[RADIATOR] EAPS TTLS

Gilbert T. Gutierrez, Jr. mailing-lists at phoenixinternet.net
Tue Oct 26 16:37:09 CDT 2010 

I need to setup EAPS TTLS and am having difficulties.  I have not populated 
the user details nor have I added the dictionary, but I don't think the 
system is getting beyond eaps.  Below is the setup and log.

Thank you,
Gilbert

1. Equipment: Motorola PMP-320 WiMAX
2. Instructions are provided to enable with FreeRadius2
3. Instructions: modify eap.conf with the following.
    a. private_key_password=PMP320DemoCertificate
    b. private_key_file=${certdir}/pmp320server_key.pem
    c. certificate_file=${certdir}/pmp320server_cert.pem
    d. CA_file=${cadir}/ca.pem
    e. copy_request_to_tunnel=yes
    f. use_tunnel_reply=yes
4. They provide a custom dictionary
5. The NAS/client device uses both a secret and a shortname
6. currently in my radius.cfg file I have the following...
# Test WiMAX
<Client 10.253.80.85>
        Secret testtest
        DefaultRealm motowimax
</Client>

<Realm motowimax>
        <AuthBy FILE>
                Filename %D/users
                EAPType TTLS, MSCHAP-V2
                EAPTLS_CAFile %D/certificates/pmp320certs/pmp320cacert.pem
                EAPTLS_CertificateFile 
%D/certificates/pmp320certs/pmp320server_
cert.pem
                EAPTLS_CertificateType PEM
                EAPTLS_PrivateKeyFile 
%D/certificates/pmp320certs/pmp320server_k
ey.pem
                EAPTLS_PrivateKeyPassword PMP320DemoCertificate
        </AuthBy>
</Realm>



Tue Oct 26 14:35:34 2010: DEBUG: Packet dump:
*** Received from 10.253.80.85 port 1813 ....

Packet length = 132
01 00 00 84 47 1b 5e e7 b2 d3 af 5c 01 39 a8 c7
d2 49 e6 c4 01 0a 64 65 6d 6f 63 70 65 31 04 06
00 00 00 00 20 0a 61 6d 69 74 74 65 73 74 1f 13
36 34 3a 65 64 3a 35 37 3a 32 30 3a 30 39 3a 62
30 0c 06 00 00 05 78 3d 06 00 00 00 1b 4d 16 57
69 4d 41 58 20 61 75 74 68 65 6e 74 69 63 61 74
69 6f 6e 4f 0f 02 00 00 0d 01 64 65 6d 6f 63 70
65 31 50 12 bf bf 9b 19 d6 94 d2 fa 58 c7 de e2
f9 8f 23 78
Code:       Access-Request
Identifier: 0
Authentic:  G<27>^<231><178><211><175>\<1>9<168><199><210>I<230><196>
Attributes:
        User-Name = "democpe1"
        NAS-IP-Address = 0.0.0.0
        NAS-Identifier = "amittest"
        Calling-Station-Id = "64:ed:57:20:09:b0"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-IEEE-802.16
        Connect-Info = "WiMAX authentication"
        EAP-Message = <2><0><0><13><1>democpe1
        Message-Authenticator = 
<191><191><155><25><214><148><210><250>X<199><222><226><249><143>#x

Tue Oct 26 14:35:34 2010: DEBUG: Handling request with Handler 
'Realm=motowimax'
Tue Oct 26 14:35:34 2010: DEBUG:  Deleting session for democpe1, 0.0.0.0,
Tue Oct 26 14:35:34 2010: DEBUG: Handling with Radius::AuthFILE:
Tue Oct 26 14:35:34 2010: DEBUG: Handling with EAP: code 2, 0, 13, 1
Tue Oct 26 14:35:34 2010: DEBUG: Response type 1
Tue Oct 26 14:35:34 2010: ERR: Could not load EAP module Radius::EAP_21: 
Can't locate Net/SSLeay.pm in @INC (@INC contains: . 
/usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi 
/usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 
/usr/lib/perl5/site_perl 
/usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi 
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl 
/usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 .) at 
/usr/lib/perl5/site_perl/5.8.8/Radius/TLS.pm line 15.
BEGIN failed--compilation aborted at 
/usr/lib/perl5/site_perl/5.8.8/Radius/TLS.pm line 15.
Compilation failed in require at 
/usr/lib/perl5/site_perl/5.8.8/Radius/EAP_21.pm line 18.
BEGIN failed--compilation aborted at 
/usr/lib/perl5/site_perl/5.8.8/Radius/EAP_21.pm line 18.
Compilation failed in require at (eval 44) line 3.

Tue Oct 26 14:35:34 2010: DEBUG: EAP result: 1, Unsupported default EAP 
Response/Identity TTLS
Tue Oct 26 14:35:34 2010: DEBUG: AuthBy FILE result: REJECT, Unsupported 
default EAP Response/Identity TTLS
Tue Oct 26 14:35:34 2010: INFO: Access rejected for democpe1 at motowimax: 
Unsupported default EAP Response/Identity TTLS
Tue Oct 26 14:35:34 2010: DEBUG: Packet dump:
*** Sending to 10.253.80.85 port 1813 ....

Packet length = 36
03 00 00 24 a1 07 25 f7 85 3b f0 bc 5f fd 61 7b
34 22 10 f5 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 0
Authentic:  <161><7>%<247><133>;<240><188>_<253>a{4"<16><245>
Attributes:
        Reply-Message = "Request Denied"

More information about the radiator mailing list