(RADIATOR) 3com 5500-SI + Radiator + AuthByLDAP2 + Redhat Directory Server 7.1 + WinXp Supplicant. EAP-MD5 challenge failed

firdauz mokhtar firdauzm at gmail.com
Sun Apr 1 12:43:12 CDT 2007 

To whom it may concern,

Hello sir.

I am having trouble to authenticate based on user base in Redhat Directory
server (which is similar to LDAP).

Below is the output while running Radiator in trace 4.





 *** Received from 192.168.1.100 port 5001 ....

Code:       Access-Request

Identifier: 157

Authentic:  <149><21><0><0><140>0<0><0><21>d<0><0><223>8<0><0>

Attributes:

            User-Name = "chris"

            EAP-Message = <2><1><0><10><1>chris

            Message-Authenticator =
d<21><18><149><13><5>}<180>5<18><207><175><133><243><210><161>

            NAS-IP-Address = 192.168.1.100

            NAS-Identifier = "0012a9904642"

            NAS-Port = 268533761

            NAS-Port-Type = Ethernet

            Service-Type = Framed-User

            Framed-Protocol = PPP

            Calling-Station-Id = "0040-f47e-533f"



Thu Mar 22 23:14:17 2007: DEBUG: Handling request with Handler
'Realm=DEFAULT'

Thu Mar 22 23:14:17 2007: DEBUG:  Deleting session for chris, 192.168.1.100,
268533761

Thu Mar 22 23:14:17 2007: DEBUG: Handling with Radius::AuthLDAP2:

Thu Mar 22 23:14:17 2007: DEBUG: Handling with EAP: code 2, 1, 10

Thu Mar 22 23:14:17 2007: DEBUG: Response type 1

Thu Mar 22 23:14:17 2007: DEBUG: EAP result: 3, EAP MD5-Challenge

Thu Mar 22 23:14:17 2007: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP
MD5-Challenge

Thu Mar 22 23:14:17 2007: DEBUG: Access challenged for chris: EAP
MD5-Challenge

Thu Mar 22 23:14:17 2007: DEBUG: Packet dump:

*** Sending to 192.168.1.100 port 5001 ....

Code:       Access-Challenge

Identifier: 157

Authentic:  <149><21><0><0><140>0<0><0><21>d<0><0><223>8<0><0>

Attributes:

            EAP-Message =
<1><2><0>.<4><16><147>W="Fd<150><203><163><242><136><133><169><167>(<147>
moddirecktori.mod.gov.my

            Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>



Thu Mar 22 23:14:18 2007: DEBUG: Packet dump:

*** Received from 192.168.1.100 port 5001 ....

Code:       Access-Request

Identifier: 158

Authentic:  <216>-<0><0><169>x<0><0><13><9><0><0>5<17><0><0>

Attributes:

            User-Name = "chris"

            EAP-Message =
<2><2><0><27><4><16>L<4>'<142><197><193>_m<150>6<184>S<28><162>Vmchris

            Message-Authenticator =
<134>`<201><25>(^<227><219>9<203>,<150><31><0>L5

            NAS-IP-Address = 192.168.1.100

            NAS-Identifier = "0012a9904642"

            NAS-Port = 268533761

            NAS-Port-Type = Ethernet

            Service-Type = Framed-User

            Framed-Protocol = PPP

            Calling-Station-Id = "0040-f47e-533f"



Thu Mar 22 23:14:18 2007: DEBUG: Handling request with Handler
'Realm=DEFAULT'

Thu Mar 22 23:14:18 2007: DEBUG:  Deleting session for chris, 192.168.1.100,
268533761

Thu Mar 22 23:14:18 2007: DEBUG: Handling with Radius::AuthLDAP2:

Thu Mar 22 23:14:18 2007: DEBUG: Handling with EAP: code 2, 2, 27

Thu Mar 22 23:14:18 2007: DEBUG: Response type 4

Thu Mar 22 23:14:18 2007: DEBUG: LDAP got result for
uid=chris,cn=IP,cn=IP,ou=group,dc=mod,dc=gov,dc=my

Thu Mar 22 23:14:18 2007: DEBUG: Radius::AuthLDAP2 looks for match with
chris [chris]

Thu Mar 22 23:14:18 2007: DEBUG: Radius::AuthLDAP2 ACCEPT: : chris [chris]

Thu Mar 22 23:14:18 2007: DEBUG: EAP result: 1, EAP MD5-Challenge failed

Thu Mar 22 23:14:18 2007: DEBUG: AuthBy LDAP2 result: REJECT, EAP
MD5-Challenge failed

Thu Mar 22 23:14:18 2007: INFO: Access rejected for chris: EAP MD5-Challenge
failed

Thu Mar 22 23:14:18 2007: DEBUG: Packet dump:

*** Sending to 192.168.1.100 port 5001 ....

Code:       Access-Reject

Identifier: 158

Authentic:  <216>-<0><0><169>x<0><0><13><9><0><0>5<17><0><0>

Attributes:

            EAP-Message = <4><2><0><4>

            Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

            Reply-Message = "Request Denied"





 And here is my radius.cfg:-

##########################

LogDir          /var/log/radiator

DbDir           /etc/radiator

Trace           4

AuthPort 1812

AcctPort 1813

<Client 192.168.1.100>

        Secret  test123

        DupInterval 0

</Client>



<Realm DEFAULT>


        <AuthBy LDAP2>

                Host    moddirecktori.mod.gov.my

                Port    389

                BaseDN  ou=group,dc=mod,dc=gov,dc=my

                UsernameAttr    uid

                PasswordAttr   userPassword

                CheckAttr       checkitems

                ReplyAttr       replyitems

                HoldServerConnection

                ServerChecksPassword

                Timeout 4

                EAPType MD5-Challenge

        </AuthBy>



<Realm DEFAULT>

#############################



I've no idea why its failed. The 3com switch has been set o use the similar
key(secret) as well which was "test123"


Please advice.

I really appreciate your help.

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070402/8343a47a/attachment.html>

More information about the radiator mailing list