(RADIATOR) Problems after authentication
Elena Alcantud Perez
ealcantud at hotmail.com
Mon Sep 13 05:58:05 CDT 2004
Hi all,
I am running Radiator for wireless authentication on windows XP, and method
chosen is TTLS (with Active Directory in my institutional Windows 2000
server). The supplicant is SecureW2(Alfa-Ariss) and the access points are
Cisco Aironet 1100.
My problem is that afer a right authentication the clients appears to be
asocciated to the access point (but is refgistered with ip address
0.0.0.0!). Also, when i try the link test, no client is found. In client
monitor the message is "Sactisfactory authentication" and network
configuration seems ok.
The user registered in the Directory have no restrictions (just for test)
and the IP is configurated static with a right address of my network. Could
be a problem of storing session keys in the access point?
Here is my radius.cnf:
-----------------------------------------------------------------------------------------------------------------------------------
Foreground
LogStdout
LogDir c:/Program Files/Radiator
DbDir c:/Program Files/Radiator
Trace 4
AuthPort 1812
AcctPort 1813
SocketQueueLength 1000000
#RewriteUsername s/^(.*)\\(.*)/$2\@$1/
<Client DEFAULT>
Secret xxxxxx
DupInterval 0
DefaultRealm my_domain
</Client>
<Realm DEFAULT>
# Strips the realm. You will want to do this if your database
# contains usernames without realms
RewriteUsername s/^([^@]+).*/$1/
MaxSessions 2
AcctLogFileName %L/detail
WtmpFileName %L/wtmp
<AuthLog FILE>
Identifier myauthlogger
Filename %L/authlog
LogSuccess 1
LogFailure 1
</AuthLog>
RejectHasReason
<AuthBy LSA>
Identifier LSA
Domain my_domain
EAPType TTLS, TLS
AddToReply
Reply-Message=hello,Service-Type=Framed-User,Framed-Protocol=PPP
RcryptKey romea
EAPTLS_MaxFragmentSize 1000
EAPTLS_CAFile C:\Documents and
Settings\eap96l\Escritorio\certs\demoCA\cacert.pem
EAPTLS_CertificateType PEM
EAPTLS_CertificateFile C:\Documents and
Settings\eap96l\Escritorio\certs\radius.pem
EAPTLS_PrivateKeyFile C:\Documents and
Settings\eap96l\Escritorio\certs\radius.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_RandomFile C:\Documents and
Settings\eap96l\Escritorio\certs\random
EAPTLS_DHFile C:\Documents and Settings\eap96l\Escritorio\certs\dh
EAPTLS_SessionResumption 0
EAPAnonymous anonymous
AutoMPPEKeys
</AuthBy>
</Realm>
<Handler TunnelledByTTLS=1>
AuthBy LSA
</Handler>
This is the last part of the logfile (after tls negotiation):
----------------------------------------------------------------------------------------------------------------------
Mon Sep 13 09:33:41 2004: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Sep 13 09:33:41 2004: DEBUG: Rewrote user name to anonymous
Mon Sep 13 09:33:41 2004: DEBUG: Deleting session for anonymous at my_domain,
nas-ip-address, 67
Mon Sep 13 09:33:41 2004: DEBUG: Handling with Radius::AuthLSA: LSA
Mon Sep 13 09:33:41 2004: DEBUG: Handling with EAP: code 2, 5, 87
Mon Sep 13 09:33:41 2004: DEBUG: Response type 21
Mon Sep 13 09:33:41 2004: DEBUG: EAP TTLS inner authentication request for
usuario at my_domain
Mon Sep 13 09:33:41 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <214><237>b<188>Q<185>W<140><135><250>lXhbr\
Attributes:
User-Name = "usuario at my_domain"
User-Password = "usuario"
Mon Sep 13 09:33:41 2004: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Sep 13 09:33:41 2004: DEBUG: Rewrote user name to usuario
Mon Sep 13 09:33:41 2004: DEBUG: Deleting session for usuario at my_domain,
nas-ip-address,
Mon Sep 13 09:33:41 2004: DEBUG: Handling with Radius::AuthLSA: LSA
Mon Sep 13 09:33:41 2004: DEBUG: Radius::AuthLSA looks for match with
usuario
Mon Sep 13 09:33:41 2004: DEBUG: Radius::AuthLSA ACCEPT:
Mon Sep 13 09:33:41 2004: DEBUG: Access accepted for usuario
Mon Sep 13 09:33:41 2004: DEBUG: EAP result: 0, EAP TTLS inner
authentication redespatched to a Handler
Mon Sep 13 09:33:41 2004: DEBUG: Access accepted for anonymous
Mon Sep 13 09:33:41 2004: DEBUG: Packet dump:
*** Sending to nas-ip-address port 1645 ....
Code: Access-Accept
Identifier: 15
Authentic: <158>@<15>}Z<217><172><236><29><177><208>\%<168>S<132>
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Reply-Message = "hello"
Reply-Message = "hello"
MS-MPPE-Send-Key =
"<155>C<222><196>e<240><231><160><28>7{<3><142><138><149><20>5X<175><161><251>?<150><221><216>;<225>0l<17><172>~R<139><209>8<169><242><209><249><25><7><238>(X<137>q^%<187>"
MS-MPPE-Recv-Key =
"<242><163><234><<253><191><231><191><15>U<6><159>l<9><4><1><142>\<246>$+<1>P<16><18>Q<175><172>](<4><221><145><249>e<132><132><252><127><131><148><196><222><2>M<208><216><217><245><220>"
EAP-Message = <3><5><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Sep 13 11:58:14 2004: DEBUG: Reading users file c:/Program
Files/Radiator/users
Mon Sep 13 11:58:14 2004: DEBUG: Finished reading configuration file
'C:\Program Files\Radiator\radius.cfg'
Mon Sep 13 11:58:14 2004: DEBUG: Reading dictionary file 'c:/Program
Files/Radiator/dictionary'
Mon Sep 13 11:58:14 2004: DEBUG: Creating authentication port 0.0.0.0:1812
Mon Sep 13 11:58:14 2004: DEBUG: Creating accounting port 0.0.0.0:1813
Mon Sep 13 11:58:14 2004: NOTICE: Server started: Radiator 3.9 on r114pc157
(LOCKED)
----------------------------------------------------------------------------------------------------------------------
After searching info in the mailing list and the FAQ´s I have not found
anyone with the same problem. I am in a hurry,....Can anyone help me??
Thanks
_________________________________________________________________
Descarga gratis la Barra de Herramientas de MSN
http://www.msn.es/usuario/busqueda/barra?XAPID=2031&DI=1055&SU=http%3A//www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list