[RADIATOR] radiator never gets to the 2nd authentication phase in PEAP - MSCHAPv2

Hugh Irvine hugh at open.com.au
Mon Feb 1 03:46:54 CST 2016 

Indeed - the old adage is very true:

	“Just because a packet can get somewhere does not mean that the reply can get back….”

regards

Hugh


> On 1 Feb 2016, at 20:39, Hugo Veiga <hveiga at ubi.pt> wrote:
> 
> Hi,
> 
> Heikki I bow to you. :)
> 
> So the problem was this:
> (Topology)
> Radiator Machine/ IP: 10.253.1.12/24 --------------Router--------------wireless switch/IP:10.240.1.1/24 
> - The radiator machine receives requests from wireless switch.
> - Wireless switch never receives the answer.
> :: So Radiator machine is a virtual machine and installed by a colleague of mine (system admin) that inserted the mask 255.0.0.0 in the network mask. Radiator machine with the supplied mask will try to contact 10.240.1.1 through arp discovery and will never find it because it's on a different broadcast domain. The solution was obvious, insert the correct netmask and it started to work perfectly.
> 
> Problem solved.
> Many thanks Heikki,
> Hugo Veiga
> 
> 
> 
> >
>  Code:       Access-Request
> 
> >
>  Identifier: 180
> 
> >
>  Authentic:  <139><3>(<143><10><139>N<158><F<172><194><163><168><135>O
> 
> 
> Radiator notices this and retransmits its previous reply
> 
> >
>  Tue Jan 26 15:54:57 2016: INFO: Duplicate request id 180 received from
> 
> >
>  10.240.1.1(20004): retransmit reply
> 
> >
>  Tue Jan 26 15:54:57 2016: DEBUG: Packet dump:
> 
> >
>  *** Sending to 10.240.1.1 port 20004 ....
> 
> 
> There are multiple retransmits back and forth and the authentication
> does not proceed.
> 
> I would check the Wi-Fi controller logs and make sure it is receiving
> 
> the responses from Radiator.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list