[RADIATOR] EAP authentication is not permitted- WHY?

Jure Simundic jure.simundic at gmail.com
Mon May 3 08:01:21 CDT 2010 

Hello,

I am student and new in AAA and RADIUS domain.  I would appreciate if
someone could advise me what to change in my configuration and users file
beacues I can't  authenticate users. I am using D-Link 724GU wireless users
set to authenticate users with EAP-TTTS method (WPA-EAP,WPA2). For  testing
purposes I am using certificates from goodies.



CONFIGURATION:

Foreground

LogStdout

LogDir                                c:/Program Files/Radiator

DbDir                                  c:/Program Files/Radiator

Trace                                  4



<Client 00-17-9A-9E-95-58>

                        AuthPort 1812

                        Secret         mysecret

                        DupInterval 0

</Client>



<Realm DEFAULT>

                        <AuthBy FILE>

                        Filename c:/Program Files/Radiator/users



                        EAPType TTLS

                        EAPTLS_CAFile %D/certificates/demoCA/cacert.pem

                        EAPTLS_CertificateFile %D/certificates/cert-srv.pem

                        EAPTLS_CertificateType PEM

                        EAPTLS_PrivateKeyFile
%D/certificates/cert-srv.pem


                        EAPTLS_PrivateKeyPassword whatever

                        EAPTLS_MaxFragmentSize 1000

                        EAPTLS_DHFile %D/certificates/cert/dh

                        IgnoreAccounting



                        </AuthBy>

</Realm>



---

LOGFILE:

Received from 161.53.64.54 port 1812 ....

Code:       Access-Request

Identifier: 1

Authentic:  <4><236><18><253><164>5<241><167><11><18>t<6><188>:<159>'

Attributes:

                        User-Name = "fred"

                        NAS-IP-Address = 161.53.64.54

                        Calling-Station-Id = "00-13-02-C8-B3-7E"

                        EAP-Message = <2><4><0><9><1>fred

                        Message-Authenticator = j~<240><231><161>o<234><150>
W,<152><210>R<254><209>



Mon May  3 14:11:27 2010: DEBUG: Handling request with Handler
'Realm=DEFAULT'

Mon May  3 14:11:27 2010: DEBUG:  Deleting session for fred, 161.53.64.54,

Mon May  3 14:11:27 2010: DEBUG: Handling with Radius::AuthFILE:

Mon May  3 14:11:27 2010: DEBUG: Handling with EAP: code 2, 4, 9, 1

Mon May  3 14:11:27 2010: DEBUG: Response type 1

Mon May  3 14:11:27 2010: DEBUG: EAP result: 1, EAP authentication is not
permitted.

Mon May  3 14:11:27 2010: DEBUG: AuthBy FILE result: REJECT, EAP
authentication is not permitted.

Mon May  3 14:11:27 2010: INFO: Access rejected for fred: EAP authentication
is not permitted.

Mon May  3 14:11:27 2010: DEBUG: Packet dump:

*** Sending to 161.53.64.54 port 1812 ....

Code:       Access-Reject

Identifier: 1

Authentic:  <179><18><219><136>7<151>h<21>(<250>CG<180>gU<209>

Attributes:

                        Reply-Message = "Request Denied"

--

USERS

anonymous Encrypted-Password=nevermatch



mikem  User-Password=fred, TunnelledByTTLS

       Service-Type = Framed-User,

        Framed-Protocol = PPP,

        Framed-IP-Netmask = 255.255.255.255,

        Framed-Routing = None,

        Framed-MTU = 1500,

        Framed-Compression = Van-Jacobson-TCP-IP


Kind regards,

Jure Simundic

--

Faculty of Electrical Engineering and Computing, Zagreb

jure.simunidc at fer.hr

jure.simundic at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100503/8619d007/attachment.html

More information about the radiator mailing list