[RADIATOR] Issue with TTLS-EAP-MSCHAPv2 and EAPAnonymous

Johnson, Neil M neil-johnson at uiowa.edu
Thu May 2 14:52:36 CDT 2013 

I'm trying to get TTLS-EAP-MSCHAPv2 working.

I've found that if I  have EAPAnonymous set to %0, It does not work. Here is the portion of the debug log:

Wed May  1 13:19:24 2013 756457: DEBUG: Handling request with Handler 'OSC-Client-Identifier=fromUIOWA, Called-Station-Id=/eduroam$/i, TunnelledByTTLS=1, Realm=/(?:(uiowa\.edu$)|^$)/i', Identifier ''
Wed May  1 13:19:24 2013 757588: DEBUG:  Deleting session for , 127.0.0.1,
Wed May  1 13:19:24 2013 758469: DEBUG: Handling with Radius::AuthLSA: authUIOWAUser
Wed May  1 13:19:24 2013 759515: DEBUG: Handling with EAP: code 2, 1, 79, 26
Wed May  1 13:19:24 2013 760346: DEBUG: Response type 26
Wed May  1 13:19:24 2013 761270: DEBUG: Radius::AuthLSA looks for match with wlantest02 []
Wed May  1 13:19:24 2013 762983: DEBUG: Checking LSA Group membership for \\IOWADC5, ITS-WIRELESS-FLAT,
Wed May  1 13:19:24 2013 816747: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA User is not a member of any Group: wlantest02 []
Wed May  1 13:19:24 2013 817912: DEBUG: EAP Failure, elapsed time 0.108989
Wed May  1 13:19:24 2013 818991: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user wlantest02
Wed May  1 13:19:24 2013 819841: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP V2 failed: no such user wlantest02
Wed May  1 13:19:24 2013 820661: DEBUG: Handling with Radius::AuthLSA: authUIOWAUser_Quarantine
Wed May  1 13:19:24 2013 821585: DEBUG: Handling with EAP: code 2, 1, 79, 26
Wed May  1 13:19:24 2013 822393: DEBUG: Response type 26
Wed May  1 13:19:24 2013 823548: DEBUG: Radius::AuthLSA looks for match with wlantest02 []
Wed May  1 13:19:24 2013 825252: DEBUG: Checking LSA Group membership for \\IOWADC5, ITS-WIRELESS-QUARANTINE,
Wed May  1 13:19:24 2013 881270: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA User is not a member of any Group: wlantest02 []
Wed May  1 13:19:24 2013 882439: DEBUG: EAP Failure, elapsed time 0.173511
Wed May  1 13:19:24 2013 883404: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user wlantest02
Wed May  1 13:19:24 2013 884290: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP V2 failed: no such user wlantest02
Wed May  1 13:19:24 2013 885160: DEBUG: Handling with Radius::AuthFILE: authEduroam_test_users
Wed May  1 13:19:24 2013 886057: DEBUG: Handling with EAP: code 2, 1, 79, 26
Wed May  1 13:19:24 2013 886898: DEBUG: Response type 26
Wed May  1 13:19:24 2013 888123: DEBUG: Radius::AuthFILE looks for match with wlantest02 at uiowa.edu []
Wed May  1 13:19:24 2013 888906: DEBUG: Radius::AuthFILE REJECT: No such user: wlantest02 at uiowa.edu []
Wed May  1 13:19:24 2013 890074: DEBUG: EAP Failure, elapsed time 0.181156
Wed May  1 13:19:24 2013 890958: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user wlantest02 at uiowa.edu
Wed May  1 13:19:24 2013 892064: DEBUG: AuthBy FILE result: REJECT, EAP MSCHAP V2 failed: no such user wlantest02 at uiowa.edu
Wed May  1 13:19:24 2013 892975: INFO: Access rejected for : EAP MSCHAP V2 failed: no such user wlantest02 at uiowa.edu
Wed May  1 13:19:24 2013 895315: DEBUG: Returned TTLS tunnelled Diameter Packet dump:

If I set EAPAnonymous to %{User-Name}, it works.

Wed May  1 15:04:44 2013 713905: DEBUG: Handling request with Handler 'OSC-Client-Identifier=fromEduroam, TunnelledByTTLS=1, Realm=/(?:(uiowa\.edu$)|^$)/i ', Identifier ''
Wed May  1 15:04:44 2013 715031: DEBUG:  Deleting session for wlantest02 at uiowa.edu, 127.0.0.1,
Wed May  1 15:04:44 2013 715946: DEBUG: Handling with Radius::AuthLSA: authUIOWAUser
Wed May  1 15:04:44 2013 717002: DEBUG: Handling with EAP: code 2, 1, 79, 26
Wed May  1 15:04:44 2013 717824: DEBUG: Response type 26
Wed May  1 15:04:44 2013 718768: DEBUG: Radius::AuthLSA looks for match with wlantest02 [wlantest02 at uiowa.edu]
Wed May  1 15:04:44 2013 720650: DEBUG: Checking LSA Group membership for \\IOWADC5, ITS-WIRELESS-FLAT, wlantest02
Wed May  1 15:04:44 2013 744119: DEBUG: Radius::AuthLSA ACCEPT: : wlantest02 [wlantest02 at uiowa.edu]
Wed May  1 15:04:44 2013 751725: DEBUG: EAP result: 3, EAP MSCHAP V2 Challenge: Success
Wed May  1 15:04:44 2013 752731: DEBUG: AuthBy LSA result: CHALLENGE, EAP MSCHAP V2 Challenge: Success
Wed May  1 15:04:44 2013 753632: DEBUG: Access challenged for wlantest02 at uiowa.edu: EAP MSCHAP V2 Challenge: Success
Wed May  1 15:04:44 2013 755200: DEBUG: Returned TTLS tunnelled Diameter Packet dump:
Code:       Access-Challenge

The only difference I see is that the username is in the [] field is empty when EAPAnonymous %0 is set and is [wlantest02 at uiowa.edu] when EAPAnonymous is set to %{User-Name}.

Is this expected behavior, or a bug ?

Thanks.
-Neil

--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-johnson at uiowa.edu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20130502/68379d58/attachment.html

More information about the radiator mailing list