(RADIATOR) running into snags trying to get EAP-FAST working
Jim Veneskey
jvene at cisco.com
Thu Feb 14 15:03:43 CST 2008
Ok,
I have just finished sending a bunch of logs to Mike and Hugh off the
list, I didn't want to clutter up the mailing list with all my attachments.
Previously, I was testing using a released version of ADU with our
CB21ABG card, and I have also tested using an AP attempting to
authenticate against a switchport using EAP-FAST.
I do not know how to get session logs from the client using ADU,
however, I did discuss the issue with a co-worker who is developing an
EAP-FAST supplicant for Vista.
The logs I emailed were created using that supplicant.
Unfortunately, I can not provide the supplicant, since it is not
released yet - and Cisco is leery about letting non-released software
out into the wild - it could become a support nightmare ;-)
I'd be happy to do more testing here though - and provide more logs when
requested.
Jim
Mike McCauley wrote:
> Hello Jim,
>
> You log shows that there are no module or dependency problems.
> Looks like you have your openssl correctly patched to support extensions.
> Looks like your net-ssleay is OK, too.
>
> I think the problem you are seeing is triggered by an earlier error reported
> from the client:
>
>> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST TLS data: 800300020002
>> Wed Feb 13 07:30:35 2008: ERR: EAP-FAST peer RESULT failure
>> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 2, EAP-FAST peer RESULT
>
> This appears to be your client reporting a TLV RESULT type FAILURE from the
> previous message sent to it by Radiator. Radiator is not replying to this
> result failure message (which is incorrect, and a patch has now been posted
> to fix that).
>
> The previous message (the one that resulted in this result failure) was the
> provisioning of a PAC to the client.
>
> So I think the next step is for you to look at your client logs to see what it
> is complaining about when it receives a PAC.
>
> BTW, what version of client are you using?
> Also will you please send your Radiator config file with your next report?
>
> Cheers.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list