[RADIATOR] TTLS/MSCHAPv2 and radiator 4.4
ANDREY Serge
serge.andrey at unifr.ch
Mon May 18 07:36:32 CDT 2009
Hello,
My configuration works on different OS and supplicant with
PEAP and TTLS but it doesn't work with Secure W2 TTLS/MSCHAPv2 !
1) TTLS/MSCHAPv2 works with different supplicant but doesn't work
with Secure W2 version 4.1.0(48) on Windows XP.
Any experience with Secure W2 TTLS/MSCHAPv2 ?
2) When Secure W2 is configured for TTLS/MSCHAPv2, Radiator 4.4
doesn't reject 'bad' EAP request. Radiator 4.3.1 does !
With radiator 4.3.1
-------------------
=> radiator reject the 'bad' authentication request sent by Secure W2
with "EAP authentication is not permitted"
DEBUG: EAP TTLS inner authentication request for anonymous
DEBUG: Handling request with Handler 'Request-Type = Access-Request, TunnelledByTTLS==1'
DEBUG: Deleting session for anonymous, xxxxxxxx,
DEBUG: Handling with Radius::AuthGROUP: IASwindows
DEBUG: Handling with EAP: code 2, 0, 12, 1
DEBUG: Response type 1
DEBUG: EAP result: 1, EAP authentication is not permitted.
DEBUG: AuthBy GROUP result: REJECT, EAP authentication is not permitted.
DEBUG: Returned TTLS tunnelled Diameter Packet dump:
With radiator 4.4
-----------------
=> radiator forward the 'bad' authentication request to the IAS server
the IAS server drop the request (no reply) and log the following
error "invalid EAP request".
=> because radiator doesn't get an answer, then radiator mark the server down !
DEBUG: EAP TTLS inner authentication request for anonymous
DEBUG: Handling request with Handler 'Request-Type = Access-Request, TunnelledByTTLS==1'
DEBUG: Deleting session for anonymous, xxxxxxxxx,
DEBUG: Handling with Radius::AuthGROUP: IASwindows
DEBUG: Handling with Radius::AuthRADIUS
DEBUG: AuthBy RADIUS creates new local socket xxxxx:0' for sending requests
DEBUG: Packet dump:
Thanks, Best regards
--
Serge
More information about the radiator
mailing list