[RADIATOR] EAP authentication is not permitted- WHY?

Hugh Irvine hugh at open.com.au
Mon May 3 17:48:53 CDT 2010 

Hello Jure -

The easiest way to see what is happening is to run radiusd from the command line in a terminal session like this:

	.....

	cd c:\your\Radiator\source\directory

	perl radiusd -foreground -log_stdout -trace 4 -config_file c:\your\Radiator\configuration\file

	....

I am guessing you are missing one or more Perl modules - you will see such error messages in the output above.

You will need to install the precompiled Net-SSLeay modules from here:

	ppm install http://www.open.com.au/radiator/free-downloads/Net-SSLeay.ppd

regards

Hugh


On 3 May 2010, at 23:01, Jure Simundic wrote:

> Hello,
> 
> I am student and new in AAA and RADIUS domain.  I would appreciate if someone could advise me what to change in my configuration and users file beacues I can't  authenticate users. I am using D-Link 724GU wireless users set to authenticate users with EAP-TTTS method (WPA-EAP,WPA2). For  testing purposes I am using certificates from goodies.
> 
>  
> CONFIGURATION:
> 
> Foreground
> 
> LogStdout
> 
> LogDir                                c:/Program Files/Radiator
> 
> DbDir                                  c:/Program Files/Radiator
> 
> Trace                                  4
> 
>  
> <Client 00-17-9A-9E-95-58>
> 
>                         AuthPort 1812
> 
>                         Secret         mysecret
> 
>                         DupInterval 0
> 
> </Client>
> 
>  
> <Realm DEFAULT>
> 
>                         <AuthBy FILE>
> 
>                         Filename c:/Program Files/Radiator/users
> 
>                                                
>                         EAPType TTLS
> 
>                         EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> 
>                         EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> 
>                         EAPTLS_CertificateType PEM
> 
>                         EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem                   
> 
>                         EAPTLS_PrivateKeyPassword whatever
> 
>                         EAPTLS_MaxFragmentSize 1000
> 
>                         EAPTLS_DHFile %D/certificates/cert/dh
> 
>                         IgnoreAccounting
> 
>  
>                         </AuthBy>
> 
> </Realm>
> 
>  
> ---
> 
> LOGFILE:
> 
> Received from 161.53.64.54 port 1812 ....
> 
> Code:       Access-Request
> 
> Identifier: 1
> 
> Authentic:  <4><236><18><253><164>5<241><167><11><18>t<6><188>:<159>'
> 
> Attributes:
> 
>                         User-Name = "fred"
> 
>                         NAS-IP-Address = 161.53.64.54
> 
>                         Calling-Station-Id = "00-13-02-C8-B3-7E"
> 
>                         EAP-Message = <2><4><0><9><1>fred
> 
>                         Message-Authenticator = j~<240><231><161>o<234><150> W,<152><210>R<254><209>
> 
>  
> Mon May  3 14:11:27 2010: DEBUG: Handling request with Handler 'Realm=DEFAULT'
> 
> Mon May  3 14:11:27 2010: DEBUG:  Deleting session for fred, 161.53.64.54,
> 
> Mon May  3 14:11:27 2010: DEBUG: Handling with Radius::AuthFILE:
> 
> Mon May  3 14:11:27 2010: DEBUG: Handling with EAP: code 2, 4, 9, 1
> 
> Mon May  3 14:11:27 2010: DEBUG: Response type 1
> 
> Mon May  3 14:11:27 2010: DEBUG: EAP result: 1, EAP authentication is not permitted.
> 
> Mon May  3 14:11:27 2010: DEBUG: AuthBy FILE result: REJECT, EAP authentication is not permitted.
> 
> Mon May  3 14:11:27 2010: INFO: Access rejected for fred: EAP authentication is not permitted.
> 
> Mon May  3 14:11:27 2010: DEBUG: Packet dump:
> 
> *** Sending to 161.53.64.54 port 1812 ....
> 
> Code:       Access-Reject
> 
> Identifier: 1
> 
> Authentic:  <179><18><219><136>7<151>h<21>(<250>CG<180>gU<209>
> 
> Attributes:
> 
>                         Reply-Message = "Request Denied"
> 
> --
> 
> USERS
> 
> anonymous Encrypted-Password=nevermatch
>  
> mikem  User-Password=fred, TunnelledByTTLS
>        Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobson-TCP-IP   
> 
> 
> 
> Kind regards,
> 
> Jure Simundic
> 
> --
> 
> Faculty of Electrical Engineering and Computing, Zagreb
> 
> jure.simunidc at fer.hr
> 
> jure.simundic at gmail.com   
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list