(RADIATOR) Intel Proset supplicant + TTLS problem
Nacho Paredes
iparedes at eurocomercial.es
Fri May 13 04:27:16 CDT 2005
Hi all,
I've set up Radiator to make TTLS authentication and I've tried it with the
Funk Odyssey supplicant. Everything works fine.
But when I try to test the same user and configuration with the Intel Proset
Supplicant I am having problems. Obviously it is an issue with this
supplicant behaviour or configuration, but the only piece of information I
have to try to solve this is the Radiator log.
I have compared the log made by Odyssey with the one made by Proset, and I
have found a difference. The proccess is the same in both logs, but after
some Access-Request/Access-Challenge packets, I got this in the Proset log:
Thu May 12 18:16:01 2005: DEBUG: Packet dump:
*** Received from 192.168.126.13 port 6001 ....
Code: Access-Request
Identifier: 6
Authentic: <25>E<0><0><127>Y<0><0><218>K<0><0>L<18><0><0>
Attributes:
User-Name = "anonymous"
NAS-IP-Address = 192.168.126.13
Called-Station-Id = "00-20-a6-4a-4d-d5"
Calling-Station-Id = "00-0c-f1-40-5d-ca"
NAS-Identifier = "al"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = <2><6><0><6><3><21>
Message-Authenticator =
\}<127><136><229>lDn<157><185><134><7>?2*<161>
Thu May 12 18:16:01 2005: DEBUG: Handling request with Handler 'Realm=wifi'
Thu May 12 18:16:01 2005: DEBUG: Rewrote user name to anonymous
Thu May 12 18:16:01 2005: DEBUG: Deleting session for anonymous,
192.168.126.13,
Thu May 12 18:16:01 2005: DEBUG: Handling with Radius::AuthFILE:
OuterAuthentication
Thu May 12 18:16:01 2005: DEBUG: Handling with EAP: code 2, 6, 6
Thu May 12 18:16:01 2005: DEBUG: Response type 3
Thu May 12 18:16:01 2005: INFO: EAP Nak desires type 21
Thu May 12 18:16:01 2005: DEBUG: Resuming session for
Radius::Context=HASH(0x85df6c4)
Thu May 12 18:16:01 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu May 12 18:16:01 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Thu May 12 18:16:01 2005: DEBUG: Access challenged for anonymous: EAP TTLS
Challenge
Thu May 12 18:16:01 2005: DEBUG: Packet dump:
*** Sending to 192.168.126.13 port 6001 ....
Code: Access-Challenge
Identifier: 6
Authentic: <25>E<0><0><127>Y<0><0><218>K<0><0>L<18><0><0>
Attributes:
EAP-Message = <1><7><0><6><21>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
****************************************************************************
***********************
This Request-Challenge is repeated ad infinitum.
In the successful Odyssey's log I had got:
****************************************************************************
***********************
*** Received from 192.168.126.13 port 6001 ....
Code: Access-Request
Identifier: 7
Authentic: ]&<0><0><7>G<0><0><233><27><0><0>o <0><0>
Attributes:
User-Name = "anonymous"
NAS-IP-Address = 192.168.126.13
Called-Station-Id = "00-20-a6-4a-4d-d5"
Calling-Station-Id = "00-02-2d-3a-ce-39"
NAS-Identifier = "al"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message =
<2><6><0>O<21><128><0><0><0>E<23><3><1><0>@0<147><162>&<195><188><133>'<183>
a<166>L<232>Z<227>c<28><255><171><28>`?<247><177><12>8<169><173>#<222><193><
174><143><164>2<141><162><240><196><31>+<182>\<157><192>*<228><254><159><230
><30><149><246><235>3<15><251><188>8B<188><193>[<185>
Message-Authenticator = I:<18>QjeT<131><218><9><28><173><233><178>/8
Thu May 12 15:18:30 2005: DEBUG: Handling request with Handler 'Realm=wifi'
Thu May 12 15:18:30 2005: DEBUG: Rewrote user name to anonymous
Thu May 12 15:18:30 2005: DEBUG: Deleting session for anonymous,
192.168.126.13,
Thu May 12 15:18:30 2005: DEBUG: Handling with Radius::AuthFILE:
OuterAuthentication
Thu May 12 15:18:30 2005: DEBUG: Handling with EAP: code 2, 6, 79
Thu May 12 15:18:30 2005: DEBUG: Response type 21
Thu May 12 15:18:30 2005: DEBUG: EAP TTLS data, 3, 6, 5
Thu May 12 15:18:30 2005: DEBUG: EAP TTLS inner authentication request for
poncho at wifi
Thu May 12 15:18:30 2005: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <204>5<242><221><218><178><247>3{<231><185><227><181>5<194><142>
Attributes:
User-Name = "poncho at wifi"
User-Password = "yyyyy"
****************************************************************************
*******************
And then starts the inner authentication...
So looking at the ProSet log, seems like it has cut out information of the
EAP-Message (just 6 bytes against 79 in the Odyssey message). Could this be
the problem?
Does anybody have an idea why is this happening?
Has anybody used ProSet supplicant with Radiator + TTLS?
In what direction could I research to solve this?. I'm really lost.
Any help (really any help) will be appreciated.
Thanks
PS: I attach the config file and the complete ProSet log.
--------------------------------------------------------------------
Ignacio Paredes | email: iparedes at eurocomercial.es
Eurocomercial I&C, S.A. | Tel: +34 98 5195703
Ezcurdia, 194 - Gijon (AS) | Fax: +34 98 5132596
--------------------------------------------------------------------
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: conf.txt
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050513/49ca1b8c/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.txt
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050513/49ca1b8c/attachment-0001.txt>
More information about the radiator
mailing list