[RADIATOR] radiator never gets to the 2nd authentication phase in PEAP - MSCHAPv2

Hugo Veiga hveiga at ubi.pt
Wed Jan 27 04:58:09 CST 2016


Hi,

I'm sorry Heikki I don't know why but I didn't receive your email (but a
friend of mine in this list as sent me yesterday).

So this is what I've tested/checked so far:

1 - Perl modules: In this list are the ones mentioned in the goodies file
for PEAP/MSCHAPv2 (# Requires Net_SSLeay.pm-1.21 or later; # Requires
openssl 0.9.7beta3 or later from www.openssl.org; # Requires Digest-HMAC; #
Requires Digest-SHA)

[root at radius02 radiator]# rpm -qa | grep perl
perl-Scalar-List-Utils-1.42-3.fc23.x86_64
perl-threads-2.02-2.fc23.x86_64
perl-ExtUtils-ParseXS-3.30-1.fc23.noarch
perl-IO-Socket-IP-0.37-347.fc23.noarch
perl-XML-Filter-BufferText-1.01-23.fc23.noarch
perl-Compress-Raw-Bzip2-2.068-347.fc23.x86_64
perl-IO-Socket-SSL-2.019-1.fc23.noarch
perl-GSSAPI-0.28-15.fc23.x86_64
perl-Perl-OSType-1.008-347.fc23.noarch
perl-Params-Check-0.38-346.fc23.noarch
perl-MRO-Compat-0.12-9.fc23.noarch
perl-Getopt-Long-2.48-1.fc23.noarch
perl-Algorithm-Diff-1.1903-3.fc23.noarch
perl-Devel-Size-0.80-3.fc23.x86_64
perl-Error-0.17024-4.fc23.noarch
perl-Pod-Perldoc-3.25-347.fc23.noarch
perl-Exporter-5.72-347.fc23.noarch
perl-WWW-Curl-4.17-6.fc23.x86_64
perl-Data-Dumper-2.158-347.fc23.x86_64
perl-version-0.99.12-4.fc23.x86_64
perl-Digest-SHA-5.95-347.fc23.x86_64
perl-Encode-Locale-1.05-3.fc23.noarch
perl-Business-ISBN-2.09-7.fc23.noarch
perl-XML-NamespaceSupport-1.11-16.fc23.noarch
perl-HTML-Parser-3.71-11.fc23.x86_64
perl-Sub-Install-0.928-6.fc23.noarch
perl-Compress-Bzip2-2.24-1.fc23.x86_64
perl-CPAN-Meta-YAML-0.016-4.fc23.noarch
perl-Time-HiRes-1.9728-1.fc23.x86_64
perl-File-Which-1.18-5.fc23.noarch
perl-Digest-SHA1-2.13-15.fc23.x86_64
perl-Time-Local-1.2300-346.fc23.noarch
perl-Pod-Escapes-1.07-348.fc23.noarch
perl-File-Path-2.09-347.fc23.noarch
perl-Module-CoreList-5.20160120-1.fc23.noarch
perl-Storable-2.53-346.fc23.x86_64
perl-Module-Pluggable-5.10-6.fc23.noarch
perl-File-Temp-0.23.04-346.fc23.noarch
perl-Pod-Simple-3.31-1.fc23.noarch
perl-DBI-1.633-6.fc23.x86_64
perl-ExtUtils-Manifest-1.70-346.fc23.noarch
perl-ExtUtils-Install-2.04-347.fc23.noarch
perl-libs-5.22.1-350.fc23.x86_64
perl-XML-SAX-Base-1.08-14.fc23.noarch
perl-Digest-HMAC-1.03-11.fc23.noarch
perl-Text-Unidecode-1.27-1.fc23.noarch
perl-URI-1.69-1.fc23.noarch
perl-TimeDate-2.30-7.fc23.noarch
perl-XML-SAX-Writer-0.53-9.fc23.noarch
perl-IO-HTML-1.001-4.fc23.noarch
perl-HTTP-Cookies-6.01-11.fc23.noarch
perl-JSON-2.90-5.fc23.noarch
perl-Params-Util-1.07-13.fc23.x86_64
perl-CPAN-Meta-Requirements-2.133-4.fc23.noarch
perl-Locale-Maketext-1.26-347.fc23.noarch
perl-IPC-Cmd-0.92-346.fc23.noarch
perl-Package-Generator-1.106-5.fc23.noarch
perl-Text-Template-1.46-3.fc23.noarch
perl-macros-5.22.1-350.fc23.x86_64
perl-Parse-CPAN-Meta-1.4417-2.fc23.noarch
perl-Socket-2.021-1.fc23.x86_64
perl-Archive-Tar-2.04-347.fc23.noarch
perl-File-HomeDir-1.00-10.fc23.noarch
perl-CPAN-2.11-348.fc23.noarch
perl-common-sense-3.7.4-1.fc23.x86_64
perl-Curses-1.33-1.fc23.x86_64
perl-HTTP-Tiny-0.056-3.fc23.noarch
perl-Text-ParseWords-3.30-346.fc23.noarch
perl-constant-1.33-347.fc23.noarch
perl-YAML-1.15-4.fc23.noarch
perl-Text-Tabs+Wrap-2013.0523-346.fc23.noarch
perl-parent-0.234-3.fc23.noarch
perl-DBD-MySQL-4.033-1.fc23.x86_64
perl-ExtUtils-Command-1.20-346.fc23.noarch
perl-ExtUtils-MakeMaker-7.04-347.fc23.noarch
perl-Digest-MD5-2.54-346.fc23.x86_64
perl-LWP-MediaTypes-6.02-8.fc23.noarch
perl-NTLM-1.09-11.fc23.noarch
perl-Text-Soundex-3.04-296.fc23.x86_64
perl-WWW-RobotRules-6.02-12.fc23.noarch
perl-HTTP-Date-6.02-12.fc23.noarch
perl-Net-SSLeay-1.71-1.fc23.x86_64
perl-HTTP-Message-6.11-1.fc23.noarch
perl-libwww-perl-6.15-1.fc23.noarch
perl-Convert-ASN1-0.27-4.fc23.noarch
perl-Module-Load-0.32-346.fc23.noarch
perl-Data-OptList-0.109-6.fc23.noarch
perl-Locale-Maketext-Simple-0.21-350.fc23.noarch
perl-ExtUtils-CBuilder-0.280224-1.fc23.noarch
perl-Sub-Exporter-0.987-6.fc23.noarch
perl-Software-License-0.103010-5.fc23.noarch
perl-PathTools-3.62-1.fc23.x86_64
perl-CPAN-Meta-2.150005-2.fc23.noarch
perl-5.22.1-350.fc23.x86_64
perl-inc-latest-0.500-3.fc23.noarch
perl-Text-Glob-0.09-13.fc23.noarch
perl-Crypt-SSLeay-0.72-7.fc23.x86_64
perl-BDB-1.91-3.fc23.x86_64
perl-Glib-1.313-1.fc23.x86_64
perl-Term-Cap-1.17-1.fc23.noarch
perl-MIME-Base64-3.15-348.fc23.x86_64
perl-Pod-Usage-1.67-3.fc23.noarch
openssl-perl-1.0.2e-3.fc23.x86_64
perl-Test-Harness-3.36-1.fc23.noarch
perl-Digest-1.17-346.fc23.noarch
perl-libnet-3.08-1.fc23.noarch
perl-Business-ISBN-Data-20140910.002-3.fc23.noarch
perl-File-Listing-6.04-11.fc23.noarch
perl-HTTP-Negotiate-6.01-11.fc23.noarch
perl-LDAP-0.65-3.fc23.noarch
perl-IO-Zlib-1.10-350.fc23.noarch
perl-local-lib-2.000018-1.fc23.noarch
perl-JSON-PP-2.27300-347.fc23.noarch
perl-Unicode-Normalize-1.24-1.fc23.x86_64
perl-Module-Build-0.42.14-2.fc23.noarch
perl-Digest-MD4-1.9-8.fc23.x86_64
perl-Net-LibIDN-0.12-22.fc23.x86_64
perl-Term-ANSIColor-4.03-346.fc23.noarch
perl-Encode-2.78-2.fc23.x86_64
perl-threads-shared-1.48-346.fc23.x86_64
perl-Math-BigInt-1.9997-350.fc23.noarch
perl-devel-5.22.1-350.fc23.x86_64
perl-Compress-Raw-Zlib-2.068-347.fc23.x86_64
perl-HTML-Tagset-3.20-24.fc23.noarch
perl-IO-Compress-2.068-347.fc23.noarch
perl-Net-HTTP-6.09-3.fc23.noarch
perl-Authen-SASL-2.16-6.fc23.noarch
perl-Module-Metadata-1.000027-3.fc23.noarch
perl-Module-Load-Conditional-0.64-346.fc23.noarch
perl-Data-Section-0.200006-5.fc23.noarch
perl-Carp-1.38-1.fc23.noarch
perl-Text-Diff-1.43-1.fc23.noarch
perl-Archive-Zip-1.49-1.fc23.noarch
perl-XML-Parser-2.44-3.fc23.x86_64
perl-podlators-2.5.3-347.fc23.noarch

2- I adapted the goodies file eap_peap.cfg, with small adjusts and tried a
AuthBy FILE, with the same result gets stuck and never enters the inner
handler.

3- Tried different OS as clients (windows 10 and android) with the same
result gets stuck and never enters the inner handler.

4- Tried different certificates that were previously tested in the
production environment (version radiator-4.9) with the same result gets
stuck and never enters the inner handler.


 I'm really getting out of ideas and can't figure out what is wrong with
this. By the way the OS of the server is fedora core 23, with all upgrades
and I installed Radiator 4.16 from rpm file.


Best regards,
Hugo Veiga


2016-01-26 15:40 GMT+00:00 Christian Kratzer <ck-lists at cksoft.de>:

> Hi,
>
> On Tue, 26 Jan 2016, Hugo Veiga wrote:
>
> In my original message I have by mistake a AuthBy INTERNAL in the outter
>> authentication it's actually a AuthBy SQL clause.
>>
>
> which is exactly why I made you test your 4.9 case.
>
>
> AuthBy SQL supports EAP.
> AuthBy FILE also supports EAP.
>
> and as Heikki said before: AuthBy INTERNAL does not.
>
>>
>>
>> This is trace from radiator 4.9.
>>
>> Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
>> 'Realm=/^convidado$/i', Identifier ''
>> Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745 at convidado,
>> 10.240.1.1, 54482
>> Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
>> SQLAccounting
>> Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: IGNORE, Ignored due to
>> IgnoreAuthentication
>> Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
>> PEAP_CONVIDADO
>> Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
>> PEAP_CONVIDADO
>>
>
> this is proof that the first packet is going into an AuthSQL.  In your
> 4.16 example it was going into your AuthBy INTERNAL handler.
>
> Your old configuration should from 4.9 should run on 4.16.  Just do not
> put swap your AuthBy FILE or AuthBy SQL  for an  AuthBy INTERNAL.
>
> Greetings
> Christian
>
> --
> Christian Kratzer                   CK Software GmbH
> Email:   ck at cksoft.de               Wildberger Weg 24/2
> Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
> Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
> Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
> Web:     http://www.cksoft.de/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20160127/afe66fa6/attachment-0001.html 


More information about the radiator mailing list