> -----Original Message----- > From: Dudley Atkinson [mailto:[EMAIL PROTECTED] > Sent: Friday, January 28, 2005 1:57 PM > To: 'freeradius-users@lists.freeradius.org' > Subject: RE: FW: Testing PEAP with cisco WLSE > > > > "Dudley Atkinson" <[EMAIL PROTECTED]> wrote: > > > The User-Name = "PEAP-ABBAABBAABBA" is generated by the > Cisco WLSE, > > > and isn't a valid name - perhaps I need to work around > this somehow? > > > > If it's only used for testing, list it in the "users" file. > > > > > I've read the docs but can't interpret what I'm seeing. > How is the > > > EAP-Message broken down to show the actual username and > > password being > > > sent by the client? > > > > It doesn't matter. The name is sent in the User-Name attribute. > > > > > Is the User-Name = "PEAP-ABBAABBAABBA" needed to start the > > EAP decode? > > > > No. > > > > > Do I have to have a dummy "PEAP-ABBAABBAABBA" user to make > > things go? > > > > Yes, if you want the test authentication to proceed. > > > > Alan DeKok. > > > > >
Alan, I'm not sure which way to look for this answer - WLSE or FreeRadius (although I suspect it is the WLSE). So with more debug, the following is come to light: It looks like freeradius sends the "State" variable in the access-challenge, and it comes back from the Cisco WLSE with an extra four "0" on the end. Is that sufficient to cause the rlm_eap errors that make the eap fail? Is the state being sent from freeradius the right length? Is the state returned from the WLSE supposed to be identical? What can possibly be done to reconcile this? thanks! -atkinson ---------------------------------------------------------------------------- -------------------- Sending Access-Challenge of id 1 to 10.0.1.5:32790 Service-Type = Framed-User Cisco-AVPair = "ssid=eap-client" EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x262b4d3ce001254e67f4ca3e7d4e26ef Fri Jan 28 22:35:34 2005 : Debug: Finished request 0 Fri Jan 28 22:35:34 2005 : Debug: Going to the next request Fri Jan 28 22:35:34 2005 : Debug: --- Walking the entire request list --- Fri Jan 28 22:35:34 2005 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.5:32790, id=1, length=204 User-Name = "PEAP-ABBAABBAABBA" NAS-IP-Address = 10.0.1.5 Called-Station-Id = "ABBAABBAABBA" Calling-Station-Id = "ABBAABBAABBA" NAS-Identifier = "171.69.75.9" NAS-Port = 29 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x262b4d3ce001254e67f4ca3e7d4e26ef0000 EAP-Message = 0x0200003c198100000032160301002d01000029030141fb048ad41c8bda316fcf49a8f6ec2f 768cfaf8814cfb9dbcfb7f20eae804a800000200040100 Message-Authenticator = 0xc1dadaa86b62aace345a49bdb35728f5 . . . . Fri Jan 28 22:35:34 2005 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request Fri Jan 28 22:35:34 2005 : Debug: rlm_eap: Failed in handler - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html