(RADIATOR) Re: cant connect Win XP to Orinoco AP-2000 via 802.1x (continue)
Bret Jordan
bret.jordan at utah.edu
Thu Sep 11 12:06:16 CDT 2003
We are actually running the Avaya 2.2.4 code on our Proxim2000 APs..
Bret
Pavel Paprok wrote:
> Hmm maybe is problem in too new firmware in my units.
> I tell Proxim technicians let they try also test latest firmware 2.3.1
> on their
> office when 2.2.2 have a working, I dont want to spend time by
> trying old Proxim firmware, latest firmware should always work best,
> its not my problem, I will wait for their response if problem is in
> firmware
> ocassionaly.
>
> P.
>
> Bret Jordan wrote:
>
>> We have Proxim AP2000s working with PEAP in a limited area. It does
>> work with Radiator, it just a pain.
>>
>> Bret
>>
>> Mike McCauley wrote:
>>
>>> Helo Pavel,
>>>
>>>
>>> On Mon, 8 Sep 2003 09:50 pm, Pavel Paprok wrote:
>>>
>>>
>>>> Today I got answer from technicians from Proxim, they are using
>>>> in own office AP-2000 fw v.2.2.2 and 2.1.3 with EAP-PEAP without
>>>> problems.
>>>> But are not using Radiator radius because "is not RFC 2285/2866
>>>> compliant".
>>>>
>>>
>>>
>>>
>>> 2285 is 'Benchmarking Terminology for LAN Switching Devices'
>>> not compliant :-)
>>>
>>> Prob you mean 2865 and 2866.
>>> Its compliant.
>>>
>>> Have you tested against an AP that is configured correctly and known
>>> to work? I still think there may be a configuration problem with the
>>> AP you tested with.
>>>
>>>
>>>
>>>> Has a Radiator some RFC compliance problem? And can it be a cause?
>>>>
>>>
>>>
>>> No.
>>>
>>> Cheers.
>>>
>>>
>>>
>>>> P.
>>>>
>>>> Pavel Paprok wrote:
>>>>
>>>>
>>>>> Mike McCauley wrote:
>>>>>
>>>>>
>>>>>> Hello Pavel,
>>>>>>
>>>>>> On Sat, 23 Aug 2003 01:01 am, Pavel Paprok wrote:
>>>>>>
>>>>>>
>>>>>>> Mike McCauley wrote:
>>>>>>>
>>>>>>>
>>>>>>>> Hello Pavel,
>>>>>>>>
>>>>>>>> On Thu, 21 Aug 2003 10:40 pm, Pavel Paprok wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> Mike McCauley wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On Wed, 20 Aug 2003 08:42 pm, Pavel Paprok wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Hallo,
>>>>>>>>>>>
>>>>>>>>>>> I am trying to get work wifi access point Orinoco/Proxim
>>>>>>>>>>> AP-2000
>>>>>>>>>>> with
>>>>>>>>>>> 802.1x EAP/PEAP user auth by Radiator:
>>>>>>>>>>> - Radiator 3.6 eval version RPM on RedHat 9, configured for
>>>>>>>>>>> EAP/PEAP
>>>>>>>>>>> with demo certificates.
>>>>>>>>>>> - Orinoco/Proxim AP-2000 (latest firmware 2.1.3)
>>>>>>>>>>> - Test client is notebook Dell with Win XP (all patches
>>>>>>>>>>> applied),
>>>>>>>>>>> wireless card Orinoco Silver
>>>>>>>>>>> and/or builtin Intel Pro/WirelessLAN 2100 3A
>>>>>>>>>>>
>>>>>>>>>>> After all known install and config issues I meet (described
>>>>>>>>>>> in FAQ,
>>>>>>>>>>> archive and UtahGeeks) I moved to status where
>>>>>>>>>>> user is authenticated OK and radius send "Access-Accept". But
>>>>>>>>>>> its last
>>>>>>>>>>> info from radius log, no real connection follows, no accounting
>>>>>>>>>>> on log.
>>>>>>>>>>> Especially basic UtahGeeks config of Access point is pretty
>>>>>>>>>>> closed to
>>>>>>>>>>> our config, but unfortunatelly there are not published Radiator
>>>>>>>>>>> configuration so here maybe I have a problem. Or problem is in
>>>>>>>>>>> using
>>>>>>>>>>> different wifi client? Please help me somebody where is a
>>>>>>>>>>> problem?
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> That sounds a lot like the client is not configured to expect a
>>>>>>>>>> dynamic
>>>>>>>>>> WEP key, but your Radiator is configured to send themto the AP.
>>>>>>>>>>
>>>>>>>>>> Check the 'WEP key will be provided for me' option in your
>>>>>>>>>> client
>>>>>>>>>> configuration.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> of course, as I have written below in Windows XP client config:
>>>>>>>>>
>>>>>>>>> "- Key is provided for me automatically ON"
>>>>>>>>> yesterday i also turn on eap tracing in WinXP, see log below,
>>>>>>>>> interesting
>>>>>>>>> is last line:
>>>>>>>>>
>>>>>>>>> "We got a EAP_failure after we got a PEAP_SUCCESS. Failing
>>>>>>>>> auth."
>>>>>>>>>
>>>>>>>>> ...i dont know what it means.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> That is very curious, since the last thing sent by Radiator is
>>>>>>>> clearly an EAP Success.
>>>>>>>> Perhaps the EAP Failure is being sent by the AP?
>>>>>>>>
>>>>>>>> I wonder if your AP needs some configuration so that it will
>>>>>>>> support
>>>>>>>> dynamic WEP?
>>>>>>>>
>>>>>>>> Cheers.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I just try to use AP Signamax 22Mbps in 802.1x with same
>>>>>>> radiator and
>>>>>>> windows xp client configuration
>>>>>>> and client connected ok! So there should be no general
>>>>>>> problem with
>>>>>>> client and radius configuration,
>>>>>>> problem is likely in Avaya or its configuration. Or in EAP
>>>>>>> compatibility
>>>>>>> of Avaya?
>>>>>>>
>>>>>>
>>>>>>
>>>>>> Sounds like the problem is there.
>>>>>> We found when we tested the Orinoco AP-2000 here that you had to
>>>>>> have the _latest_ firmware installed else it would not work
>>>>>> properly.
>>>>>> see the Radiator FAQ for more details.
>>>>>> http://www.open.com.au/radiator/faq.html
>>>>>>
>>>>>>
>>>>>>
>>>>>>> I noted that I must set a "IgnoreAcctSignature" option to "yes"
>>>>>>> for
>>>>>>> Avaya or I get "Bad EAP Message-Authenticator" warnings in log
>>>>>>> and auth
>>>>>>> failed. Signamax works ok both with or without this option
>>>>>>> ....maybe
>>>>>>> there is a start of problems?
>>>>>>>
>>>>>>
>>>>>>
>>>>>> Sounds like there is a shared secret problem between Radiator and
>>>>>> the
>>>>>> Avaya?
>>>>>>
>>>>>
>>>>>
>>>>> I thing that in this case should not accepted any
>>>>> radius packet from other side for processing and there
>>>>> should be no communication and request/reply exchange
>>>>> at all. Or is it not true?
>>>>>
>>>>> P.
>>>>>
>>>>>
>>>>>
>>>>>>> Are there some AddToReply which I would try to add to reply for
>>>>>>> Avaya?
>>>>>>> Have Avaya AP-2000 working with 802.1x somebody to help me with
>>>>>>> configuratio? Article in FAQ
>>>>>>> about it does not help me, I dont know where is mistake so exact AP
>>>>>>> configure dump of real working device welcomed.
>>>>>>>
>>>>>>
>>>>>>
>>>>>> Cheers.
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Pavel
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>> Pavel
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Cheers.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> My configuration:
>>>>>>>>>>>
>>>>>>>>>>> ------ users ------
>>>>>>>>>>> wifitest User-Password=wifi
>>>>>>>>>>> Session-Timeout=60
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ------ radius.cfg ------
>>>>>>>>>>> AuthPort 1812
>>>>>>>>>>> AcctPort 1813
>>>>>>>>>>>
>>>>>>>>>>> LogStdout
>>>>>>>>>>> LogDir /var/log/radius
>>>>>>>>>>> DbDir /etc/radiator
>>>>>>>>>>>
>>>>>>>>>>> Trace 5
>>>>>>>>>>>
>>>>>>>>>>> <Client XXX.XXX.XXX.XXX>
>>>>>>>>>>> Secret XXXXX
>>>>>>>>>>> Identifier wifi-testnet
>>>>>>>>>>> IgnoreAcctSignature yes
>>>>>>>>>>> </Client>
>>>>>>>>>>> # now core config from eap_peap.cfg example:
>>>>>>>>>>>
>>>>>>>>>>> <Handler TunnelledByPEAP=1>
>>>>>>>>>>> AcctLogFileName %L/detail
>>>>>>>>>>> <AuthBy FILE>
>>>>>>>>>>> Filename %D/users
>>>>>>>>>>> EAPType MSCHAP-V2
>>>>>>>>>>> </AuthBy>
>>>>>>>>>>> </Handler>
>>>>>>>>>>> <Handler>
>>>>>>>>>>> <AuthBy FILE>
>>>>>>>>>>> Filename %D/users
>>>>>>>>>>> EAPType PEAP
>>>>>>>>>>> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>>>>>>>>>>>
>>>>>>>>>>> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>>>>>>>>>>> EAPTLS_CertificateType PEM
>>>>>>>>>>>
>>>>>>>>>>> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>>>>>>>>>>> EAPTLS_PrivateKeyPassword whatever
>>>>>>>>>>>
>>>>>>>>>>> EAPTLS_MaxFragmentSize 1024
>>>>>>>>>>>
>>>>>>>>>>> AutoMPPEKeys
>>>>>>>>>>> # i did try also
>>>>>>>>>>> #AddToReply MS-MPPE-Encryption-Policy =
>>>>>>>>>>> Encryption-Allowed,\
>>>>>>>>>>> # MS-MPPE-Encryption-Types =
>>>>>>>>>>> Encryption-Any SSLeayTrace 4
>>>>>>>>>>>
>>>>>>>>>>> </AuthBy>
>>>>>>>>>>> </Handler>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ------ WinXP client configuration ------
>>>>>>>>>>>
>>>>>>>>>>> - Data encryption (WEP enabled) ON
>>>>>>>>>>> - Network Authentication (Shared mode) OFF
>>>>>>>>>>> - Key is provided for me automatically ON
>>>>>>>>>>> - Adhoc network OFF
>>>>>>>>>>> - Enable 802.1x auth ON
>>>>>>>>>>> - EAP type: PEAP
>>>>>>>>>>> -Authenticate as computer OFF
>>>>>>>>>>> - Authenticate as guest OFF
>>>>>>>>>>> - Validate server certificate OFF
>>>>>>>>>>> - Authentication method: EAP-MSCHAP v2 (automatically use
>>>>>>>>>>> Windows logon
>>>>>>>>>>> name OFF)
>>>>>>>>>>> - Enable fast reconnect OFF
>>>>>>>>>>>
>>>>>>>>>>> ----- something from Orinoco-2000 config -----
>>>>>>>>>>>
>>>>>>>>>>> Operational Mode
>>>>>>>>>>> Wireless A: 802.11bg
>>>>>>>>>>> physical iface 802.11g OFDM / DSSS 2.4 GHz, enable auto channel
>>>>>>>>>>> select ON, transmit rate: auto fallback,
>>>>>>>>>>> dtim period: 1 rts/cts medium reservation: 2347, enable closed
>>>>>>>>>>> system: OFF
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Wireless B: 802.11b only
>>>>>>>>>>> physical iface 802.11b DSSS 2.4 GHz enable auto channel select
>>>>>>>>>>> ON,
>>>>>>>>>>> mcast rate: 2mbit,
>>>>>>>>>>> dtim period: 1 rts/cts medium reservation: 2347, dist AP:
>>>>>>>>>>> large,
>>>>>>>>>>> enable closed system: OFF,
>>>>>>>>>>> enable load balancing: ON, enable medium density
>>>>>>>>>>> distribution: ON
>>>>>>>>>>>
>>>>>>>>>>> MAC access control: OFF
>>>>>>>>>>>
>>>>>>>>>>> Authentication:
>>>>>>>>>>> wireless slot A: mode 802.1x, rekeying interval: 900, encr
>>>>>>>>>>> key
>>>>>>>>>>> lenght: 64bits
>>>>>>>>>>> wireless slot B: mode 802.1x, rekeying interval: 900, encr
>>>>>>>>>>> key
>>>>>>>>>>> lenght: 64bits
>>>>>>>>>>>
>>>>>>>>>>> Radius auth:
>>>>>>>>>>> enable radius mac access control: OFF, enable primary
>>>>>>>>>>> radius: ON,
>>>>>>>>>>> enable backup radius: OFF,
>>>>>>>>>>> auth lifetime: 900sec, primary radius server ip, port and
>>>>>>>>>>> shared
>>>>>>>>>>> secret set properly, resp time: 3sec,
>>>>>>>>>>> max retr: 3
>>>>>>>>>>>
>>>>>>>>>>> Radius acct:
>>>>>>>>>>> enable radius accounting: ON, enable primary radius: ON,
>>>>>>>>>>> enable
>>>>>>>>>>> backup radius: OFF,
>>>>>>>>>>> primary radius server ip, port and shared secret set
>>>>>>>>>>> properly,
>>>>>>>>>>> resp time: 3sec,
>>>>>>>>>>> max retr: 3
>>>>>>>>>>> DHCP server:
>>>>>>>>>>> enabled
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ------ radius log recorded ------ (tainted, only last lines,
>>>>>>>>>>> real ip
>>>>>>>>>>> of radiator and AP replaced, there are no ERROR lines in
>>>>>>>>>>> log...)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Packet length = 163
>>>>>>>>>>> 01 0a 00 a3 35 01 00 00 d3 70 00 00 ea 7f 00 00
>>>>>>>>>>> fc 20 00 00 01 0a 77 69 66 69 74 65 73 74 04 06
>>>>>>>>>>> d5 c2 c2 5e 1e 13 30 30 2d 32 30 2d 61 36 2d 34
>>>>>>>>>>> 38 2d 65 37 2d 33 66 1f 13 30 30 2d 30 34 2d 32
>>>>>>>>>>> 33 2d 34 38 2d 66 31 2d 66 33 20 13 4f 52 69 4e
>>>>>>>>>>> 4f 43 4f 2d 41 50 2d 32 30 30 30 41 45 0c 06 00
>>>>>>>>>>> 00 05 78 3d 06 00 00 00 13 4f 28 02 0b 00 26 19
>>>>>>>>>>> 00 17 03 01 00 1b 21 3a 80 0e 47 22 d7 62 48 7e
>>>>>>>>>>> 9e 6c 5f 02 a9 68 ba 5f 5d 43 03 a4 20 bb 7d 3c
>>>>>>>>>>> 04 50 12 4d 14 ad 48 15 4e 0b 5a da b5 23 9f ab
>>>>>>>>>>> a0 b4 b8
>>>>>>>>>>> Code: Access-Request
>>>>>>>>>>> Identifier: 10
>>>>>>>>>>> Authentic: 5<1><0><0><211>p<0><0><234><127><0><0><252> <0><0>
>>>>>>>>>>> Attributes:
>>>>>>>>>>> User-Name = "wifitest"
>>>>>>>>>>> NAS-IP-Address = ORI.NO.CO.IP
>>>>>>>>>>> Called-Station-Id = "00-20-a6-48-e7-3f"
>>>>>>>>>>> Calling-Station-Id = "00-04-23-48-f1-f3"
>>>>>>>>>>> NAS-Identifier = "ORiNOCO-AP-2000AE"
>>>>>>>>>>> Framed-MTU = 1400
>>>>>>>>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>>>>>>>>> EAP-Message =
>>>>>>>>>>> <2><11><0>&<25><0><23><3><1><0><27>!:<128><14>G"<215>bH~<158>l_<2><
>>>>>>>>>>>
>>>>>>>>>>> 169> h< 18 6>_]C<3><164> <187>}<<4>
>>>>>>>>>>> Message-Authenticator =
>>>>>>>>>>> M<20><173>H<21>N<11>Z<218><181>#<159><171><160><180><184>
>>>>>>>>>>>
>>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Handling request with
>>>>>>>>>>> Handler ''
>>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Deleting session for
>>>>>>>>>>> wifitest,
>>>>>>>>>>> ORI.NO.CO.IP ,
>>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Handling with
>>>>>>>>>>> Radius::AuthFILE:
>>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Handling with EAP: code 2,
>>>>>>>>>>> 11, 38
>>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Response type 25
>>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Access accepted for wifitest
>>>>>>>>>>> Tue Aug 19 14:20:36 2003: DEBUG: Packet dump:
>>>>>>>>>>> *** Sending to ORI.NO.CO.IP port 6001 ....
>>>>>>>>>>>
>>>>>>>>>>> Packet length = 160
>>>>>>>>>>> 02 0a 00 a0 16 83 b2 81 33 aa 76 f3 c4 8c bd f6
>>>>>>>>>>> 80 76 b9 ea 1a 3a 00 00 01 37 10 34 ed 16 5d 7f
>>>>>>>>>>> 0e 74 a1 73 03 45 9c 75 15 67 22 90 c7 3d b5 b1
>>>>>>>>>>> 71 60 1d ba be d4 29 00 42 83 18 62 b0 2f 61 c6
>>>>>>>>>>> ca db b1 02 2d f4 76 4e 67 65 2c 98 f2 ea 1a 3a
>>>>>>>>>>> 00 00 01 37 11 34 87 c2 87 6c 05 9a 2e c2 87 c5
>>>>>>>>>>> 39 89 e5 45 73 57 63 e9 02 be 82 f2 21 84 ea 0d
>>>>>>>>>>> f9 8e cc fd 4d 72 8e d9 4b 72 37 5e 55 e9 f7 65
>>>>>>>>>>> 87 79 8d 45 2d 79 46 99 4f 06 03 0b 00 04 50 12
>>>>>>>>>>> 9d 85 0f 55 3f ea 50 c9 85 db 50 75 01 92 67 ec
>>>>>>>>>>> Code: Access-Accept
>>>>>>>>>>> Identifier: 10
>>>>>>>>>>> Authentic: 5<1><0><0><211>p<0><0><234><127><0><0><252> <0><0>
>>>>>>>>>>> Attributes:
>>>>>>>>>>> MS-MPPE-Send-Key =
>>>>>>>>>>> "<237><22>]<127><14>t<161>s<3>E<156>u<21>g"<144><199>=<181><177>q`<
>>>>>>>>>>>
>>>>>>>>>>> 29>< 18 6>
>>>>>>>>>>> <190><212>)<0>B<131><24>b<176>/a<198><202><219><177><2>-<244>vNge,<
>>>>>>>>>>>
>>>>>>>>>>> 152> < 242> <234>"
>>>>>>>>>>>
>>>>>>>>>>> MS-MPPE-Recv-Key =
>>>>>>>>>>> "<135><194><135>l<5><154>.<194><135><197>9<137><229>EsWc<233><2><19
>>>>>>>>>>>
>>>>>>>>>>> 0><1 30
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> <
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 242>!<132><234><13><249><142><204><253>Mr<142><217>Kr7^U<233><247>e
>>>>>>>>>>>
>>>>>>>>>>> <135
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> y<14 1>E-yF<153>"
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> EAP-Message = <3><11><0><4>
>>>>>>>>>>> Message-Authenticator =
>>>>>>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> log from windows xp 802.1x client:
>>>>>>>>>
>>>>>>>>> [5584] 12:58:01:192: PeapReadConnectionData
>>>>>>>>> [5584] 12:58:01:192: PeapReadUserData
>>>>>>>>> [5584] 12:58:01:192: RasEapGetInfo
>>>>>>>>> [5584] 12:58:01:192: PeapReDoUserData
>>>>>>>>> [5584] 12:58:30:234: PeapReadConnectionData
>>>>>>>>> [5584] 12:58:30:234: PeapReadUserData
>>>>>>>>> [5584] 12:58:30:244: RasEapGetInfo
>>>>>>>>> [5584] 12:58:30:244: PeapReDoUserData
>>>>>>>>> [5584] 12:58:43:203: EapPeapBegin
>>>>>>>>> [5584] 12:58:43:203: PeapReadConnectionData
>>>>>>>>> [5584] 12:58:43:203: PeapReadUserData
>>>>>>>>> [5584] 12:58:43:203:
>>>>>>>>> [5584] 12:58:43:203: EapTlsBegin(wifitest)
>>>>>>>>> [5584] 12:58:43:203: State change to Initial
>>>>>>>>> [5584] 12:58:43:203: EapTlsBegin: Detected 8021X authentication
>>>>>>>>> [5584] 12:58:43:203: EapTlsBegin: Detected PEAP authentication
>>>>>>>>> [5584] 12:58:43:203: MaxTLSMessageLength is now 16384
>>>>>>>>> [5584] 12:58:43:203: EapPeapBegin done
>>>>>>>>> [5584] 12:58:43:203: EapPeapMakeMessage
>>>>>>>>> [5584] 12:58:43:203: EapPeapCMakeMessage
>>>>>>>>> [5584] 12:58:43:203: PEAP:PEAP_STATE_INITIAL
>>>>>>>>> [5584] 12:58:43:203: EapTlsCMakeMessage
>>>>>>>>> [5584] 12:58:43:203: EapTlsReset
>>>>>>>>> [5584] 12:58:43:203: State change to Initial
>>>>>>>>> [5584] 12:58:43:203: GetCredentials
>>>>>>>>> [5584] 12:58:43:203: Flag is Client and Store is Current User
>>>>>>>>> [5584] 12:58:43:203: GetCachedCredentials
>>>>>>>>> [5584] 12:58:43:203: PEAP GetCachedCredentials: Using cached
>>>>>>>>> credentials.
>>>>>>>>> [5584] 12:58:43:203: MakeReplyMessage
>>>>>>>>> [5584] 12:58:43:203: SecurityContextFunction
>>>>>>>>> [5584] 12:58:43:243: InitializeSecurityContext returned 0x90312
>>>>>>>>> [5584] 12:58:43:243: State change to SentHello
>>>>>>>>> [5584] 12:58:43:243: BuildPacket
>>>>>>>>> [5584] 12:58:43:243: << Sending Response (Code: 2) packet: Id: 4,
>>>>>>>>> Length: 80, Type: 13, TLS blob length: 70. Flags: L
>>>>>>>>> [5584] 12:58:43:243: EapPeapCMakeMessage done
>>>>>>>>> [5584] 12:58:43:243: EapPeapMakeMessage done
>>>>>>>>> [5584] 12:58:43:263: EapPeapMakeMessage
>>>>>>>>> [5584] 12:58:43:263: EapPeapCMakeMessage
>>>>>>>>> [5584] 12:58:43:263: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>>> [5584] 12:58:43:263: EapTlsCMakeMessage
>>>>>>>>> [5584] 12:58:43:263: MakeReplyMessage
>>>>>>>>> [5584] 12:58:43:263: Reallocating input TLS blob buffer
>>>>>>>>> [5584] 12:58:43:263: BuildPacket
>>>>>>>>> [5584] 12:58:43:263: << Sending Response (Code: 2) packet: Id: 5,
>>>>>>>>> Length: 6, Type: 13, TLS blob length: 0. Flags:
>>>>>>>>> [5584] 12:58:43:263: EapPeapCMakeMessage done
>>>>>>>>> [5584] 12:58:43:263: EapPeapMakeMessage done
>>>>>>>>> [5584] 12:58:43:323: EapPeapMakeMessage
>>>>>>>>> [5584] 12:58:43:323: EapPeapCMakeMessage
>>>>>>>>> [5584] 12:58:43:323: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>>> [5584] 12:58:43:323: EapTlsCMakeMessage
>>>>>>>>> [5584] 12:58:43:323: MakeReplyMessage
>>>>>>>>> [5584] 12:58:43:323: BuildPacket
>>>>>>>>> [5584] 12:58:43:323: << Sending Response (Code: 2) packet: Id: 6,
>>>>>>>>> Length: 6, Type: 13, TLS blob length: 0. Flags:
>>>>>>>>> [5584] 12:58:43:323: EapPeapCMakeMessage done
>>>>>>>>> [5584] 12:58:43:323: EapPeapMakeMessage done
>>>>>>>>> [5584] 12:58:43:333: EapPeapMakeMessage
>>>>>>>>> [5584] 12:58:43:333: EapPeapCMakeMessage
>>>>>>>>> [5584] 12:58:43:333: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>>> [5584] 12:58:43:333: EapTlsCMakeMessage
>>>>>>>>> [5584] 12:58:43:333: MakeReplyMessage
>>>>>>>>> [5584] 12:58:43:333: SecurityContextFunction
>>>>>>>>> [5584] 12:58:43:393: InitializeSecurityContext returned 0x90312
>>>>>>>>> [5584] 12:58:43:393: State change to SentFinished
>>>>>>>>> [5584] 12:58:43:393: BuildPacket
>>>>>>>>> [5584] 12:58:43:393: << Sending Response (Code: 2) packet: Id: 7,
>>>>>>>>> Length: 199, Type: 13, TLS blob length: 189. Flags: L
>>>>>>>>> [5584] 12:58:43:393: EapPeapCMakeMessage done
>>>>>>>>> [5584] 12:58:43:393: EapPeapMakeMessage done
>>>>>>>>> [5584] 12:58:43:413: EapPeapMakeMessage
>>>>>>>>> [5584] 12:58:43:413: EapPeapCMakeMessage
>>>>>>>>> [5584] 12:58:43:413: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>>> [5584] 12:58:43:413: EapTlsCMakeMessage
>>>>>>>>> [5584] 12:58:43:413: MakeReplyMessage
>>>>>>>>> [5584] 12:58:43:413: SecurityContextFunction
>>>>>>>>> [5584] 12:58:43:413: InitializeSecurityContext returned 0x0
>>>>>>>>> [5584] 12:58:43:413: AuthenticateServer
>>>>>>>>> [5584] 12:58:43:413: CreateMPPEKeyAttributes
>>>>>>>>> [5584] 12:58:43:413: State change to RecdFinished
>>>>>>>>> [5584] 12:58:43:413: BuildPacket
>>>>>>>>> [5584] 12:58:43:413: << Sending Response (Code: 2) packet: Id: 8,
>>>>>>>>> Length: 6, Type: 13, TLS blob length: 0. Flags:
>>>>>>>>> [5584] 12:58:43:413: EapPeapCMakeMessage done
>>>>>>>>> [5584] 12:58:43:413: EapPeapMakeMessage done
>>>>>>>>> [5584] 12:58:43:423: EapPeapMakeMessage
>>>>>>>>> [5584] 12:58:43:423: EapPeapCMakeMessage
>>>>>>>>> [5584] 12:58:43:423: PEAP:PEAP_STATE_TLS_INPROGRESS
>>>>>>>>> [5584] 12:58:43:423: EapTlsCMakeMessage
>>>>>>>>> [5584] 12:58:43:423: Negotiation successful
>>>>>>>>> [5584] 12:58:43:423: PeapGetTunnelProperties
>>>>>>>>> [5584] 12:58:43:423: Successfully negotiated TLS with following
>>>>>>>>> parametersdwProtocol = 0x80, Cipher= 0x6801,
>>>>>>>>> CipherStrength=0x80,Hash=0x8003 [5584] 12:58:43:423:
>>>>>>>>> PeapGetTunnelProperties done
>>>>>>>>> [5584] 12:58:43:423: PeapClientDecryptTunnelData
>>>>>>>>> [5584] 12:58:43:423: IsDuplicatePacket
>>>>>>>>> [5584] 12:58:43:423: PeapDecryptTunnelData dwSizeofData = 0x16,
>>>>>>>>> pData =
>>>>>>>>> 0x4261ff4
>>>>>>>>> [5584] 12:58:43:423: PeapDecryptTunnelData completed with
>>>>>>>>> status 0x0
>>>>>>>>> [5584] 12:58:43:423: PeapEncryptTunnelData
>>>>>>>>> [5584] 12:58:43:423: PeapEncryptTunnelData completed with
>>>>>>>>> status 0x0
>>>>>>>>> [5584] 12:58:43:423: EapPeapCMakeMessage done
>>>>>>>>> [5584] 12:58:43:423: EapPeapMakeMessage done
>>>>>>>>> [5584] 12:58:43:483: EapPeapMakeMessage
>>>>>>>>> [5584] 12:58:43:483: EapPeapCMakeMessage
>>>>>>>>> [5584] 12:58:43:483: PEAP:PEAP_STATE_IDENTITY_RESPONSE_SENT
>>>>>>>>> [5584] 12:58:43:483: PeapClientDecryptTunnelData
>>>>>>>>> [5584] 12:58:43:483: IsDuplicatePacket
>>>>>>>>> [5584] 12:58:43:483: PeapDecryptTunnelData dwSizeofData = 0x38,
>>>>>>>>> pData =
>>>>>>>>> 0x4261ff4
>>>>>>>>> [5584] 12:58:43:483: PeapDecryptTunnelData completed with
>>>>>>>>> status 0x0
>>>>>>>>> [5584] 12:58:43:483: PeapEncryptTunnelData
>>>>>>>>> [5584] 12:58:43:483: PeapEncryptTunnelData completed with
>>>>>>>>> status 0x0
>>>>>>>>> [5584] 12:58:43:483: EapPeapCMakeMessage done
>>>>>>>>> [5584] 12:58:43:483: EapPeapMakeMessage done
>>>>>>>>> [5584] 12:58:43:503: EapPeapMakeMessage
>>>>>>>>> [5584] 12:58:43:503: EapPeapCMakeMessage
>>>>>>>>> [5584] 12:58:43:503: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
>>>>>>>>> [5584] 12:58:43:503: PeapClientDecryptTunnelData
>>>>>>>>> [5584] 12:58:43:503: IsDuplicatePacket
>>>>>>>>> [5584] 12:58:43:503: PeapDecryptTunnelData dwSizeofData = 0x4e,
>>>>>>>>> pData =
>>>>>>>>> 0x4261ff4
>>>>>>>>> [5584] 12:58:43:503: PeapDecryptTunnelData completed with
>>>>>>>>> status 0x0
>>>>>>>>> [5584] 12:58:43:503: PeapEncryptTunnelData
>>>>>>>>> [5584] 12:58:43:503: PeapEncryptTunnelData completed with
>>>>>>>>> status 0x0
>>>>>>>>> [5584] 12:58:43:503: EapPeapCMakeMessage done
>>>>>>>>> [5584] 12:58:43:503: EapPeapMakeMessage done
>>>>>>>>> [5584] 12:58:43:513: EapPeapMakeMessage
>>>>>>>>> [5584] 12:58:43:513: EapPeapCMakeMessage
>>>>>>>>> [5584] 12:58:43:513: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
>>>>>>>>> [5584] 12:58:43:513: PeapClientDecryptTunnelData
>>>>>>>>> [5584] 12:58:43:513: IsDuplicatePacket
>>>>>>>>> [5584] 12:58:43:513: PeapDecryptTunnelData dwSizeofData = 0x20,
>>>>>>>>> pData =
>>>>>>>>> 0x4261ff4
>>>>>>>>> [5584] 12:58:43:513: PeapDecryptTunnelData completed with
>>>>>>>>> status 0x0
>>>>>>>>> [5584] 12:58:43:513: GetPEAPTLVStatusMessageValue
>>>>>>>>> [5584] 12:58:43:523: CreatePEAPTLVStatusMessage
>>>>>>>>> [5584] 12:58:43:523: PeapEncryptTunnelData
>>>>>>>>> [5584] 12:58:43:523: PeapEncryptTunnelData completed with
>>>>>>>>> status 0x0
>>>>>>>>> [5584] 12:58:43:523: EapPeapCMakeMessage done
>>>>>>>>> [5584] 12:58:43:523: EapPeapMakeMessage done
>>>>>>>>> [5584] 12:58:43:533: EapPeapMakeMessage
>>>>>>>>> [5584] 12:58:43:533: EapPeapCMakeMessage
>>>>>>>>> [5584] 12:58:43:533: PEAP:PEAP_STATE_PEAP_SUCCESS_SEND
>>>>>>>>> [5584] 12:58:43:533: We got a EAP_failure after we got a
>>>>>>>>> PEAP_SUCCESS.
>>>>>>>>> Failing auth.
>>>>>>>>> [5584] 12:58:43:533: EapPeapCMakeMessage done
>>>>>>>>> [5584] 12:58:43:533: EapPeapMakeMessage done
>>>>>>>>> [5584] 12:59:43:349: EapPeapEnd
>>>>>>>>> [5584] 12:59
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> ===
>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>
>>>>>>
>>>>>>
>>>>> ===
>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>> Announcements on radiator-announce at open.com.au
>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bret Jordan Dean's Office
Computer Administrator College of Engineering
801.585.3765 University of Utah
jordan at coe.utah.edu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list