[RADIATOR] EAP-PEAP Windows XP Wired Ethernet

Indrajaya Pitra Perdana vietrha at indo.net.id
Thu Dec 15 20:13:41 CST 2011


Thanks, i give it a try, i already enable tls trace in my win xp, and i 
don't see there's an exchange certificate :-)


[1448] 11:49:36:218: PeapReadConnectionData
[1448] 11:49:36:218: PeapReadUserData
[1448] 11:49:36:218: RasEapGetInfo
[2884] 11:49:52:515: EapPeapBegin
[2884] 11:49:52:515: PeapReadConnectionData
[2884] 11:49:52:515: PeapReadUserData
[2884] 11:49:52:515:
[2884] 11:49:52:515: EapTlsBegin(test)
[2884] 11:49:52:515: State change to Initial
[2884] 11:49:52:515: EapTlsBegin: Detected 8021X authentication
[2884] 11:49:52:515: EapTlsBegin: Detected PEAP authentication
[2884] 11:49:52:515: MaxTLSMessageLength is now 16384
[2884] 11:49:52:515: EapPeapBegin done
[2884] 11:49:52:515: EapPeapMakeMessage
[2884] 11:49:52:515: EapPeapCMakeMessage
[2884] 11:49:52:515: PEAP:PEAP_STATE_INITIAL
[2884] 11:49:52:515: EapTlsCMakeMessage
[2884] 11:49:52:515: EapTlsReset
[2884] 11:49:52:515: State change to Initial
[2884] 11:49:52:515: GetCredentials
[2884] 11:49:52:515: Flag is Client and Store is Current User
[2884] 11:49:52:515: GetCachedCredentials
[2884] 11:49:52:515: FreeCachedCredentials
[2884] 11:49:52:515: No Cert Store.  Guest Access requested
[2884] 11:49:52:515: No Cert Name.  Guest access requested
[2884] 11:49:52:515: Will validate server cert
[2884] 11:49:52:515: MakeReplyMessage
[2884] 11:49:52:515: SecurityContextFunction
[2884] 11:49:52:515: InitializeSecurityContext returned 0x90312
[2884] 11:49:52:515: State change to SentHello
[2884] 11:49:52:515: BuildPacket
[2884] 11:49:52:515: << Sending Response (Code: 2) packet: Id: 2, 
Length: 80, Type: 13, TLS blob length: 70. Flags: L
[2884] 11:49:52:515: EapPeapCMakeMessage done
[2884] 11:49:52:515: EapPeapMakeMessage done
[1352] 11:50:22:531: EapPeapEnd
[1352] 11:50:22:531: EapTlsEnd
[1352] 11:50:22:531: EapTlsEnd(test)
[1352] 11:50:22:531: EapPeapEnd done
[1352] 11:50:22:562: EapPeapBegin
[1352] 11:50:22:562: PeapReadConnectionData
[1352] 11:50:22:562: PeapReadUserData
[1352] 11:50:22:562:
[1352] 11:50:22:562: EapTlsBegin(test)
[1352] 11:50:22:562: State change to Initial
[1352] 11:50:22:562: EapTlsBegin: Detected 8021X authentication
[1352] 11:50:22:562: EapTlsBegin: Detected PEAP authentication
[1352] 11:50:22:562: MaxTLSMessageLength is now 16384
[1352] 11:50:22:562: EapPeapBegin done
[1352] 11:50:22:562: EapPeapMakeMessage
[1352] 11:50:22:562: EapPeapCMakeMessage
[1352] 11:50:22:562: PEAP:PEAP_STATE_INITIAL
[1352] 11:50:22:562: EapTlsCMakeMessage
[1352] 11:50:22:562: EapTlsReset
[1352] 11:50:22:562: State change to Initial
[1352] 11:50:22:562: GetCredentials
[1352] 11:50:22:562: Flag is Client and Store is Current User
[1352] 11:50:22:562: GetCachedCredentials
[1352] 11:50:22:562: FreeCachedCredentials
[1352] 11:50:22:562: No Cert Store.  Guest Access requested
[1352] 11:50:22:562: No Cert Name.  Guest access requested
[1352] 11:50:22:562: Will validate server cert
[1352] 11:50:22:562: MakeReplyMessage
[1352] 11:50:22:562: SecurityContextFunction
[1352] 11:50:22:562: InitializeSecurityContext returned 0x90312
[1352] 11:50:22:562: State change to SentHello
[1352] 11:50:22:562: BuildPacket
[1352] 11:50:22:562: << Sending Response (Code: 2) packet: Id: 37, 
Length: 80, Type: 13, TLS blob length: 70. Flags: L
[1352] 11:50:22:562: EapPeapCMakeMessage done
[1352] 11:50:22:562: EapPeapMakeMessage done
[1448] 11:50:52:578: EapPeapEnd
[1448] 11:50:52:578: EapTlsEnd
[1448] 11:50:52:578: EapTlsEnd(test)
[1448] 11:50:52:578: EapPeapEnd done
[1448] 11:51:52:593: PeapReadConnectionData
[1448] 11:51:52:593: PeapReadUserData
[1448] 11:51:52:593: RasEapGetInfo
[1352] 12:02:42:625: PeapReadConnectionData
[1352] 12:02:42:640: PeapReadUserData
[1352] 12:02:42:640: RasEapGetInfo
[1352] 12:02:42:640: PeapReDoUserData
[1352] 12:02:42:640: EapTlsInvokeIdentityUI
[1352] 12:02:42:640: GetCertInfo
[1352] 12:03:42:640: PeapReadConnectionData
[1352] 12:03:42:640: PeapReadUserData
[1352] 12:03:42:640: RasEapGetInfo
[1352] 12:03:42:671: EapPeapBegin
[1352] 12:03:42:671: PeapReadConnectionData
[1352] 12:03:42:671: PeapReadUserData
[1352] 12:03:42:671:
[1352] 12:03:42:671: EapTlsBegin(GHOST\indrajaya)
[1352] 12:03:42:671: State change to Initial
[1352] 12:03:42:671: EapTlsBegin: Detected 8021X authentication
[1352] 12:03:42:671: EapTlsBegin: Detected PEAP authentication
[1352] 12:03:42:671: MaxTLSMessageLength is now 16384
[1352] 12:03:42:671: EapPeapBegin done
[1352] 12:03:42:671: EapPeapMakeMessage
[1352] 12:03:42:671: EapPeapCMakeMessage
[1352] 12:03:42:671: PEAP:PEAP_STATE_INITIAL
[1352] 12:03:42:671: EapTlsCMakeMessage
[1352] 12:03:42:671: EapTlsReset
[1352] 12:03:42:671: State change to Initial
[1352] 12:03:42:671: GetCredentials
[1352] 12:03:42:671: Flag is Client and Store is Current User
[1352] 12:03:42:671: GetCachedCredentials
[1352] 12:03:42:671: FreeCachedCredentials
[1352] 12:03:42:671: No Cert Store.  Guest Access requested
[1352] 12:03:42:671: No Cert Name.  Guest access requested
[1352] 12:03:42:671: Will validate server cert
[1352] 12:03:42:671: MakeReplyMessage
[1352] 12:03:42:671: SecurityContextFunction
[1352] 12:03:42:671: InitializeSecurityContext returned 0x90312
[1352] 12:03:42:671: State change to SentHello
[1352] 12:03:42:671: BuildPacket
[1352] 12:03:42:671: << Sending Response (Code: 2) packet: Id: 3, 
Length: 80, Type: 13, TLS blob length: 70. Flags: L
[1352] 12:03:42:671: EapPeapCMakeMessage done
[1352] 12:03:42:671: EapPeapMakeMessage done
[2004] 12:04:12:687: EapPeapEnd
[2004] 12:04:12:687: EapTlsEnd
[2004] 12:04:12:687: EapTlsEnd(ghost\indrajaya)
[2004] 12:04:12:687: EapPeapEnd done
[2004] 12:04:42:734: EapPeapBegin
[2004] 12:04:42:734: PeapReadConnectionData
[2004] 12:04:42:734: PeapReadUserData

/Regards,
Indrajaya Pitra Perdana/

On 12/15/2011 6:04 PM, Heikki Vatiainen wrote:
> On 12/15/2011 06:18 AM, Indrajaya Pitra Perdana wrote:
>
>> The problem still persist even i created my own certificate using the
>> steps in mkcertificate.sh goodies , my windows didn't respon to the eap
>> challenge sent by Radiator, do u have any clue on this? or perhaps the
>> problem is within my 2950 catalyst ? thanks :-)
> You could try enabling debug for EAP authentication on the switch to see
> how it reacts to EAP messages.
>
> Meanwhile you could also try running wireshark on Windows to see if the
> challenge with the certificate is sent by the switch to the XP box.
>
> One thing you could try first is to use even lower value for
> EAPTLS_MaxFragmentSize
>
> The messages before certifcate are much smaller and so this challenge
> would be the first that can reach the maximum size.
>
> Thanks!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20111216/d207f826/attachment.html 


More information about the radiator mailing list