(RADIATOR) Accelerating Authentication Process

Denis Pavani d.pavani at cineca.it
Thu Sep 18 02:44:50 CDT 2003 

Well, I use Cisco Aironet 340 and  I got a quite slow authentication, 
too. But looking interactively at radius.log I see auth request coming late.
So, it's the AP slow in processing EAP requests.
Could you check that?

Bye

kpracher at bsr.at wrote:

>
> Hi!
>
> I set up and configured Radiator so that it works just fine. My Users 
> are working on MS-DOS- and WinCE-based WLAN devices which are 
> installed on fork-lift truck. They are driving around in a big storage 
> hall where some Cisco access points are installed.
>
> When the users are moving around, they are roamed between the 
> different access points, where they are authenticated each time. But 
> the authentication process takes about 3 seconds and that is much to 
> long. Do I have the opportunity to accelerate the authentication 
> process or is there a way to tell the "next" access point that one 
> user has been authenticated on another access point.
>
> Following I attach my configuration and the logfiles for the 
> authentication on one access point. What makes me wondering a bit and 
> also takes a lot of time is, that I have been authenticated two times, 
> but I only loged in once (I am quite sure about that)
>
> I hope someone can help me.
>
> Thanks
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> - - - - - - - - -
> #Configuration for Radiator Radius Server Demo 3.6
> #OS : Linux
> #--------------------------------------------------------------------------- 
>
>
> Foreground
> LogStdout
> Trace 4
>
> AuthPort 1812
> AcctPort 1813
>
> LogDir /etc/radiator/logs
> LogFile %L/Logfile_%Y%m%d
>
> DbDir /etc/radiator/confs
> DictionaryFile %D/dictionary
>
> <Client 192.168.1.180>
>         Secret xxx
>         PacketTrace
>         IgnoreAcctSignature
> </Client>
>
> <Realm DEFAULT>
>         <AuthBy FILE>
>                 Filename %D/users
>                 RejectEmptyPassword
>                 EAPType LEAP
>         </AuthBy>
>
>         <AuthLog FILE>
>                 Filename %L/Authlog_%Y%m%d
>                 LogSuccess 1
>                 LogFailure 1
>         </AuthLog>
>
>         AcctLogFileName        %L/Acctlog_%Y%m%d
>
>         PacketTrace
> </Realm>
>
> <Monitor>
>         Port xxxx
>         Clients 127.0.0.1
>         Username xxx
>         Password xxx
> </Monitor>
>
>
>
>
>
>
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> - - -
> #Logfile of Radiator Radius Server Demo 3.6
> #----------------------------------------------------------------
>
> Wed Sep 17 15:22:59 2003: DEBUG: Packet dump:
> *** Received from 192.168.1.180 port 1085 ....
> Code:       Access-Request
> Identifier: 61
> Authentic:  <200>#<154>_V<240><132><175><17><217>X<208>)<179><199>m
> Attributes:
>         User-Name = "Karl"
>         cisco-avpair = "ssid=xxx"
>         NAS-IP-Address = 192.168.1.180
>         Called-Station-Id = "000d28240a8a"
>         Calling-Station-Id = "000bfd92f6e3"
>         NAS-Identifier = "AP1200"
>         NAS-Port = 37
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Service-Type = Login-User
>         EAP-Message = <2><15><0><9><1>Karl
>         Message-Authenticator = 
> <244><150><165><16><251>(<193><5><146>h5{R<189><13><132>
>
> Wed Sep 17 15:23:00 2003: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
> Wed Sep 17 15:23:00 2003: DEBUG:  Deleting session for Karl, 
> 192.168.1.180, 37
> Wed Sep 17 15:23:00 2003: DEBUG: Handling with Radius::AuthFILE:
> Wed Sep 17 15:23:00 2003: DEBUG: Handling with EAP: code 2, 15, 9
> Wed Sep 17 15:23:00 2003: DEBUG: Response type 1
> Wed Sep 17 15:23:00 2003: DEBUG: Access challenged for Karl: EAP LEAP 
> Challenge
> Wed Sep 17 15:23:01 2003: DEBUG: Packet dump:
> *** Sending to 192.168.1.180 port 1085 ....
>
> Packet length = 60
> 0b 3d 00 3c 23 f6 81 58 b3 5a 3b f2 5a bb 74 b1
> 38 f6 02 1a 4f 16 01 10 00 14 11 01 00 08 3c 7b
> 62 65 b1 e1 21 5e 4b 61 72 6c 50 12 b6 29 11 f4
> 76 3a a6 16 11 5e 5c 4e 43 33 62 57
> Code:       Access-Challenge
> Identifier: 61
> Authentic:  <200>#<154>_V<240><132><175><17><217>X<208>)<179><199>m
> Attributes:
>         EAP-Message = <1><16><0><20><17><1><0><8><{be<177><225>!^Karl
>         Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Sep 17 15:23:01 2003: DEBUG: Packet dump:
> *** Received from 192.168.1.180 port 1086 ....
> Code:       Access-Request
> Identifier: 62
> Authentic:  <16>C<4>~<211><207>#I7z<31>h<128><218>Dg
> Attributes:
>         User-Name = "Karl"
>         cisco-avpair = "ssid=xxx"
>         NAS-IP-Address = 192.168.1.180
>         Called-Station-Id = "000d28240a8a"
>         Calling-Station-Id = "000bfd92f6e3"
>         NAS-Identifier = "AP1200"
>         NAS-Port = 37
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Service-Type = Login-User
>         EAP-Message = 
> <2><16><0>$<17><1><0><24>A.B<2><242>(W<15><242><221><156><157><195><12><168><253><158><127><163><2>jR<212><146>Karl 
>
>         Message-Authenticator = 
> $<153><175><222><177>9<140>[<172>Eo><25>x<22><145>
>
> Wed Sep 17 15:23:02 2003: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
> Wed Sep 17 15:23:02 2003: DEBUG:  Deleting session for Karl, 
> 192.168.1.180, 37
> Wed Sep 17 15:23:02 2003: DEBUG: Handling with Radius::AuthFILE:
> Wed Sep 17 15:23:02 2003: DEBUG: Handling with EAP: code 2, 16, 36
> Wed Sep 17 15:23:02 2003: DEBUG: Response type 17
> Wed Sep 17 15:23:02 2003: DEBUG: Radius::AuthFILE looks for match with 
> Karl
> Wed Sep 17 15:23:02 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Wed Sep 17 15:23:02 2003: DEBUG: Access accepted for Karl
> Wed Sep 17 15:23:03 2003: DEBUG: Packet dump:
> *** Sending to 192.168.1.180 port 1086 ....
>
> Packet length = 44
> 02 3e 00 2c 04 7f 46 81 e3 13 20 19 7e 46 e6 61
> 67 bf 18 61 4f 06 03 10 00 04 50 12 c6 03 fa 3b
> fe 57 6d 8e fc 91 3e e7 17 bc e2 dc
> Code:       Access-Accept
> Identifier: 62
> Authentic:  <16>C<4>~<211><207>#I7z<31>h<128><218>Dg
> Attributes:
>         EAP-Message = <3><16><0><4>
>         Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Sep 17 15:23:03 2003: DEBUG: Packet dump:
> *** Received from 192.168.1.180 port 1087 ....
> Code:       Access-Request
> Identifier: 63
> Authentic:  <228><169>i<170><148>f-<159>PT<150>g<152><255><198>K
> Attributes:
>         User-Name = "Karl"
>         cisco-avpair = "ssid=xxx"
>         NAS-IP-Address = 192.168.1.180
>         Called-Station-Id = "000d28240a8a"
>         Calling-Station-Id = "000bfd92f6e3"
>         NAS-Identifier = "AP1200"
>         NAS-Port = 37
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Service-Type = Login-User
>         EAP-Message = 
> <1><16><0><20><17><1><0><8><202><224><144><140>'y<234><10>Karl
>         Message-Authenticator = 
> "<-<169><205>5<215><13>+/<8><238><208><6><224><211>
>
> Wed Sep 17 15:23:03 2003: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
> Wed Sep 17 15:23:03 2003: DEBUG:  Deleting session for Karl, 
> 192.168.1.180, 37
> Wed Sep 17 15:23:04 2003: DEBUG: Handling with Radius::AuthFILE:
> Wed Sep 17 15:23:04 2003: DEBUG: Handling with EAP: code 1, 16, 20
> Wed Sep 17 15:23:04 2003: DEBUG: EAP Request 17
> Wed Sep 17 15:23:04 2003: DEBUG: Radius::AuthFILE looks for match with 
> Karl
> Wed Sep 17 15:23:04 2003: DEBUG: Radius::AuthFILE ACCEPT:
> Wed Sep 17 15:23:04 2003: DEBUG: Access accepted for Karl
> Wed Sep 17 15:23:05 2003: DEBUG: Packet dump:
> *** Sending to 192.168.1.180 port 1087 ....
>
> Packet length = 135
> 02 3f 00 87 32 fd be 57 c9 ad d2 bb b0 f2 c2 d6
> f0 ba 1c 77 4f 26 02 10 00 24 11 01 00 18 8a 1f
> a6 24 03 9c dc 04 29 0f eb b5 9e 2a de 91 d0 3c
> 43 2e 01 bc 0d 79 4b 61 72 6c 50 12 70 26 65 15
> 24 93 79 96 6f 50 e0 85 be 10 d5 00 1a 3b 00 00
> 00 09 01 35 6c 65 61 70 3a 73 65 73 73 69 6f 6e
> 2d 6b 65 79 3d 97 32 d2 b0 29 d4 48 06 ec 45 e5
> 28 14 53 05 46 b7 4c 83 75 2d 46 49 45 49 86 8e
> d1 f5 c0 3a eb df 81
> Code:       Access-Accept
> Identifier: 63
> Authentic:  <228><169>i<170><148>f-<159>PT<150>g<152><255><198>K
> Attributes:
>         EAP-Message = 
> <2><16><0>$<17><1><0><24><138><31><166>$<3><156><220><4>)<15><235><181><158>*<222><145><208><C.<1><188><13>yKarl 
>
>         Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>         cisco-avpair = 
> "leap:session-key=<151>2<210><176>)<212>H<6><236>E<229>(<20>S<5>F<183>L<131>u-FIEI<134><142><209><245><192>:<235><223><129>" 
>
>
>
>
>
>
>
> - - - - - - - - - - - - - - - - - - - -
> #Authentication Sucess
> #---------------------------------
> Wed Sep 17 15:23:02 2003:Karl::OK
> Wed Sep 17 15:23:04 2003:Karl::OK 


-- 
************************************************************************
Denis Pavani

CINECA    -    Comunicazioni e Sistemi Distribuiti
NOC - Network Operations Center

phone:+39 0516171953 / fax:+39 0516132198
http://www.cineca.it
************************************************************************
 "Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
  -- Gunny Highway 


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list