> -----Original Message-----
> From: Dudley Atkinson [mailto:[EMAIL PROTECTED]
> Sent: Friday, January 28, 2005 1:57 PM
> To: 'freeradius-users@lists.freeradius.org'
> Subject: RE: FW: Testing PEAP with cisco WLSE
>
>
> > "Dudley Atkinson" <[EMAIL PROTECTED]> wrote:
> > > The User-Name = "PEAP-ABBAABBAABBA" is generated by the
> Cisco WLSE,
> > > and isn't a valid name - perhaps I need to work around
> this somehow?
> >
> > If it's only used for testing, list it in the "users" file.
> >
> > > I've read the docs but can't interpret what I'm seeing.
> How is the
> > > EAP-Message broken down to show the actual username and
> > password being
> > > sent by the client?
> >
> > It doesn't matter. The name is sent in the User-Name attribute.
> >
> > > Is the User-Name = "PEAP-ABBAABBAABBA" needed to start the
> > EAP decode?
> >
> > No.
> >
> > > Do I have to have a dummy "PEAP-ABBAABBAABBA" user to make
> > things go?
> >
> > Yes, if you want the test authentication to proceed.
> >
> > Alan DeKok.
> >
> >
>
Alan, I'm not sure which way to look for this answer - WLSE or FreeRadius
(although I suspect it is the WLSE).
So with more debug, the following is come to light:
It looks like freeradius sends the "State" variable in the access-challenge,
and it comes back from the Cisco WLSE with an extra four "0" on the end. Is
that sufficient to cause the rlm_eap errors that make the eap fail?
Is the state being sent from freeradius the right length? Is the state
returned from the WLSE supposed to be identical? What can possibly be done
to reconcile this?
thanks!
-atkinson
----------------------------------------------------------------------------
--------------------
Sending Access-Challenge of id 1 to 10.0.1.5:32790
Service-Type = Framed-User
Cisco-AVPair = "ssid=eap-client"
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x262b4d3ce001254e67f4ca3e7d4e26ef
Fri Jan 28 22:35:34 2005 : Debug: Finished request 0
Fri Jan 28 22:35:34 2005 : Debug: Going to the next request
Fri Jan 28 22:35:34 2005 : Debug: --- Walking the entire request list ---
Fri Jan 28 22:35:34 2005 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.5:32790, id=1, length=204
User-Name = "PEAP-ABBAABBAABBA"
NAS-IP-Address = 10.0.1.5
Called-Station-Id = "ABBAABBAABBA"
Calling-Station-Id = "ABBAABBAABBA"
NAS-Identifier = "171.69.75.9"
NAS-Port = 29
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x262b4d3ce001254e67f4ca3e7d4e26ef0000
EAP-Message =
0x0200003c198100000032160301002d01000029030141fb048ad41c8bda316fcf49a8f6ec2f
768cfaf8814cfb9dbcfb7f20eae804a800000200040100
Message-Authenticator = 0xc1dadaa86b62aace345a49bdb35728f5
.
.
.
.
Fri Jan 28 22:35:34 2005 : Error: rlm_eap: Either EAP-request timed out OR
EAP-response to an unknown EAP-request
Fri Jan 28 22:35:34 2005 : Debug: rlm_eap: Failed in handler
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
