(RADIATOR) Radiator with Linksys WRT54G and EAP-MD5

Hugh Irvine hugh at open.com.au
Fri Sep 8 00:51:58 CDT 2006 

Hello David -

This appears to be a client problem, as the second access request has  
the same Identifier 0 as the first request, and this is confusing  
Radiator.

You can try setting DupInterval 0 in your Client clause - please let  
us know if this helps.


<Client ....>
	.....
	DupInterval 0
</Client>


You should probably check to see if there are any relevant updates  
for the Odyssey client and/or XP.

regards

Hugh




>>> Dear List,
>>>
>>> I am having a problem with setting up Radiator with the Linksys
>>> WRT54G to authenticate using EAP-MD5.
>>>
>>> I am not sure I have properly configured the WRT54G and/or Radiator
>>> to talk with each other.  I am using Radiator installed on a
>>> Windows 2003 Server box and Odyssey Access Client (OAC) on a Laptop
>>> with XP.  The Access-Request packets are making their way through
>>> the WRT54G to the server, but it appears that the Access-Challenge
>>> packets are not making it back to OAC.  The reason I believe this
>>> is because OAC responds to the Access-Challenge packet with another
>>> Access-Request packet.
>>>
>>> I have set up the WRT54G to do RADIUS 802.1X authentication using
>>> static WEP keys.  Maybe this is the problem?  Has anyone got the
>>> WRT54G to work using this configuration?  Is there some other step
>>> I am missing?
>>>
>>> Below is the log file to illustrate the problem described above.
>>>
>>> Thanks in advance, DaveP.
>>>
>>> Thu Sep  7 13:17:53 2006: DEBUG: Finished reading configuration
>>> file 'C:\Program Files\Radiator\radius.cfg'
>>> Thu Sep  7 13:17:53 2006: DEBUG: Reading dictionary file 'c:/
>>> Program Files/Radiator/dictionary'
>>> Thu Sep  7 13:17:53 2006: DEBUG: Creating authentication port
>>> 0.0.0.0:1812
>>> Thu Sep  7 13:17:53 2006: DEBUG: Creating accounting port  
>>> 0.0.0.0:1813
>>> Thu Sep  7 13:17:53 2006: NOTICE: Server started: Radiator 3.15 on
>>> radius
>>> Thu Sep  7 13:20:01 2006: DEBUG: Packet dump:
>>> *** Received from 192.168.1.1 port 4210 ....
>>> Code:       Access-Request
>>> Identifier: 0
>>> Authentic:  <143>0]`<169>&<252><25><211><177>X<197><191>\<190>p
>>> Attributes:
>>> 	User-Name = "mikem"
>>> 	NAS-IP-Address = 192.168.1.1
>>> 	Called-Station-Id = "0018397d4bd8"
>>> 	Calling-Station-Id = "0020e08fc5c8"
>>> 	NAS-Identifier = "0018397d4bd8"
>>> 	NAS-Port = 2
>>> 	Framed-MTU = 1400
>>> 	NAS-Port-Type = Wireless-IEEE-802-11
>>> 	EAP-Message = <2><0><0><10><1>mikem
>>> 	Message-Authenticator = o<159><228><231><176>y
>>> +*<2><251><222><178><194>y^<164>
>>>
>>> Thu Sep  7 13:20:01 2006: DEBUG: Handling request with Handler
>>> 'Realm=DEFAULT'
>>> Thu Sep  7 13:20:01 2006: DEBUG:  Deleting session for mikem,
>>> 192.168.1.1, 2
>>> Thu Sep  7 13:20:01 2006: DEBUG: Handling with Radius::AuthFILE:
>>> Thu Sep  7 13:20:01 2006: DEBUG: Handling with EAP: code 2, 0, 10
>>> Thu Sep  7 13:20:01 2006: DEBUG: Response type 1
>>> Thu Sep  7 13:20:01 2006: DEBUG: EAP result: 3, EAP MD5-Challenge
>>> Thu Sep  7 13:20:01 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>> MD5-Challenge
>>> Thu Sep  7 13:20:01 2006: DEBUG: Access challenged for mikem: EAP
>>> MD5-Challenge
>>> Thu Sep  7 13:20:01 2006: DEBUG: Packet dump:
>>> *** Sending to 192.168.1.1 port 4210 ....
>>> Code:       Access-Challenge
>>> Identifier: 0
>>> Authentic:  <143>0]`<169>&<252><25><211><177>X<197><191>\<190>p
>>> Attributes:
>>> 	EAP-Message =
>>> <1><1><0><28><4><16>U<254><243><219><135><166>z#<5>m<153><175><216>< 
>>> 24
>>> 2><220>!radius
>>> 	Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Thu Sep  7 13:20:01 2006: DEBUG: Packet dump:
>>> *** Received from 192.168.1.1 port 4212 ....
>>> Code:       Access-Request
>>> Identifier: 0
>>> Authentic:  Y1<168><149><5<200><0>-<27><215><140>\G<128><155>
>>> Attributes:
>>> 	User-Name = "mikem"
>>> 	NAS-IP-Address = 192.168.1.1
>>> 	Called-Station-Id = "0018397d4bd8"
>>> 	Calling-Station-Id = "0020e08fc5c8"
>>> 	NAS-Identifier = "0018397d4bd8"
>>> 	NAS-Port = 2
>>> 	Framed-MTU = 1400
>>> 	NAS-Port-Type = Wireless-IEEE-802-11
>>> 	EAP-Message =
>>> <2><1><0><22><4><16>o<30><3><242><203><180>K<136>c<20><237>5<133><19 
>>> 5>
>>> <234>s
>>> 	Message-Authenticator = <213>
>>> $u<164><246><252><183><238>^<228><161><182>%<16>,<189>
>>>
>>> Thu Sep  7 13:20:01 2006: INFO: Duplicate request id 0 received
>>> from 192.168.1.1(4212): ignored
>>>
>>>
>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,  
> WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia   http:// 
> www.open.com.au
> Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,  
> TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list