(RADIATOR) Re: Problem authenticating
Mike McCauley
mikem at open.com.au
Wed Mar 10 19:10:02 CST 2004
Hi Hugh,
On Thu, 11 Mar 2004 10:50 am, Hugh Irvine wrote:
> Hello Antonio -
>
> This looks like a configuration problem with either or both of the
> Client and/or access point.
>
> The log shows a TTLS challenge, but a PEAP continuation.
>
> Radiator sends the PEAP challenge but nothing else arrives from the
> Client.
I think whats happening here is that Radiator initially offers TTLS, but then
the client asks for PEAP instead. Thats all OK and supported. But then
Radiator sends the first part of the server certificate, and we hear no more
from the client.
I suspect either that the packet size is too big for the AP, (in which case
they need to set EAPTLS_MaxFragmentSize smaller), or there is something
seriuosly wrong with the client (in which case they need to enable TLS
tracing in the client).
It is slightly possible that there is something broken/misconfigured in the
AP.
Cheers.
>
> regards
>
> Hugh
>
> On 11 Mar 2004, at 04:15, António Fernandes wrote:
> > Hello,
> >
> > I've set up Radiator 3.8 with RH7.3 (with OpenSSL 0.9.7c). When I try
> > to
> > authenticate with Windows XP SP1 and Cisco AP 1100 the following log
> > comes up (see attach). This is the FULL log.....
> >
> > I don't know what the problem is.... What do you suspect?
> >
> > Thank you,
> >
> > António Fernandes
> >
> >
> >
> > radius.cfg
> > -----------------------------------
> > LogStdout
> > LogDir /var/log/radius
> > DbDir /etc/radiator
> > Trace 4
> > <Client 192.168.1.230>
> > Secret NOTSECRET
> > Identifier LocalUser
> > </Client>
> > <AuthLog FILE>
> > Identifier LocalUser
> > Filename %L/LocalUsers.log
> > SuccessFormat %l:%T from %U at %N:OK
> > FailureFormat %l:%T from %U at %N:FAIL
> > LogSuccess 1
> > LogFailure 1
> > </AuthLog>
> >
> > <Handler TunneledByPEAP=1>
> > # RewriteUsername s/^([^@]+).*/$1/
> > <AuthBy FILE>
> > Filename %D/users
> > EAPType MSCHAP-V2
> > EAPTLS_PEAPVersion 0
> > # AddToReply User-Name=%u
> > </AuthBy>
> > </Handler>
> >
> > <Handler TunneledByTTLS=1>
> > AuthByPolicy ContinueUntilAccept
> > <AuthBy FILE>
> > Filename %D/users
> > # AddToReply User-Name=%u
> > </AuthBy>
> > </Handler>
> >
> > <Handler>
> > <AuthBy FILE>
> > Filename %D/usersanon
> > # EAPType PEAP,MSCHAP-V2
> > EAPType TTLS, PEAP
> > EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> > EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> > EAPTLS_CertificateType PEM
> > EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> > EAPTLS_PrivateKeyPassword whatever
> > # EAPTLS_MaxFragmentSize 1000
> > AutoMPPEKeys
> > </AuthBy>
> > </Handler>
> > -----------------------------------
> > <LOG>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list