(RADIATOR) EAP and LDAP
Chris Hills
chills at ne-worcs.ac.uk
Tue Jun 7 02:54:25 CDT 2005
Hi
I am trying to get Radiator to authenticate EAP requests, using an LDAP
backend with one-way crypted passwords. So far I have the following in
my config:-
<Realm ne-worcs.ac.uk>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy LDAP2>
Host xxx
Host xxx
BaseDN o=NEW College,c=UK
EAPType PEAP, MSCHAP-V2
EAPTLS_CertificateType PEM
EAPTLS_CAFile /usr/share/ssl/certs/cacert.pem
EAPTLS_CertificateFile /usr/share/ssl/certs/radius.pem
EAPTLS_PrivateKeyFile /usr/share/ssl/certs/radius.pem
ServerChecksPassword
Debug 255
</AuthBy>
So far I have been unsuccessful in authenticating any clients. The log
shows the following:-
Tue Jun 7 08:46:39 2005: DEBUG: Packet dump:
*** Received from 172.18.100.14 port 2094 ....
Packet length = 138
01 c5 00 8a 25 47 44 4b 78 6f 4d 6c 34 67 2d 37
43 28 05 38 01 17 63 68 69 6c 6c 73 40 6e 65 2d
77 6f 72 63 73 2e 61 63 2e 75 6b 05 06 00 00 00
ee 3d 06 00 00 00 0f 04 06 ac 12 64 0e 06 06 00
00 00 02 0c 06 00 00 04 00 1f 13 30 30 2d 30 36
2d 35 42 2d 45 34 2d 30 45 2d 30 42 4f 1c 02 01
00 1a 01 63 68 69 6c 6c 73 40 6e 65 2d 77 6f 72
63 73 2e 61 63 2e 75 6b 50 12 ba 80 68 e7 69 9f
55 4d 29 cb d0 7b e7 2f e8 0d
Code: Access-Request
Identifier: 197
Authentic: %GDKxoMl4g-7C(<5>8
Attributes:
User-Name = "chills at ne-worcs.ac.uk"
NAS-Port = 238
NAS-Port-Type = Ethernet
NAS-IP-Address = 172.18.100.14
Service-Type = Framed-User
Framed-MTU = 1024
Calling-Station-Id = "00-06-5B-E4-0E-0B"
EAP-Message = <2><1><0><26><1>chills at ne-worcs.ac.uk
Message-Authenticator =
<186><128>h<231>i<159>UM)<203><208>{<231>/<232><13>
Tue Jun 7 08:46:39 2005: DEBUG: Handling request with Handler
'Realm=ne-worcs.ac.uk'
Tue Jun 7 08:46:39 2005: DEBUG: Rewrote user name to chills
Tue Jun 7 08:46:39 2005: DEBUG: Deleting session for
chills at ne-worcs.ac.uk, 172.18.100.14, 238
Tue Jun 7 08:46:39 2005: DEBUG: Handling with Radius::AuthLDAP2:
Tue Jun 7 08:46:39 2005: DEBUG: Handling with EAP: code 2, 1, 26
Tue Jun 7 08:46:39 2005: DEBUG: Response type 1
Tue Jun 7 08:46:40 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Jun 7 08:46:40 2005: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP
PEAP Challenge
Tue Jun 7 08:46:40 2005: DEBUG: Access challenged for chills: EAP PEAP
Challenge
Tue Jun 7 08:46:40 2005: DEBUG: Packet dump:
*** Sending to 172.18.100.14 port 2094 ....
Packet length = 46
0b c5 00 2e 7a ac a5 80 58 ae cd dd 90 80 05 36
62 98 1e 66 4f 08 01 02 00 06 19 21 50 12 6f 8b
4a de 07 35 4d 7f c9 49 41 5e cd 90 ca a0
Code: Access-Challenge
Identifier: 197
Authentic: %GDKxoMl4g-7C(<5>8
Attributes:
EAP-Message = <1><2><0><6><25>!
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Jun 7 08:46:41 2005: DEBUG: Packet dump:
*** Received from 172.18.100.14 port 2094 ....
Packet length = 138
01 c5 00 8a 25 47 44 4b 78 6f 4d 6c 34 67 2d 37
43 28 05 38 01 17 63 68 69 6c 6c 73 40 6e 65 2d
77 6f 72 63 73 2e 61 63 2e 75 6b 05 06 00 00 00
ee 3d 06 00 00 00 0f 04 06 ac 12 64 0e 06 06 00
00 00 02 0c 06 00 00 04 00 1f 13 30 30 2d 30 36
2d 35 42 2d 45 34 2d 30 45 2d 30 42 4f 1c 02 01
00 1a 01 63 68 69 6c 6c 73 40 6e 65 2d 77 6f 72
63 73 2e 61 63 2e 75 6b 50 12 ba 80 68 e7 69 9f
55 4d 29 cb d0 7b e7 2f e8 0d
Code: Access-Request
Identifier: 197
Authentic: %GDKxoMl4g-7C(<5>8
Attributes:
User-Name = "chills at ne-worcs.ac.uk"
NAS-Port = 238
NAS-Port-Type = Ethernet
NAS-IP-Address = 172.18.100.14
Service-Type = Framed-User
Framed-MTU = 1024
Calling-Station-Id = "00-06-5B-E4-0E-0B"
EAP-Message = <2><1><0><26><1>chills at ne-worcs.ac.uk
Message-Authenticator =
<186><128>h<231>i<159>UM)<203><208>{<231>/<232><13>
Please help!
--
Chris Hills
IT Services
North East Worcestershire College
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list