(RADIATOR) Problem with EAP_PEAP
Ricardo Martinez
rmartinez at redvoiss.net
Wed Oct 4 15:49:22 CDT 2006
Sorry guys...
My mistake...
I was missing the Digest-MD4 perl module... now it works ok.
Anyway i would lit to ask you a couple of questions... i'm newbie with the EAP-PEAP authentication... so i'm wonder if someone can ilustrate me how this authentication works..My goal is to have EAP-PEAP Authentication, but not from a flat users file, instead i want to query my SQL database.
What i need to acomplish this?
Another question,
Ths user and password in the "client"-side, is checked against what Handler?
<Handler TunnelledByPEAP=1>
<AuthBy FILE>
Filename %D/users_eap
# This tells the PEAP client what types of inner EAP requests
# we will honour
EAPType MSCHAP-V2
</AuthBy>
</Handler>
<Handler Realm=wifi-mesh.test.net>
<AuthBy FILE>
Filename %D/users_eap
.....
So, if i want to use SQL querys with my DB, where i need to do this? in the Handler TunnelledByPEAP or the Handler Real=wifi-mesh.test.net?
Hope that someone could give me some guidelines..
Thanks!!
Ricardo Martinez.-
-----Mensaje original-----
De: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]En nombre de Ricardo Martinez
Enviado el: miércoles, 04 de octubre de 2006 15:26
Para: radiator at open.com.au
Asunto: (RADIATOR) Problem with EAP_PEAP
Hello list.
I'm getting this error for eap peap. What i'm doing wrong?
Code: Access-Request
Identifier: UNDEF
Authentic: M[t<151><238><194><7>7|N<9>{<218>-6)
Attributes:
EAP-Message = <2><6><0><5><1>test
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = 10.10.10.80
NAS-Identifier = "Strix_E1C762F0275"
NAS-Port = 1
Calling-Station-Id = "00-14-BF-FE-67-33"
Wed Oct 4 15:07:49 2006: DEBUG: Handling request with Handler 'TunnelledByPEAP=1'
Wed Oct 4 15:07:49 2006: DEBUG: Deleting session for , 10.10.10.80, 1
Wed Oct 4 15:07:49 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Oct 4 15:07:49 2006: DEBUG: Handling with EAP: code 2, 6, 5
Wed Oct 4 15:07:49 2006: DEBUG: Response type 1
Wed Oct 4 15:07:49 2006: ERR: Could not load EAP module Radius::EAP_26: Can't locate Digest/MD4.pm in @INC (@INC contains: . /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .) at Radius/MSCHAP.pm line 47.
BEGIN failed--compilation aborted at Radius/MSCHAP.pm line 47.
Compilation failed in require at Radius/EAP_26.pm line 14.
BEGIN failed--compilation aborted at Radius/EAP_26.pm line 14.
Compilation failed in require at (eval 91) line 3.
Wed Oct 4 15:07:49 2006: DEBUG: EAP result: 1, Unsupported default EAP Response/Identity 26
Wed Oct 4 15:07:49 2006: DEBUG: AuthBy FILE result: REJECT, Unsupported default EAP Response/Identity 26
Wed Oct 4 15:07:49 2006: INFO: Access rejected for anonymous: Unsupported default EAP Response/Identity 26
Wed Oct 4 15:07:49 2006: DEBUG: EAP result: 3, EAP PEAP inner authentication redespatched to a Handler
Wed Oct 4 15:07:49 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication redespatched to a Handler
Wed Oct 4 15:07:49 2006: DEBUG: Access challenged for linksys at wifi-mesh.test.net: EAP PEAP inner authentication redespatched to a Handler
I installed all the additional "modules" required to work with eap_peap
# Requires Net_SSLeay.pm-1.21 or later from CPAN.
# Requires openssl 0.9.7beta3 or later from www.openssl.org
# Requires Digest-HMAC from CPAN
# Requires Digest-SHA1 from CPAN
This is part of my configuration :
<Client 10.10.10.80>
Secret smartkey
AddToRequest NAS-IP-Address=%c
DefaultRealm wifi-mesh.tests.net
DupInterval 0
</Client>
......
<Handler TunnelledByPEAP=1>
<AuthBy FILE>
Filename %D/users_eap
# This tells the PEAP client what types of inner EAP requests
# we will honour
EAPType MSCHAP-V2
</AuthBy>
</Handler>
<Handler Realm=wifi-mesh.test.net>
<AuthBy FILE>
# The username of the outer authentication
# must be in this file to get anywhere. In this example,
# it requires an entry for 'anonymous' which is the standard username
# in the outer requests, and it also requires an entry for the
# actual user name who is trying to connect (ie the 'Login name' entered
# in the Funk Odyssey 'Edit Profile Properties' page
Filename %D/users_eap
# EAPType sets the EAP type(s) that Radiator will honour.
# Options are: MD5-Challenge, One-Time-Password
# Generic-Token, TLS, TTLS, PEAP, MSCHAP-V2
# Multiple types can be comma separated. With the default (most
# preferred) type given first
EAPType PEAP
# EAPTLS_CAFile is the name of a file of CA certificates
# in PEM format. The file can contain several CA certificates
# Radiator will first look in EAPTLS_CAFile then in
# EAPTLS_CAPath, so there usually is no need to set both
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
# EAPTLS_CertificateFile is the name of a file containing
# the servers certificate. EAPTLS_CertificateType
# specifies the type of the file. Can be PEM or ASN1
# defaults to ASN1
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
# EAPTLS_PrivateKeyFile is the name of the file containing
# the servers private key. It is sometimes in the same file
# as the server certificate (EAPTLS_CertificateFile)
# If the private key is encrypted (usually the case)
# then EAPTLS_PrivateKeyPassword is the key to descrypt it
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
# EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
# size that will be replied by Radiator. It must be small
# enough to fit in a single Radius request (ie less than 4096)
# and still leave enough space for other attributes
# Aironet APs seem to need a smaller MaxFragmentSize
# (eg 1024) than the default of 2048. Others need even smaller sizes.
EAPTLS_MaxFragmentSize 1000
# Some clients, depending on their configuration, may require you to specify
# MPPE send and receive keys. This _will_ be required if you select
# 'Keys will be generated automatically for data privacy' in the Funk Odyssey
# client Network Properties dialog.
# Automatically sets MS-MPPE-Send-Key and MS-MPPE-Recv-Key
# in the final Access-Accept
AutoMPPEKeys
# You can enable some warning messages from the Net::SSLeay
# module by setting SSLeayTrace to an integer from 1 to 4
# 1=ciphers, 2=trace, 3=dump data
SSLeayTrace 4
# You can control which version of the draft PEAP protocol to honour
# with EAPTLS_PEAPVersion. Defaults to 1. Set it to 0 for unusual clients,
# such as Funk Odyssey Client 2.22 or later.
EAPTLS_PEAPVersion 0
</AuthBy>
<AuthBy INTERNAL>
DefaultResult REJECT
</AuthBy>
</Handler>
This is the user_eap file
test User-Password = "hhh"
Hope that someone can help me
Thanks
Ricardo Martinez.-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20061004/d0334419/attachment.html>
More information about the radiator
mailing list