(RADIATOR) Peap authentication

Gonzalo Julián Bécares Fernández gonzalo at ya.com
Wed Jul 21 07:46:52 CDT 2004


Mensaje

Hi,

I'm using Cisco ap Aironet 1100 and Radiator 3.9 with patch, triying to authenticate
with PEAP a windows XP SP1 client, but it doesn't seem to work.

I'm using eap_peap.cfg config file and I've installed Net_SSLeay.pm-1.21, openssl 0.9.7c, Digest-HMAC and Digest-SHA1.
This is what I see when I start radiusd:

Tue Jul 20 09:13:40 2004: DEBUG: Reading users file ./users
Tue Jul 20 09:13:40 2004: DEBUG: Reading users file ./users
Tue Jul 20 09:13:40 2004: DEBUG: Finished reading configuration file 'goodies/eap_peap.cfg'
Tue Jul 20 09:13:40 2004: DEBUG: Reading dictionary file './dictionary'
Tue Jul 20 09:13:40 2004: DEBUG: Creating authentication port 0.0.0.0:1645
Tue Jul 20 09:13:40 2004: DEBUG: Creating accounting port 0.0.0.0:1646
Tue Jul 20 09:13:40 2004: NOTICE: Server started: Radiator 3.9 on echelon

I've imported root.der and cert-clt.p12 to windows client. This is logfile:

Tue Jul 20 10:48:57 2004: DEBUG: Packet dump:
*** Received from 192.168.0.113 port 21652 ....
Code:       Access-Request
Identifier: 143
Authentic:  <192><186><148><226><154><24><201>^<230>\<144><0>?<23><31>s
Attributes:
        User-Name = "fred"
        Framed-MTU = 1400
        Called-Station-Id = "0040.96a0.0f68"
        Calling-Station-Id = "0004.2393.ed3b"
        Service-Type = Login-User
        Message-Authenticator = $}<251>;<226><10><244>5.<190>F<191><239><145><223><228>
        EAP-Message = <2><184><0><29><25><0><23><3><1><0><18><182><189><6><4>~\<253><194><169><183><232><176><212><2><205><253><2><>
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 91
        NAS-IP-Address = 192.168.0.113
        NAS-Identifier = "ap_despacho"

Tue Jul 20 10:48:57 2004: DEBUG: Handling request with Handler ''
Tue Jul 20 10:48:57 2004: DEBUG:  Deleting session for fred, 192.168.0.113, 91
Tue Jul 20 10:48:57 2004: DEBUG: Handling with Radius::AuthFILE: 
Tue Jul 20 10:48:57 2004: DEBUG: Handling with EAP: code 2, 184, 29
Tue Jul 20 10:48:57 2004: DEBUG: Response type 25
Tue Jul 20 10:48:57 2004: DEBUG: EAP PEAP inner authentication request for anonymous
Tue Jul 20 10:48:57 2004: DEBUG: PEAP Tunnelled request Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <181><147><219>~<16><10><<145><241> <201>><196><240><146><3>
Attributes:
        EAP-Message = <2><184><0><2><3><26>
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
        User-Name = "anonymous"
        NAS-IP-Address = 192.168.0.113
        NAS-Identifier = "ap_despacho"
        NAS-Port = 91
        Calling-Station-Id = "0004.2393.ed3b"

Tue Jul 20 10:48:57 2004: DEBUG: Handling request with Handler 'TunnelledByPEAP=1'
Tue Jul 20 10:48:57 2004: DEBUG:  Deleting session for , 192.168.0.113, 91
Tue Jul 20 10:48:57 2004: DEBUG: Handling with Radius::AuthFILE: 
Tue Jul 20 10:48:57 2004: DEBUG: Handling with EAP: code 2, 184, 2
Tue Jul 20 10:48:57 2004: DEBUG: Response type 3
Tue Jul 20 10:48:57 2004: INFO: EAP Nak desires type 26
Tue Jul 20 10:48:57 2004: ERR: Could not handle an EAP request: Can't locate object method "response_identity" via package "Radius:.

Tue Jul 20 10:48:57 2004: INFO: Access rejected for anonymous: Could not handle an EAP request
Tue Jul 20 10:48:57 2004: DEBUG: EAP result: 3, EAP PEAP inner authentication redespatched to a Handler
Tue Jul 20 10:48:57 2004: DEBUG: Access challenged for fred: EAP PEAP inner authentication redespatched to a Handler
Tue Jul 20 10:48:57 2004: DEBUG: Packet dump:
*** Sending to 192.168.0.113 port 21652 ....
Code:       Access-Challenge
Identifier: 143
Authentic:  <192><186><148><226><154><24><201>^<230>\<144><0>?<23><31>s
Attributes:
        EAP-Message = <1><185><0>&<25><0><23><3><1><0><27>j<26>l<7>9<29>34<164>A<237>o<20><149><162><26><157><192>Y}<226>4p<142><13>
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

I've read in the list something about this problem, but the solution suggested was the installation of perl modules required, thing
I've done actually.

Some idea?

Thanks,

Gonzalo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040721/13f3fa90/attachment.html>


More information about the radiator mailing list