(RADIATOR) Re: Problem authenticating

Hugh Irvine hugh at open.com.au
Wed Mar 10 18:50:22 CST 2004 

Hello Antonio -

This looks like a configuration problem with either or both of the 
Client and/or access point.

The log shows a TTLS challenge, but a PEAP continuation.

Radiator sends the PEAP challenge but nothing else arrives from the 
Client.

regards

Hugh


On 11 Mar 2004, at 04:15, António Fernandes wrote:

> Hello,
>
> I've set up Radiator 3.8 with RH7.3 (with OpenSSL 0.9.7c). When I try 
> to
> authenticate with Windows XP SP1 and Cisco AP 1100 the following log
> comes up (see attach). This is the FULL log.....
>
> I don't know what the problem is.... What do you suspect?
>
> Thank you,
>
> António Fernandes
>
>
>
> radius.cfg
> -----------------------------------
> LogStdout
> LogDir          /var/log/radius
> DbDir           /etc/radiator
> Trace           4
> <Client 192.168.1.230>
>         Secret  NOTSECRET
>         Identifier LocalUser
> </Client>
> <AuthLog FILE>
>         Identifier LocalUser
>         Filename %L/LocalUsers.log
>         SuccessFormat %l:%T from %U at %N:OK
>         FailureFormat %l:%T from %U at %N:FAIL
>         LogSuccess 1
>         LogFailure 1
> </AuthLog>
>
> <Handler TunneledByPEAP=1>
> #       RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy FILE>
>                 Filename %D/users
>                 EAPType MSCHAP-V2
>                 EAPTLS_PEAPVersion 0
> #               AddToReply User-Name=%u
>         </AuthBy>
> </Handler>
>
> <Handler TunneledByTTLS=1>
>         AuthByPolicy ContinueUntilAccept
>         <AuthBy FILE>
>                 Filename %D/users
> #               AddToReply User-Name=%u
>         </AuthBy>
> </Handler>
>
> <Handler>
>         <AuthBy FILE>
>                 Filename %D/usersanon
> #               EAPType PEAP,MSCHAP-V2
>                 EAPType TTLS, PEAP
>                 EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>                 EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>                 EAPTLS_PrivateKeyPassword whatever
> #                EAPTLS_MaxFragmentSize 1000
>                 AutoMPPEKeys
>         </AuthBy>
> </Handler>
> -----------------------------------
> <LOG>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list