(RADIATOR) Radiator with Linksys WRT54G and EAP-MD5
David Pomeroy
dpomeroy at mobile-mind.com
Fri Sep 8 12:42:46 CDT 2006
Setting "DupInterval 0" in the Client clause fixed my problem. (Thanks Hugh!)
Now, both Radiator and OAC claim the EAP-MD5 dialogue is successful, but the Linksys WRT54G is not releasing an IP address to the client machine. This may be an issue with the static WEP keys. Linksys tech support claims they do not support RADIUS for this device. Has anyone successfully configured a WRT54G with a RADIUS server? I would like to know which EAP type was used and what options were set in the router's firmware.
Since I'm convinced this is an issue with the router, I am more concerned with getting an EAP-SIM dialogue working. Using most of the default settings in eap_sim.cfg, the OAC machine is saying authentication failed. The EAP message exchange is taking place but OAC is not responding to the last Access-Challenge message in this log file. The exchange in the log file continues to loop ( 4 messages ). Any idea on why this is happening?
Thanks, DaveP.
I get the following log file. ( I XXXed out the IP addresses )
Fri Sep 8 10:53:24 2006: DEBUG: Finished reading configuration file '..\Radius-EAP-SIM\goodies\eap_sim.cfg'
Fri Sep 8 10:53:24 2006: DEBUG: Reading dictionary file './dictionary'
Fri Sep 8 10:53:25 2006: DEBUG: Creating authentication port 0.0.0.0:1812
Fri Sep 8 10:53:25 2006: DEBUG: Creating accounting port 0.0.0.0:1813
Fri Sep 8 10:53:25 2006: NOTICE: Server started: Radiator 3.15 on radius
Fri Sep 8 10:54:32 2006: DEBUG: Packet dump:
*** Received from XXX.XXX.XXX.5 port 1041 ....
Code: Access-Request
Identifier: 0
Authentic: 1<172><205><200>k<214><205><211><196><134><218><238><228><138>m<18>
Attributes:
NAS-IP-Address = XXX.XXX.XXX.5
Called-Station-Id = "0018397d4bd8"
Calling-Station-Id = "0020e08fc5c8"
NAS-Identifier = "0018397d4bd8"
NAS-Port = 2
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = <2><1><0><5><1>
Message-Authenticator = <206><208>G<194>)<242>&&<167><_|<171><13><145><223>
Fri Sep 8 10:54:32 2006: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 8 10:54:32 2006: DEBUG: Deleting session for , XXX.XXX.XXX.5, 2
Fri Sep 8 10:54:32 2006: DEBUG: Handling with Radius::AuthSIM:
Fri Sep 8 10:54:32 2006: DEBUG: Handling with EAP: code 2, 1, 5
Fri Sep 8 10:54:32 2006: DEBUG: Response type 1
Fri Sep 8 10:54:32 2006: DEBUG: EAP result: 3, EAP SIM/Start
Fri Sep 8 10:54:32 2006: DEBUG: AuthBy SIM result: CHALLNGE, EAP SIM/Start
Fri Sep 8 10:54:32 2006: DEBUG: Access challenged for : EAP SIM/Start
Fri Sep 8 10:54:32 2006: DEBUG: Packet dump:
*** Sending to XXX.XXX.XXX.5 port 1041 ....
Code: Access-Challenge
Identifier: 0
Authentic: 1<172><205><200>k<214><205><211><196><134><218><238><228><138>m<18>
Attributes:
EAP-Message = <1><2><0><20><18><10><0><0><13><1><0><0><15><2><0><4><0><0><0><1>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Sep 8 10:54:33 2006: DEBUG: Packet dump:
*** Received from XXX.XXX.XXX.5 port 1041 ....
Code: Access-Request
Identifier: 0
Authentic: <203><155><174>o<169>^<167>`<173>r<27>T<211>m<197><217>
Attributes:
NAS-IP-Address = XXX.XXX.XXX.5
Called-Station-Id = "0018397d4bd8"
Calling-Station-Id = "0020e08fc5c8"
NAS-Identifier = "0018397d4bd8"
NAS-Port = 2
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
EAP-Message = <2><2><0>4<18><10><0><0><14><5><0><16>1274040299002308<7><5><0><0><247><253>q<20><152><8>e<217>c"<207><22><30><134><217><178><16><1><0><1>
Message-Authenticator = <226><224>9<166>}<233><173><192><142><141><250><185>W<22><237><19>
Fri Sep 8 10:54:33 2006: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 8 10:54:33 2006: DEBUG: Deleting session for , XXX.XXX.XXX.5, 2
Fri Sep 8 10:54:33 2006: DEBUG: Handling with Radius::AuthSIM:
Fri Sep 8 10:54:33 2006: DEBUG: Handling with EAP: code 2, 2, 52
Fri Sep 8 10:54:33 2006: DEBUG: Response type 18
Fri Sep 8 10:54:33 2006: DEBUG: EAP result: 3, EAP SIM/Challenge
Fri Sep 8 10:54:33 2006: DEBUG: AuthBy SIM result: CHALLENGE, EAP SIM/Challenge
Fri Sep 8 10:54:33 2006: DEBUG: Access challenged for : EAP SIM/Challenge
Fri Sep 8 10:54:33 2006: DEBUG: Packet dump:
*** Sending to XXX.XXX.XXX.5 port 1041 ....
Code: Access-Challenge
Identifier: 0
Authentic: <203><155><174>o<169>^<167>`<173>r<27>T<211>m<197><217>
Attributes:
EAP-Message = <1><3><0>x<18><11><0><0><1><9><0><0><170><170><170><170><170><170><170><170><170><170><170><170><170><170><170><170><187><187><187><187><187><187><187><187><187><187><187><187><187><187><187><187><129><5><0><0><19><9>Z<2>/<225><174>t<154>86<19>g<217>'<18><130><9><0><0><148><173>+<186><11><20><213><134>s<223>w"'<244>-<142>D<227><184>g<170>R<148><238><9>n<151><229>}h<141><129><11><5><0><0>v<30>Rt"\P<188><251><241>j<152>e<183>Kj
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Friday, September 08, 2006 1:52 AM
To: David Pomeroy
Cc: Radiator Tech Support
Subject: Re: (RADIATOR) Radiator with Linksys WRT54G and EAP-MD5
Hello David -
This appears to be a client problem, as the second access request has
the same Identifier 0 as the first request, and this is confusing
Radiator.
You can try setting DupInterval 0 in your Client clause - please let
us know if this helps.
<Client ....>
.....
DupInterval 0
</Client>
You should probably check to see if there are any relevant updates
for the Odyssey client and/or XP.
regards
Hugh
>>> Dear List,
>>>
>>> I am having a problem with setting up Radiator with the Linksys
>>> WRT54G to authenticate using EAP-MD5.
>>>
>>> I am not sure I have properly configured the WRT54G and/or Radiator
>>> to talk with each other. I am using Radiator installed on a
>>> Windows 2003 Server box and Odyssey Access Client (OAC) on a Laptop
>>> with XP. The Access-Request packets are making their way through
>>> the WRT54G to the server, but it appears that the Access-Challenge
>>> packets are not making it back to OAC. The reason I believe this
>>> is because OAC responds to the Access-Challenge packet with another
>>> Access-Request packet.
>>>
>>> I have set up the WRT54G to do RADIUS 802.1X authentication using
>>> static WEP keys. Maybe this is the problem? Has anyone got the
>>> WRT54G to work using this configuration? Is there some other step
>>> I am missing?
>>>
>>> Below is the log file to illustrate the problem described above.
>>>
>>> Thanks in advance, DaveP.
>>>
>>> Thu Sep 7 13:17:53 2006: DEBUG: Finished reading configuration
>>> file 'C:\Program Files\Radiator\radius.cfg'
>>> Thu Sep 7 13:17:53 2006: DEBUG: Reading dictionary file 'c:/
>>> Program Files/Radiator/dictionary'
>>> Thu Sep 7 13:17:53 2006: DEBUG: Creating authentication port
>>> 0.0.0.0:1812
>>> Thu Sep 7 13:17:53 2006: DEBUG: Creating accounting port
>>> 0.0.0.0:1813
>>> Thu Sep 7 13:17:53 2006: NOTICE: Server started: Radiator 3.15 on
>>> radius
>>> Thu Sep 7 13:20:01 2006: DEBUG: Packet dump:
>>> *** Received from 192.168.1.1 port 4210 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic: <143>0]`<169>&<252><25><211><177>X<197><191>\<190>p
>>> Attributes:
>>> User-Name = "mikem"
>>> NAS-IP-Address = 192.168.1.1
>>> Called-Station-Id = "0018397d4bd8"
>>> Calling-Station-Id = "0020e08fc5c8"
>>> NAS-Identifier = "0018397d4bd8"
>>> NAS-Port = 2
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><0><0><10><1>mikem
>>> Message-Authenticator = o<159><228><231><176>y
>>> +*<2><251><222><178><194>y^<164>
>>>
>>> Thu Sep 7 13:20:01 2006: DEBUG: Handling request with Handler
>>> 'Realm=DEFAULT'
>>> Thu Sep 7 13:20:01 2006: DEBUG: Deleting session for mikem,
>>> 192.168.1.1, 2
>>> Thu Sep 7 13:20:01 2006: DEBUG: Handling with Radius::AuthFILE:
>>> Thu Sep 7 13:20:01 2006: DEBUG: Handling with EAP: code 2, 0, 10
>>> Thu Sep 7 13:20:01 2006: DEBUG: Response type 1
>>> Thu Sep 7 13:20:01 2006: DEBUG: EAP result: 3, EAP MD5-Challenge
>>> Thu Sep 7 13:20:01 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>> MD5-Challenge
>>> Thu Sep 7 13:20:01 2006: DEBUG: Access challenged for mikem: EAP
>>> MD5-Challenge
>>> Thu Sep 7 13:20:01 2006: DEBUG: Packet dump:
>>> *** Sending to 192.168.1.1 port 4210 ....
>>> Code: Access-Challenge
>>> Identifier: 0
>>> Authentic: <143>0]`<169>&<252><25><211><177>X<197><191>\<190>p
>>> Attributes:
>>> EAP-Message =
>>> <1><1><0><28><4><16>U<254><243><219><135><166>z#<5>m<153><175><216><
>>> 24
>>> 2><220>!radius
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Thu Sep 7 13:20:01 2006: DEBUG: Packet dump:
>>> *** Received from 192.168.1.1 port 4212 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic: Y1<168><149><5<200><0>-<27><215><140>\G<128><155>
>>> Attributes:
>>> User-Name = "mikem"
>>> NAS-IP-Address = 192.168.1.1
>>> Called-Station-Id = "0018397d4bd8"
>>> Calling-Station-Id = "0020e08fc5c8"
>>> NAS-Identifier = "0018397d4bd8"
>>> NAS-Port = 2
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message =
>>> <2><1><0><22><4><16>o<30><3><242><203><180>K<136>c<20><237>5<133><19
>>> 5>
>>> <234>s
>>> Message-Authenticator = <213>
>>> $u<164><246><252><183><238>^<228><161><182>%<16>,<189>
>>>
>>> Thu Sep 7 13:20:01 2006: INFO: Duplicate request id 0 received
>>> from 192.168.1.1(4212): ignored
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list