(RADIATOR) Problem with TTLS and AEGIS client

Roy Badami roy.badami at globalgraphics.com
Fri Aug 20 12:23:58 CDT 2004


I'm testing an eval version of Radiator 3.9 (with latest patches) and
trying to use TTLS/PAP against Odyssey and AEGIS supplicants.

The Odyssey Client 3.03 can authenticate fine (though an older OEM
Odyssey client was most unhappy),

But the AEGIS Client 2.2.0.28 usually fails to authenticate.  The
communication is characterised by long timeouts during which time the
AEGIS Client is repeatedly sending empty (ACK) EAP-TTLS messages.

Anyone seen this kind of behaviour before?  Is there a debug option
that will let me see the DIAMETER AVPs going back and forth in the
TTLS tunnel so I can see what's actually happening?

Incidentally, this is probably a red herring, but I noticed something
rather anomalous in the trace output.  When RADIATOR sends a TTLS ACK,
it logs it as follows:


Fri Aug 20 17:38:01 2004: DEBUG: Packet dump:
*** Sending to 172.16.19.117 port 21647 ....
Code:       Access-Challenge
Identifier: 173
Authentic:  .K+<173>q<170>o<203><15><166>v<31>O<181>Y<182>
Attributes:
        EAP-Message = <1><3><0><6><21> 
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Note the EAP message which claims to be six bytes long, but is
actually five (ie missing the final flags octet).  I haven't dug
deeper to see what it's actually putting in the RADIUS packet though.

       -roy

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list