(RADIATOR) Problems after authentication

Hugh Irvine hugh at open.com.au
Mon Sep 13 20:08:38 CDT 2004 

Hello Elena -

Radiator appears to be operating correctly, so I suspect a problem with  
the configuration of either the access point or the client.

regards

Hugh


On 13 Sep 2004, at 20:58, Elena Alcantud Perez wrote:

> Hi all,
>
>
> I am running Radiator for wireless authentication on windows XP, and  
> method chosen is TTLS (with Active Directory in my institutional  
> Windows 2000 server). The supplicant is SecureW2(Alfa-Ariss) and the  
> access points are Cisco Aironet 1100.
>
> My problem is that afer a right authentication the clients appears to  
> be asocciated to the access point (but is refgistered with ip address  
> 0.0.0.0!). Also, when i try the link test, no client is found. In  
> client monitor the message is "Sactisfactory authentication" and  
> network configuration seems ok.
>
> The user registered in the Directory have no restrictions (just for  
> test) and the IP is configurated static with a right address of my  
> network. Could be a problem of storing session keys in the access  
> point?
>
> Here is my radius.cnf:
> ----------------------------------------------------------------------- 
> ------------------------------------------------------------
> Foreground
> LogStdout
> LogDir		c:/Program Files/Radiator
> DbDir		c:/Program Files/Radiator
> Trace           4
>
> AuthPort 1812
> AcctPort 1813
> SocketQueueLength 1000000
> #RewriteUsername	s/^(.*)\\(.*)/$2\@$1/
>
>
> <Client DEFAULT>
>         Secret xxxxxx
>         DupInterval 0
> 	   DefaultRealm my_domain
>
> </Client>
>
>
>
> <Realm DEFAULT>
>
> 	# Strips the realm. You will want to do this if your database
> 	# contains usernames without realms
> 	RewriteUsername	s/^([^@]+).*/$1/
>
> 	MaxSessions	2
> 	AcctLogFileName	%L/detail
> 	WtmpFileName %L/wtmp
>
> 	<AuthLog FILE>
> 		Identifier myauthlogger
> 		Filename %L/authlog
> 		LogSuccess 1
> 		LogFailure 1
> 	</AuthLog>
>
> 	RejectHasReason
>
> <AuthBy LSA>
> 	Identifier LSA
>
> 	Domain my_domain
>
> 	EAPType                         TTLS, TLS
>
>      AddToReply  
> Reply-Message=hello,Service-Type=Framed-User,Framed-Protocol=PPP
> 	RcryptKey romea
>
>
>     EAPTLS_MaxFragmentSize          1000
>     EAPTLS_CAFile                   C:\Documents and  
> Settings\eap96l\Escritorio\certs\demoCA\cacert.pem
>     EAPTLS_CertificateType          PEM
>     EAPTLS_CertificateFile          C:\Documents and  
> Settings\eap96l\Escritorio\certs\radius.pem
>     EAPTLS_PrivateKeyFile           C:\Documents and  
> Settings\eap96l\Escritorio\certs\radius.pem
>     EAPTLS_PrivateKeyPassword       whatever
>     EAPTLS_RandomFile 			 C:\Documents and  
> Settings\eap96l\Escritorio\certs\random
>     EAPTLS_DHFile 			 C:\Documents and  
> Settings\eap96l\Escritorio\certs\dh
>     EAPTLS_SessionResumption 	 0
>     EAPAnonymous                	 anonymous
>     AutoMPPEKeys
>
> 	</AuthBy>
>
>
>
> </Realm>
>
> <Handler TunnelledByTTLS=1>
>     AuthBy LSA
> </Handler>
>
>
> This is the last part of the logfile (after tls negotiation):
> ----------------------------------------------------------------------- 
> -----------------------------------------------
>
> Mon Sep 13 09:33:41 2004: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Mon Sep 13 09:33:41 2004: DEBUG: Rewrote user name to anonymous
> Mon Sep 13 09:33:41 2004: DEBUG:  Deleting session for  
> anonymous at my_domain, nas-ip-address, 67
> Mon Sep 13 09:33:41 2004: DEBUG: Handling with Radius::AuthLSA: LSA
> Mon Sep 13 09:33:41 2004: DEBUG: Handling with EAP: code 2, 5, 87
> Mon Sep 13 09:33:41 2004: DEBUG: Response type 21
> Mon Sep 13 09:33:41 2004: DEBUG: EAP TTLS inner authentication request  
> for usuario at my_domain
> Mon Sep 13 09:33:41 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <214><237>b<188>Q<185>W<140><135><250>lXhbr\
> Attributes:
> 	User-Name = "usuario at my_domain"
> 	User-Password = "usuario"
>
> Mon Sep 13 09:33:41 2004: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Mon Sep 13 09:33:41 2004: DEBUG: Rewrote user name to usuario
> Mon Sep 13 09:33:41 2004: DEBUG:  Deleting session for  
> usuario at my_domain, nas-ip-address,
> Mon Sep 13 09:33:41 2004: DEBUG: Handling with Radius::AuthLSA: LSA
> Mon Sep 13 09:33:41 2004: DEBUG: Radius::AuthLSA looks for match with  
> usuario
> Mon Sep 13 09:33:41 2004: DEBUG: Radius::AuthLSA ACCEPT:
> Mon Sep 13 09:33:41 2004: DEBUG: Access accepted for usuario
> Mon Sep 13 09:33:41 2004: DEBUG: EAP result: 0, EAP TTLS inner  
> authentication redespatched to a Handler
> Mon Sep 13 09:33:41 2004: DEBUG: Access accepted for anonymous
> Mon Sep 13 09:33:41 2004: DEBUG: Packet dump:
> *** Sending to nas-ip-address port 1645 ....
> Code:       Access-Accept
> Identifier: 15
> Authentic:  <158>@<15>}Z<217><172><236><29><177><208>\%<168>S<132>
> Attributes:
> 	Service-Type = Framed-User
> 	Framed-Protocol = PPP
> 	Reply-Message = "hello"
> 	Reply-Message = "hello"
> 	MS-MPPE-Send-Key =  
> "<155>C<222><196>e<240><231><160><28>7{<3><142><138><149><20>5X<175><16 
> 1><251>?<150><221><216>; 
> <225>0l<17><172>~R<139><209>8<169><242><209><249><25><7><238>(X<137>q^% 
> <187>"
> 	MS-MPPE-Recv-Key =  
> "<242><163><234><<253><191><231><191><15>U<6><159>l<9><4><1><142>\<246> 
> $+<1>P<16><18>Q<175><172>](<4><221><145><249>e<132><132><252><127><131> 
> <148><196><222><2>M<208><216><217><245><220>"
> 	EAP-Message = <3><5><0><4>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Sep 13 11:58:14 2004: DEBUG: Reading users file c:/Program  
> Files/Radiator/users
> Mon Sep 13 11:58:14 2004: DEBUG: Finished reading configuration file  
> 'C:\Program Files\Radiator\radius.cfg'
> Mon Sep 13 11:58:14 2004: DEBUG: Reading dictionary file 'c:/Program  
> Files/Radiator/dictionary'
> Mon Sep 13 11:58:14 2004: DEBUG: Creating authentication port  
> 0.0.0.0:1812
> Mon Sep 13 11:58:14 2004: DEBUG: Creating accounting port 0.0.0.0:1813
> Mon Sep 13 11:58:14 2004: NOTICE: Server started: Radiator 3.9 on  
> r114pc157 (LOCKED)
> ----------------------------------------------------------------------- 
> -----------------------------------------------
>
> After searching info in the mailing list and the FAQ´s I have not  
> found anyone with the same problem. I am in a hurry,....Can anyone  
> help me??
>
> Thanks
>
> _________________________________________________________________
> Descarga gratis la Barra de Herramientas de MSN  
> http://www.msn.es/usuario/busqueda/barra? 
> XAPID=2031&DI=1055&SU=http%3A// 
> www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list