(RADIATOR) Help with 802.1x authentication
Hugh Irvine
hugh at open.com.au
Mon May 9 18:15:55 CDT 2005
Hello Manuel -
I suspect there were additional error messages earlier in the debug -
probably due to a missing module or incorrect configuration.
Its also possible that the example certificates in Radiator 3.5 have
expired.
In any case, you should be using the latest version which is Radiator
3.12 (plus patches).
regards
Hugh
On 10 May 2005, at 00:03, <manuel.dominguez at bt.com> wrote:
> Hi,
>
> Im trying to deploy a wireless LAN using 802.1x authetication, with
> Enterasys AP R2, Radiator 3.5 and Windows XP SP1 Clients.
>
> The problem I found seens is the radiator config or relate to EAP.pm
> packages.
>
> Net_SSLeay.pm-1.21, openssl 0.9.7beta3, Digest-HMAC, Digest-SHA1 are
> installed.
>
> This is my config
>
> <AuthBy FILE>
> Identifier 802.1x
> Filename /opt/Radiator-3.5/802.1x_users
> EAPType PEAP, TTLS, TLS
> EAPTLS_CAFile /opt/Radiator-3.5/Certificates/demoCA/cacert.pem
> EAPTLS_CertificateFile
> /opt/Radiator-3.5/Certificates/cert-srv.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile
> /opt/Radiator-3.5/Certificates/cert-srv.pem
> EAPTLS_PrivateKeyPassword xxxxxxxxxxxxx
> EAPTLS_MaxFragmentSize 1010
> AutoMPPEKeys
> SSLeayTrace 4
> </AuthBy>
>
> <Handler NAS-IP-Address=10.0.0.1>
> SessionDatabase NULL
> AuthBy 802.1x
> </Handler>
>
> Fri Apr 29 13:41:04 2005: DEBUG: Packet dump:
> *** Received from 10.0.0.1 port 1029 ....
> Code: Access-Request
> Identifier: 4
> Authentic: 3F<0><0><191>g<0><0>B<11><0><0><229>F<0><0>
> Attributes:
> Message-Authenticator =
> P<215><234>!<3><221>A<158>p<159>}<246>r+<205><244>
> User-Name = "TEMP\testuser"
> NAS-IP-Address = 10.0.0.1
> NAS-Port = 2
> NAS-Port-Type = 19
> Calling-Station-Id = "xx-xx-xx-xx-xx-xx"
> EAP-Message = <2><2><0><20><1>TEMP\testuser
> Framed-MTU = 1000
>
> Fri Apr 29 13:41:04 2005: DEBUG: Handling request with Handler
> 'NAS-IP-Address=10.0.0.1'
> Fri Apr 29 13:41:04 2005: DEBUG: Handling with Radius::AuthFILE: 802.1x
> Fri Apr 29 13:41:04 2005: DEBUG: Handling with EAP: code 2, 2, 20
> Fri Apr 29 13:41:04 2005: DEBUG: Response type 1
> Fri Apr 29 13:41:04 2005: ERR: Could not handle an EAP request: Can't
> locate object method "response_identity" via package "Radius::EAP_25"
> at
> Radius/EAP.pm line 133.
> Fri Apr 29 13:41:04 2005: INFO: Access rejected for TEMP\testuser:
> Could
> not handle an EAP request
> Fri Apr 29 13:41:04 2005: DEBUG: Packet dump:
> *** Sending to 10.0.0.1 port 1029 ....
> Code: Access-Reject
> Identifier: 4
> Authentic: 3F<0><0><191>g<0><0>B<11><0><0><229>F<0><0>
> Attributes:
> Reply-Message = "Request Denied"
>
> Any help will be apreciated.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list