[RADIATOR] EAP outer handler problems

Barry Ard barry.ard at ualberta.ca
Wed Feb 24 17:18:12 CST 2010 

I have been noticing lately a situation where our eap outer handler does 
not seem to send a reply:

*** Received from 127.0.0.1 port 32946 ....
Code:       Access-Request
Identifier: 75
Authentic:  <7><141><147>/<233>G<129><255>A<15><241>L<240><138>F<204>
Attributes:
        User-Name = "host/Rock"
        Calling-Station-Id = "00-0e-35-6d-1a-9b"
        Called-Station-Id = "00-23-04-f2-f9-e0:UWS"
        NAS-Port = 29
        NAS-IP-Address = 172.20.252.18
        NAS-Identifier = "MECE-WiSM#1"
        Airespace-WLAN-Id = 2
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-IEEE-802-11
        Tunnel-Type = 0:VLAN
        Tunnel-Medium-Type = 0:802
        Tunnel-Private-Group-ID = 0:2050
        EAP-Message = <2><17><0><6><25><0>
        State = EAPBALANCE:id=1
        Message-Authenticator = 1./~<21>"M$<170>=By<30><201><137><207>

Wed Feb 24 15:51:15 2010: DEBUG: Handling request with Handler ''
Wed Feb 24 15:51:15 2010: DEBUG: Rewrote user name to Rock
Wed Feb 24 15:51:15 2010: DEBUG: Rewrote user name to Rock
Wed Feb 24 15:51:15 2010: DEBUG:  Deleting session for host/Rock, 
172.20.252.18, 29
Wed Feb 24 15:51:15 2010: DEBUG: Handling with Radius::AuthFILE:
Wed Feb 24 15:51:15 2010: DEBUG: Handling with EAP: code 2, 17, 6, 25
Wed Feb 24 15:51:15 2010: DEBUG: Response type 25
Wed Feb 24 15:51:15 2010: DEBUG: EAP result: 2, EAP PEAP Nothing to read 
or write
Wed Feb 24 15:51:15 2010: DEBUG: AuthBy FILE result: IGNORE, EAP PEAP 
Nothing to read or write

The handler is configured as:
<Handler>
    RewriteUsername     s/(.*)\/(.*)/$2/
    RewriteUsername     s/(.*)\\(.*)/$2/
    <AuthBy FILE>
        Filename                /dev/null
        EAPType                 PEAP,TTLS
        EAPTLS_CAPath           /etc/ssl/certs
        EAPTLS_CertificateType  PEM
        EAPTLS_CertificateFile  /etc/ssl/certs/%h-cert.pem
        EAPTLS_PrivateKeyFile   /etc/ssl/private/%h-key.pem
        EAPTLS_RandomFile       %D/random
        EAPTLS_MaxFragmentSize  1024
        EAPTLS_PEAPVersion      0
        EAPTTLS_NoAckRequired
        AutoMPPEKeys
    </AuthBy>
</Handler>

The architecture is a radiusd configured to proxy to multiple backend 
radiusd processes. In the proxy radiusd log I see:
Wed Feb 24 15:52:00 2010: INFO: AuthRADIUS: No reply after 3 
retransmissions to 127.0.0.1:9002 for host/Rock  (2)

Now the strange thing is I only seem to be seeing this on one of our 2 
servers that are configured identically, except ... for os version :). 
The problem box is running Debian Etch and the other box is Debian 
Lenny. I will be forklifting the old box out tomorrow though...

-- 
=================================================================
Barry Ard                                   barry.ard at ualberta.ca
Network Operations
Academic Information and Communication Technologies (AICT)
University of Alberta
Edmonton, Alberta   Canada

This communication is intended for the use of the recipient to which it
is addressed, and may contain confidential, personal, and/or privileged
information.  Please contact us immediately if you are not the intended
recipient of this communication.  If you are not the intended recipient
of this communication, do not copy, distribute, or take action on it.
Any communication received in error, or subsequent reply, should be
deleted or destroyed.

More information about the radiator mailing list