(RADIATOR) EAP result 1
Hugh Irvine
hugh at open.com.au
Thu May 5 17:53:19 CDT 2005
Hello Roland -
Thanks for your mail.
As far as I can see in the debug, the two access requests are
different, containing different EAP-Message's:
first request:
EAP-Message =
<2><2><0><22><4><16>I<8><208>k<238>:y<128><220>w<218><202
<26><248><136>`
second request:
EAP-Message = <2><1><0><11><1>tecan2
the second request is processed correctly.
I think this is something to do with either your client or the access
point.
regards
Hugh
On 6 May 2005, at 01:05, Roland Zirn wrote:
> Hello
>
> I have a Notebook with WinXP and Wireless-Adapter and the Odyssey
> Client installed. I want to login to a Win2000 server over a Cisco
> AP-1231 AccessPoint. My problem is, after the Notebook started up and
> I want to login the EAP MD5-Challenge failed with EAP result 1. After
> a reconnect from the Odyssey Client, the Notebook was connected to the
> Server. Where is my is the problem?
>
> Thanks for any help!
> Roland
>
> The radius.cfg:
>
>
>
> Foreground
> LogStdout
> LogDir c:/Program Files/Radiator
> DbDir c:/Program Files/Radiator
>
> Trace 4
>
> <Client DEFAULT>
> Secret 8WXSklcAnFflsrPG
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> <AuthBy FILE>
> # %D is replaced by DbDir above
> Filename %D/users
> EAPType MD5-Challenge
> </AuthBy>
> #</Handler>
> AcctLogFileName %D/detail
> </Realm>
>
>
> The log:
>
>
> Tue May 3 15:02:13 2005: DEBUG: Packet dump:
> *** Received from 172.20.33.127 port 21733 ....
> Code: Access-Request
> Identifier: 221
> Authentic: L}<238><222><242><153><166><12><153>B<24>m<186>z_<219>
> Attributes:
> User-Name = "tecan2"
> Framed-MTU = 1400
> Called-Station-Id = "000f.24d6.c6a0"
> Calling-Station-Id = "000c.f125.7ee1"
> Service-Type = Login-User
> Message-Authenticator =
> 0<131><233><2><239><229><215><178>]E8<189>#bk<1
> 6>
> EAP-Message =
> <2><2><0><22><4><16>I<8><208>k<238>:y<128><220>w<218><202
> <26><248><136>`
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 15102
> NAS-IP-Address = 172.20.33.127
> NAS-Identifier = "Test-33-82"
>
> Tue May 3 15:02:13 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue May 3 15:02:13 2005: DEBUG: Deleting session for tecan2,
> 172.20.33.127, 1
> 102
> Tue May 3 15:02:13 2005: DEBUG: Handling with Radius::AuthFILE:
> Tue May 3 15:02:13 2005: DEBUG: Handling with EAP: code 2, 2, 22
> Tue May 3 15:02:13 2005: DEBUG: Response type 4
> Tue May 3 15:02:13 2005: DEBUG: Radius::AuthFILE looks for match with
> tecan2
> Tue May 3 15:02:13 2005: DEBUG: Radius::AuthFILE ACCEPT:
> Tue May 3 15:02:13 2005: DEBUG: EAP result: 1, EAP MD5-Challenge
> failed
> Tue May 3 15:02:13 2005: DEBUG: AuthBy FILE result: REJECT, EAP
> MD5-Challenge
> ailed
> Tue May 3 15:02:13 2005: INFO: Access rejected for tecan2: EAP
> MD5-Challenge f
> iled
> Tue May 3 15:02:13 2005: DEBUG: Packet dump:
> *** Sending to 172.20.33.127 port 21733 ....
> Code: Access-Reject
> Identifier: 221
> Authentic: L}<238><222><242><153><166><12><153>B<24>m<186>z_<219>
> Attributes:
> EAP-Message = <4><2><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0
>
> Reply-Message = "Request Denied"
>
> Tue May 3 15:02:18 2005: DEBUG: Packet dump:
> *** Received from 172.20.33.127 port 21733 ....
> Code: Access-Request
> Identifier: 222
> Authentic: C<246>x<159><141><13><223><128><25>?<241><158>7M<168><148>
> Attributes:
> User-Name = "tecan2"
> Framed-MTU = 1400
> Called-Station-Id = "000f.24d6.c6a0"
> Calling-Station-Id = "000c.f125.7ee1"
> Service-Type = Login-User
> Message-Authenticator =
> <193><203><127>7<189><197><205>dr<0>K<206>D,<13
> ><160>
> EAP-Message = <2><1><0><11><1>tecan2
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 15103
> NAS-IP-Address = 172.20.33.127
> NAS-Identifier = "Test-33-82"
>
> Tue May 3 15:02:18 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue May 3 15:02:18 2005: DEBUG: Deleting session for tecan2,
> 172.20.33.127, 1
> 103
> Tue May 3 15:02:18 2005: DEBUG: Handling with Radius::AuthFILE:
> Tue May 3 15:02:18 2005: DEBUG: Handling with EAP: code 2, 1, 11
> Tue May 3 15:02:18 2005: DEBUG: Response type 1
> Tue May 3 15:02:18 2005: DEBUG: EAP result: 3, EAP MD5-Challenge
> Tue May 3 15:02:18 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> MD5-Challen
> e
> Tue May 3 15:02:18 2005: DEBUG: Access challenged for tecan2: EAP
> MD5-Challeng
>
> Tue May 3 15:02:18 2005: DEBUG: Packet dump:
> *** Sending to 172.20.33.127 port 21733 ....
> Code: Access-Challenge
> Identifier: 222
> Authentic: C<246>x<159><141><13><223><128><25>?<241><158>7M<168><148>
> Attributes:
> EAP-Message =
> <1><2><0>"<4><16><12>9<200>Y<244><158>v<26>%)<29>z<139><2
> 5><190><175>seuchremote1
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0
>
>
> Tue May 3 15:02:19 2005: DEBUG: Packet dump:
> *** Received from 172.20.33.127 port 21733 ....
> Code: Access-Request
> Identifier: 223
> Authentic: <143><140>(<221><19>M<193><201>Zs<190>(<21><219><249>B
> Attributes:
> User-Name = "tecan2"
> Framed-MTU = 1400
> Called-Station-Id = "000f.24d6.c6a0"
> Calling-Station-Id = "000c.f125.7ee1"
> Service-Type = Login-User
> Message-Authenticator = <158><133><18>B<27>$<254><211>
> <248>s{<3><209><
> 25>3
> EAP-Message =
> <2><2><0><22><4><16><142>a<142><144>M<21><145><151>3<220>
> <131><230><158>,<162>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 15103
> NAS-IP-Address = 172.20.33.127
> NAS-Identifier = "Test-33-82"
>
> Tue May 3 15:02:19 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue May 3 15:02:19 2005: DEBUG: Deleting session for tecan2,
> 172.20.33.127, 1
> 103
> Tue May 3 15:02:19 2005: DEBUG: Handling with Radius::AuthFILE:
> Tue May 3 15:02:19 2005: DEBUG: Handling with EAP: code 2, 2, 22
> Tue May 3 15:02:19 2005: DEBUG: Response type 4
> Tue May 3 15:02:19 2005: DEBUG: Radius::AuthFILE looks for match with
> tecan2
> Tue May 3 15:02:19 2005: DEBUG: Radius::AuthFILE ACCEPT:
> Tue May 3 15:02:19 2005: DEBUG: EAP result: 0,
> Tue May 3 15:02:19 2005: DEBUG: AuthBy FILE result: ACCEPT,
> Tue May 3 15:02:19 2005: DEBUG: Access accepted for tecan2
> Tue May 3 15:02:19 2005: DEBUG: Packet dump:
> *** Sending to 172.20.33.127 port 21733 ....
> Code: Access-Accept
> Identifier: 223
> Authentic: <143><140>(<221><19>M<193><201>Zs<190>(<21><219><249>B
> Attributes:
> EAP-Message = <3><2><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0
>
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list