(RADIATOR) EAP authorization problem

Hugh Irvine hugh at open.com.au
Tue Aug 2 02:59:34 CDT 2005


Hello Michal -

It looks like there is something else happening earlier in the debug  
output.

Could you please send me the complete debug log including the  
Radiator startup messages so we can see what is happening?

regards

Hugh


On 2 Aug 2005, at 16:51, Michal Marciniszyn wrote:

> Hello,
>
> I have problem with Radiator when I turn on EAP authorization. When  
> I try to connect using AEGIS client, it is OK as long as I use EAP- 
> TTLS/PAP authorization. With EAP-PEAP/GTC authorization ends with  
> an error. With client shipped with Intel 2200 BG cards EAP-PEAP/GTC  
> ends with an error too.
>
> I include config file and logs:
> Radius configuration:
> <AuthBy LDAP2>
>        Identifier      CheckLDAP
>
>        Host            10.24.4.11
>        Port            636
>
>        AuthDN          cn=tstois1,ou=ict,ou=hsp,o=edu
>        AuthPassword    XXXXXX
>
>
>        BaseDN          o=edu
>        UsernameAttr    uid
>        ServerChecksPassword
>
>        EAPType         PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5- 
> Challenge,PAP,GTC
>
>        EAPTLS_MaxFragmentSize 1000
>        EAPTLS_CAFile /etc/radiator/certs/demoCA/cacert.pem
>        EAPTLS_CertificateType PEM
>        EAPTLS_CertificateFile /etc/radiator/certs/cert-srv.pem
>        EAPTLS_PrivateKeyFile /etc/radiator/certs/cert-srv.pem
>        EAPTLS_PrivateKeyPassword whatever
>        EAPTLS_MaxFragmentSize 2048
>        AutoMPPEKeys
> #       EAPTLS_PEAPBrokenV1Label
> #       EAPTLS_PEAPVersion 0
>
>        SSLeayTrace 4
>
>        UseSSL
>        SSLCAFile               /etc/radiator/edu1.pem
>
>        HoldServerConnection
>        Timeout                 2
>        FailureBackoffTime      30
>        Version 3
> </AuthBy>
>
> <Handler>
>        AuthBy CheckLDAP
>        AuthLog file_log
> </Handler>
>
>
> Intel error:
> Code:       Access-Request
> Identifier: 166
> Authentic:  R1R1R1R1R1R1R1R1
> Attributes:
>        NAS-IP-Address = 10.24.1.128
>        NAS-Port-Type = Wireless-IEEE-802-11
>        NAS-Port = 10
>        Framed-MTU = 1400
>        User-Name = "tstois3"
>        Calling-Station-Id = "000cf15b5c8d"
>        Called-Station-Id = "0001f439b7d6"
>        NAS-Identifier = "RoamAbout AP"
>        EAP-Message = <2><7><0><6><21><0>
>        Message-Authenticator =  
> <205><22><215><249>W<29>y<223><223><163><238><251><162><24>>,
>
> Mon Aug  1 13:48:50 2005: DEBUG: Handling request with Handler ''
> Mon Aug  1 13:48:50 2005: DEBUG:  Deleting session for tstois3,  
> 10.24.1.128, 10
> Mon Aug  1 13:48:50 2005: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Mon Aug  1 13:48:50 2005: DEBUG: Handling with EAP: code 2, 7, 6
> Mon Aug  1 13:48:50 2005: DEBUG: Response type 21
> Mon Aug  1 13:48:50 2005: DEBUG: EAP result: 2, EAP TTLS Nothing to  
> read or write
> Mon Aug  1 13:48:50 2005: DEBUG: AuthBy LDAP2 result: IGNORE, EAP  
> TTLS Nothing to read or write
> Mon Aug  1 13:48:52 2005: DEBUG: Packet dump:
> *** Received from 10.24.1.128 port 2210 ....
>
> Packet length = 121
> 01 a6 00 79 52 31 52 31 52 31 52 31 52 31 52 31
> 52 31 52 31 04 06 0a 18 01 80 3d 06 00 00 00 13
> 05 06 00 00 00 0a 0c 06 00 00 05 78 01 09 74 73
> 74 6f 6
>
> I lost end of AEGIS error, but it ends with peap error...
>
> Michal Marciniszyn
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list