[RADIATOR] Protected EAP authentication failed

Heikki Vatiainen hvn at open.com.au
Mon Jul 18 02:23:44 CDT 2011


On 07/15/2011 04:42 PM, Fabio Ciampi wrote:

Hello Fabio,

>> This is the inner EAP-MSCHAP-V2 Challenge from the client. Was the line
>> perhaps cut when pasting it to email?
>>
> You're right. I'm sorry but the last part of the line got lost during
> the copy and paste.

Thanks for the update. The attribute contents look correct now.

I was wondering why it does still not get the identity, and took a
better look at the code. The identity with EAP protocols is actually
taken from EAP message that has type Identity (1).

For example the first EAP tunnelled request has this when testing with
eapol_test:

        EAP-Message = <2><5><0><4><1>hvn

0x2 = Code (Response)
0x5 = Identifier
0x0004 = Lenght
0x1 = Type (Identity)
hvn = Type-Data

So you should check the logs to see if the client sends or gets prompted
and then sends its identity with a message like above.

> Anyway it seems to be a client problem.

Hmm, I think I have used Ubuntu 10.04 successfully with PEAP. But the
log should show what happens.


> I have a quite old radiator version (v-4.3.1). Do you think that an
> update can be useful for this problem or, in your opinion, this is
> related to an
> ubuntu 10.04 misbehaviour?

It might be a good idea to update to get access to all fixes and
enhancements, but I think it should work correctly with 4.3.1.

Thanks!

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list