(RADIATOR) Re: PEAP-MSCHAPv2 works, but not TTLS-MSCHAPv2
Nacho Paredes
iparedes at eurocomercial.es
Wed Mar 22 02:17:12 CST 2006
We are using Radiator 3.14 plus latest patches.
More SW & HW data:
[root at rasca]> uname -a
SunOS rasca.fq.dn 5.9 Generic_118558-02 sun4u sparc SUNW,Ultra-80
[root at rasca]> uname -X
System = SunOS
Node = rasca.fq.dn
Release = 5.9
KernelID = Generic_118558-02
Machine = sun4u
BusType = <unknown>
Serial = <unknown>
Users = <unknown>
OEM# = 0
Origin# = 1
NumCPU = 2
[root at rasca]> perl -v
This is perl, v5.6.1 built for sun4-solaris-64int (with 48 registered
patches, see perl -V for more deta
If you need more information, please tell me.
Thanks on advance
-----Mensaje original-----
De: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] En nombre
de Hugh Irvine
Enviado el: viernes, 17 de marzo de 2006 23:18
Para: Nacho Paredes
CC: radiator at open.com.au
Asunto: (RADIATOR) Re: PEAP-MSCHAPv2 works, but not TTLS-MSCHAPv2
Hello Nacho -
Can you please tell me what version of Radiator you are running?
The latest version is Radiator 3.14 (plus patches).
Can you also please tell me what hardware/software platform you are using
and what version of Perl?
regards
Hugh
On 18 Mar 2006, at 04:15, Nacho Paredes wrote:
>
> Another try:
>
> Hello,
>
> I sent this message some days ago, but seems it didn't arrive to the
> list.
> Excuse me any inconvenience.
>
> We have a Radiator system to authenticate wireless 802.1x.
> We have tested different configurations and EAP methods and everything
> worked fine, except TTLS-MSCHAPv2. We find it a bit weird because we
> have no problems with TTLS-MSCHAP or PEAP-MSCHAPv2.
>
> We don't do any rewrite of the inner User-Name. We configure the
> supplicant with exactly the same user name that is stored in the
> database (user at wifi).
> We use the User-Name anonymous for the outer User-Name. Every
> AccessPoint has defined DefaultRealm=wifi, so we can use this handler:
>
> <Handler Realm=wifi>
> RewriteUsername s/^([^@]+).*/$1/
> AuthBy OuterAuthentication
> </Handler>
>
> Since the rewrite is done over the outer User-Name, I guess it doesn't
> affect the MSCHAP-v2 process.
>
> I enclosed the Radiator configuration and log files for:
> PEAP with MSCHAPv2 (accepted)
> TTLS with MSCHAP (accepted)
> TTLS with MSCHAPv2 (rejected)
>
> The only change we make to use MSCHAP or MSCHAPv2 is modifying the
> EAPTYpe parameter.
>
> Any help will be appreciated.
>
> Regards
> <LOG-TTLS MSCHAP (accept).txt>
> <LOG-TTLS MSCHAPv2 (reject).txt>
> <radius-config.txt>
> <LOG-PEAP MSCHAPV2 (accept).txt>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), together
with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list