(RADIATOR) Airport Extreme Base Station with EAP

Terry Simons galimore at mac.com
Fri Sep 10 11:08:35 CDT 2004


This isn't a problem with the extreme...

You don't have something installed correctly with Radiator.

You definitely don't have all of the pieces configured correctly.

The following configuration will enable TTLS and PEAP, and it does work 
with the Airport extreme.  If you still get the error messages about 
"response_identity" then I suspect you have something wrong with your 
installation.

LogDir          /usr/local/var/log/radius.log
LogFile         %L/logfile
DbDir           /etc/radiator
Trace           4

AuthPort 1812
AcctPort 1813

<Client 10.0.0.10>
         Secret *********
         DupInterval 0
</Client>

<AuthBy FILE>
     Identifier BY_FILE

     Filename                        %D/users
     EAPType                         TTLS PEAP MSCHAP-V2 LEAP TLS
     EAPTLS_MaxFragmentSize          1000
     EAPTLS_CAFile                   /etc/radiator/certs/root.pem
     EAPTLS_CertificateType          PEM
     EAPTLS_CertificateFile          /etc/radiator/certs/cert-srv.pem
     EAPTLS_PrivateKeyFile           /etc/radiator/certs/cert-srv.pem
     EAPTLS_PrivateKeyPassword       whatever

     EAPTLS_SessionResumption 0
     EAPAnonymous                %0

     # Needed for Mac OS X user support
     EAPTLS_PEAPVersion 0

     AutoMPPEKeys
</AuthBy>

<Handler TunnelledByPEAP=1>
     <AuthBy FILE>
         Filename %D/users

         EAPType MSCHAP-V2
     </AuthBy>
</Handler>

<Handler TunnelledByTTLS=1>
     AuthBy BY_FILE
</Handler>

<Handler>
      AuthBy BY_FILE
</Handler>


On Sep 10, 2004, at 8:39 AM, Robert Blayzor wrote:

> Can someone shed some light on how to setup an AirPort extreme base 
> station to use Radiator as the RADIUS server. (Enterprice WPA)
>
> I have the base station configured and it's sending requests to the 
> Radiator server.  I install all the mods I needed and I do see the 
> requests coming into Radiator, however, I'm not getting auth.
>
> This is what I see in the Radiator log file:
>
> Fri Sep 10 10:04:28 2004: ERR: Could not handle an EAP request: Can't 
> locate object method "response_identity" via package "Radius::EAP_25" 
> at Radius/EAP.pm line 138.
>
>
> This is what I have in my Radiator config for the Airport:
>
> <Client 10.0.0.10>
>         Identifier              Foo
>         Secret                  xxxxx
>         NasType                 ignore
> </Client>
>
> <Handler Client-Identifier = Foo>
>         <AuthBy FILE>
>                 Identifier      EAP-Users
>                 Filename        %D/eap-users
>                 EAPType         PEAP,TTLS,TLS,MD5
>         </AuthBy>
>         AcctLogFileName %L/detail
>         SessionDatabase Null-SDB
> </Handler>
>
>
> I know I'm probably missing more EAP stuff, but I can't find exactly 
> what the Airport Extremem needs.  Wondering if someone already has 
> this setup and can share, or if someone knows where I can look.
>
> I'm looking for the most simple configuration for EAP without getting 
> into certificates if I don't have to.
>
> TIA
>
> --
> Robert
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list