(RADIATOR) running into snags trying to get EAP-FAST working

Jim Veneskey jvene at cisco.com
Thu Feb 14 15:03:43 CST 2008


Ok,
I have just finished sending a bunch of logs to Mike and Hugh off the 
list, I didn't want to clutter up the mailing list with all my attachments.

Previously, I was testing using a released version of ADU with our 
CB21ABG card, and I have also tested using an AP attempting to 
authenticate against a switchport using EAP-FAST.

I do not know how to get session logs from the client using ADU, 
however, I did discuss the issue with a co-worker who is developing an 
EAP-FAST supplicant for Vista.

The logs I emailed were created using that supplicant.
Unfortunately, I can not provide the supplicant, since it is not 
released yet - and Cisco is leery about letting non-released software 
out into the wild - it could become a support nightmare ;-)

I'd be happy to do more testing here though - and provide more logs when 
requested.

Jim


Mike McCauley wrote:
> Hello Jim,
> 
> You log shows that there are no module or dependency problems.
> Looks like you have your openssl correctly patched to support extensions.
> Looks like your net-ssleay is OK, too.
> 
> I think the problem you are seeing is triggered by an earlier error reported 
> from the client:
> 
>> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST TLS data: 800300020002
>> Wed Feb 13 07:30:35 2008: ERR: EAP-FAST peer RESULT failure
>> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 2, EAP-FAST peer RESULT
> 
> This appears to be your client reporting a TLV RESULT type FAILURE from the 
> previous message sent to it by Radiator. Radiator is not replying to this 
> result failure message (which is incorrect, and a patch has now been posted 
> to fix that).
> 
> The previous message (the one that resulted in this result failure) was the 
> provisioning of a PAC to the client.
> 
> So I think the next step is for you to look at your client logs to see what it 
> is complaining about when it receives a PAC.
> 
> BTW, what version of client are you using?
> Also will you please send your Radiator config file with your next report?
> 
> Cheers.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list