(RADIATOR) Help getting EAP-TTLS working with HP 420 & Linksys WPC54G

Mike McCauley mikem at open.com.au
Fri Aug 27 19:08:42 CDT 2004


Hello Jennifer,

thanks for your complete description of the problem and the logs.

It seems that Radiator is sending the first part of the server certificate 
back to the clinet, but hte clinet never acknowledges it. After about a 
minute, the clinet tries again to initiate TTLS.

This is _probably_ a client misconfiguration problem, and you should look to 
the clinet log files to investigate further, but there is one other 
possibility: that the long Radius request that holds the first part of the 
certificate is too long for your AP. You could try limiting the max fragment 
size in the outer handler with something like:

EAPTLS_MaxFragmentSize 800

Hope that helps.
Cheers.


On Saturday 28 August 2004 09:53, Jennifer Mehl wrote:
> Hi Radiator List folks,
>
> I'm trying to set up the following:
>
> Radiator 3.9 (RHL)
> HP 420 Wireless Access Point
> Linksys WPC54G Wireless client card (802.11g)
> 802.1x using TKIP or AES multicast cipher
> w/ EAP-TTLS with demo CA and certs, and PAP inner auth
> to flat file for anonymous outer auth
> to LDAPv2 (openLDAP) for inner auth (password stored in SHA one-way hash)
>
> However, it seems like the Challenge is being sent to the wireless
> client but it is never replied to, finally ending in log entry "EAP TTLS
> nothing to read or write."
>
> Eventually I would like to get PEAP - EAP GTC working as well, but
> that's for another day.
>
> I would really appreciate some assistance on this.  Relevant config and
> log files below (minus secrets and IP addresses).
>
> thanks everyone,
> Jennifer

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list