[RADIATOR] [Radiator] Problems with Cisco Leap - Radiator

Aman Arneja arneja.aman at gmail.com
Mon Apr 25 00:01:28 CDT 2011


Resending

On Thu, Apr 21, 2011 at 3:37 PM, Aman Arneja <arneja.aman at gmail.com> wrote:

> HI Team
>
> On trying Cisco Leap with Radiator, I get an EAP-Success Packet from the
> server which contains its challenge, this challenge seems incorrect and the
> client ignores it thus failing the authentication. It seems to work fine
> with a custom method based on NPS where the challenge sent by server is
> accepted. The log file and config files are as follows . Can some1 pls help
> with this? I am also facing the same problem when i tra an Authby LSA
>
> Config :
>
> Foreground
> LogStdout
> #LogDir  %D
> LogFile %D\log_eapttls
> DbDir  C:\Program Files\Radiator
> DictionaryFile %D\Dictionary
> AuthPort 1812,1645
> AcctPort 1813,1646
> # User a lower trace level in production systems:
> Trace   4
> <Client 192.168.10.3>
>  Secret secret
>  DupInterval 0
> </Client>
> <Client 192.168.10.2>
>  Secret secret
>  DupInterval 0
> </Client>
> <Client 192.168.10.11>
>  Secret secret
>  DupInterval 0
> </Client>
> <Client DEFAULT>
>  Secret secret
>  DupInterval 0
> </Client>
> <Handler>
>  <AuthBy FILE>
>   # This says to handle all EAP requests with LEAP
>   EAPType LEAP
>   # Authenticate from the users file.
>   # Caution: only plaintext passwords are supported
>   Filename %D/users
>  </AuthBy>
> </Handler>
>
> ------------
> Log :
>
> Thu Apr 21 02:58:59 2011: DEBUG: Finished reading configuration file
> 'c:\Program Files\Radiator\eap_ttls.cfg'
> Thu Apr 21 02:58:59 2011: DEBUG: Reading dictionary file 'C:\Program
> Files\Radiator\Dictionary'
> Thu Apr 21 02:59:00 2011: DEBUG: Creating authentication port 0.0.0.0:1812
> Thu Apr 21 02:59:00 2011: DEBUG: Creating authentication port 0.0.0.0:1645
> Thu Apr 21 02:59:00 2011: DEBUG: Creating accounting port 0.0.0.0:1813
> Thu Apr 21 02:59:00 2011: DEBUG: Creating accounting port 0.0.0.0:1646
> Thu Apr 21 02:59:00 2011: NOTICE: Server started: Radiator 4.7 on
> RadiatorServer1
> Thu Apr 21 02:59:03 2011: DEBUG: Packet dump:
> *** Received from 192.168.10.3 port 64075 ....
> Code:       Access-Request
> Identifier: 0
> Authentic:  )#<190><132><225>l<214><174>R<144>I<241><241><187><233><235>
> Attributes:
>  NAS-Identifier = "vnas-1.0"
>  NAS-Port = 0
>  NAS-Port-Type = Wireless-IEEE-802-11
>  User-Name = "eapauto"
>  EAP-Message = <2><1><0><12><1>eapauto
>  Message-Authenticator = C<0><217>lN<212>7?<233><<215><253><167>%"}
> Thu Apr 21 02:59:03 2011: DEBUG: Handling request with Handler '',
> Identifier ''
> Thu Apr 21 02:59:03 2011: DEBUG:  Deleting session for eapauto,
> 192.168.10.3, 0
> Thu Apr 21 02:59:03 2011: DEBUG: Handling with Radius::AuthFILE:
> Thu Apr 21 02:59:03 2011: DEBUG: Handling with EAP: code 2, 1, 12, 1
> Thu Apr 21 02:59:03 2011: DEBUG: Response type 1
> Thu Apr 21 02:59:03 2011: DEBUG: EAP result: 3, EAP LEAP Challenge
> Thu Apr 21 02:59:03 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP LEAP
> Challenge
> Thu Apr 21 02:59:03 2011: DEBUG: Access challenged for eapauto: EAP LEAP
> Challenge
> Thu Apr 21 02:59:03 2011: DEBUG: Packet dump:
> *** Sending to 192.168.10.3 port 64075 ....
> Code:       Access-Challenge
> Identifier: 0
> Authentic:  <6><26>f<205>.<136>;T|<238><178><167><152><153>a<189>
> Attributes:
>  EAP-Message =
> <1><2><0><23><17><1><0><8>'<230>U<224><164><205>~<218>eapauto
>  Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Thu Apr 21 02:59:03 2011: DEBUG: Packet dump:
> *** Received from 192.168.10.3 port 64075 ....
> Code:       Access-Request
> Identifier: 1
> Authentic:  <179><166><219><<135><12>><153>$^<13><28><6><183>G<222>
> Attributes:
>  NAS-Identifier = "vnas-1.0"
>  NAS-Port = 0
>  NAS-Port-Type = Wireless-IEEE-802-11
>  User-Name = "eapauto"
>  EAP-Message =
> <2><2><0>'<17><1><0><24><165><11>5<203><233><209>%<222>|<225><189><13><19><131>|<231><225><199>K<249>\.<223><249>eapauto
>  Message-Authenticator =
> K<149><225><3><252><170>9!2<128><255><31><25><0><175><158>
> Thu Apr 21 02:59:03 2011: DEBUG: Handling request with Handler '',
> Identifier ''
> Thu Apr 21 02:59:03 2011: DEBUG:  Deleting session for eapauto,
> 192.168.10.3, 0
> Thu Apr 21 02:59:03 2011: DEBUG: Handling with Radius::AuthFILE:
> Thu Apr 21 02:59:03 2011: DEBUG: Handling with EAP: code 2, 2, 39, 17
> Thu Apr 21 02:59:03 2011: DEBUG: Response type 17
> Thu Apr 21 02:59:03 2011: DEBUG: Reading users file C:\Program
> Files\Radiator/users
> Thu Apr 21 02:59:03 2011: DEBUG: Radius::AuthFILE looks for match with
> eapauto [eapauto]
> Thu Apr 21 02:59:03 2011: DEBUG: Radius::AuthFILE ACCEPT: : eapauto
> [eapauto]
> Thu Apr 21 02:59:03 2011: DEBUG: EAP result: 3, Wait for peer challenge
> Thu Apr 21 02:59:03 2011: DEBUG: AuthBy FILE result: CHALLENGE, Wait for
> peer challenge
> Thu Apr 21 02:59:03 2011: DEBUG: Access challenged for eapauto: Wait for
> peer challenge
> Thu Apr 21 02:59:03 2011: DEBUG: Packet dump:
> *** Sending to 192.168.10.3 port 64075 ....
> Code:       Access-Challenge
> Identifier: 1
> Authentic:  A<142>1<9>6vF<8><165><234>\<129>tL<245>3
> Attributes:
>  EAP-Message = <3><2><0><4>
>  Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Thu Apr 21 02:59:21 2011: DEBUG: Packet dump:
> *** Received from 192.168.10.3 port 64076 ....
> Code:       Access-Request
> Identifier: 0
> Authentic:  )#<190><132><225>l<214><174>R<144>I<241><241><187><233><235>
> Attributes:
>  NAS-Identifier = "vnas-1.0"
>  NAS-Port = 0
>  NAS-Port-Type = Wireless-IEEE-802-11
>  User-Name = "eapauto"
>  EAP-Message = <2><1><0><12><1>eapauto
>  Message-Authenticator = C<0><217>lN<212>7?<233><<215><253><167>%"}
> Thu Apr 21 02:59:21 2011: DEBUG: Handling request with Handler '',
> Identifier ''
> Thu Apr 21 02:59:21 2011: DEBUG:  Deleting session for eapauto,
> 192.168.10.3, 0
> Thu Apr 21 02:59:21 2011: DEBUG: Handling with Radius::AuthFILE:
> Thu Apr 21 02:59:21 2011: DEBUG: Handling with EAP: code 2, 1, 12, 1
> Thu Apr 21 02:59:21 2011: DEBUG: Response type 1
> Thu Apr 21 02:59:21 2011: DEBUG: EAP result: 3, EAP LEAP Challenge
> Thu Apr 21 02:59:21 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP LEAP
> Challenge
> Thu Apr 21 02:59:21 2011: DEBUG: Access challenged for eapauto: EAP LEAP
> Challenge
> Thu Apr 21 02:59:21 2011: DEBUG: Packet dump:
> *** Sending to 192.168.10.3 port 64076 ....
> Code:       Access-Challenge
> Identifier: 0
> Authentic:  <11><127><177>;;<187>+<19>g<139><158>~<161><149><171>N
> Attributes:
>  EAP-Message =
> <1><2><0><23><17><1><0><8>$<152>|<252><200><145><238>keapauto
>  Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Thu Apr 21 02:59:21 2011: DEBUG: Packet dump:
> *** Received from 192.168.10.3 port 64076 ....
> Code:       Access-Request
> Identifier: 1
> Authentic:  <179><166><219><<135><12>><153>$^<13><28><6><183>G<222>
> Attributes:
>  NAS-Identifier = "vnas-1.0"
>  NAS-Port = 0
>  NAS-Port-Type = Wireless-IEEE-802-11
>  User-Name = "eapauto"
>  EAP-Message =
> <2><2><0>'<17><1><0><24>|f<161><248><249>0<25><183>O<206>jG<21><162><150><230>[U<203><142><152>=;<244>eapauto
>  Message-Authenticator =
> <176><243><170><248><142><2><222><190>O<23><199>K<14><185><187>H
> Thu Apr 21 02:59:21 2011: DEBUG: Handling request with Handler '',
> Identifier ''
> Thu Apr 21 02:59:21 2011: DEBUG:  Deleting session for eapauto,
> 192.168.10.3, 0
> Thu Apr 21 02:59:21 2011: DEBUG: Handling with Radius::AuthFILE:
> Thu Apr 21 02:59:21 2011: DEBUG: Handling with EAP: code 2, 2, 39, 17
> Thu Apr 21 02:59:21 2011: DEBUG: Response type 17
> Thu Apr 21 02:59:21 2011: DEBUG: Radius::AuthFILE looks for match with
> eapauto [eapauto]
> Thu Apr 21 02:59:21 2011: DEBUG: Radius::AuthFILE ACCEPT: : eapauto
> [eapauto]
> Thu Apr 21 02:59:21 2011: DEBUG: EAP result: 3, Wait for peer challenge
> Thu Apr 21 02:59:21 2011: DEBUG: AuthBy FILE result: CHALLENGE, Wait for
> peer challenge
> Thu Apr 21 02:59:21 2011: DEBUG: Access challenged for eapauto: Wait for
> peer challenge
> Thu Apr 21 02:59:21 2011: DEBUG: Packet dump:
> *** Sending to 192.168.10.3 port 64076 ....
> Code:       Access-Challenge
> Identifier: 1
> Authentic:  A<142>1<9>6vF<8><165><234>\<129>tL<245>3
> Attributes:
>  EAP-Message = <3><2><0><4>
>  Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Thu Apr 21 02:59:40 2011: DEBUG: Packet dump:
> *** Received from 192.168.10.3 port 64077 ....
> Code:       Access-Request
> Identifier: 0
> Authentic:  )#<190><132><225>l<214><174>R<144>I<241><241><187><233><235>
> Attributes:
>  NAS-Identifier = "vnas-1.0"
>  NAS-Port = 0
>  NAS-Port-Type = Wireless-IEEE-802-11
>  User-Name = "eapauto"
>  EAP-Message = <2><1><0><12><1>eapauto
>  Message-Authenticator = C<0><217>lN<212>7?<233><<215><253><167>%"}
> Thu Apr 21 02:59:40 2011: DEBUG: Handling request with Handler '',
> Identifier ''
> Thu Apr 21 02:59:40 2011: DEBUG:  Deleting session for eapauto,
> 192.168.10.3, 0
> Thu Apr 21 02:59:40 2011: DEBUG: Handling with Radius::AuthFILE:
> Thu Apr 21 02:59:40 2011: DEBUG: Handling with EAP: code 2, 1, 12, 1
> Thu Apr 21 02:59:40 2011: DEBUG: Response type 1
> Thu Apr 21 02:59:40 2011: DEBUG: EAP result: 3, EAP LEAP Challenge
> Thu Apr 21 02:59:40 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP LEAP
> Challenge
> Thu Apr 21 02:59:40 2011: DEBUG: Access challenged for eapauto: EAP LEAP
> Challenge
> Thu Apr 21 02:59:40 2011: DEBUG: Packet dump:
> *** Sending to 192.168.10.3 port 64077 ....
> Code:       Access-Challenge
> Identifier: 0
> Authentic:  S<229><215><31><153>v<12><239>a<198><174><145>>^r<173>
> Attributes:
>  EAP-Message = <1><2><0><23><17><1><0><8><130>/<8>N5U<238>?eapauto
>  Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Thu Apr 21 02:59:40 2011: DEBUG: Packet dump:
> *** Received from 192.168.10.3 port 64077 ....
> Code:       Access-Request
> Identifier: 1
> Authentic:  <179><166><219><<135><12>><153>$^<13><28><6><183>G<222>
> Attributes:
>  NAS-Identifier = "vnas-1.0"
>  NAS-Port = 0
>  NAS-Port-Type = Wireless-IEEE-802-11
>  User-Name = "eapauto"
>  EAP-Message =
> <2><2><0>'<17><1><0><24><246>.<221><164><129><23>H<202>b<166><243><248><22>$<231>=E<200>m<23><137><217><134>jeapauto
>  Message-Authenticator = V$)<214><30><11>><244><221>I<227>^Q<142><206>0
> Thu Apr 21 02:59:40 2011: DEBUG: Handling request with Handler '',
> Identifier ''
> Thu Apr 21 02:59:40 2011: DEBUG:  Deleting session for eapauto,
> 192.168.10.3, 0
> Thu Apr 21 02:59:40 2011: DEBUG: Handling with Radius::AuthFILE:
> Thu Apr 21 02:59:40 2011: DEBUG: Handling with EAP: code 2, 2, 39, 17
> Thu Apr 21 02:59:40 2011: DEBUG: Response type 17
> Thu Apr 21 02:59:40 2011: DEBUG: Radius::AuthFILE looks for match with
> eapauto [eapauto]
> Thu Apr 21 02:59:40 2011: DEBUG: Radius::AuthFILE ACCEPT: : eapauto
> [eapauto]
> Thu Apr 21 02:59:40 2011: DEBUG: EAP result: 3, Wait for peer challenge
> Thu Apr 21 02:59:40 2011: DEBUG: AuthBy FILE result: CHALLENGE, Wait for
> peer challenge
> Thu Apr 21 02:59:40 2011: DEBUG: Access challenged for eapauto: Wait for
> peer challenge
> Thu Apr 21 02:59:40 2011: DEBUG: Packet dump:
> *** Sending to 192.168.10.3 port 64077 ....
> Code:       Access-Challenge
> Identifier: 1
> Authentic:  A<142>1<9>6vF<8><165><234>\<129>tL<245>3
> Attributes:
>  EAP-Message = <3><2><0><4>
>  Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Thu Apr 21 02:59:58 2011: DEBUG: Packet dump:
> *** Received from 192.168.10.3 port 64078 ....
> Code:       Access-Request
> Identifier: 0
> Authentic:  )#<190><132><225>l<214><174>R<144>I<241><241><187><233><235>
> Attributes:
>  NAS-Identifier = "vnas-1.0"
>  NAS-Port = 0
>  NAS-Port-Type = Wireless-IEEE-802-11
>  User-Name = "eapauto"
>  EAP-Message = <2><1><0><12><1>eapauto
>  Message-Authenticator = C<0><217>lN<212>7?<233><<215><253><167>%"}
> Thu Apr 21 02:59:58 2011: DEBUG: Handling request with Handler '',
> Identifier ''
> Thu Apr 21 02:59:58 2011: DEBUG:  Deleting session for eapauto,
> 192.168.10.3, 0
> Thu Apr 21 02:59:58 2011: DEBUG: Handling with Radius::AuthFILE:
> Thu Apr 21 02:59:58 2011: DEBUG: Handling with EAP: code 2, 1, 12, 1
> Thu Apr 21 02:59:58 2011: DEBUG: Response type 1
> Thu Apr 21 02:59:58 2011: DEBUG: EAP result: 3, EAP LEAP Challenge
> Thu Apr 21 02:59:58 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP LEAP
> Challenge
> Thu Apr 21 02:59:58 2011: DEBUG: Access challenged for eapauto: EAP LEAP
> Challenge
> Thu Apr 21 02:59:58 2011: DEBUG: Packet dump:
> *** Sending to 192.168.10.3 port 64078 ....
> Code:       Access-Challenge
> Identifier: 0
> Authentic:  [;<138><4><199><162><196><237><10><26>9<174><9><145><182><7>
> Attributes:
>  EAP-Message = <1><2><0><23><17><1><0><8>d<240><10><1>Q-u<217>eapauto
>  Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Thu Apr 21 02:59:58 2011: DEBUG: Packet dump:
> *** Received from 192.168.10.3 port 64078 ....
> Code:       Access-Request
> Identifier: 1
> Authentic:  <179><166><219><<135><12>><153>$^<13><28><6><183>G<222>
> Attributes:
>  NAS-Identifier = "vnas-1.0"
>  NAS-Port = 0
>  NAS-Port-Type = Wireless-IEEE-802-11
>  User-Name = "eapauto"
>  EAP-Message =
> <2><2><0>'<17><1><0><24><11>`<175><190>?<13><231>K<173><171><20><195>ja1OT<7><203><164>u<252>0qeapauto
>  Message-Authenticator = i<173><238>F<156>qmvHD%<{<8>:[
> Thu Apr 21 02:59:58 2011: DEBUG: Handling request with Handler '',
> Identifier ''
> Thu Apr 21 02:59:58 2011: DEBUG:  Deleting session for eapauto,
> 192.168.10.3, 0
> Thu Apr 21 02:59:58 2011: DEBUG: Handling with Radius::AuthFILE:
> Thu Apr 21 02:59:58 2011: DEBUG: Handling with EAP: code 2, 2, 39, 17
> Thu Apr 21 02:59:58 2011: DEBUG: Response type 17
> Thu Apr 21 02:59:58 2011: DEBUG: Radius::AuthFILE looks for match with
> eapauto [eapauto]
> Thu Apr 21 02:59:58 2011: DEBUG: Radius::AuthFILE ACCEPT: : eapauto
> [eapauto]
> Thu Apr 21 02:59:58 2011: DEBUG: EAP result: 3, Wait for peer challenge
> Thu Apr 21 02:59:58 2011: DEBUG: AuthBy FILE result: CHALLENGE, Wait for
> peer challenge
> Thu Apr 21 02:59:58 2011: DEBUG: Access challenged for eapauto: Wait for
> peer challenge
> Thu Apr 21 02:59:58 2011: DEBUG: Packet dump:
> *** Sending to 192.168.10.3 port 64078 ....
> Code:       Access-Challenge
> Identifier: 1
> Authentic:  A<142>1<9>6vF<8><165><234>\<129>tL<245>3
> Attributes:
>  EAP-Message = <3><2><0><4>
>  Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
>
> Thanx
>
> Aman Arneja
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110425/3cc0dcab/attachment-0001.html 


More information about the radiator mailing list