[RADIATOR] EAP-PEAP Windows XP Wired Ethernet
Indrajaya Pitra Perdana
vietrha at indo.net.id
Wed Dec 14 08:33:23 CST 2011
Yup, i already import the root.der in trusted root certification
authorities, is Radiator demo certificate include the xpextension? thanks
Code: Access-Request
Identifier: 33
Authentic: 1<197><232><26>`<178><223>;<31><225><30><138><202>Zv<151>
Attributes:
NAS-IP-Address = x.x.x.x
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Calling-Station-Id = "00-1B-38-A5-45-A5"
Service-Type = Framed-User
EAP-Message =
<2><2><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>N<232>1<194>g<140><177>`G<194><25>B+<191><195><26><223><152>wPjlR<190><224><10><147><176><236><189>0<182><0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0>
Message-Authenticator =
b<134><218>`<173>3`<196><246><207><134>E<10><155><0><228>
Wed Dec 14 12:17:53 2011: DEBUG: Handling request with Handler '',
Identifier ''
Wed Dec 14 12:17:53 2011: DEBUG: Deleting session for indrajaya,
x.x.x.x, 50011
Wed Dec 14 12:17:53 2011: DEBUG: do query is: 'delete from RADONLINE
where NASIDENTIFIER = 'x.x.x.x' and NASPORT = 050011':
Wed Dec 14 12:17:53 2011: DEBUG: Handling with Radius::AuthSQL:
Wed Dec 14 12:17:53 2011: DEBUG: Handling with Radius::AuthSQL:
Wed Dec 14 12:17:53 2011: DEBUG: Handling with EAP: code 2, 2, 80, 25
Wed Dec 14 12:17:53 2011: DEBUG: Response type 25
Wed Dec 14 12:17:53 2011: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Wed Dec 14 12:17:53 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed Dec 14 12:17:53 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Wed Dec 14 12:17:53 2011: DEBUG: Access challenged for indrajaya: EAP
PEAP Challenge
Wed Dec 14 12:17:53 2011: DEBUG: Packet dump:
*** Sending to x.x.x.x port 1812 ....
Code: Access-Challenge
Identifier: 33
Authentic: n<255><175>k<153><2>n<165><148><140>3<182><148>Q<158><1>
Attributes:
EAP-Message =
<1><3><3><242><25><192><0><0><7><178><22><3><1><0>J<2><0><0>F<3><1>N<232>1<129>w<144><212><137>X{w<247><18><30><29><171>!<187><187><215><243><191>0<188><149>K&<226><145><179><195><138>
^<214>H<218>m<25><243>H<218>|<26>y;<187><209>~<160><203>X<236>@"<168>.<145><232>+<26>t<153>k<18><0><4><0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>100128213155Z<23><13>120128213155Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1%0#<6><3>U<4><3><19><28>t
EAP-Message =
est.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><203>?(<193><229><128><183><136>q<166><202><21><168><224><157>M<139><204>{<209><131><10><156><164><254>Z<214><231><254>g<245>+y~<210><147><171><8><131><143><139><186>{<221><224>)<161>`<140>z<193><247><244><210><152><149><4><204><225><139><204><159><29><1><12><162><219><142><176>)/<189><163>vV<208><250><213><212><144><137><211><207><10><215><19><206><14><228>umT<7><239><198>_Y<231><197><202><14><166><211><145><181><226><226>|<201>E<128>F<165><189><<250><20><18><227>6t<243><177>ZNv<133><153><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><30><137>N<139><212>><249><25><151><161>N<31><183><246><141>'<233>V<198><203>
EAP-Message =
<206><146>9*<19><219>0<28><209><244>e<17><199>`<236>g<189>q<<200><185>{<219><252><31>+<245><10><208>M<181>!<248><20><1>K)E<2><158><128>#<169><162><179><224>W08<19><<16>ts<226>~<11>4<8><251>!d<201><223><230>~E<133><166>r<0>:<19>4<206>D<136>8<232>n<26><195>v<13><192>&ws<175>n at 0D<175><29>E<162>:<239>d
<17>?<153><184>C4?<0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><249><170>@<232><246>7<146>$0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Tes
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
/Regards,
Indrajaya Pitra Perdana/
On 12/14/2011 9:10 PM, Heikki Vatiainen wrote:
> On 12/14/2011 08:11 AM, Indrajaya Pitra Perdana wrote:
>
>> I try to setup EAP where cisco catalyst 2950 as authenticator and
>> windows xp as the supplicant, but after i enter the credentials in Win
>> xp, radiator send eap access challenge but never got replied by win XP
>> and in the end the windows xp told me that the authentication is failed,
>> am i missing something in my configuration? btw i'm using the demo cert
>> provided by Radiator goodies, and imported the root.der and cert-clt.p12
>> into my win xp, thanks
> When configuring Windows PEAP settings, did you mark the imported
> root.der as trusted CA? You need to both import the certificate and then
> mark it as trusted for the SSID you are configuring.
>
> The configuration and log snippets look good. The log shows Radiator
> sending its certificate to Windows, so if there is no response, then
> Windows may not be accepting the certificate yet.
>
> If there are still problems, please reply with the full configuration
> file and full Radiator log showing everything from the startup.
>
> Thanks!
>
>> Config file:
>>
>>
>> <Handler TunnelledByPEAP=1>
>> MaxSessions 1
>> AuthByPolicy ContinueWhileAccept
>>
>>
>> #<Realm DEFAULT>
>> <AuthBy SQL>
>> DBSource dbi:mysql:radius:localhost
>> DBUsername radius
>> DBAuth r4d1usLocal
>>
>> AuthSelect select PASSWORD FROM SUBSCRIBERS WHERE
>> USERNAME=%0
>>
>> AcctColumnDef User-Password, check
>> AcctColumnDef USERNAME,User-Name
>> AcctColumnDef TIME_STAMP,Timestamp,integer
>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
>> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
>> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
>> AcctColumnDef NASPORT,NAS-Port,integer
>> EAPType MSCHAP-V2
>> # EAPType PEAP
>> </AuthBy>
>>
>> </Handler>
>>
>> <Handler>
>>
>> <AuthBy SQL>
>> DBSource dbi:mysql:radius:localhost
>> DBUsername radius
>> DBAuth r4d1usLocal
>>
>> AuthSelect select PASSWORD FROM SUBSCRIBERS WHERE
>> USERNAME=%0
>>
>> AcctColumnDef User-Password, check
>> AcctColumnDef USERNAME,User-Name
>> AcctColumnDef TIME_STAMP,Timestamp,integer
>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
>> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
>> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
>> AcctColumnDef NASPORT,NAS-Port,integer
>>
>> EAPType PEAP
>> # EAPType MSCHAP-V2
>> EAPTLS_CAFile
>> /usr/share/doc/packages/Radiator/certificates/demoCA/cacert.pem
>> EAPTLS_CertificateFile
>> /usr/share/doc/packages/Radiator/certificates/cert-srv.pem
>> EAPTLS_CertificateType PEM
>> EAPTLS_PrivateKeyFile
>> /usr/share/doc/packages/Radiator/certificates/cert-srv.pem
>> EAPTLS_PrivateKeyPassword whatever
>> EAPTLS_MaxFragmentSize 1000
>> AutoMPPEKeys
>>
>> </AuthBy>
>>
>> </Handler>
>>
>>
>> Debug:
>>
>> *** Received from 202.53.249.28 port 1812 ....
>> Code: Access-Request
>> Identifier: 55
>> Authentic: S<155><173>*<150><226><172><149>!<245>i<30>B<229><133><211>
>> Attributes:
>> NAS-IP-Address = 202.53.249.28
>> NAS-Port = 50011
>> NAS-Port-Type = Ethernet
>> User-Name = "indrajaya"
>> Calling-Station-Id = "00-1B-38-A5-45-A5"
>> Service-Type = Framed-User
>> EAP-Message =
>> <2><148><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>N<232>;<17><191>k<228><146><254>'<27>U<187><187><26>nf%NK<154><8>-<198><186>8<129>u<170><210>#P<0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0>
>> Message-Authenticator =<220>DJ<146>1M<9>S5"q<132><197>x<19>
>>
>> Wed Dec 14 12:57:29 2011: DEBUG: Handling request with Handler '',
>> Identifier ''
>> Wed Dec 14 12:57:29 2011: DEBUG: Deleting session for indrajaya,
>> 202.53.249.28, 50011
>> Wed Dec 14 12:57:29 2011: DEBUG: do query is: 'delete from RADONLINE
>> where NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
>> Wed Dec 14 12:57:29 2011: DEBUG: Handling with Radius::AuthSQL:
>> Wed Dec 14 12:57:29 2011: DEBUG: Handling with Radius::AuthSQL:
>> Wed Dec 14 12:57:29 2011: DEBUG: Handling with EAP: code 2, 148, 80, 25
>> Wed Dec 14 12:57:29 2011: DEBUG: Response type 25
>> Wed Dec 14 12:57:29 2011: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
>> Wed Dec 14 12:57:29 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Wed Dec 14 12:57:29 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
>> Challenge
>> Wed Dec 14 12:57:29 2011: DEBUG: Access challenged for indrajaya: EAP
>> PEAP Challenge
>> Wed Dec 14 12:57:29 2011: DEBUG: Packet dump:
>> *** Sending to 202.53.249.28 port 1812 ....
>> Code: Access-Challenge
>> Identifier: 55
>> Authentic:<3>.<248><243>a<172>b`<181>l<138>E<214>6<154><213>
>> Attributes:
>> EAP-Message =
>> <1><149><3><242><25><192><0><0><7><178><22><3><1><0>J<2><0><0>F<3><1>N<232>:<201><12><1><17><235>z<22><181>
>> <186><171><150>9<252>@|q<18>,R<134><203>\<27>Vf<27><133><136>
>> <247>B<140><150>j'<152><24>C<163><228><244>_<150>i<141><176><252><149><177>T<182>R8<159><178><20><187><19>Q<22>!<0><4><0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
>> in production)1
>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>100128213155Z<23><13>120128213155Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>> Section1%0#<6><3>U<4><3><19><28>t
>> EAP-Message =
>> est.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><203>?(<193><229><128><183><136>q<166><202><21><168><224><157>M<139><204>{<209><131><10><156><164><254>Z<214><231><254>g<245>+y~<210><147><171><8><131><143><139><186>{<221><224>)<161>`<140>z<193><247><244><210><152><149><4><204><225><139><204><159><29><1><12><162><219><142><176>)/<189><163>vV<208><250><213><212><144><137><211><2
>> 07><10><215><19><206><14><228>umT<7><239><198>_Y<231><197><202><14><166><211><145><181><226><226>|<201>E<128>F<165><189><<250><20><18><227>6t<243><177>ZNv<133><153><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><30><137>N<139><212>><249><25><151><161>N<31><183><246><141>'<233>V<198><203>
>> EAP-Message =
>> <206><146>9*<19><219>0<28><209><244>e<17><199>`<236>g<189>q<<200><185>{<219><252><31>+<245><10><208>M<181>!<248><20><1>K)E<2><158><128>#<169><162><179><224>W08<19><<16>ts<226>~<11>4<8><251>!d<201><223><230>~E<133><166>r<0>:<19>4<206>D<136>8<232>n<26><195>v<13><192>&ws<175>n at 0D<175><29>E<162>:<239>d
>> <17>?<153><184>C4?<0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><249><170>@<232><246>7<146>$0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Tes
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>>
>>
>>
>> --
>> /Regards,
>> Indrajaya Pitra Perdana/
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20111214/1d1d6200/attachment-0001.html
More information about the radiator
mailing list