[RADIATOR] EAP-PEAP Windows XP Wired Ethernet
Indrajaya Pitra Perdana
vietrha at indo.net.id
Wed Dec 14 00:11:57 CST 2011
Hi,
I try to setup EAP where cisco catalyst 2950 as authenticator and
windows xp as the supplicant, but after i enter the credentials in Win
xp, radiator send eap access challenge but never got replied by win XP
and in the end the windows xp told me that the authentication is failed,
am i missing something in my configuration? btw i'm using the demo cert
provided by Radiator goodies, and imported the root.der and cert-clt.p12
into my win xp, thanks
Config file:
<Handler TunnelledByPEAP=1>
MaxSessions 1
AuthByPolicy ContinueWhileAccept
#<Realm DEFAULT>
<AuthBy SQL>
DBSource dbi:mysql:radius:localhost
DBUsername radius
DBAuth r4d1usLocal
AuthSelect select PASSWORD FROM SUBSCRIBERS WHERE
USERNAME=%0
AcctColumnDef User-Password, check
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
EAPType MSCHAP-V2
# EAPType PEAP
</AuthBy>
</Handler>
<Handler>
<AuthBy SQL>
DBSource dbi:mysql:radius:localhost
DBUsername radius
DBAuth r4d1usLocal
AuthSelect select PASSWORD FROM SUBSCRIBERS WHERE
USERNAME=%0
AcctColumnDef User-Password, check
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
EAPType PEAP
# EAPType MSCHAP-V2
EAPTLS_CAFile
/usr/share/doc/packages/Radiator/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile
/usr/share/doc/packages/Radiator/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile
/usr/share/doc/packages/Radiator/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
</AuthBy>
</Handler>
Debug:
*** Received from 202.53.249.28 port 1812 ....
Code: Access-Request
Identifier: 55
Authentic: S<155><173>*<150><226><172><149>!<245>i<30>B<229><133><211>
Attributes:
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Calling-Station-Id = "00-1B-38-A5-45-A5"
Service-Type = Framed-User
EAP-Message =
<2><148><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>N<232>;<17><191>k<228><146><254>'<27>U<187><187><26>nf%NK<154><8>-<198><186>8<129>u<170><210>#P<0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0>
Message-Authenticator = <220>DJ<146>1M<9>S5"q<132><197>x<19>
Wed Dec 14 12:57:29 2011: DEBUG: Handling request with Handler '',
Identifier ''
Wed Dec 14 12:57:29 2011: DEBUG: Deleting session for indrajaya,
202.53.249.28, 50011
Wed Dec 14 12:57:29 2011: DEBUG: do query is: 'delete from RADONLINE
where NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Wed Dec 14 12:57:29 2011: DEBUG: Handling with Radius::AuthSQL:
Wed Dec 14 12:57:29 2011: DEBUG: Handling with Radius::AuthSQL:
Wed Dec 14 12:57:29 2011: DEBUG: Handling with EAP: code 2, 148, 80, 25
Wed Dec 14 12:57:29 2011: DEBUG: Response type 25
Wed Dec 14 12:57:29 2011: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Wed Dec 14 12:57:29 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed Dec 14 12:57:29 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Wed Dec 14 12:57:29 2011: DEBUG: Access challenged for indrajaya: EAP
PEAP Challenge
Wed Dec 14 12:57:29 2011: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ....
Code: Access-Challenge
Identifier: 55
Authentic: <3>.<248><243>a<172>b`<181>l<138>E<214>6<154><213>
Attributes:
EAP-Message =
<1><149><3><242><25><192><0><0><7><178><22><3><1><0>J<2><0><0>F<3><1>N<232>:<201><12><1><17><235>z<22><181>
<186><171><150>9<252>@|q<18>,R<134><203>\<27>Vf<27><133><136>
<247>B<140><150>j'<152><24>C<163><228><244>_<150>i<141><176><252><149><177>T<182>R8<159><178><20><187><19>Q<22>!<0><4><0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>100128213155Z<23><13>120128213155Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1%0#<6><3>U<4><3><19><28>t
EAP-Message =
est.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><203>?(<193><229><128><183><136>q<166><202><21><168><224><157>M<139><204>{<209><131><10><156><164><254>Z<214><231><254>g<245>+y~<210><147><171><8><131><143><139><186>{<221><224>)<161>`<140>z<193><247><244><210><152><149><4><204><225><139><204><159><29><1><12><162><219><142><176>)/<189><163>vV<208><250><213><212><144><137><211><207><10><215><19><206><14><228>umT<7><239><198>_Y<231><197><202><14><166><211><145><181><226><226>|<201>E<128>F<165><189><<250><20><18><227>6t<243><177>ZNv<133><153><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><30><137>N<139><212>><249><25><151><161>N<31><183><246><141>'<233>V<198><203>
EAP-Message =
<206><146>9*<19><219>0<28><209><244>e<17><199>`<236>g<189>q<<200><185>{<219><252><31>+<245><10><208>M<181>!<248><20><1>K)E<2><158><128>#<169><162><179><224>W08<19><<16>ts<226>~<11>4<8><251>!d<201><223><230>~E<133><166>r<0>:<19>4<206>D<136>8<232>n<26><195>v<13><192>&ws<175>n at 0D<175><29>E<162>:<239>d
<17>?<153><184>C4?<0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><249><170>@<232><246>7<146>$0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Tes
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
--
/Regards,
Indrajaya Pitra Perdana/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20111214/422b8688/attachment-0001.html
More information about the radiator
mailing list