(RADIATOR) Re: cant connect Win XP to Orinoco AP-2000 via 802.1x (continue)
Pavel Paprok
ppaprok at applet.cz
Thu Sep 11 03:09:44 CDT 2003
Hmm maybe is problem in too new firmware in my units.
I tell Proxim technicians let they try also test latest firmware 2.3.1
on their
office when 2.2.2 have a working, I dont want to spend time by
trying old Proxim firmware, latest firmware should always work best,
its not my problem, I will wait for their response if problem is in firmware
ocassionaly.
P.
Bret Jordan wrote:
> We have Proxim AP2000s working with PEAP in a limited area. It does
> work with Radiator, it just a pain.
>
> Bret
>
> Mike McCauley wrote:
>
>> Helo Pavel,
>>
>>
>> On Mon, 8 Sep 2003 09:50 pm, Pavel Paprok wrote:
>>
>>
>>> Today I got answer from technicians from Proxim, they are using
>>> in own office AP-2000 fw v.2.2.2 and 2.1.3 with EAP-PEAP without
>>> problems.
>>> But are not using Radiator radius because "is not RFC 2285/2866
>>> compliant".
>>>
>>
>>
>> 2285 is 'Benchmarking Terminology for LAN Switching Devices'
>> not compliant :-)
>>
>> Prob you mean 2865 and 2866.
>> Its compliant.
>>
>> Have you tested against an AP that is configured correctly and known
>> to work? I still think there may be a configuration problem with the
>> AP you tested with.
>>
>>
>>
>>> Has a Radiator some RFC compliance problem? And can it be a cause?
>>>
>>
>> No.
>>
>> Cheers.
>>
>>
>>
>>> P.
>>>
>>> Pavel Paprok wrote:
>>>
>>>
>>>> Mike McCauley wrote:
>>>>
>>>>
>>>>> Hello Pavel,
>>>>>
>>>>> On Sat, 23 Aug 2003 01:01 am, Pavel Paprok wrote:
>>>>>
>>>>>
>>>>>> Mike McCauley wrote:
>>>>>>
>>>>>>
>>>>>>> Hello Pavel,
>>>>>>>
>>>>>>> On Thu, 21 Aug 2003 10:40 pm, Pavel Paprok wrote:
>>>>>>>
>>>>>>>
>>>>>>>> Mike McCauley wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Wed, 20 Aug 2003 08:42 pm, Pavel Paprok wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Hallo,
>>>>>>>>>>
>>>>>>>>>> I am trying to get work wifi access point Orinoco/Proxim AP-2000
>>>>>>>>>> with
>>>>>>>>>> 802.1x EAP/PEAP user auth by Radiator:
>>>>>>>>>> - Radiator 3.6 eval version RPM on RedHat 9, configured for
>>>>>>>>>> EAP/PEAP
>>>>>>>>>> with demo certificates.
>>>>>>>>>> - Orinoco/Proxim AP-2000 (latest firmware 2.1.3)
>>>>>>>>>> - Test client is notebook Dell with Win XP (all patches
>>>>>>>>>> applied),
>>>>>>>>>> wireless card Orinoco Silver
>>>>>>>>>> and/or builtin Intel Pro/WirelessLAN 2100 3A
>>>>>>>>>>
>>>>>>>>>> After all known install and config issues I meet (described
>>>>>>>>>> in FAQ,
>>>>>>>>>> archive and UtahGeeks) I moved to status where
>>>>>>>>>> user is authenticated OK and radius send "Access-Accept". But
>>>>>>>>>> its last
>>>>>>>>>> info from radius log, no real connection follows, no accounting
>>>>>>>>>> on log.
>>>>>>>>>> Especially basic UtahGeeks config of Access point is pretty
>>>>>>>>>> closed to
>>>>>>>>>> our config, but unfortunatelly there are not published Radiator
>>>>>>>>>> configuration so here maybe I have a problem. Or problem is in
>>>>>>>>>> using
>>>>>>>>>> different wifi client? Please help me somebody where is a
>>>>>>>>>> problem?
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> That sounds a lot like the client is not configured to expect a
>>>>>>>>> dynamic
>>>>>>>>> WEP key, but your Radiator is configured to send themto the AP.
>>>>>>>>>
>>>>>>>>> Check the 'WEP key will be provided for me' option in your client
>>>>>>>>> configuration.
>>>>>>>>>
>>>>>>>>
>>>>>>>> of course, as I have written below in Windows XP client config:
>>>>>>>>
>>>>>>>> "- Key is provided for me automatically ON"
>>>>>>>> yesterday i also turn on eap tracing in WinXP, see log below,
>>>>>>>> interesting
>>>>>>>> is last line:
>>>>>>>>
>>>>>>>> "We got a EAP_failure after we got a PEAP_SUCCESS. Failing auth."
>>>>>>>>
>>>>>>>> ...i dont know what it means.
>>>>>>>>
>>>>>>>
>>>>>>> That is very curious, since the last thing sent by Radiator is
>>>>>>> clearly an EAP Success.
>>>>>>> Perhaps the EAP Failure is being sent by the AP?
>>>>>>>
>>>>>>> I wonder if your AP needs some configuration so that it will
>>>>>>> support
>>>>>>> dynamic WEP?
>>>>>>>
>>>>>>> Cheers.
>>>>>>>
>>>>>>
>>>>>> I just try to use AP Signamax 22Mbps in 802.1x with same radiator
>>>>>> and
>>>>>> windows xp client configuration
>>>>>> and client connected ok! So there should be no general
>>>>>> problem with
>>>>>> client and radius configuration,
>>>>>> problem is likely in Avaya or its configuration. Or in EAP
>>>>>> compatibility
>>>>>> of Avaya?
>>>>>>
>>>>>
>>>>> Sounds like the problem is there.
>>>>> We found when we tested the Orinoco AP-2000 here that you had to
>>>>> have the _latest_ firmware installed else it would not work properly.
>>>>> see the Radiator FAQ for more details.
>>>>> http://www.open.com.au/radiator/faq.html
>>>>>
>>>>>
>>>>>
>>>>>> I noted that I must set a "IgnoreAcctSignature" option to "yes" for
>>>>>> Avaya or I get "Bad EAP Message-Authenticator" warnings in log
>>>>>> and auth
>>>>>> failed. Signamax works ok both with or without this option ....maybe
>>>>>> there is a start of problems?
>>>>>>
>>>>>
>>>>> Sounds like there is a shared secret problem between Radiator and the
>>>>> Avaya?
>>>>>
>>>>
>>>> I thing that in this case should not accepted any
>>>> radius packet from other side for processing and there
>>>> should be no communication and request/reply exchange
>>>> at all. Or is it not true?
>>>>
>>>> P.
>>>>
>>>>
>>>>
>>>>>> Are there some AddToReply which I would try to add to reply for
>>>>>> Avaya?
>>>>>> Have Avaya AP-2000 working with 802.1x somebody to help me with
>>>>>> configuratio? Article in FAQ
>>>>>> about it does not help me, I dont know where is mistake so exact AP
>>>>>> configure dump of real working device welcomed.
>>>>>>
>>>>>
>>>>> Cheers.
>>>>>
>>>>>
>>>>>
>>>>>> Pavel
>>>>>>
>>>>>>
>>>>>>
>>>>>>>> Pavel
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Cheers.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> My configuration:
>>>>>>>>>>
>>>>>>>>>> ------ users ------
>>>>>>>>>> wifitest User-Password=wifi
>>>>>>>>>> Session-Timeout=60
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ------ radius.cfg ------
>>>>>>>>>> AuthPort 1812
>>>>>>>>>> AcctPort 1813
>>>>>>>>>>
>>>>>>>>>> LogStdout
>>>>>>>>>> LogDir /var/log/radius
>>>>>>>>>> DbDir /etc/radiator
>>>>>>>>>>
>>>>>>>>>> Trace 5
>>>>>>>>>>
>>>>>>>>>> <Client XXX.XXX.XXX.XXX>
>>>>>>>>>> Secret XXXXX
>>>>>>>>>> Identifier wifi-testnet
>>>>>>>>>> IgnoreAcctSignature yes
>>>>>>>>>> </Client>
>>>>>>>>>> # now core config from eap_peap.cfg example:
>>>>>>>>>>
>>>>>>>>>> <Handler TunnelledByPEAP=1>
>>>>>>>>>> AcctLogFileName %L/detail
>>>>>>>>>> <AuthBy FILE>
>>>>>>>>>> Filename %D/users
>>>>>>>>>> EAPType MSCHAP-V2
>>>>>>>>>> </AuthBy>
>>>>>>>>>> </Handler>
>>>>>>>>>> <Handler>
>>>>>>>>>> <AuthBy FILE>
>>>>>>>>>> Filename %D/users
>>>>>>>>>> EAPType PEAP
>>>>>>>>>> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>>>>>>>>>>
>>>>>>>>>> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>>>>>>>>>> EAPTLS_CertificateType PEM
>>>>>>>>>>
>>>>>>>>>> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>>>>>>>>>> EAPTLS_PrivateKeyPassword whatever
>>>>>>>>>>
>>>>>>>>>> EAPTLS_MaxFragmentSize 1024
>>>>>>>>>>
>>>>>>>>>> AutoMPPEKeys
>>>>>>>>>> # i did try also
>>>>>>>>>> #AddToReply MS-MPPE-Encryption-Policy =
>>>>>>>>>> Encryption-Allowed,\
>>>>>>>>>> # MS-MPPE-Encryption-Types =
>>>>>>>>>> Encryption-Any SSLeayTrace 4
>>>>>>>>>>
>>>>>>>>>> </AuthBy>
>>>>>>>>>> </Handler>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ------ WinXP client configuration ------
>>>>>>>>>>
>>>>>>>>>> - Data encryption (WEP enabled) ON
>>>>>>>>>> - Network Authentication (Shared mode) OFF
>>>>>>>>>> - Key is provided for me automatically ON
>>>>>>>>>> - Adhoc network OFF
>>>>>>>>>> - Enable 802.1x auth ON
>>>>>>>>>> - EAP type: PEAP
>>>>>>>>>> -Authenticate as computer OFF
>>>>>>>>>> - Authenticate as guest OFF
>>>>>>>>>> - Validate server certificate OFF
>>>>>>>>>> - Authentication method: EAP-MSCHAP v2 (automatically use
>>>>>>>>>> Windows logon
>>>>>>>>>> name OFF)
>>>>>>>>>> - Enable fast reconnect OFF
>>>>>>>>>>
>>>>>>>>>> ----- something from Orinoco-2000 config -----
>>>>>>>>>>
>>>>>>>>>> Operational Mode
>>>>>>>>>> Wireless A: 802.11bg
>>>>>>>>>> physical iface 802.11g OFDM / DSSS 2.4 GHz, enable auto channel
>>>>>>>>>> select ON, transmit rate: auto fallback,
>>>>>>>>>> dtim period: 1 rts/cts medium reservation: 2347, enable closed
>>>>>>>>>> system: OFF
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Wireless B: 802.11b only
>>>>>>>>>> physical iface 802.11b DSSS 2.4 GHz enable auto channel select
>>>>>>>>>> ON,
>>>>>>>>>> mcast rate: 2mbit,
>>>>>>>>>> dtim period: 1 rts/cts medium reservation: 2347, dist AP:
>>>>>>>>>> large,
>>>>>>>>>> enable closed system: OFF,
>>>>>>>>>> enable load balancing: ON, enable medium density
>>>>>>>>>> distribution: ON
>>>>>>>>>>
>>>>>>>>>> MAC access control: OFF
>>>>>>>>>>
>>>>>>>>>> Authentication:
>>>>>>>>>> wireless slot A: mode 802.1x, rekeying interval: 900, encr key
>>>>>>>>>> lenght: 64bits
>>>>>>>>>> wireless slot B: mode 802.1x, rekeying interval: 900, encr key
>>>>>>>>>> lenght: 64bits
>>>>>>>>>>
>>>>>>>>>> Radius auth:
>>>>>>>>>> enable radius mac access control: OFF, enable primary
>>>>>>>>>> radius: ON,
>>>>>>>>>> enable backup radius: OFF,
>>>>>>>>>> auth lifetime: 900sec, primary radius server ip, port and
>>>>>>>>>> shared
>>>>>>>>>> secret set properly, resp time: 3sec,
>>>>>>>>>> max retr: 3
>>>>>>>>>>
>>>>>>>>>> Radius acct:
>>>>>>>>>> enable radius accounting: ON, enable primary radius: ON,
>>>>>>>>>> enable
>>>>>>>>>> backup radius: OFF,
>>>>>>>>>> primary radius server ip, port and shared secret set
>>>>>>>>>> properly,
>>>>>>>>>> resp time: 3sec,
>>>>>>>>>> max retr: 3
>>>>>>>>>> DHCP server:
>>>>>>>>>> enabled
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ------ radius log recorded ------ (tainted, only last lines,
>>>>>>>>>> real ip
>>>>>>>>>> of radiator and AP replaced, there are no ERROR lines in log...)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Packet length = 163
>>>>>>>>>> 01 0a 00 a3 35 01 00 00 d3 70 00 00 ea 7f 00 00
>>>>>>>>>> fc 20 00 00 01 0a 77 69 66 69 74 65 73 74 04 06
>>>>>>>>>> d5 c2 c2 5e 1e 13 30 30 2d 32 30 2d 61 36 2d 34
>>>>>>>>>> 38 2d 65 37 2d 33 66 1f 13 30 30 2d 30 34 2d 32
>>>>>>>>>> 33 2d 34 38 2d 66 31 2d 66 33 20 13 4f 52 69 4e
>>>>>>>>>> 4f 43 4f 2d 41 50 2d 32 30 30 30 41 45 0c 06 00
>>>>>>>>>> 00 05 78 3d 06 00 00 00 13 4f 28 02 0b 00 26 19
>>>>>>>>>> 00 17 03 01 00 1b 21 3a 80 0e 47 22 d7 62 48 7e
>>>>>>>>>> 9e 6c 5f 02 a9 68 ba 5f 5d 43 03 a4 20 bb 7d 3c
>>>>>>>>>> 04 50 12 4d 14 ad 48 15 4e 0b 5a da b5 23 9f ab
>>>>>>>>>> a0 b4 b8
>>>>>>>>>> Code: Access-Request
>>>>>>>>>> Identifier: 10
>>>>>>>>>> Authentic: 5<1><0><0><211>p<0><0><234><127><0><0><252> <0><0>
>>>>>>>>>> Attributes:
>>>>>>>>>> User-Name = "wifitest"
>>>>>>>>>> NAS-IP-Address = ORI.NO.CO.IP
>>>>>>>>>> Called-Station-Id = "00-20-a6-48-e7-3f"
>>>>>>>>>> Calling-Station-Id = "00-04-23-48-f1-f3"
>>>>>>>>>> NAS-Identifier = "ORiNOCO-AP-2000AE"
>>>>>>>>>> Framed-MTU = 1400
>>>>>>>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>>>>>>>> EAP-Message =
>>>>>>>>>> <2><11><0>&<25><0><23><3><1><0><27>!:<128><14>G"<215>bH~<158>l_<2><
>>>>>>>>>> 169> h< 18 6>_]C<3><164> <187>}<<4>
>>>>>>>>>> Message-Authenticator =
>>>>>>>>>> M<20><173>H<21>N<11>Z<218><181>#<159><171><160><180><184>
>>>>>>>>>>
>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Handling request with
>>>>>>>>>> Handler ''
>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Deleting session for wifitest,
>>>>>>>>>> ORI.NO.CO.IP ,
>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Handling with Radius::AuthFILE:
>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Handling with EAP: code 2,
>>>>>>>>>> 11, 38
>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Response type 25
>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Access accepted for wifitest
>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Packet dump:
>>>>>>>>>> *** Sending to ORI.NO.CO.IP port 6001 ....
>>>>>>>>>>
>>>>>>>>>> Packet length = 160
>>>>>>>>>> 02 0a 00 a0 16 83 b2 81 33 aa 76 f3 c4 8c bd f6
>>>>>>>>>> 80 76 b9 ea 1a 3a 00 00 01 37 10 34 ed 16 5d 7f
>>>>>>>>>> 0e 74 a1 73 03 45 9c 75 15 67 22 90 c7 3d b5 b1
>>>>>>>>>> 71 60 1d ba be d4 29 00 42 83 18 62 b0 2f 61 c6
>>>>>>>>>> ca db b1 02 2d f4 76 4e 67 65 2c 98 f2 ea 1a 3a
>>>>>>>>>> 00 00 01 37 11 34 87 c2 87 6c 05 9a 2e c2 87 c5
>>>>>>>>>> 39 89 e5 45 73 57 63 e9 02 be 82 f2 21 84 ea 0d
>>>>>>>>>> f9 8e cc fd 4d 72 8e d9 4b 72 37 5e 55 e9 f7 65
>>>>>>>>>> 87 79 8d 45 2d 79 46 99 4f 06 03 0b 00 04 50 12
>>>>>>>>>> 9d 85 0f 55 3f ea 50 c9 85 db 50 75 01 92 67 ec
>>>>>>>>>> Code: Access-Accept
>>>>>>>>>> Identifier: 10
>>>>>>>>>> Authentic: 5<1><0><0><211>p<0><0><234><127><0><0><252> <0><0>
>>>>>>>>>> Attributes:
>>>>>>>>>> MS-MPPE-Send-Key =
>>>>>>>>>> "<237><22>]<127><14>t<161>s<3>E<156>u<21>g"<144><199>=<181><177>q`<
>>>>>>>>>> 29>< 18 6>
>>>>>>>>>> <190><212>)<0>B<131><24>b<176>/a<198><202><219><177><2>-<244>vNge,<
>>>>>>>>>> 152> < 242> <234>"
>>>>>>>>>>
>>>>>>>>>> MS-MPPE-Recv-Key =
>>>>>>>>>> "<135><194><135>l<5><154>.<194><135><197>9<137><229>EsWc<233><2><19
>>>>>>>>>> 0><1 30
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> <
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 242>!<132><234><13><249><142><204><253>Mr<142><217>Kr7^U<233><247>e
>>>>>>>>>> <135
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> y<14 1>E-yF<153>"
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> EAP-Message = <3><11><0><4>
>>>>>>>>>> Message-Authenticator =
>>>>>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>> log from windows xp 802.1x client:
>>>>>>>>
>>>>>>>> [5584] 12:58:01:192: PeapReadConnectionData
>>>>>>>> [5584] 12:58:01:192: PeapReadUserData
>>>>>>>> [5584] 12:58:01:192: RasEapGetInfo
>>>>>>>> [5584] 12:58:01:192: PeapReDoUserData
>>>>>>>> [5584] 12:58:30:234: PeapReadConnectionData
>>>>>>>> [5584] 12:58:30:234: PeapReadUserData
>>>>>>>> [5584] 12:58:30:244: RasEapGetInfo
>>>>>>>> [5584] 12:58:30:244: PeapReDoUserData
>>>>>>>> [5584] 12:58:43:203: EapPeapBegin
>>>>>>>> [5584] 12:58:43:203: PeapReadConnectionData
>>>>>>>> [5584] 12:58:43:203: PeapReadUserData
>>>>>>>> [5584] 12:58:43:203:
>>>>>>>> [5584] 12:58:43:203: EapTlsBegin(wifitest)
>>>>>>>> [5584] 12:58:43:203: State change to Initial
>>>>>>>> [5584] 12:58:43:203: EapTlsBegin: Detected 8021X authentication
>>>>>>>> [5584] 12:58:43:203: EapTlsBegin: Detected PEAP authentication
>>>>>>>> [5584] 12:58:43:203: MaxTLSMessageLength is now 16384
>>>>>>>> [5584] 12:58:43:203: EapPeapBegin done
>>>>>>>> [5584] 12:58:43:203: EapPeapMakeMessage
>>>>>>>> [5584] 12:58:43:203: EapPeapCMakeMessage
>>>>>>>> [5584] 12:58:43:203: PEAP:PEAP_STATE_INITIAL
>>>>>>>> [5584] 12:58:43:203: EapTlsCMakeMessage
>>>>>>>> [5584] 12:58:43:203: EapTlsReset
>>>>>>>> [5584] 12:58:43:203: State change to Initial
>>>>>>>> [5584] 12:58:43:203: GetCredentials
>>>>>>>> [5584] 12:58:43:203: Flag is Client and Store is Current User
>>>>>>>> [5584] 12:58:43:203: GetCachedCredentials
>>>>>>>> [5584] 12:58:43:203: PEAP GetCachedCredentials: Using cached
>>>>>>>> credentials.
>>>>>>>> [5584] 12:58:43:203: MakeReplyMessage
>>>>>>>> [5584] 12:58:43:203: SecurityContextFunction
>>>>>>>> [5584] 12:58:43:243: InitializeSecurityContext returned 0x90312
>>>>>>>> [5584] 12:58:43:243: State change to SentHello
>>>>>>>> [5584] 12:58:43:243: BuildPacket
>>>>>>>> [5584] 12:58:43:243: << Sending Response (Code: 2) packet: Id: 4,
>>>>>>>> Length: 80, Type: 13, TLS blob length: 70. Flags: L
>>>>>>>> [5584] 12:58:43:243: EapPeapCMakeMessage done
>>>>>>>> [5584] 12:58:43:243: EapPeapMakeMessage done
>>>>>>>> [5584] 12:58:43:263: EapPeapMakeMessage
>>>>>>>> [5584] 12:58:43:263: EapPeapCMakeMessage
>>>>>>>> [5584] 12:58:43:263: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>> [5584] 12:58:43:263: EapTlsCMakeMessage
>>>>>>>> [5584] 12:58:43:263: MakeReplyMessage
>>>>>>>> [5584] 12:58:43:263: Reallocating input TLS blob buffer
>>>>>>>> [5584] 12:58:43:263: BuildPacket
>>>>>>>> [5584] 12:58:43:263: << Sending Response (Code: 2) packet: Id: 5,
>>>>>>>> Length: 6, Type: 13, TLS blob length: 0. Flags:
>>>>>>>> [5584] 12:58:43:263: EapPeapCMakeMessage done
>>>>>>>> [5584] 12:58:43:263: EapPeapMakeMessage done
>>>>>>>> [5584] 12:58:43:323: EapPeapMakeMessage
>>>>>>>> [5584] 12:58:43:323: EapPeapCMakeMessage
>>>>>>>> [5584] 12:58:43:323: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>> [5584] 12:58:43:323: EapTlsCMakeMessage
>>>>>>>> [5584] 12:58:43:323: MakeReplyMessage
>>>>>>>> [5584] 12:58:43:323: BuildPacket
>>>>>>>> [5584] 12:58:43:323: << Sending Response (Code: 2) packet: Id: 6,
>>>>>>>> Length: 6, Type: 13, TLS blob length: 0. Flags:
>>>>>>>> [5584] 12:58:43:323: EapPeapCMakeMessage done
>>>>>>>> [5584] 12:58:43:323: EapPeapMakeMessage done
>>>>>>>> [5584] 12:58:43:333: EapPeapMakeMessage
>>>>>>>> [5584] 12:58:43:333: EapPeapCMakeMessage
>>>>>>>> [5584] 12:58:43:333: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>> [5584] 12:58:43:333: EapTlsCMakeMessage
>>>>>>>> [5584] 12:58:43:333: MakeReplyMessage
>>>>>>>> [5584] 12:58:43:333: SecurityContextFunction
>>>>>>>> [5584] 12:58:43:393: InitializeSecurityContext returned 0x90312
>>>>>>>> [5584] 12:58:43:393: State change to SentFinished
>>>>>>>> [5584] 12:58:43:393: BuildPacket
>>>>>>>> [5584] 12:58:43:393: << Sending Response (Code: 2) packet: Id: 7,
>>>>>>>> Length: 199, Type: 13, TLS blob length: 189. Flags: L
>>>>>>>> [5584] 12:58:43:393: EapPeapCMakeMessage done
>>>>>>>> [5584] 12:58:43:393: EapPeapMakeMessage done
>>>>>>>> [5584] 12:58:43:413: EapPeapMakeMessage
>>>>>>>> [5584] 12:58:43:413: EapPeapCMakeMessage
>>>>>>>> [5584] 12:58:43:413: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>> [5584] 12:58:43:413: EapTlsCMakeMessage
>>>>>>>> [5584] 12:58:43:413: MakeReplyMessage
>>>>>>>> [5584] 12:58:43:413: SecurityContextFunction
>>>>>>>> [5584] 12:58:43:413: InitializeSecurityContext returned 0x0
>>>>>>>> [5584] 12:58:43:413: AuthenticateServer
>>>>>>>> [5584] 12:58:43:413: CreateMPPEKeyAttributes
>>>>>>>> [5584] 12:58:43:413: State change to RecdFinished
>>>>>>>> [5584] 12:58:43:413: BuildPacket
>>>>>>>> [5584] 12:58:43:413: << Sending Response (Code: 2) packet: Id: 8,
>>>>>>>> Length: 6, Type: 13, TLS blob length: 0. Flags:
>>>>>>>> [5584] 12:58:43:413: EapPeapCMakeMessage done
>>>>>>>> [5584] 12:58:43:413: EapPeapMakeMessage done
>>>>>>>> [5584] 12:58:43:423: EapPeapMakeMessage
>>>>>>>> [5584] 12:58:43:423: EapPeapCMakeMessage
>>>>>>>> [5584] 12:58:43:423: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>> [5584] 12:58:43:423: EapTlsCMakeMessage
>>>>>>>> [5584] 12:58:43:423: Negotiation successful
>>>>>>>> [5584] 12:58:43:423: PeapGetTunnelProperties
>>>>>>>> [5584] 12:58:43:423: Successfully negotiated TLS with following
>>>>>>>> parametersdwProtocol = 0x80, Cipher= 0x6801,
>>>>>>>> CipherStrength=0x80,Hash=0x8003 [5584] 12:58:43:423:
>>>>>>>> PeapGetTunnelProperties done
>>>>>>>> [5584] 12:58:43:423: PeapClientDecryptTunnelData
>>>>>>>> [5584] 12:58:43:423: IsDuplicatePacket
>>>>>>>> [5584] 12:58:43:423: PeapDecryptTunnelData dwSizeofData = 0x16,
>>>>>>>> pData =
>>>>>>>> 0x4261ff4
>>>>>>>> [5584] 12:58:43:423: PeapDecryptTunnelData completed with
>>>>>>>> status 0x0
>>>>>>>> [5584] 12:58:43:423: PeapEncryptTunnelData
>>>>>>>> [5584] 12:58:43:423: PeapEncryptTunnelData completed with
>>>>>>>> status 0x0
>>>>>>>> [5584] 12:58:43:423: EapPeapCMakeMessage done
>>>>>>>> [5584] 12:58:43:423: EapPeapMakeMessage done
>>>>>>>> [5584] 12:58:43:483: EapPeapMakeMessage
>>>>>>>> [5584] 12:58:43:483: EapPeapCMakeMessage
>>>>>>>> [5584] 12:58:43:483: PEAP:PEAP_STATE_IDENTITY_RESPONSE_SENT
>>>>>>>> [5584] 12:58:43:483: PeapClientDecryptTunnelData
>>>>>>>> [5584] 12:58:43:483: IsDuplicatePacket
>>>>>>>> [5584] 12:58:43:483: PeapDecryptTunnelData dwSizeofData = 0x38,
>>>>>>>> pData =
>>>>>>>> 0x4261ff4
>>>>>>>> [5584] 12:58:43:483: PeapDecryptTunnelData completed with
>>>>>>>> status 0x0
>>>>>>>> [5584] 12:58:43:483: PeapEncryptTunnelData
>>>>>>>> [5584] 12:58:43:483: PeapEncryptTunnelData completed with
>>>>>>>> status 0x0
>>>>>>>> [5584] 12:58:43:483: EapPeapCMakeMessage done
>>>>>>>> [5584] 12:58:43:483: EapPeapMakeMessage done
>>>>>>>> [5584] 12:58:43:503: EapPeapMakeMessage
>>>>>>>> [5584] 12:58:43:503: EapPeapCMakeMessage
>>>>>>>> [5584] 12:58:43:503: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
>>>>>>>> [5584] 12:58:43:503: PeapClientDecryptTunnelData
>>>>>>>> [5584] 12:58:43:503: IsDuplicatePacket
>>>>>>>> [5584] 12:58:43:503: PeapDecryptTunnelData dwSizeofData = 0x4e,
>>>>>>>> pData =
>>>>>>>> 0x4261ff4
>>>>>>>> [5584] 12:58:43:503: PeapDecryptTunnelData completed with
>>>>>>>> status 0x0
>>>>>>>> [5584] 12:58:43:503: PeapEncryptTunnelData
>>>>>>>> [5584] 12:58:43:503: PeapEncryptTunnelData completed with
>>>>>>>> status 0x0
>>>>>>>> [5584] 12:58:43:503: EapPeapCMakeMessage done
>>>>>>>> [5584] 12:58:43:503: EapPeapMakeMessage done
>>>>>>>> [5584] 12:58:43:513: EapPeapMakeMessage
>>>>>>>> [5584] 12:58:43:513: EapPeapCMakeMessage
>>>>>>>> [5584] 12:58:43:513: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
>>>>>>>> [5584] 12:58:43:513: PeapClientDecryptTunnelData
>>>>>>>> [5584] 12:58:43:513: IsDuplicatePacket
>>>>>>>> [5584] 12:58:43:513: PeapDecryptTunnelData dwSizeofData = 0x20,
>>>>>>>> pData =
>>>>>>>> 0x4261ff4
>>>>>>>> [5584] 12:58:43:513: PeapDecryptTunnelData completed with
>>>>>>>> status 0x0
>>>>>>>> [5584] 12:58:43:513: GetPEAPTLVStatusMessageValue
>>>>>>>> [5584] 12:58:43:523: CreatePEAPTLVStatusMessage
>>>>>>>> [5584] 12:58:43:523: PeapEncryptTunnelData
>>>>>>>> [5584] 12:58:43:523: PeapEncryptTunnelData completed with
>>>>>>>> status 0x0
>>>>>>>> [5584] 12:58:43:523: EapPeapCMakeMessage done
>>>>>>>> [5584] 12:58:43:523: EapPeapMakeMessage done
>>>>>>>> [5584] 12:58:43:533: EapPeapMakeMessage
>>>>>>>> [5584] 12:58:43:533: EapPeapCMakeMessage
>>>>>>>> [5584] 12:58:43:533: PEAP:PEAP_STATE_PEAP_SUCCESS_SEND
>>>>>>>> [5584] 12:58:43:533: We got a EAP_failure after we got a
>>>>>>>> PEAP_SUCCESS.
>>>>>>>> Failing auth.
>>>>>>>> [5584] 12:58:43:533: EapPeapCMakeMessage done
>>>>>>>> [5584] 12:58:43:533: EapPeapMakeMessage done
>>>>>>>> [5584] 12:59:43:349: EapPeapEnd
>>>>>>>> [5584] 12:59
>>>>>>>>
>>>>>>>
>>>>>> ===
>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>> Announcements on radiator-announce at open.com.au
>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>
>>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>
>>
>>
>>
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list