[RADIATOR] Problems with Cisco Leap - Radiator
Aman Arneja
arneja.aman at gmail.com
Thu Apr 21 05:07:33 CDT 2011
HI Team
On trying Cisco Leap with Radiator, I get an EAP-Success Packet from the
server which contains its challenge, this challenge seems incorrect and the
client ignores it thus failing the authentication. It seems to work fine
with a custom method based on NPS where the challenge sent by server is
accepted. The log file and config files are as follows . Can some1 pls help
with this? I am also facing the same problem when i tra an Authby LSA
Config :
Foreground
LogStdout
#LogDir %D
LogFile %D\log_eapttls
DbDir C:\Program Files\Radiator
DictionaryFile %D\Dictionary
AuthPort 1812,1645
AcctPort 1813,1646
# User a lower trace level in production systems:
Trace 4
<Client 192.168.10.3>
Secret secret
DupInterval 0
</Client>
<Client 192.168.10.2>
Secret secret
DupInterval 0
</Client>
<Client 192.168.10.11>
Secret secret
DupInterval 0
</Client>
<Client DEFAULT>
Secret secret
DupInterval 0
</Client>
<Handler>
<AuthBy FILE>
# This says to handle all EAP requests with LEAP
EAPType LEAP
# Authenticate from the users file.
# Caution: only plaintext passwords are supported
Filename %D/users
</AuthBy>
</Handler>
------------
Log :
Thu Apr 21 02:58:59 2011: DEBUG: Finished reading configuration file
'c:\Program Files\Radiator\eap_ttls.cfg'
Thu Apr 21 02:58:59 2011: DEBUG: Reading dictionary file 'C:\Program
Files\Radiator\Dictionary'
Thu Apr 21 02:59:00 2011: DEBUG: Creating authentication port 0.0.0.0:1812
Thu Apr 21 02:59:00 2011: DEBUG: Creating authentication port 0.0.0.0:1645
Thu Apr 21 02:59:00 2011: DEBUG: Creating accounting port 0.0.0.0:1813
Thu Apr 21 02:59:00 2011: DEBUG: Creating accounting port 0.0.0.0:1646
Thu Apr 21 02:59:00 2011: NOTICE: Server started: Radiator 4.7 on
RadiatorServer1
Thu Apr 21 02:59:03 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 64075 ....
Code: Access-Request
Identifier: 0
Authentic: )#<190><132><225>l<214><174>R<144>I<241><241><187><233><235>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "eapauto"
EAP-Message = <2><1><0><12><1>eapauto
Message-Authenticator = C<0><217>lN<212>7?<233><<215><253><167>%"}
Thu Apr 21 02:59:03 2011: DEBUG: Handling request with Handler '',
Identifier ''
Thu Apr 21 02:59:03 2011: DEBUG: Deleting session for eapauto,
192.168.10.3, 0
Thu Apr 21 02:59:03 2011: DEBUG: Handling with Radius::AuthFILE:
Thu Apr 21 02:59:03 2011: DEBUG: Handling with EAP: code 2, 1, 12, 1
Thu Apr 21 02:59:03 2011: DEBUG: Response type 1
Thu Apr 21 02:59:03 2011: DEBUG: EAP result: 3, EAP LEAP Challenge
Thu Apr 21 02:59:03 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP LEAP
Challenge
Thu Apr 21 02:59:03 2011: DEBUG: Access challenged for eapauto: EAP LEAP
Challenge
Thu Apr 21 02:59:03 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 64075 ....
Code: Access-Challenge
Identifier: 0
Authentic: <6><26>f<205>.<136>;T|<238><178><167><152><153>a<189>
Attributes:
EAP-Message = <1><2><0><23><17><1><0><8>'<230>U<224><164><205>~<218>eapauto
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Apr 21 02:59:03 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 64075 ....
Code: Access-Request
Identifier: 1
Authentic: <179><166><219><<135><12>><153>$^<13><28><6><183>G<222>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "eapauto"
EAP-Message =
<2><2><0>'<17><1><0><24><165><11>5<203><233><209>%<222>|<225><189><13><19><131>|<231><225><199>K<249>\.<223><249>eapauto
Message-Authenticator =
K<149><225><3><252><170>9!2<128><255><31><25><0><175><158>
Thu Apr 21 02:59:03 2011: DEBUG: Handling request with Handler '',
Identifier ''
Thu Apr 21 02:59:03 2011: DEBUG: Deleting session for eapauto,
192.168.10.3, 0
Thu Apr 21 02:59:03 2011: DEBUG: Handling with Radius::AuthFILE:
Thu Apr 21 02:59:03 2011: DEBUG: Handling with EAP: code 2, 2, 39, 17
Thu Apr 21 02:59:03 2011: DEBUG: Response type 17
Thu Apr 21 02:59:03 2011: DEBUG: Reading users file C:\Program
Files\Radiator/users
Thu Apr 21 02:59:03 2011: DEBUG: Radius::AuthFILE looks for match with
eapauto [eapauto]
Thu Apr 21 02:59:03 2011: DEBUG: Radius::AuthFILE ACCEPT: : eapauto
[eapauto]
Thu Apr 21 02:59:03 2011: DEBUG: EAP result: 3, Wait for peer challenge
Thu Apr 21 02:59:03 2011: DEBUG: AuthBy FILE result: CHALLENGE, Wait for
peer challenge
Thu Apr 21 02:59:03 2011: DEBUG: Access challenged for eapauto: Wait for
peer challenge
Thu Apr 21 02:59:03 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 64075 ....
Code: Access-Challenge
Identifier: 1
Authentic: A<142>1<9>6vF<8><165><234>\<129>tL<245>3
Attributes:
EAP-Message = <3><2><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Apr 21 02:59:21 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 64076 ....
Code: Access-Request
Identifier: 0
Authentic: )#<190><132><225>l<214><174>R<144>I<241><241><187><233><235>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "eapauto"
EAP-Message = <2><1><0><12><1>eapauto
Message-Authenticator = C<0><217>lN<212>7?<233><<215><253><167>%"}
Thu Apr 21 02:59:21 2011: DEBUG: Handling request with Handler '',
Identifier ''
Thu Apr 21 02:59:21 2011: DEBUG: Deleting session for eapauto,
192.168.10.3, 0
Thu Apr 21 02:59:21 2011: DEBUG: Handling with Radius::AuthFILE:
Thu Apr 21 02:59:21 2011: DEBUG: Handling with EAP: code 2, 1, 12, 1
Thu Apr 21 02:59:21 2011: DEBUG: Response type 1
Thu Apr 21 02:59:21 2011: DEBUG: EAP result: 3, EAP LEAP Challenge
Thu Apr 21 02:59:21 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP LEAP
Challenge
Thu Apr 21 02:59:21 2011: DEBUG: Access challenged for eapauto: EAP LEAP
Challenge
Thu Apr 21 02:59:21 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 64076 ....
Code: Access-Challenge
Identifier: 0
Authentic: <11><127><177>;;<187>+<19>g<139><158>~<161><149><171>N
Attributes:
EAP-Message = <1><2><0><23><17><1><0><8>$<152>|<252><200><145><238>keapauto
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Apr 21 02:59:21 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 64076 ....
Code: Access-Request
Identifier: 1
Authentic: <179><166><219><<135><12>><153>$^<13><28><6><183>G<222>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "eapauto"
EAP-Message =
<2><2><0>'<17><1><0><24>|f<161><248><249>0<25><183>O<206>jG<21><162><150><230>[U<203><142><152>=;<244>eapauto
Message-Authenticator =
<176><243><170><248><142><2><222><190>O<23><199>K<14><185><187>H
Thu Apr 21 02:59:21 2011: DEBUG: Handling request with Handler '',
Identifier ''
Thu Apr 21 02:59:21 2011: DEBUG: Deleting session for eapauto,
192.168.10.3, 0
Thu Apr 21 02:59:21 2011: DEBUG: Handling with Radius::AuthFILE:
Thu Apr 21 02:59:21 2011: DEBUG: Handling with EAP: code 2, 2, 39, 17
Thu Apr 21 02:59:21 2011: DEBUG: Response type 17
Thu Apr 21 02:59:21 2011: DEBUG: Radius::AuthFILE looks for match with
eapauto [eapauto]
Thu Apr 21 02:59:21 2011: DEBUG: Radius::AuthFILE ACCEPT: : eapauto
[eapauto]
Thu Apr 21 02:59:21 2011: DEBUG: EAP result: 3, Wait for peer challenge
Thu Apr 21 02:59:21 2011: DEBUG: AuthBy FILE result: CHALLENGE, Wait for
peer challenge
Thu Apr 21 02:59:21 2011: DEBUG: Access challenged for eapauto: Wait for
peer challenge
Thu Apr 21 02:59:21 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 64076 ....
Code: Access-Challenge
Identifier: 1
Authentic: A<142>1<9>6vF<8><165><234>\<129>tL<245>3
Attributes:
EAP-Message = <3><2><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Apr 21 02:59:40 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 64077 ....
Code: Access-Request
Identifier: 0
Authentic: )#<190><132><225>l<214><174>R<144>I<241><241><187><233><235>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "eapauto"
EAP-Message = <2><1><0><12><1>eapauto
Message-Authenticator = C<0><217>lN<212>7?<233><<215><253><167>%"}
Thu Apr 21 02:59:40 2011: DEBUG: Handling request with Handler '',
Identifier ''
Thu Apr 21 02:59:40 2011: DEBUG: Deleting session for eapauto,
192.168.10.3, 0
Thu Apr 21 02:59:40 2011: DEBUG: Handling with Radius::AuthFILE:
Thu Apr 21 02:59:40 2011: DEBUG: Handling with EAP: code 2, 1, 12, 1
Thu Apr 21 02:59:40 2011: DEBUG: Response type 1
Thu Apr 21 02:59:40 2011: DEBUG: EAP result: 3, EAP LEAP Challenge
Thu Apr 21 02:59:40 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP LEAP
Challenge
Thu Apr 21 02:59:40 2011: DEBUG: Access challenged for eapauto: EAP LEAP
Challenge
Thu Apr 21 02:59:40 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 64077 ....
Code: Access-Challenge
Identifier: 0
Authentic: S<229><215><31><153>v<12><239>a<198><174><145>>^r<173>
Attributes:
EAP-Message = <1><2><0><23><17><1><0><8><130>/<8>N5U<238>?eapauto
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Apr 21 02:59:40 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 64077 ....
Code: Access-Request
Identifier: 1
Authentic: <179><166><219><<135><12>><153>$^<13><28><6><183>G<222>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "eapauto"
EAP-Message =
<2><2><0>'<17><1><0><24><246>.<221><164><129><23>H<202>b<166><243><248><22>$<231>=E<200>m<23><137><217><134>jeapauto
Message-Authenticator = V$)<214><30><11>><244><221>I<227>^Q<142><206>0
Thu Apr 21 02:59:40 2011: DEBUG: Handling request with Handler '',
Identifier ''
Thu Apr 21 02:59:40 2011: DEBUG: Deleting session for eapauto,
192.168.10.3, 0
Thu Apr 21 02:59:40 2011: DEBUG: Handling with Radius::AuthFILE:
Thu Apr 21 02:59:40 2011: DEBUG: Handling with EAP: code 2, 2, 39, 17
Thu Apr 21 02:59:40 2011: DEBUG: Response type 17
Thu Apr 21 02:59:40 2011: DEBUG: Radius::AuthFILE looks for match with
eapauto [eapauto]
Thu Apr 21 02:59:40 2011: DEBUG: Radius::AuthFILE ACCEPT: : eapauto
[eapauto]
Thu Apr 21 02:59:40 2011: DEBUG: EAP result: 3, Wait for peer challenge
Thu Apr 21 02:59:40 2011: DEBUG: AuthBy FILE result: CHALLENGE, Wait for
peer challenge
Thu Apr 21 02:59:40 2011: DEBUG: Access challenged for eapauto: Wait for
peer challenge
Thu Apr 21 02:59:40 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 64077 ....
Code: Access-Challenge
Identifier: 1
Authentic: A<142>1<9>6vF<8><165><234>\<129>tL<245>3
Attributes:
EAP-Message = <3><2><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Apr 21 02:59:58 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 64078 ....
Code: Access-Request
Identifier: 0
Authentic: )#<190><132><225>l<214><174>R<144>I<241><241><187><233><235>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "eapauto"
EAP-Message = <2><1><0><12><1>eapauto
Message-Authenticator = C<0><217>lN<212>7?<233><<215><253><167>%"}
Thu Apr 21 02:59:58 2011: DEBUG: Handling request with Handler '',
Identifier ''
Thu Apr 21 02:59:58 2011: DEBUG: Deleting session for eapauto,
192.168.10.3, 0
Thu Apr 21 02:59:58 2011: DEBUG: Handling with Radius::AuthFILE:
Thu Apr 21 02:59:58 2011: DEBUG: Handling with EAP: code 2, 1, 12, 1
Thu Apr 21 02:59:58 2011: DEBUG: Response type 1
Thu Apr 21 02:59:58 2011: DEBUG: EAP result: 3, EAP LEAP Challenge
Thu Apr 21 02:59:58 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP LEAP
Challenge
Thu Apr 21 02:59:58 2011: DEBUG: Access challenged for eapauto: EAP LEAP
Challenge
Thu Apr 21 02:59:58 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 64078 ....
Code: Access-Challenge
Identifier: 0
Authentic: [;<138><4><199><162><196><237><10><26>9<174><9><145><182><7>
Attributes:
EAP-Message = <1><2><0><23><17><1><0><8>d<240><10><1>Q-u<217>eapauto
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Apr 21 02:59:58 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 64078 ....
Code: Access-Request
Identifier: 1
Authentic: <179><166><219><<135><12>><153>$^<13><28><6><183>G<222>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "eapauto"
EAP-Message =
<2><2><0>'<17><1><0><24><11>`<175><190>?<13><231>K<173><171><20><195>ja1OT<7><203><164>u<252>0qeapauto
Message-Authenticator = i<173><238>F<156>qmvHD%<{<8>:[
Thu Apr 21 02:59:58 2011: DEBUG: Handling request with Handler '',
Identifier ''
Thu Apr 21 02:59:58 2011: DEBUG: Deleting session for eapauto,
192.168.10.3, 0
Thu Apr 21 02:59:58 2011: DEBUG: Handling with Radius::AuthFILE:
Thu Apr 21 02:59:58 2011: DEBUG: Handling with EAP: code 2, 2, 39, 17
Thu Apr 21 02:59:58 2011: DEBUG: Response type 17
Thu Apr 21 02:59:58 2011: DEBUG: Radius::AuthFILE looks for match with
eapauto [eapauto]
Thu Apr 21 02:59:58 2011: DEBUG: Radius::AuthFILE ACCEPT: : eapauto
[eapauto]
Thu Apr 21 02:59:58 2011: DEBUG: EAP result: 3, Wait for peer challenge
Thu Apr 21 02:59:58 2011: DEBUG: AuthBy FILE result: CHALLENGE, Wait for
peer challenge
Thu Apr 21 02:59:58 2011: DEBUG: Access challenged for eapauto: Wait for
peer challenge
Thu Apr 21 02:59:58 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 64078 ....
Code: Access-Challenge
Identifier: 1
Authentic: A<142>1<9>6vF<8><165><234>\<129>tL<245>3
Attributes:
EAP-Message = <3><2><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thanx
Aman Arneja
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110421/bc7aa9f4/attachment-0001.html
More information about the radiator
mailing list