(RADIATOR) Peap authentication

Hugh Irvine hugh at open.com.au
Thu Jul 22 02:34:58 CDT 2004 

Hello Gonzalo -

I will need to see a more complete trace 4 debug showing the complete  
startup sequence and the whole exchange of radius requests.

I will also need to see a copy of your configuration file.

regards

Hugh


On 21 Jul 2004, at 22:46, Gonzalo Julián Bécares Fernández wrote:

>  
>  
> Hi,
>  
> I'm using Cisco ap Aironet 1100 and Radiator 3.9 with patch, triying  
> to authenticate
> with PEAP a windows XP SP1 client, but it doesn't seem to work.
>  
> I'm using eap_peap.cfg config file and I've installed  
> Net_SSLeay.pm-1.21, openssl 0.9.7c, Digest-HMAC and Digest-SHA1.
> This is what I see when I start radiusd:
>
>  
> Tue Jul 20 09:13:40 2004: DEBUG: Reading users file ./users
> Tue Jul 20 09:13:40 2004: DEBUG: Reading users file ./users
> Tue Jul 20 09:13:40 2004: DEBUG: Finished reading configuration file  
> 'goodies/eap_peap.cfg'
> Tue Jul 20 09:13:40 2004: DEBUG: Reading dictionary file './dictionary'
> Tue Jul 20 09:13:40 2004: DEBUG: Creating authentication port  
> 0.0.0.0:1645
> Tue Jul 20 09:13:40 2004: DEBUG: Creating accounting port 0.0.0.0:1646
> Tue Jul 20 09:13:40 2004: NOTICE: Server started: Radiator 3.9 on  
> echelon
>  
> I've imported root.der and cert-clt.p12 to windows client. This is  
> logfile:
>  
> Tue Jul 20 10:48:57 2004: DEBUG: Packet dump:
> *** Received from 192.168.0.113 port 21652 ....
> Code:       Access-Request
> Identifier: 143
> Authentic:  <192><186><148><226><154><24><201>^<230>\<144><0>?<23><31>s
> Attributes:
>         User-Name = "fred"
>         Framed-MTU = 1400
>         Called-Station-Id = "0040.96a0.0f68"
>         Calling-Station-Id = "0004.2393.ed3b"
>         Service-Type = Login-User
>         Message-Authenticator =  
> $}<251>;<226><10><244>5.<190>F<191><239><145><223><228>
>         EAP-Message =  
> <2><184><0><29><25><0><23><3><1><0><18><182><189><6><4>~\<253><194><169 
> ><183><232><176><212><2><205><253><2><>
>         NAS-Port-Type = Wireless-IEEE-802-11
>         NAS-Port = 91
>         NAS-IP-Address = 192.168.0.113
>         NAS-Identifier = "ap_despacho"
>  
> Tue Jul 20 10:48:57 2004: DEBUG: Handling request with Handler ''
> Tue Jul 20 10:48:57 2004: DEBUG:  Deleting session for fred,  
> 192.168.0.113, 91
> Tue Jul 20 10:48:57 2004: DEBUG: Handling with Radius::AuthFILE:
>  Tue Jul 20 10:48:57 2004: DEBUG: Handling with EAP: code 2, 184, 29
> Tue Jul 20 10:48:57 2004: DEBUG: Response type 25
> Tue Jul 20 10:48:57 2004: DEBUG: EAP PEAP inner authentication request  
> for anonymous
> Tue Jul 20 10:48:57 2004: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <181><147><219>~<16><10><<145><241>  
> <201>><196><240><146><3>
> Attributes:
>         EAP-Message = <2><184><0><2><3><26>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>         User-Name = "anonymous"
>         NAS-IP-Address = 192.168.0.113
>         NAS-Identifier = "ap_despacho"
>         NAS-Port = 91
>         Calling-Station-Id = "0004.2393.ed3b"
>  
> Tue Jul 20 10:48:57 2004: DEBUG: Handling request with Handler  
> 'TunnelledByPEAP=1'
> Tue Jul 20 10:48:57 2004: DEBUG:  Deleting session for ,  
> 192.168.0.113, 91
> Tue Jul 20 10:48:57 2004: DEBUG: Handling with Radius::AuthFILE:
>  Tue Jul 20 10:48:57 2004: DEBUG: Handling with EAP: code 2, 184, 2
> Tue Jul 20 10:48:57 2004: DEBUG: Response type 3
> Tue Jul 20 10:48:57 2004: INFO: EAP Nak desires type 26
> Tue Jul 20 10:48:57 2004: ERR: Could not handle an EAP request: Can't  
> locate object method "response_identity" via package "Radius:.
>  
> Tue Jul 20 10:48:57 2004: INFO: Access rejected for anonymous: Could  
> not handle an EAP request
> Tue Jul 20 10:48:57 2004: DEBUG: EAP result: 3, EAP PEAP inner  
> authentication redespatched to a Handler
> Tue Jul 20 10:48:57 2004: DEBUG: Access challenged for fred: EAP PEAP  
> inner authentication redespatched to a Handler
> Tue Jul 20 10:48:57 2004: DEBUG: Packet dump:
> *** Sending to 192.168.0.113 port 21652 ....
> Code:       Access-Challenge
> Identifier: 143
> Authentic:  <192><186><148><226><154><24><201>^<230>\<144><0>?<23><31>s
> Attributes:
>         EAP-Message =  
> <1><185><0>&<25><0><23><3><1><0><27>j<26>l<7>9<29>34<164>A<237>o<20><14 
> 9><162><26><157><192>Y}<226>4p<142><13>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>  
> I've read in the list something about this problem, but the solution  
> suggested was the installation of perl modules required, thing
> I've done actually.
>  
> Some idea?
>  
> Thanks,
>  
> Gonzalo
>  
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list