[RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2

Sudhir Harwalkar Sudhir.Harwalkar at lnties.com
Mon Apr 16 00:25:08 CDT 2012 

Hi,

When radius server gets restart, our device sending same PAC details, it should authenticate right?
 because for the radius server it's the new key when it get restart, it has to authenticate if radius server is not remembering the previous keys info , please correct me if I have Understood wrong.

Thanks
Sudhir H

-----Original Message-----
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Heikki Vatiainen
Sent: Friday, April 13, 2012 6:00 PM
To: radiator at open.com.au
Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2

On 04/12/2012 04:14 PM, Sudhir Harwalkar wrote:

> 1. Whenever I flash the new code to the device it's generating new PAC key at that time it's getting authenticate with the server,
>      If PACs are gone after a restart, but our device generating the same and send to the server so it should authenticate, why that's not happening here.

If the server has lost its PACs, the client PAC are useless. It is the server that decides if the PAC is valid. If the server refuses the PAC client sends, then a new PAC needs to be provisioned to the client. That is my take to how this should work.

> 2. For EAP-TLS I took CA Certificate from C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem is these are the correct files that I am using.

Yes. See goodies/eap_tls.cfg for an example of EAP-TLS configuration.

Heikki


> Sudhir H
>
> -----Original Message-----
> From: Heikki Vatiainen [mailto:hvn at open.com.au]
> Sent: Thursday, April 12, 2012 2:52 PM
> To: Sudhir Harwalkar
> Subject: Re: FW: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2
>
> On 04/12/2012 09:25 AM, Sudhir Harwalkar wrote:
>
>> Thanks for helping me Heikki, when I flash the new code, then start the radius server it's working fine after that I restarted the radius server and power on the device then it's not authenticated.
>> Again I flash the code and verified working fine.
>
> Ok. Good to hear it works.
>
>> Problem arises only if I restart the radius server.
>> This should not happen right.
>
> By default Radiator keeps PACs in memory and they are gone after a restart. There is a possibility to keep them in SQL so that they survive across reboots.
>
> Heikki
>
>
>
>
> Larsen & Toubro Limited
>
> www.larsentoubro.com
>
> This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator


Larsen & Toubro Limited

www.larsentoubro.com

This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.

More information about the radiator mailing list