(RADIATOR) EAP authorization problem

Michal Marciniszyn mmarciniszyn at gity.cz
Tue Aug 2 01:51:39 CDT 2005 

Hello,

I have problem with Radiator when I turn on EAP authorization. When I 
try to connect using AEGIS client, it is OK as long as I use 
EAP-TTLS/PAP authorization. With EAP-PEAP/GTC authorization ends with an 
error. With client shipped with Intel 2200 BG cards EAP-PEAP/GTC ends 
with an error too.

I include config file and logs:
Radius configuration:
<AuthBy LDAP2>
        Identifier      CheckLDAP

        Host            10.24.4.11
        Port            636

        AuthDN          cn=tstois1,ou=ict,ou=hsp,o=edu
        AuthPassword    XXXXXX


        BaseDN          o=edu
        UsernameAttr    uid
        ServerChecksPassword

        EAPType         PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge,PAP,GTC

        EAPTLS_MaxFragmentSize 1000
        EAPTLS_CAFile /etc/radiator/certs/demoCA/cacert.pem
        EAPTLS_CertificateType PEM
        EAPTLS_CertificateFile /etc/radiator/certs/cert-srv.pem
        EAPTLS_PrivateKeyFile /etc/radiator/certs/cert-srv.pem
        EAPTLS_PrivateKeyPassword whatever
        EAPTLS_MaxFragmentSize 2048
        AutoMPPEKeys
#       EAPTLS_PEAPBrokenV1Label
#       EAPTLS_PEAPVersion 0

        SSLeayTrace 4

        UseSSL
        SSLCAFile               /etc/radiator/edu1.pem

        HoldServerConnection
        Timeout                 2
        FailureBackoffTime      30
        Version 3
</AuthBy>

<Handler>
        AuthBy CheckLDAP
        AuthLog file_log
</Handler>


Intel error:
Code:       Access-Request
Identifier: 166
Authentic:  R1R1R1R1R1R1R1R1
Attributes:
        NAS-IP-Address = 10.24.1.128
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 10
        Framed-MTU = 1400
        User-Name = "tstois3"
        Calling-Station-Id = "000cf15b5c8d"
        Called-Station-Id = "0001f439b7d6"
        NAS-Identifier = "RoamAbout AP"
        EAP-Message = <2><7><0><6><21><0>
        Message-Authenticator = 
<205><22><215><249>W<29>y<223><223><163><238><251><162><24>>,

Mon Aug  1 13:48:50 2005: DEBUG: Handling request with Handler ''
Mon Aug  1 13:48:50 2005: DEBUG:  Deleting session for tstois3, 
10.24.1.128, 10
Mon Aug  1 13:48:50 2005: DEBUG: Handling with Radius::AuthLDAP2: CheckLDAP
Mon Aug  1 13:48:50 2005: DEBUG: Handling with EAP: code 2, 7, 6
Mon Aug  1 13:48:50 2005: DEBUG: Response type 21
Mon Aug  1 13:48:50 2005: DEBUG: EAP result: 2, EAP TTLS Nothing to read 
or write
Mon Aug  1 13:48:50 2005: DEBUG: AuthBy LDAP2 result: IGNORE, EAP TTLS 
Nothing to read or write
Mon Aug  1 13:48:52 2005: DEBUG: Packet dump:
*** Received from 10.24.1.128 port 2210 ....

Packet length = 121
01 a6 00 79 52 31 52 31 52 31 52 31 52 31 52 31
52 31 52 31 04 06 0a 18 01 80 3d 06 00 00 00 13
05 06 00 00 00 0a 0c 06 00 00 05 78 01 09 74 73
74 6f 6

I lost end of AEGIS error, but it ends with peap error...

Michal Marciniszyn

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list