[RADIATOR] TTLS/MSCHAPv2 and radiator 4.4

Hugh Irvine hugh at open.com.au
Tue May 19 00:56:04 CDT 2009 

Salut Serge -

Could you please send me a copy of your configuration file?

thanks

cordialement

Hughes


On 18 May 2009, at 22:36, ANDREY Serge wrote:

> Hello,
>
>
> My configuration works on different OS and supplicant with
> PEAP and TTLS but it doesn't work with Secure W2 TTLS/MSCHAPv2 !
>
>
> 1) TTLS/MSCHAPv2 works with different supplicant but doesn't work
>   with Secure W2 version 4.1.0(48) on Windows XP.
>
>   Any experience with Secure W2 TTLS/MSCHAPv2 ?
>
>
>
> 2) When Secure W2 is configured for TTLS/MSCHAPv2, Radiator 4.4
>   doesn't reject 'bad' EAP request. Radiator 4.3.1 does !
>
>
>
>
>
> With radiator 4.3.1
> -------------------
>
> => radiator reject the 'bad' authentication request sent by Secure W2
>   with "EAP authentication is not permitted"
>
>
> DEBUG: EAP TTLS inner authentication request for anonymous
> DEBUG: Handling request with Handler 'Request-Type = Access-Request,  
> TunnelledByTTLS==1'
> DEBUG:  Deleting session for anonymous, xxxxxxxx,
> DEBUG: Handling with Radius::AuthGROUP: IASwindows
> DEBUG: Handling with EAP: code 2, 0, 12, 1
> DEBUG: Response type 1
> DEBUG: EAP result: 1, EAP authentication is not permitted.
> DEBUG: AuthBy GROUP result: REJECT, EAP authentication is not  
> permitted.
> DEBUG: Returned TTLS tunnelled Diameter Packet dump:
>
>
>
>
> With radiator 4.4
> -----------------
>
> => radiator forward the 'bad' authentication request to the IAS server
>   the IAS server drop the request (no reply) and log the following
>   error "invalid EAP request".
>
> => because radiator doesn't get an answer, then radiator mark the  
> server down !
>
>
> DEBUG: EAP TTLS inner authentication request for anonymous
> DEBUG: Handling request with Handler 'Request-Type = Access-Request,  
> TunnelledByTTLS==1'
> DEBUG:  Deleting session for anonymous, xxxxxxxxx,
> DEBUG: Handling with Radius::AuthGROUP: IASwindows
> DEBUG: Handling with Radius::AuthRADIUS
> DEBUG: AuthBy RADIUS creates new local socket xxxxx:0' for sending  
> requests
> DEBUG: Packet dump:
>
>
>
> Thanks, Best regards
> -- 
> Serge
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list