
>>
>>>Mike McCauley wrote:
>>>
>>>
>>>>Hello Pavel,
>>>>
>>>>On Sat, 23 Aug 2003 01:01 am, Pavel Paprok wrote:
>>>>
>>>>
>>>>>Mike McCauley wrote:
>>>>>
>>>>>
>>>>>>Hello Pavel,
>>>>>>
>>>>>>On Thu, 21 Aug 2003 10:40 pm, Pavel Paprok wrote:
>>>>>>
>>>>>>
>>>>>>>Mike McCauley wrote:
>>>>>>>
>>>>>>>
>>>>>>>>On Wed, 20 Aug 2003 08:42 pm, Pavel Paprok wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>>Hallo,
>>>>>>>>>
>>>>>>>>>I am trying to get work wifi access point Orinoco/Proxim AP-2000
>>>>>>>>>with
>>>>>>>>>802.1x EAP/PEAP user auth by Radiator:
>>>>>>>>>- Radiator 3.6 eval version RPM on RedHat 9, configured for
>>>>>>>>>EAP/PEAP
>>>>>>>>>with demo certificates.
>>>>>>>>>- Orinoco/Proxim AP-2000 (latest firmware 2.1.3)
>>>>>>>>>- Test client is notebook Dell with Win XP (all patches applied),
>>>>>>>>>wireless card Orinoco Silver
>>>>>>>>>and/or builtin Intel Pro/WirelessLAN 2100 3A
>>>>>>>>>
>>>>>>>>>After all known install and config issues I meet (described in FAQ,
>>>>>>>>>archive and UtahGeeks) I moved to status where
>>>>>>>>>user is authenticated OK and radius send "Access-Accept". But
>>>>>>>>>its last
>>>>>>>>>info from radius log, no real connection follows, no accounting
>>>>>>>>>on log.
>>>>>>>>>Especially basic UtahGeeks config of Access point is pretty
>>>>>>>>>closed to
>>>>>>>>>our config, but unfortunatelly there are not published Radiator
>>>>>>>>>configuration so here maybe I have a problem. Or problem is in
>>>>>>>>>using
>>>>>>>>>different wifi client? Please help me somebody where is a
>>>>>>>>>problem?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>That sounds a lot like the client is not configured to expect a
>>>>>>>>dynamic
>>>>>>>>WEP key, but your Radiator is configured to send themto the AP.
>>>>>>>>
>>>>>>>>Check the 'WEP key will be provided for me' option in your client
>>>>>>>>configuration.
>>>>>>>>
>>>>>>>>
>>>>>>>of course, as I have written below in Windows XP client config:
>>>>>>>
>>>>>>>"- Key is provided for me automatically ON"
>>>>>>>yesterday i also turn on eap tracing in WinXP, see log below,
>>>>>>>interesting
>>>>>>>is last line:
>>>>>>>
>>>>>>>"We got a EAP_failure after we got a PEAP_SUCCESS. Failing auth."
>>>>>>>
>>>>>>>...i dont know what it means.
>>>>>>>
>>>>>>>
>>>>>>That is very curious, since the last thing sent by Radiator is
>>>>>>clearly an EAP Success.
>>>>>>Perhaps the EAP Failure is being sent by the AP?
>>>>>>
>>>>>>I wonder if your AP needs some configuration so that it will support
>>>>>>dynamic WEP?
>>>>>>
>>>>>>Cheers.
>>>>>>
>>>>>>
>>>>>I just try to use AP Signamax 22Mbps in 802.1x with same radiator and
>>>>>windows xp client configuration
>>>>>and client connected ok! So there should be no general problem with
>>>>>client and radius configuration,
>>>>>problem is likely in Avaya or its configuration. Or in EAP
>>>>>compatibility
>>>>>of Avaya?
>>>>>
>>>>>
>>>>Sounds like the problem is there.
>>>>We found when we tested the Orinoco AP-2000 here that you had to
>>>>have the _latest_ firmware installed else it would not work properly.
>>>>see the Radiator FAQ for more details.
>>>>http://www.open.com.au/radiator/faq.html
>>>>
>>>>
>>>>
>>>>>I noted that I must set a "IgnoreAcctSignature" option to "yes" for
>>>>>Avaya or I get "Bad EAP Message-Authenticator" warnings in log and auth
>>>>>failed. Signamax works ok both with or without this option ....maybe
>>>>>there is a start of problems?
>>>>>
>>>>>
>>>>Sounds like there is a shared secret problem between Radiator and the
>>>>Avaya?
>>>>
>>>>
>>>I thing that in this case should not accepted any
>>>radius packet from other side for processing and there
>>>should be no communication and request/reply exchange
>>>at all. Or is it not true?
>>>
>>>P.
>>>
>>>
>>>
>>>>>Are there some AddToReply which I would try to add to reply for Avaya?
>>>>>Have Avaya AP-2000 working with 802.1x somebody to help me with
>>>>>configuratio? Article in FAQ
>>>>>about it does not help me, I dont know where is mistake so exact AP
>>>>>configure dump of real working device welcomed.
>>>>>
>>>>>
>>>>Cheers.
>>>>
>>>>
>>>>
>>>>>Pavel
>>>>>
>>>>>
>>>>>
>>>>>>>Pavel
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Cheers.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>My configuration:
>>>>>>>>>
>>>>>>>>>------ users ------
>>>>>>>>>wifitest User-Password=wifi
>>>>>>>>> Session-Timeout=60
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>------ radius.cfg ------
>>>>>>>>>AuthPort 1812
>>>>>>>>>AcctPort 1813
>>>>>>>>>
>>>>>>>>>LogStdout
>>>>>>>>>LogDir /var/log/radius
>>>>>>>>>DbDir /etc/radiator
>>>>>>>>>
>>>>>>>>>Trace 5
>>>>>>>>>
>>>>>>>>><Client XXX.XXX.XXX.XXX>
>>>>>>>>> Secret XXXXX
>>>>>>>>> Identifier wifi-testnet
>>>>>>>>> IgnoreAcctSignature yes
>>>>>>>>></Client>
>>>>>>>>># now core config from eap_peap.cfg example:
>>>>>>>>>
>>>>>>>>><Handler TunnelledByPEAP=1>
>>>>>>>>> AcctLogFileName %L/detail
>>>>>>>>> <AuthBy FILE>
>>>>>>>>> Filename %D/users
>>>>>>>>> EAPType MSCHAP-V2
>>>>>>>>> </AuthBy>
>>>>>>>>></Handler>
>>>>>>>>><Handler>
>>>>>>>>> <AuthBy FILE>
>>>>>>>>> Filename %D/users
>>>>>>>>> EAPType PEAP
>>>>>>>>> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>>>>>>>>>
>>>>>>>>> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>>>>>>>>> EAPTLS_CertificateType PEM
>>>>>>>>>
>>>>>>>>> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>>>>>>>>> EAPTLS_PrivateKeyPassword whatever
>>>>>>>>>
>>>>>>>>> EAPTLS_MaxFragmentSize 1024
>>>>>>>>>
>>>>>>>>> AutoMPPEKeys
>>>>>>>>> # i did try also
>>>>>>>>> #AddToReply MS-MPPE-Encryption-Policy =
>>>>>>>>>Encryption-Allowed,\
>>>>>>>>> # MS-MPPE-Encryption-Types =
>>>>>>>>>Encryption-Any SSLeayTrace 4
>>>>>>>>>
>>>>>>>>> </AuthBy>
>>>>>>>>></Handler>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>------ WinXP client configuration ------
>>>>>>>>>
>>>>>>>>>- Data encryption (WEP enabled) ON
>>>>>>>>>- Network Authentication (Shared mode) OFF
>>>>>>>>>- Key is provided for me automatically ON
>>>>>>>>>- Adhoc network OFF
>>>>>>>>>- Enable 802.1x auth ON
>>>>>>>>>- EAP type: PEAP
>>>>>>>>>-Authenticate as computer OFF
>>>>>>>>>- Authenticate as guest OFF
>>>>>>>>>- Validate server certificate OFF
>>>>>>>>>- Authentication method: EAP-MSCHAP v2 (automatically use
>>>>>>>>>Windows logon
>>>>>>>>>name OFF)
>>>>>>>>>- Enable fast reconnect OFF
>>>>>>>>>
>>>>>>>>>----- something from Orinoco-2000 config -----
>>>>>>>>>
>>>>>>>>>Operational Mode
>>>>>>>>>Wireless A: 802.11bg
>>>>>>>>> physical iface 802.11g OFDM / DSSS 2.4 GHz, enable auto channel
>>>>>>>>>select ON, transmit rate: auto fallback,
>>>>>>>>> dtim period: 1 rts/cts medium reservation: 2347, enable closed
>>>>>>>>>system: OFF
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>Wireless B: 802.11b only
>>>>>>>>> physical iface 802.11b DSSS 2.4 GHz enable auto channel select
>>>>>>>>>ON,
>>>>>>>>>mcast rate: 2mbit,
>>>>>>>>> dtim period: 1 rts/cts medium reservation: 2347, dist AP: large,
>>>>>>>>>enable closed system: OFF,
>>>>>>>>> enable load balancing: ON, enable medium density distribution: ON
>>>>>>>>>
>>>>>>>>>MAC access control: OFF
>>>>>>>>>
>>>>>>>>>Authentication:
>>>>>>>>> wireless slot A: mode 802.1x, rekeying interval: 900, encr key
>>>>>>>>>lenght: 64bits
>>>>>>>>> wireless slot B: mode 802.1x, rekeying interval: 900, encr key
>>>>>>>>>lenght: 64bits
>>>>>>>>>
>>>>>>>>>Radius auth:
>>>>>>>>> enable radius mac access control: OFF, enable primary
>>>>>>>>>radius: ON,
>>>>>>>>>enable backup radius: OFF,
>>>>>>>>> auth lifetime: 900sec, primary radius server ip, port and
>>>>>>>>>shared
>>>>>>>>>secret set properly, resp time: 3sec,
>>>>>>>>> max retr: 3
>>>>>>>>>
>>>>>>>>>Radius acct:
>>>>>>>>> enable radius accounting: ON, enable primary radius: ON, enable
>>>>>>>>>backup radius: OFF,
>>>>>>>>> primary radius server ip, port and shared secret set properly,
>>>>>>>>>resp time: 3sec,
>>>>>>>>> max retr: 3
>>>>>>>>> DHCP server:
>>>>>>>>> enabled
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>------ radius log recorded ------ (tainted, only last lines,
>>>>>>>>>real ip
>>>>>>>>>of radiator and AP replaced, there are no ERROR lines in log...)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>Packet length = 163
>>>>>>>>>01 0a 00 a3 35 01 00 00 d3 70 00 00 ea 7f 00 00
>>>>>>>>>fc 20 00 00 01 0a 77 69 66 69 74 65 73 74 04 06
>>>>>>>>>d5 c2 c2 5e 1e 13 30 30 2d 32 30 2d 61 36 2d 34
>>>>>>>>>38 2d 65 37 2d 33 66 1f 13 30 30 2d 30 34 2d 32
>>>>>>>>>33 2d 34 38 2d 66 31 2d 66 33 20 13 4f 52 69 4e
>>>>>>>>>4f 43 4f 2d 41 50 2d 32 30 30 30 41 45 0c 06 00
>>>>>>>>>00 05 78 3d 06 00 00 00 13 4f 28 02 0b 00 26 19
>>>>>>>>>00 17 03 01 00 1b 21 3a 80 0e 47 22 d7 62 48 7e
>>>>>>>>>9e 6c 5f 02 a9 68 ba 5f 5d 43 03 a4 20 bb 7d 3c
>>>>>>>>>04 50 12 4d 14 ad 48 15 4e 0b 5a da b5 23 9f ab
>>>>>>>>>a0 b4 b8
>>>>>>>>>Code: Access-Request
>>>>>>>>>Identifier: 10
>>>>>>>>>Authentic: 5<1><0><0><211>p<0><0><234><127><0><0><252> <0><0>
>>>>>>>>>Attributes:
>>>>>>>>> User-Name = "wifitest"
>>>>>>>>> NAS-IP-Address = ORI.NO.CO.IP
>>>>>>>>> Called-Station-Id = "00-20-a6-48-e7-3f"
>>>>>>>>> Calling-Station-Id = "00-04-23-48-f1-f3"
>>>>>>>>> NAS-Identifier = "ORiNOCO-AP-2000AE"
>>>>>>>>> Framed-MTU = 1400
>>>>>>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>>>>>>> EAP-Message =
>>>>>>>>><2><11><0>&<25><0><23><3><1><0><27>!:<128><14>G"<215>bH~<158>l_<2><
>>>>>>>>>169> h< 18 6>_]C<3><164> <187>}<<4>
>>>>>>>>> Message-Authenticator =
>>>>>>>>>M<20><173>H<21>N<11>Z<218><181>#<159><171><160><180><184>
>>>>>>>>>
>>>>>>>>>Tue Aug 19 14:20:36 2003: DEBUG: Handling request with Handler ''
>>>>>>>>>Tue Aug 19 14:20:36 2003: DEBUG: Deleting session for wifitest,
>>>>>>>>>ORI.NO.CO.IP ,
>>>>>>>>>Tue Aug 19 14:20:36 2003: DEBUG: Handling with Radius::AuthFILE:
>>>>>>>>>Tue Aug 19 14:20:36 2003: DEBUG: Handling with EAP: code 2, 11, 38
>>>>>>>>>Tue Aug 19 14:20:36 2003: DEBUG: Response type 25
>>>>>>>>>Tue Aug 19 14:20:36 2003: DEBUG: Access accepted for wifitest
>>>>>>>>>Tue Aug 19 14:20:36 2003: DEBUG: Packet dump:
>>>>>>>>>*** Sending to ORI.NO.CO.IP port 6001 ....
>>>>>>>>>
>>>>>>>>>Packet length = 160
>>>>>>>>>02 0a 00 a0 16 83 b2 81 33 aa 76 f3 c4 8c bd f6
>>>>>>>>>80 76 b9 ea 1a 3a 00 00 01 37 10 34 ed 16 5d 7f
>>>>>>>>>0e 74 a1 73 03 45 9c 75 15 67 22 90 c7 3d b5 b1
>>>>>>>>>71 60 1d ba be d4 29 00 42 83 18 62 b0 2f 61 c6
>>>>>>>>>ca db b1 02 2d f4 76 4e 67 65 2c 98 f2 ea 1a 3a
>>>>>>>>>00 00 01 37 11 34 87 c2 87 6c 05 9a 2e c2 87 c5
>>>>>>>>>39 89 e5 45 73 57 63 e9 02 be 82 f2 21 84 ea 0d
>>>>>>>>>f9 8e cc fd 4d 72 8e d9 4b 72 37 5e 55 e9 f7 65
>>>>>>>>>87 79 8d 45 2d 79 46 99 4f 06 03 0b 00 04 50 12
>>>>>>>>>9d 85 0f 55 3f ea 50 c9 85 db 50 75 01 92 67 ec
>>>>>>>>>Code: Access-Accept
>>>>>>>>>Identifier: 10
>>>>>>>>>Authentic: 5<1><0><0><211>p<0><0><234><127><0><0><252> <0><0>
>>>>>>>>>Attributes:
>>>>>>>>> MS-MPPE-Send-Key =
>>>>>>>>>"<237><22>]<127><14>t<161>s<3>E<156>u<21>g"<144><199>=<181><177>q`<
>>>>>>>>>29>< 18 6>
>>>>>>>>><190><212>)<0>B<131><24>b<176>/a<198><202><219><177><2>-<244>vNge,<
>>>>>>>>>152> < 242> <234>"
>>>>>>>>>
>>>>>>>>> MS-MPPE-Recv-Key =
>>>>>>>>>"<135><194><135>l<5><154>.<194><135><197>9<137><229>EsWc<233><2><19
>>>>>>>>>0><1 30
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>><
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>242>!<132><234><13><249><142><204><253>Mr<142><217>Kr7^U<233><247>e
>>>>>>>>><135
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>y<14 1>E-yF<153>"
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> EAP-Message = <3><11><0><4>
>>>>>>>>> Message-Authenticator =
>>>>>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>>>>
>>>>>>>>>
>>>>>>>log from windows xp 802.1x client:
>>>>>>>
>>>>>>>[5584] 12:58:01:192: PeapReadConnectionData
>>>>>>>[5584] 12:58:01:192: PeapReadUserData
>>>>>>>[5584] 12:58:01:192: RasEapGetInfo
>>>>>>>[5584] 12:58:01:192: PeapReDoUserData
>>>>>>>[5584] 12:58:30:234: PeapReadConnectionData
>>>>>>>[5584] 12:58:30:234: PeapReadUserData
>>>>>>>[5584] 12:58:30:244: RasEapGetInfo
>>>>>>>[5584] 12:58:30:244: PeapReDoUserData
>>>>>>>[5584] 12:58:43:203: EapPeapBegin
>>>>>>>[5584] 12:58:43:203: PeapReadConnectionData
>>>>>>>[5584] 12:58:43:203: PeapReadUserData
>>>>>>>[5584] 12:58:43:203:
>>>>>>>[5584] 12:58:43:203: EapTlsBegin(wifitest)
>>>>>>>[5584] 12:58:43:203: State change to Initial
>>>>>>>[5584] 12:58:43:203: EapTlsBegin: Detected 8021X authentication
>>>>>>>[5584] 12:58:43:203: EapTlsBegin: Detected PEAP authentication
>>>>>>>[5584] 12:58:43:203: MaxTLSMessageLength is now 16384
>>>>>>>[5584] 12:58:43:203: EapPeapBegin done
>>>>>>>[5584] 12:58:43:203: EapPeapMakeMessage
>>>>>>>[5584] 12:58:43:203: EapPeapCMakeMessage
>>>>>>>[5584] 12:58:43:203: PEAP:PEAP_STATE_INITIAL
>>>>>>>[5584] 12:58:43:203: EapTlsCMakeMessage
>>>>>>>[5584] 12:58:43:203: EapTlsReset
>>>>>>>[5584] 12:58:43:203: State change to Initial
>>>>>>>[5584] 12:58:43:203: GetCredentials
>>>>>>>[5584] 12:58:43:203: Flag is Client and Store is Current User
>>>>>>>[5584] 12:58:43:203: GetCachedCredentials
>>>>>>>[5584] 12:58:43:203: PEAP GetCachedCredentials: Using cached
>>>>>>>credentials.
>>>>>>>[5584] 12:58:43:203: MakeReplyMessage
>>>>>>>[5584] 12:58:43:203: SecurityContextFunction
>>>>>>>[5584] 12:58:43:243: InitializeSecurityContext returned 0x90312
>>>>>>>[5584] 12:58:43:243: State change to SentHello
>>>>>>>[5584] 12:58:43:243: BuildPacket
>>>>>>>[5584] 12:58:43:243: << Sending Response (Code: 2) packet: Id: 4,
>>>>>>>Length: 80, Type: 13, TLS blob length: 70. Flags: L
>>>>>>>[5584] 12:58:43:243: EapPeapCMakeMessage done
>>>>>>>[5584] 12:58:43:243: EapPeapMakeMessage done
>>>>>>>[5584] 12:58:43:263: EapPeapMakeMessage
>>>>>>>[5584] 12:58:43:263: EapPeapCMakeMessage
>>>>>>>[5584] 12:58:43:263: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>[5584] 12:58:43:263: EapTlsCMakeMessage
>>>>>>>[5584] 12:58:43:263: MakeReplyMessage
>>>>>>>[5584] 12:58:43:263: Reallocating input TLS blob buffer
>>>>>>>[5584] 12:58:43:263: BuildPacket
>>>>>>>[5584] 12:58:43:263: << Sending Response (Code: 2) packet: Id: 5,
>>>>>>>Length: 6, Type: 13, TLS blob length: 0. Flags:
>>>>>>>[5584] 12:58:43:263: EapPeapCMakeMessage done
>>>>>>>[5584] 12:58:43:263: EapPeapMakeMessage done
>>>>>>>[5584] 12:58:43:323: EapPeapMakeMessage
>>>>>>>[5584] 12:58:43:323: EapPeapCMakeMessage
>>>>>>>[5584] 12:58:43:323: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>[5584] 12:58:43:323: EapTlsCMakeMessage
>>>>>>>[5584] 12:58:43:323: MakeReplyMessage
>>>>>>>[5584] 12:58:43:323: BuildPacket
>>>>>>>[5584] 12:58:43:323: << Sending Response (Code: 2) packet: Id: 6,
>>>>>>>Length: 6, Type: 13, TLS blob length: 0. Flags:
>>>>>>>[5584] 12:58:43:323: EapPeapCMakeMessage done
>>>>>>>[5584] 12:58:43:323: EapPeapMakeMessage done
>>>>>>>[5584] 12:58:43:333: EapPeapMakeMessage
>>>>>>>[5584] 12:58:43:333: EapPeapCMakeMessage
>>>>>>>[5584] 12:58:43:333: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>[5584] 12:58:43:333: EapTlsCMakeMessage
>>>>>>>[5584] 12:58:43:333: MakeReplyMessage
>>>>>>>[5584] 12:58:43:333: SecurityContextFunction
>>>>>>>[5584] 12:58:43:393: InitializeSecurityContext returned 0x90312
>>>>>>>[5584] 12:58:43:393: State change to SentFinished
>>>>>>>[5584] 12:58:43:393: BuildPacket
>>>>>>>[5584] 12:58:43:393: << Sending Response (Code: 2) packet: Id: 7,
>>>>>>>Length: 199, Type: 13, TLS blob length: 189. Flags: L
>>>>>>>[5584] 12:58:43:393: EapPeapCMakeMessage done
>>>>>>>[5584] 12:58:43:393: EapPeapMakeMessage done
>>>>>>>[5584] 12:58:43:413: EapPeapMakeMessage
>>>>>>>[5584] 12:58:43:413: EapPeapCMakeMessage
>>>>>>>[5584] 12:58:43:413: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>[5584] 12:58:43:413: EapTlsCMakeMessage
>>>>>>>[5584] 12:58:43:413: MakeReplyMessage
>>>>>>>[5584] 12:58:43:413: SecurityContextFunction
>>>>>>>[5584] 12:58:43:413: InitializeSecurityContext returned 0x0
>>>>>>>[5584] 12:58:43:413: AuthenticateServer
>>>>>>>[5584] 12:58:43:413: CreateMPPEKeyAttributes
>>>>>>>[5584] 12:58:43:413: State change to RecdFinished
>>>>>>>[5584] 12:58:43:413: BuildPacket
>>>>>>>[5584] 12:58:43:413: << Sending Response (Code: 2) packet: Id: 8,
>>>>>>>Length: 6, Type: 13, TLS blob length: 0. Flags:
>>>>>>>[5584] 12:58:43:413: EapPeapCMakeMessage done
>>>>>>>[5584] 12:58:43:413: EapPeapMakeMessage done
>>>>>>>[5584] 12:58:43:423: EapPeapMakeMessage
>>>>>>>[5584] 12:58:43:423: EapPeapCMakeMessage
>>>>>>>[5584] 12:58:43:423: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>[5584] 12:58:43:423: EapTlsCMakeMessage
>>>>>>>[5584] 12:58:43:423: Negotiation successful
>>>>>>>[5584] 12:58:43:423: PeapGetTunnelProperties
>>>>>>>[5584] 12:58:43:423: Successfully negotiated TLS with following
>>>>>>>parametersdwProtocol = 0x80, Cipher= 0x6801,
>>>>>>>CipherStrength=0x80,Hash=0x8003 [5584] 12:58:43:423:
>>>>>>>PeapGetTunnelProperties done
>>>>>>>[5584] 12:58:43:423: PeapClientDecryptTunnelData
>>>>>>>[5584] 12:58:43:423: IsDuplicatePacket
>>>>>>>[5584] 12:58:43:423: PeapDecryptTunnelData dwSizeofData = 0x16,
>>>>>>>pData =
>>>>>>>0x4261ff4
>>>>>>>[5584] 12:58:43:423: PeapDecryptTunnelData completed with status 0x0
>>>>>>>[5584] 12:58:43:423: PeapEncryptTunnelData
>>>>>>>[5584] 12:58:43:423: PeapEncryptTunnelData completed with status 0x0
>>>>>>>[5584] 12:58:43:423: EapPeapCMakeMessage done
>>>>>>>[5584] 12:58:43:423: EapPeapMakeMessage done
>>>>>>>[5584] 12:58:43:483: EapPeapMakeMessage
>>>>>>>[5584] 12:58:43:483: EapPeapCMakeMessage
>>>>>>>[5584] 12:58:43:483: PEAP:PEAP_STATE_IDENTITY_RESPONSE_SENT
>>>>>>>[5584] 12:58:43:483: PeapClientDecryptTunnelData
>>>>>>>[5584] 12:58:43:483: IsDuplicatePacket
>>>>>>>[5584] 12:58:43:483: PeapDecryptTunnelData dwSizeofData = 0x38,
>>>>>>>pData =
>>>>>>>0x4261ff4
>>>>>>>[5584] 12:58:43:483: PeapDecryptTunnelData completed with status 0x0
>>>>>>>[5584] 12:58:43:483: PeapEncryptTunnelData
>>>>>>>[5584] 12:58:43:483: PeapEncryptTunnelData completed with status 0x0
>>>>>>>[5584] 12:58:43:483: EapPeapCMakeMessage done
>>>>>>>[5584] 12:58:43:483: EapPeapMakeMessage done
>>>>>>>[5584] 12:58:43:503: EapPeapMakeMessage
>>>>>>>[5584] 12:58:43:503: EapPeapCMakeMessage
>>>>>>>[5584] 12:58:43:503: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
>>>>>>>[5584] 12:58:43:503: PeapClientDecryptTunnelData
>>>>>>>[5584] 12:58:43:503: IsDuplicatePacket
>>>>>>>[5584] 12:58:43:503: PeapDecryptTunnelData dwSizeofData = 0x4e,
>>>>>>>pData =
>>>>>>>0x4261ff4
>>>>>>>[5584] 12:58:43:503: PeapDecryptTunnelData completed with status 0x0
>>>>>>>[5584] 12:58:43:503: PeapEncryptTunnelData
>>>>>>>[5584] 12:58:43:503: PeapEncryptTunnelData completed with status 0x0
>>>>>>>[5584] 12:58:43:503: EapPeapCMakeMessage done
>>>>>>>[5584] 12:58:43:503: EapPeapMakeMessage done
>>>>>>>[5584] 12:58:43:513: EapPeapMakeMessage
>>>>>>>[5584] 12:58:43:513: EapPeapCMakeMessage
>>>>>>>[5584] 12:58:43:513: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
>>>>>>>[5584] 12:58:43:513: PeapClientDecryptTunnelData
>>>>>>>[5584] 12:58:43:513: IsDuplicatePacket
>>>>>>>[5584] 12:58:43:513: PeapDecryptTunnelData dwSizeofData = 0x20,
>>>>>>>pData =
>>>>>>>0x4261ff4
>>>>>>>[5584] 12:58:43:513: PeapDecryptTunnelData completed with status 0x0
>>>>>>>[5584] 12:58:43:513: GetPEAPTLVStatusMessageValue
>>>>>>>[5584] 12:58:43:523: CreatePEAPTLVStatusMessage
>>>>>>>[5584] 12:58:43:523: PeapEncryptTunnelData
>>>>>>>[5584] 12:58:43:523: PeapEncryptTunnelData completed with status 0x0
>>>>>>>[5584] 12:58:43:523: EapPeapCMakeMessage done
>>>>>>>[5584] 12:58:43:523: EapPeapMakeMessage done
>>>>>>>[5584] 12:58:43:533: EapPeapMakeMessage
>>>>>>>[5584] 12:58:43:533: EapPeapCMakeMessage
>>>>>>>[5584] 12:58:43:533: PEAP:PEAP_STATE_PEAP_SUCCESS_SEND
>>>>>>>[5584] 12:58:43:533: We got a EAP_failure after we got a
>>>>>>>PEAP_SUCCESS.
>>>>>>>Failing auth.
>>>>>>>[5584] 12:58:43:533: EapPeapCMakeMessage done
>>>>>>>[5584] 12:58:43:533: EapPeapMakeMessage done
>>>>>>>[5584] 12:59:43:349: EapPeapEnd
>>>>>>>[5584] 12:59
>>>>>>>
>>>>>>>
>>>>>===
>>>>>Archive at http://www.open.com.au/archives/radiator/
>>>>>Announcements on radiator-announce at open.com.au
>>>>>To unsubscribe, email 'majordomo at open.com.au' with
>>>>>'unsubscribe radiator' in the body of the message.
>>>>>
>>>>>
>>>===
>>>Archive at http://www.open.com.au/archives/radiator/
>>>Announcements on radiator-announce at open.com.au
>>>To unsubscribe, email 'majordomo at open.com.au' with
>>>'unsubscribe radiator' in the body of the message.
>>>
>>>
>
>
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bret Jordan Dean's Office
Computer Administrator College of Engineering
801.585.3765 University of Utah
jordan at coe.utah.edu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list