(RADIATOR) AutoMPPEKeys strangeness

Dominic J. Eidson deidson at seton.org
Thu May 10 13:16:04 CDT 2007


We are debugging getting PEAP to work with the Cisco WISM (wireless 
authentication), and are running into some oddities.

When authenticating the WISM to radiator using PEAP, we get 16-byte MPPE 
keys:

Thu May 10 17:40:10 2007: Packet contains 6 AVPs:

Thu May 10 17:40:10 2007:     AVP[01] Microsoft /
MPPE-Send-Key................DATA (16 bytes)

Thu May 10 17:40:10 2007:     AVP[02] Microsoft /
MPPE-Recv-Key................DATA (16 bytes)

Thu May 10 17:40:10 2007:     AVP[03]
Service-Type.............................0x00000001 (1) (4 bytes)

Thu May 10 17:40:10 2007:     AVP[04]
Class....................................CISCOACS:bc5f5fd/ac1658f9/29
(28 bytes)

Thu May 10 17:40:10 2007:     AVP[05]
EAP-Message..............................0x03070004 (50790404) (4 bytes)

Thu May 10 17:40:10 2007:     AVP[06]
Message-Authenticator....................DATA (16 bytes)


When authenticating the WISM to cisco's ACS server, we get 32-byte MPPE 
keys:

Thu May 10 17:39:00 2007: Packet contains 6 AVPs:

Thu May 10 17:39:00 2007:     AVP[01]
Service-Type.............................0x00000001 (1) (4 bytes)

Thu May 10 17:39:00 2007:     AVP[03]
EAP-Message..............................0x03db0004 (64684036) (4 bytes)

Thu May 10 17:39:00 2007:     AVP[04] Microsoft /
MPPE-Send-Key................DATA (32 bytes)

Thu May 10 17:39:00 2007:     AVP[05] Microsoft /
MPPE-Recv-Key................DATA (32 bytes)

Thu May 10 17:39:00 2007:     AVP[06]
Class....................................CISCOACS:0bf24da2/ac1658f5/29
(29 bytes)

Thu May 10 17:39:00 2007:     AVP[07]
Message-Authenticator....................DATA (16 bytes)

I guess at this point (waiting for cisco to get back with us on why auth 
doesn't work) we're wondering if the MPPE keys should be 16 or 32 bytes, 
and if radiator needs to, how do we get it to send 32byte keys?

-- 
Dominic J. Eidson
Network Engineer
Atos Origin, Inc / Seton Family of Hospitals
512-324-1000 x18711

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list