[RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2

Heikki Vatiainen hvn at open.com.au
Mon Apr 9 15:26:08 CDT 2012 

On 04/06/2012 03:55 PM, Sudhir Harwalkar wrote:

> Please find the attached new log file, users file and config file, because with same username and password EAP-FAST GTC has worked fine, but for MSCHAPv2 it shows an error.

Looks like there might be a problem with PAC provision. In other words,
you should check your client and see if the PAC provision has worked.

I suggest you try turning on support for "Server-Authenticated Tunneled
Authentication" (see RFC 5422) and see if the PAC provisioning works.
This is what I tried when I tested this.

Thanks!
Heikki


> Regards
> Sudhir H
> 
> -----Original Message-----
> From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Heikki Vatiainen
> Sent: Friday, April 06, 2012 4:55 PM
> To: radiator at open.com.au
> Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2
> 
> On 04/06/2012 10:07 AM, Sudhir Harwalkar wrote:
> 
>> I tried EAP-FAST with GTC as an inner authentication its working fine, but for MSCHAPv2 I saw message in log file that rejected.
> 
> The log file you sent previously shows that the user (sudhir) was found from the users file. MSCHAPv2 then failed which indicates the password was incorrect or your client calculated EAP-MSCHAPv2 credentials incorrectly. I would check the password first to see it was correctly entered.
> 
> Heikki
> 
> 
>> Regards
>> Sudhir H
>>
>> -----Original Message-----
>> From: radiator-bounces at open.com.au
>> [mailto:radiator-bounces at open.com.au] On Behalf Of Sudhir Harwalkar
>> Sent: Friday, April 06, 2012 11:20 AM
>> To: radiator at open.com.au
>> Subject: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2
>>
>>
>> Hi Heikki,
>>
>> When I run the EAP-FAST I seen rejected message in the  log file  is it due do log file config.
>> Please find the attached log file.
>>
>> Thanks
>> Sudhir H
>>
>> -----Original Message-----
>> From: radiator-bounces at open.com.au
>> [mailto:radiator-bounces at open.com.au] On Behalf Of Heikki Vatiainen
>> Sent: Thursday, April 05, 2012 4:50 PM
>> To: radiator at open.com.au
>> Subject: Re: [RADIATOR] RADIATOR: EAP-FAST-MSCHAPv2
>>
>> On 04/05/2012 10:15 AM, Sudhir Harwalkar wrote:
>>
>> Hello Sudhir,
>>
>>> As I am verifying EAP-FAST which uses inner authentication as
>>> MSCHAPv2, for this our device requires any certificates like client certificates?
>>>
>>> I red that it requires PAC  means pac key should match from both
>>> sides like radius sever and our device?
>>
>> If the client does not send its PAC, Radiator will try to allocate one to it. Then client is then disconnected. Next time when the client tries to authenticate, it will have a PAC and the authentication should then proceed. By default Radiator keeps the PACs in memory with the other option being SQL. So do not restart Radiator unless you want to clear the PAC.
>>
>> Thanks!
>> Heikki
>>
>>
>> --
>> Heikki Vatiainen <hvn at open.com.au>
>>
>> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>> Larsen & Toubro Limited
>>
>> www.larsentoubro.com
>>
>> This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.
>>
>>
>> Larsen & Toubro Limited
>>
>> www.larsentoubro.com
>>
>> This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> --
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> Larsen & Toubro Limited
> 
> www.larsentoubro.com
> 
> This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list