(RADIATOR) Accelerating Authentication Process

kpracher at bsr.at kpracher at bsr.at
Wed Sep 17 09:13:44 CDT 2003


Hi!

I set up and configured Radiator so that it works just fine. My Users are 
working on MS-DOS- and WinCE-based WLAN devices which are installed on 
fork-lift truck. They are driving around in a big storage hall where some 
Cisco access points are installed.

When the users are moving around, they are roamed between the different 
access points, where they are authenticated each time. But the 
authentication process takes about 3 seconds and that is much to long. Do 
I have the opportunity to accelerate the authentication process or is 
there a way to tell the "next" access point that one user has been 
authenticated on another access point.

Following I attach my configuration and the logfiles for the 
authentication on one access point. What makes me wondering a bit and also 
takes a lot of time is, that I have been authenticated two times, but I 
only loged in once (I am quite sure about that)

I hope someone can help me.

Thanks

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
- - - - - - -
#Configuration for Radiator Radius Server Demo 3.6
#OS : Linux
#---------------------------------------------------------------------------

Foreground
LogStdout
Trace 4

AuthPort 1812
AcctPort 1813

LogDir /etc/radiator/logs
LogFile %L/Logfile_%Y%m%d

DbDir /etc/radiator/confs
DictionaryFile %D/dictionary

<Client 192.168.1.180>
        Secret xxx
        PacketTrace
        IgnoreAcctSignature
</Client>

<Realm DEFAULT>
        <AuthBy FILE>
                Filename %D/users
                RejectEmptyPassword
                EAPType LEAP
        </AuthBy>

        <AuthLog FILE>
                Filename %L/Authlog_%Y%m%d
                LogSuccess 1
                LogFailure 1
        </AuthLog>

        AcctLogFileName %L/Acctlog_%Y%m%d

        PacketTrace
</Realm>

<Monitor>
        Port xxxx
        Clients 127.0.0.1
        Username xxx
        Password xxx
</Monitor>







- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
-
#Logfile of Radiator Radius Server Demo 3.6
#----------------------------------------------------------------

Wed Sep 17 15:22:59 2003: DEBUG: Packet dump:
*** Received from 192.168.1.180 port 1085 ....
Code:       Access-Request
Identifier: 61
Authentic:  <200>#<154>_V<240><132><175><17><217>X<208>)<179><199>m
Attributes:
        User-Name = "Karl"
        cisco-avpair = "ssid=xxx"
        NAS-IP-Address = 192.168.1.180
        Called-Station-Id = "000d28240a8a"
        Calling-Station-Id = "000bfd92f6e3"
        NAS-Identifier = "AP1200"
        NAS-Port = 37
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-IEEE-802-11
        Service-Type = Login-User
        EAP-Message = <2><15><0><9><1>Karl
        Message-Authenticator = 
<244><150><165><16><251>(<193><5><146>h5{R<189><13><132>

Wed Sep 17 15:23:00 2003: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Wed Sep 17 15:23:00 2003: DEBUG:  Deleting session for Karl, 
192.168.1.180, 37
Wed Sep 17 15:23:00 2003: DEBUG: Handling with Radius::AuthFILE: 
Wed Sep 17 15:23:00 2003: DEBUG: Handling with EAP: code 2, 15, 9
Wed Sep 17 15:23:00 2003: DEBUG: Response type 1
Wed Sep 17 15:23:00 2003: DEBUG: Access challenged for Karl: EAP LEAP 
Challenge
Wed Sep 17 15:23:01 2003: DEBUG: Packet dump:
*** Sending to 192.168.1.180 port 1085 ....

Packet length = 60
0b 3d 00 3c 23 f6 81 58 b3 5a 3b f2 5a bb 74 b1
38 f6 02 1a 4f 16 01 10 00 14 11 01 00 08 3c 7b
62 65 b1 e1 21 5e 4b 61 72 6c 50 12 b6 29 11 f4
76 3a a6 16 11 5e 5c 4e 43 33 62 57
Code:       Access-Challenge
Identifier: 61
Authentic:  <200>#<154>_V<240><132><175><17><217>X<208>)<179><199>m
Attributes:
        EAP-Message = <1><16><0><20><17><1><0><8><{be<177><225>!^Karl
        Message-Authenticator = 
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Sep 17 15:23:01 2003: DEBUG: Packet dump:
*** Received from 192.168.1.180 port 1086 ....
Code:       Access-Request
Identifier: 62
Authentic:  <16>C<4>~<211><207>#I7z<31>h<128><218>Dg
Attributes:
        User-Name = "Karl"
        cisco-avpair = "ssid=xxx"
        NAS-IP-Address = 192.168.1.180
        Called-Station-Id = "000d28240a8a"
        Calling-Station-Id = "000bfd92f6e3"
        NAS-Identifier = "AP1200"
        NAS-Port = 37
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-IEEE-802-11
        Service-Type = Login-User
        EAP-Message = 
<2><16><0>$<17><1><0><24>A.B<2><242>(W<15><242><221><156><157><195><12><168><253><158><127><163><2>jR<212><146>Karl
        Message-Authenticator = 
$<153><175><222><177>9<140>[<172>Eo><25>x<22><145>

Wed Sep 17 15:23:02 2003: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Wed Sep 17 15:23:02 2003: DEBUG:  Deleting session for Karl, 
192.168.1.180, 37
Wed Sep 17 15:23:02 2003: DEBUG: Handling with Radius::AuthFILE: 
Wed Sep 17 15:23:02 2003: DEBUG: Handling with EAP: code 2, 16, 36
Wed Sep 17 15:23:02 2003: DEBUG: Response type 17
Wed Sep 17 15:23:02 2003: DEBUG: Radius::AuthFILE looks for match with 
Karl
Wed Sep 17 15:23:02 2003: DEBUG: Radius::AuthFILE ACCEPT: 
Wed Sep 17 15:23:02 2003: DEBUG: Access accepted for Karl
Wed Sep 17 15:23:03 2003: DEBUG: Packet dump:
*** Sending to 192.168.1.180 port 1086 ....

Packet length = 44
02 3e 00 2c 04 7f 46 81 e3 13 20 19 7e 46 e6 61
67 bf 18 61 4f 06 03 10 00 04 50 12 c6 03 fa 3b
fe 57 6d 8e fc 91 3e e7 17 bc e2 dc
Code:       Access-Accept
Identifier: 62
Authentic:  <16>C<4>~<211><207>#I7z<31>h<128><218>Dg
Attributes:
        EAP-Message = <3><16><0><4>
        Message-Authenticator = 
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Sep 17 15:23:03 2003: DEBUG: Packet dump:
*** Received from 192.168.1.180 port 1087 ....
Code:       Access-Request
Identifier: 63
Authentic:  <228><169>i<170><148>f-<159>PT<150>g<152><255><198>K
Attributes:
        User-Name = "Karl"
        cisco-avpair = "ssid=xxx"
        NAS-IP-Address = 192.168.1.180
        Called-Station-Id = "000d28240a8a"
        Calling-Station-Id = "000bfd92f6e3"
        NAS-Identifier = "AP1200"
        NAS-Port = 37
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-IEEE-802-11
        Service-Type = Login-User
        EAP-Message = 
<1><16><0><20><17><1><0><8><202><224><144><140>'y<234><10>Karl
        Message-Authenticator = 
"<-<169><205>5<215><13>+/<8><238><208><6><224><211>

Wed Sep 17 15:23:03 2003: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Wed Sep 17 15:23:03 2003: DEBUG:  Deleting session for Karl, 
192.168.1.180, 37
Wed Sep 17 15:23:04 2003: DEBUG: Handling with Radius::AuthFILE: 
Wed Sep 17 15:23:04 2003: DEBUG: Handling with EAP: code 1, 16, 20
Wed Sep 17 15:23:04 2003: DEBUG: EAP Request 17
Wed Sep 17 15:23:04 2003: DEBUG: Radius::AuthFILE looks for match with 
Karl
Wed Sep 17 15:23:04 2003: DEBUG: Radius::AuthFILE ACCEPT: 
Wed Sep 17 15:23:04 2003: DEBUG: Access accepted for Karl
Wed Sep 17 15:23:05 2003: DEBUG: Packet dump:
*** Sending to 192.168.1.180 port 1087 ....

Packet length = 135
02 3f 00 87 32 fd be 57 c9 ad d2 bb b0 f2 c2 d6
f0 ba 1c 77 4f 26 02 10 00 24 11 01 00 18 8a 1f
a6 24 03 9c dc 04 29 0f eb b5 9e 2a de 91 d0 3c
43 2e 01 bc 0d 79 4b 61 72 6c 50 12 70 26 65 15
24 93 79 96 6f 50 e0 85 be 10 d5 00 1a 3b 00 00
00 09 01 35 6c 65 61 70 3a 73 65 73 73 69 6f 6e
2d 6b 65 79 3d 97 32 d2 b0 29 d4 48 06 ec 45 e5
28 14 53 05 46 b7 4c 83 75 2d 46 49 45 49 86 8e
d1 f5 c0 3a eb df 81
Code:       Access-Accept
Identifier: 63
Authentic:  <228><169>i<170><148>f-<159>PT<150>g<152><255><198>K
Attributes:
        EAP-Message = 
<2><16><0>$<17><1><0><24><138><31><166>$<3><156><220><4>)<15><235><181><158>*<222><145><208><C.<1><188><13>yKarl
        Message-Authenticator = 
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
        cisco-avpair = 
"leap:session-key=<151>2<210><176>)<212>H<6><236>E<229>(<20>S<5>F<183>L<131>u-FIEI<134><142><209><245><192>:<235><223><129>"






- - - - - - - - - - - - - - - - - - - -
#Authentication Sucess
#---------------------------------
Wed Sep 17 15:23:02 2003:Karl::OK
Wed Sep 17 15:23:04 2003:Karl::OK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030917/e8aaa7a9/attachment.html>


More information about the radiator mailing list