(RADIATOR) EAP TTLS
manuel.dominguez at bt.com
manuel.dominguez at bt.com
Wed May 11 11:31:47 CDT 2005
Hi, I upgraded my radiator from 3.5 to 3.12,
Im trying to put to work EAP-TTLS with Enterasys R2+Radiator 3.12 + XP
SP1
Net_SSLeay.pm-1.21, openssl 0.9.7beta3, Digest-HMAC, Digest-SHA1 are
installed and im using my own cert files.
Im getting this error:
Wed May 11 18:32:09 2005: DEBUG: Packet dump:
*** Received from 10.0.0.1 port 1025 ....
Code: Access-Request
Identifier: 0
Authentic: <254>L<0><0>'x<0><0>9d<0><0>c,<0><0>
Attributes:
Message-Authenticator =
[=<11>E<127>k<175><155><29><1><140><13>|<25>[<218>
User-Name = "TEMP/TEMPUSER"
NAS-IP-Address = 10.0.0.1
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "xx-xx-xx-xx-xx-xx"
EAP-Message = <2><1><0><20><1>TEMP/TEMPUSER
Framed-MTU = 1000
Wed May 11 18:32:09 2005: DEBUG: Handling request with Handler
'NAS-IP-Address=10.0.0.1'
Wed May 11 18:32:09 2005: DEBUG: Handling with Radius::AuthFILE: 802.1x
Wed May 11 18:32:09 2005: DEBUG: Handling with EAP: code 2, 1, 20
Wed May 11 18:32:09 2005: DEBUG: Response type 1
Wed May 11 18:32:09 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed May 11 18:32:09 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed May 11 18:32:09 2005: DEBUG: Access challenged for TEMP/TEMPUSER:
EAP TTLS Challenge
Wed May 11 18:32:09 2005: DEBUG: Packet dump:
*** Sending to 10.0.0.1 port 1025 ....
Code: Access-Challenge
Identifier: 0
Authentic: <254>L<0><0>'x<0><0>9d<0><0>c,<0><0>
Attributes:
EAP-Message = <1><2><0><6><21>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed May 11 18:32:09 2005: DEBUG: Packet dump:
*** Received from 10.0.0.1 port 1025 ....
Code: Access-Request
Identifier: 1
Authentic: /F<0><0>_8<0><0><142>-<0><0><140>0<0><0>
Attributes:
Message-Authenticator =
,<252><227><30><250><241><172>Sb<169><1><154><130><242><205><180>
User-Name = "TEMP/TEMPUSER"
State = ""
NAS-IP-Address = 10.0.0.1
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "xx-xx-xx-xx-xx-xx"
Framed-MTU = 1000
EAP-Message = <2><2><0><6><3><25>
Wed May 11 18:32:09 2005: DEBUG: Handling request with Handler
'NAS-IP-Address=10.0.0.1'
Wed May 11 18:32:09 2005: DEBUG: Handling with Radius::AuthFILE: 802.1x
Wed May 11 18:32:09 2005: DEBUG: Handling with EAP: code 2, 2, 6
Wed May 11 18:32:09 2005: DEBUG: Response type 3
Wed May 11 18:32:09 2005: INFO: EAP Nak desires type 25
Wed May 11 18:32:09 2005: DEBUG: EAP result: 1, Desired EAP type 25 not
permitted
Wed May 11 18:32:09 2005: DEBUG: AuthBy FILE result: REJECT, Desired EAP
type 25 not permitted
Wed May 11 18:32:09 2005: INFO: Access rejected for TEMP/TEMPUSER:
Desired EAP type 25 not permitted
Wed May 11 18:32:09 2005: DEBUG: Packet dump:
*** Sending to 10.0.0.1 port 1025 ....
Code: Access-Reject
Identifier: 1
Authentic: /F<0><0>_8<0><0><142>-<0><0><140>0<0><0>
Attributes:
Reply-Message = "Request Denied"
This is my config
############### AuthBy FILE ##############
<AuthBy FILE>
Identifier 802.1x
Filename /opt/Radiator-3.5/802.1x_users
EAPType TTLS
EAPTLS_CAFile /opt/Radiator-3.12/Certificates/demoCA/cacert.pem
EAPTLS_CertificateFile
/opt/Radiator-3.12/Certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile
/opt/Radiator-3.12/Certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword XXXXXXXXXXXXXXXX
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
SSLeayTrace 4
</AuthBy>
############### HANDLERS ##############
<Handler NAS-IP-Address=172.23.128.4>
SessionDatabase NULL
AuthBy 802.1x
</Handler>
Any clue about what I did wrong?
Thanks in advance.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list