[RADIATOR] strange PEAP behavior

Andrew Clark adc at umn.edu
Fri Jul 30 10:19:01 CDT 2010 

Hi,

I'm not sure this is actually a Radiator problem, but I'm seeing strange
behavior for EAP-PEAP clients in my authentication log.  I have a Trapeze
networks wireless system which is configured to do pass-through for EAP
requests to my Radiator servers.  I have a pretty vanilla setup for EAP on
Radiator - I terminate the EAP request, convert the inner request to a
Radius-MSCHAPv2 request and then proxy it to another server.

My authlog format is configured as follows:

        # add radius server hostname, client ident, handler ident, NAS IP
address, and strip passwords
        SuccessFormat
%l:%h:%{Client:Identifier}%{OSC-Client-Identifier}:%{Handler:Identifier}:%N:%u:OK
        # add failure code here too
        FailureFormat
%l:%h:%{Client:Identifier}%{OSC-Client-Identifier}:%{Handler:Identifier}:%N:%u:FAIL(%1)

A normal authentication looks like this (I've replaced the username with
"foo"):

Tue Jul 27 12:41:36 2010:server3:WIRELESS:eap_converted:134.84.143.177:
foo:OK
Tue Jul 27 12:41:36 2010:server3:WIRELESS:eap_inner_peap:134.84.143.177:
anonymous:OK
Tue Jul 27 12:41:36 2010:server3:WIRELESS:uofm_secure:134.84.143.177:foo:OK

But then sometimes I see this (same user in this case):

Tue Jul 27 12:42:07 2010:sever3:WIRELESS:uofm_secure:134.84.143.177:foo:OK
Tue Jul 27 12:42:20 2010:server3:WIRELESS:uofm_secure:134.84.143.177:foo:OK
Tue Jul 27 12:42:32 2010:server3:WIRELESS:uofm_secure:134.84.143.177:foo:OK
Tue Jul 27 12:42:44 2010:server3:WIRELESS:uofm_secure:134.84.143.177:foo:OK
Tue Jul 27 12:42:57 2010:server3:WIRELESS:uofm_secure:134.84.143.177:foo:OK
Tue Jul 27 12:43:09 2010:server3:WIRELESS:uofm_secure:134.84.143.177:foo:OK
Tue Jul 27 12:43:21 2010:server3:WIRELESS:uofm_secure:134.84.143.177:foo:OK
Tue Jul 27 12:43:31 2010:server3:WIRELESS:uofm_secure:134.84.143.177:foo:OK

Which usually results in no connectivity and an unhappy customer.  If the
user kills their supplicant and starts over, usually it results in a normal
exchange and things are good.

Any ideas?

-- 
Andrew D. Clark
Network Operations Engineer
University of Minnesota, Networking/Telecom Services
2218 University Ave SE
Minneapolis, MN 55414-3029
Phone: 612-626-4880
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100730/59b55371/attachment-0001.html

More information about the radiator mailing list