(RADIATOR) dot1x auth problems on HP switch

Alex Sharaz A.Sharaz at hull.ac.uk
Tue Apr 29 13:06:34 CDT 2008 

Hi,
Looks like you were right.

The systems that worked were using a mysql back end db
The system that didn't was using a db2 backend
When I created the db2 clientlist an extra couple of spaces sneaked in to
the secret field.
Although I've fixed it I'm also using the db2 Trim() function to strip out
any leading/spaces just in case  :-)
Alex


On 25/04/2008 22:59, "Hugh Irvine" <hugh at open.com.au> wrote:

> 
> Hello Alex -
> 
> I suspect incorrect shared secrets.
> 
> regards
> 
> Hugh
> 
> 
> On 25 Apr 2008, at 21:34, Alex Sharaz wrote:
> 
>> As an update,
>> Just pointed the switch at a Radiator-4.1 server and the Access-
>> Request shown below worked in that Radiator rejected the request
>> because we don¹t allow hostbased authentication.
>> 
>> 
>> Alex
>> 
>> 
>> On 4/25/08 11:56 AM, "Alex Sharaz" <A.Sharaz at hull.ac.uk> wrote:
>> 
>>> Chaps,
>>> We¹ve implemented wired 802.1x auth in one of our RESNET sites
>>> usin HP 3400 switches. This has been running since sept 2007
>>> without a problem.
>>> I¹m now rolling out wired dot1x in one of our PC rooms (HP 2900
>>> switch) .  Switch config wise there is no difference between the
>>> 3400 and the 2900 boxes.
>>> 
>>> The problem is that the 3400 always works and the 2900 is
>>> generating the following in the Radiator logs:-
>>> 
>>> Fri Apr 25 11:02:38 2008: DEBUG: Packet dump:
>>> *** Received from 150.237.162.254 port 2440 ....
>>> Code:       Access-Request
>>> Identifier: 18
>>> Authentic:  ]<163>!<25><130><191><185>R<245>]<240><9><232>l<132><143>
>>> Attributes:
>>>         Framed-MTU = 1466
>>>         NAS-IP-Address = 150.237.162.254
>>>         NAS-Identifier = "CC_PC2_HP2900-48"
>>>         User-Name = "ccsas at hull.ac.uk"
>>>         Service-Type = Framed-User
>>>         Framed-Protocol = PPP
>>>         NAS-Port = 30
>>>         NAS-Port-Type = Ethernet
>>>         NAS-Port-Id = "30"
>>>         Called-Station-Id = "00-1c-2e-11-4b-40"
>>>         Calling-Station-Id = "00-a0-d1-bc-29-de"
>>>         Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
>>>         Tunnel-Type = 0:VLAN
>>>         Tunnel-Medium-Type = 0:802
>>>         Tunnel-Private-Group-ID = 1620
>>>         EAP-Message = <2><11><0><21><1>ccsas at hull.ac.uk
>>>         Message-Authenticator =
>>> <244><176>q<184><226><241><240><25><246>#<143><225><199><210>M<254>
>>> 
>>> Fri Apr 25 11:02:38 2008: WARNING: Bad EAP Message-Authenticator
>>> Fri Apr 25 11:02:38 2008: WARNING: Bad authenticator in request
>>> from 150.237.162.254 (150.237.162.254)
>>> 
>>> Can¹t see anything wrong. The only difference seems to be in the
>>> Framed-MTU size
>>> 
>>> An hp 3400 box generates this:-
>>> 
>>> ri Apr 25 00:15:38 2008: DEBUG: Packet dump:
>>> *** Received from 150.237.251.198 port 1024 ....
>>> Code:       Access-Request
>>> Identifier: 114
>>> Authentic:  Z<182>&<237>.N<9>M6SU<173><177><194><220>u
>>> Attributes:
>>>         Framed-MTU = 1480
>>>         NAS-IP-Address = 150.237.251.198
>>>         NAS-Identifier = "TC2-Brantingham_HP3400"
>>>         User-Name = "339804 at hull.ac.uk"
>>>         Service-Type = Framed-User
>>>         Framed-Protocol = PPP
>>>         NAS-Port = 7
>>>         NAS-Port-Type = Ethernet
>>>         NAS-Port-Id = "7"
>>>         Called-Station-Id = "00-12-79-49-7c-c0"
>>>         Calling-Station-Id = "00-1b-24-48-65-60"
>>>         Connect-Info = "CONNECT Ethernet 10Mbps Full duplex"
>>>         Tunnel-Type = 0:VLAN
>>>         Tunnel-Medium-Type = 0:802
>>>         Tunnel-Private-Group-ID = 290
>>>         EAP-Message = <2>?<0><22><1>339804 at hull.ac.uk
>>>         Message-Authenticator =
>>> En<180><241><248>6<232><178><225><154><242><160>K,<238><204>
>>> 
>>> Anyone using radiator with HP 2900 switches?
>>> 
>>> I¹m running radiator 4.2 with patch file 1.915
>>> 
>>> Alex
>>> *********************************************************************
>>> ********************
>>> To view the terms under which this email is distributed, please go
>>> to http://www.hull.ac.uk/legal/email_disclaimer.html
>>> *********************************************************************
>>> ********************
>> **********************************************************************
>> *******************
>> To view the terms under which this email is distributed, please go
>> to http://www.hull.ac.uk/legal/email_disclaimer.html
>> **********************************************************************
>> *******************
> 
> 
> 
> NB:
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080429/88501a80/attachment.ksh>

More information about the radiator mailing list