(RADIATOR) EAP result 1
Steve Caporossi
capoross at musc.edu
Thu May 5 19:22:08 CDT 2005
Try disabling "wireless zero configuration"; XP's built in wireless
client; it interferes with Odyssey.
Admin tools/services usually down 3 or 4 from the bottom....set to
disabled and stop the service.
Steve
Hugh Irvine wrote:
>
> Hello Roland -
>
> Thanks for your mail.
>
> As far as I can see in the debug, the two access requests are different,
> containing different EAP-Message's:
>
> first request:
>
> EAP-Message =
> <2><2><0><22><4><16>I<8><208>k<238>:y<128><220>w<218><202
> <26><248><136>`
>
> second request:
>
> EAP-Message = <2><1><0><11><1>tecan2
>
> the second request is processed correctly.
>
> I think this is something to do with either your client or the access
> point.
>
> regards
>
> Hugh
>
>
> On 6 May 2005, at 01:05, Roland Zirn wrote:
>
>> Hello
>>
>> I have a Notebook with WinXP and Wireless-Adapter and the Odyssey
>> Client installed. I want to login to a Win2000 server over a Cisco
>> AP-1231 AccessPoint. My problem is, after the Notebook started up and
>> I want to login the EAP MD5-Challenge failed with EAP result 1. After
>> a reconnect from the Odyssey Client, the Notebook was connected to the
>> Server. Where is my is the problem?
>>
>> Thanks for any help!
>> Roland
>>
>> The radius.cfg:
>>
>>
>>
>> Foreground
>> LogStdout
>> LogDir c:/Program Files/Radiator
>> DbDir c:/Program Files/Radiator
>>
>> Trace 4
>>
>> <Client DEFAULT>
>> Secret 8WXSklcAnFflsrPG
>> DupInterval 0
>> </Client>
>>
>> <Realm DEFAULT>
>> <AuthBy FILE>
>> # %D is replaced by DbDir above
>> Filename %D/users
>> EAPType MD5-Challenge
>> </AuthBy>
>> #</Handler>
>> AcctLogFileName %D/detail
>> </Realm>
>>
>>
>> The log:
>>
>>
>> Tue May 3 15:02:13 2005: DEBUG: Packet dump:
>> *** Received from 172.20.33.127 port 21733 ....
>> Code: Access-Request
>> Identifier: 221
>> Authentic: L}<238><222><242><153><166><12><153>B<24>m<186>z_<219>
>> Attributes:
>> User-Name = "tecan2"
>> Framed-MTU = 1400
>> Called-Station-Id = "000f.24d6.c6a0"
>> Calling-Station-Id = "000c.f125.7ee1"
>> Service-Type = Login-User
>> Message-Authenticator =
>> 0<131><233><2><239><229><215><178>]E8<189>#bk<1
>> 6>
>> EAP-Message =
>> <2><2><0><22><4><16>I<8><208>k<238>:y<128><220>w<218><202
>> <26><248><136>`
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 15102
>> NAS-IP-Address = 172.20.33.127
>> NAS-Identifier = "Test-33-82"
>>
>> Tue May 3 15:02:13 2005: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>> Tue May 3 15:02:13 2005: DEBUG: Deleting session for tecan2,
>> 172.20.33.127, 1
>> 102
>> Tue May 3 15:02:13 2005: DEBUG: Handling with Radius::AuthFILE:
>> Tue May 3 15:02:13 2005: DEBUG: Handling with EAP: code 2, 2, 22
>> Tue May 3 15:02:13 2005: DEBUG: Response type 4
>> Tue May 3 15:02:13 2005: DEBUG: Radius::AuthFILE looks for match with
>> tecan2
>> Tue May 3 15:02:13 2005: DEBUG: Radius::AuthFILE ACCEPT:
>> Tue May 3 15:02:13 2005: DEBUG: EAP result: 1, EAP MD5-Challenge failed
>> Tue May 3 15:02:13 2005: DEBUG: AuthBy FILE result: REJECT, EAP
>> MD5-Challenge
>> ailed
>> Tue May 3 15:02:13 2005: INFO: Access rejected for tecan2: EAP
>> MD5-Challenge f
>> iled
>> Tue May 3 15:02:13 2005: DEBUG: Packet dump:
>> *** Sending to 172.20.33.127 port 21733 ....
>> Code: Access-Reject
>> Identifier: 221
>> Authentic: L}<238><222><242><153><166><12><153>B<24>m<186>z_<219>
>> Attributes:
>> EAP-Message = <4><2><0><4>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0
>>
>> Reply-Message = "Request Denied"
>>
>> Tue May 3 15:02:18 2005: DEBUG: Packet dump:
>> *** Received from 172.20.33.127 port 21733 ....
>> Code: Access-Request
>> Identifier: 222
>> Authentic: C<246>x<159><141><13><223><128><25>?<241><158>7M<168><148>
>> Attributes:
>> User-Name = "tecan2"
>> Framed-MTU = 1400
>> Called-Station-Id = "000f.24d6.c6a0"
>> Calling-Station-Id = "000c.f125.7ee1"
>> Service-Type = Login-User
>> Message-Authenticator =
>> <193><203><127>7<189><197><205>dr<0>K<206>D,<13
>> ><160>
>> EAP-Message = <2><1><0><11><1>tecan2
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 15103
>> NAS-IP-Address = 172.20.33.127
>> NAS-Identifier = "Test-33-82"
>>
>> Tue May 3 15:02:18 2005: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>> Tue May 3 15:02:18 2005: DEBUG: Deleting session for tecan2,
>> 172.20.33.127, 1
>> 103
>> Tue May 3 15:02:18 2005: DEBUG: Handling with Radius::AuthFILE:
>> Tue May 3 15:02:18 2005: DEBUG: Handling with EAP: code 2, 1, 11
>> Tue May 3 15:02:18 2005: DEBUG: Response type 1
>> Tue May 3 15:02:18 2005: DEBUG: EAP result: 3, EAP MD5-Challenge
>> Tue May 3 15:02:18 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> MD5-Challen
>> e
>> Tue May 3 15:02:18 2005: DEBUG: Access challenged for tecan2: EAP
>> MD5-Challeng
>>
>> Tue May 3 15:02:18 2005: DEBUG: Packet dump:
>> *** Sending to 172.20.33.127 port 21733 ....
>> Code: Access-Challenge
>> Identifier: 222
>> Authentic: C<246>x<159><141><13><223><128><25>?<241><158>7M<168><148>
>> Attributes:
>> EAP-Message =
>> <1><2><0>"<4><16><12>9<200>Y<244><158>v<26>%)<29>z<139><2
>> 5><190><175>seuchremote1
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0
>>
>>
>> Tue May 3 15:02:19 2005: DEBUG: Packet dump:
>> *** Received from 172.20.33.127 port 21733 ....
>> Code: Access-Request
>> Identifier: 223
>> Authentic: <143><140>(<221><19>M<193><201>Zs<190>(<21><219><249>B
>> Attributes:
>> User-Name = "tecan2"
>> Framed-MTU = 1400
>> Called-Station-Id = "000f.24d6.c6a0"
>> Calling-Station-Id = "000c.f125.7ee1"
>> Service-Type = Login-User
>> Message-Authenticator = <158><133><18>B<27>$<254><211>
>> <248>s{<3><209><
>> 25>3
>> EAP-Message =
>> <2><2><0><22><4><16><142>a<142><144>M<21><145><151>3<220>
>> <131><230><158>,<162>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 15103
>> NAS-IP-Address = 172.20.33.127
>> NAS-Identifier = "Test-33-82"
>>
>> Tue May 3 15:02:19 2005: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>> Tue May 3 15:02:19 2005: DEBUG: Deleting session for tecan2,
>> 172.20.33.127, 1
>> 103
>> Tue May 3 15:02:19 2005: DEBUG: Handling with Radius::AuthFILE:
>> Tue May 3 15:02:19 2005: DEBUG: Handling with EAP: code 2, 2, 22
>> Tue May 3 15:02:19 2005: DEBUG: Response type 4
>> Tue May 3 15:02:19 2005: DEBUG: Radius::AuthFILE looks for match with
>> tecan2
>> Tue May 3 15:02:19 2005: DEBUG: Radius::AuthFILE ACCEPT:
>> Tue May 3 15:02:19 2005: DEBUG: EAP result: 0,
>> Tue May 3 15:02:19 2005: DEBUG: AuthBy FILE result: ACCEPT,
>> Tue May 3 15:02:19 2005: DEBUG: Access accepted for tecan2
>> Tue May 3 15:02:19 2005: DEBUG: Packet dump:
>> *** Sending to 172.20.33.127 port 21733 ....
>> Code: Access-Accept
>> Identifier: 223
>> Authentic: <143><140>(<221><19>M<193><201>Zs<190>(<21><219><249>B
>> Attributes:
>> EAP-Message = <3><2><0><4>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0
>>
>> Service-Type = Framed-User
>> Framed-Protocol = PPP
>> Framed-IP-Netmask = 255.255.255.255
>> Framed-Routing = None
>> Framed-MTU = 1500
>> Framed-Compression = Van-Jacobson-TCP-IP
>>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list