(RADIATOR) Intel Proset 9.0 weirdness with EAP-TTLS

Jeff Wolfe wolfe at ems.psu.edu
Tue Jan 25 12:38:19 CST 2005 

Jeff Wolfe wrote:
> 
> Has anyone seen problems with users using the new 9.0 version of Intel's 
> Proset wireless drivers and centrino cards? I have a laptop here with 
> the 2200BG chipset and the 9.0 drivers and for reasons I can't explain, 
> it's adding a leading "\" to the User-Name inside the TTLS tunnel:
> 
> Code:       Access-Request
> Identifier: 120
> Authentic:
> Attributes:
>         User-Name = "\jtw106"
>         Framed-MTU = 1400
>         Called-Station-Id = "00-0F-23-94-44-7E"
>         Calling-Station-Id = "00-0E-35-1E-3D-8A"
>         cisco-avpair = "ssid=ems-wpa"
>         Service-Type = Login-User
>         Message-Authenticator =
>      EAP-Message =
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Cisco-NAS-Port = "601"
>         NAS-Port = 601
>         NAS-IP-Address = 172.16.4.5
>         NAS-Identifier = "rscap-3"
> 
> 
> Actually, it stinks of some sort of Windows Domain logins and Bad 
> Code(tm)..
> 
> anyway,
> 
> What's the best way to sanitize the user-name before processing it?

After testing this some more, I've found that 9.0 will properly go 
through the TTLS authentication process the first time, but on 
subsequent attempts, this shows up in the radiator logs:


Tue Jan 25 11:23:57 2005: DEBUG: Handling request with Handler 
'Client-Identifier=wpa'
Tue Jan 25 11:23:57 2005: DEBUG: Rewrote user name to jtw106
Tue Jan 25 11:23:57 2005: DEBUG:  Deleting session for \jtw106, 
172.16.4.5, 610
Tue Jan 25 11:23:57 2005: DEBUG: do query is: 'delete from RADONLINE 
where NASIDENTIFIER='172.16.4.5' and NASPORT=0610':
 

Tue Jan 25 11:23:57 2005: DEBUG: Handling with Radius::AuthSQL
Tue Jan 25 11:23:57 2005: DEBUG: Handling with Radius::AuthFILE:
Tue Jan 25 11:23:57 2005: DEBUG: Handling with EAP: code 2, 5, 17
Tue Jan 25 11:23:57 2005: DEBUG: Response type 21
Tue Jan 25 11:23:57 2005: DEBUG: EAP TLS SSL_accept result: 0, 1, 8576
Tue Jan 25 11:23:57 2005: DEBUG: EAP result: 1, EAP TLS Handshake 
unsuccessful:  380: 1 - error:14094418:SSL 
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
 

Tue Jan 25 11:23:57 2005: INFO: Access rejected for jtw106: EAP TLS 
Handshake unsuccessful:  380: 1 - error:14094418:SSL 
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
 



Any ideas? I presume this is a broken supplicant. Oh well..

-JEff

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list