(RADIATOR) AutoMPPEKeys strangeness

Hugh Irvine hugh at open.com.au
Fri May 11 02:02:06 CDT 2007


Hello Dominic -

Could you please send us a copy of your configuration file and a  
trace 5 (FIVE) debug showing what is happening?

Also include the Radiator version, Perl version and hardware/software  
platform in use.

many thanks

regards

Hugh


On 11 May 2007, at 04:16, Dominic J. Eidson wrote:

> We are debugging getting PEAP to work with the Cisco WISM (wireless  
> authentication), and are running into some oddities.
>
> When authenticating the WISM to radiator using PEAP, we get 16-byte  
> MPPE keys:
>
> Thu May 10 17:40:10 2007: Packet contains 6 AVPs:
>
> Thu May 10 17:40:10 2007:     AVP[01] Microsoft /
> MPPE-Send-Key................DATA (16 bytes)
>
> Thu May 10 17:40:10 2007:     AVP[02] Microsoft /
> MPPE-Recv-Key................DATA (16 bytes)
>
> Thu May 10 17:40:10 2007:     AVP[03]
> Service-Type.............................0x00000001 (1) (4 bytes)
>
> Thu May 10 17:40:10 2007:     AVP[04]
> Class....................................CISCOACS:bc5f5fd/ac1658f9/29
> (28 bytes)
>
> Thu May 10 17:40:10 2007:     AVP[05]
> EAP-Message..............................0x03070004 (50790404) (4  
> bytes)
>
> Thu May 10 17:40:10 2007:     AVP[06]
> Message-Authenticator....................DATA (16 bytes)
>
>
> When authenticating the WISM to cisco's ACS server, we get 32-byte  
> MPPE keys:
>
> Thu May 10 17:39:00 2007: Packet contains 6 AVPs:
>
> Thu May 10 17:39:00 2007:     AVP[01]
> Service-Type.............................0x00000001 (1) (4 bytes)
>
> Thu May 10 17:39:00 2007:     AVP[03]
> EAP-Message..............................0x03db0004 (64684036) (4  
> bytes)
>
> Thu May 10 17:39:00 2007:     AVP[04] Microsoft /
> MPPE-Send-Key................DATA (32 bytes)
>
> Thu May 10 17:39:00 2007:     AVP[05] Microsoft /
> MPPE-Recv-Key................DATA (32 bytes)
>
> Thu May 10 17:39:00 2007:     AVP[06]
> Class....................................CISCOACS:0bf24da2/ac1658f5/29
> (29 bytes)
>
> Thu May 10 17:39:00 2007:     AVP[07]
> Message-Authenticator....................DATA (16 bytes)
>
> I guess at this point (waiting for cisco to get back with us on why  
> auth doesn't work) we're wondering if the MPPE keys should be 16 or  
> 32 bytes, and if radiator needs to, how do we get it to send 32byte  
> keys?
>
> -- 
> Dominic J. Eidson
> Network Engineer
> Atos Origin, Inc / Seton Family of Hospitals
> 512-324-1000 x18711
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list