(RADIATOR) Problem with TTLS and AEGIS client

Hugh Irvine hugh at open.com.au
Sun Aug 22 17:19:39 CDT 2004


Hello Roy -

We will need to see a copy of your configuration file (no secrets) 
together with a more complete trace 4 debug showing the complete 
sequence of radius requests and the associated request processing.

regards

Hugh


On 21 Aug 2004, at 03:23, Roy Badami wrote:

>
> I'm testing an eval version of Radiator 3.9 (with latest patches) and
> trying to use TTLS/PAP against Odyssey and AEGIS supplicants.
>
> The Odyssey Client 3.03 can authenticate fine (though an older OEM
> Odyssey client was most unhappy),
>
> But the AEGIS Client 2.2.0.28 usually fails to authenticate.  The
> communication is characterised by long timeouts during which time the
> AEGIS Client is repeatedly sending empty (ACK) EAP-TTLS messages.
>
> Anyone seen this kind of behaviour before?  Is there a debug option
> that will let me see the DIAMETER AVPs going back and forth in the
> TTLS tunnel so I can see what's actually happening?
>
> Incidentally, this is probably a red herring, but I noticed something
> rather anomalous in the trace output.  When RADIATOR sends a TTLS ACK,
> it logs it as follows:
>
>
> Fri Aug 20 17:38:01 2004: DEBUG: Packet dump:
> *** Sending to 172.16.19.117 port 21647 ....
> Code:       Access-Challenge
> Identifier: 173
> Authentic:  .K+<173>q<170>o<203><15><166>v<31>O<181>Y<182>
> Attributes:
>         EAP-Message = <1><3><0><6><21>
>         Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Note the EAP message which claims to be six bytes long, but is
> actually five (ie missing the final flags octet).  I haven't dug
> deeper to see what it's actually putting in the RADIUS packet though.
>
>        -roy
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list