HelloJerome, My experience with this type of behaviour is that the real cause of the actually occurred long before. What happens is that Radiator declines to reply to a request for some reason, and then you see a number of retransmissions.
We will need to see _all_ of the Radiator log file from the start of the authentication attempt until the end. I think then we will see why Radaitor is not repsonding to the clients requests. Cheers. On Mon, 23 Jun 2003 10:22 pm, Jerome Fleury wrote: > --On Friday, June 20, 2003 10:10:46 AM +1000 Hugh Irvine <[EMAIL PROTECTED]> wrote: > > Salut Jerome - > > > > It looks like Radiator is crashing if the log stops as shown. You will > > need to look at the Perl output to see what the error is, but it is > > usually a missing module that has not been loaded. The easiest way to see > > what is happening is to run radiusd from the command line like this: > > > > perl radiusd -foreground -log_stdout -trace 4 -config_file ..... > > > > where "...." is the name of your configuration file. > > Thanks for help Hugh. > > I tried this, but the server is not crashing. It just stops processing. > Added some debug in the EAP_25.pm code and got this: > > Mon Jun 23 14:04:09 2003: DEBUG: Handling request with Handler '' > Mon Jun 23 14:04:09 2003: DEBUG: Deleting session for testUser, > 172.30.24.10, 78 Mon Jun 23 14:04:09 2003: DEBUG: Handling with > Radius::AuthFILE: > Mon Jun 23 14:04:09 2003: DEBUG: Handling with EAP: code 2, 2, 94 > Mon Jun 23 14:04:09 2003: DEBUG: Response type 25 > Mon Jun 23 14:04:09 2003: DEBUG: jeje - else2 > Mon Jun 23 14:04:09 2003: DEBUG: jeje - 25, PEAP > Mon Jun 23 14:04:09 2003: DEBUG: EAP TLS SSL_accept result: -1, 2, 8465 > Mon Jun 23 14:04:09 2003: ERR: jeje - want read > Mon Jun 23 14:04:09 2003: ERR: EAP TLS error: -1, 2, 8465, > Mon Jun 23 14:04:09 2003: DEBUG: Access challenged for testUser: EAP PEAP > Challenge Mon Jun 23 14:04:09 2003: DEBUG: Packet dump: > *** Sending to 172.30.24.10 port 1645 .... > Code: Access-Challenge > Identifier: 215 > Authentic: NW<237>T?<254>DT<202><146><22>|z<4><219><161> > Attributes: > EAP-Message = "<4><2><0><4>" > Signature = "<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>" > EAP-Message = "<1><3><0><6><25><0>" > > > It seems like I'm stuck in the ERROR_WANT_READ block code, which does > nothing, and this does this all the time, wether I'm doing EAP-TTLS or > EAP-PEAP. It looks definitely like a Radiator/SSL issue, but I'm stuck by > this lack of information. > First I guessed it was my version of OpenSSL (it was 0.9.6c), but after > upgrading to the most recent one, I still have this problem. > > I'm looking forward to any suggestion one could have. > > > Note the list of prerequisite modules that are listed in the comment > > block at the top of the "eap_peap.cfg" file. > > > > regards > > > > Hugh > > > > On Thursday, Jun 19, 2003, at 23:49 Australia/Melbourne, Jerome Fleury wrote: > >> Here is the test config: > >> > >> Client: Cisco Aironet/Orinoco > >> 802.1X client: 2000+hotfix/Funk Odyssey > >> AP: Cisco Aironet 1100 > >> > >> I use the test config from goodies/eap_peap.cfg with this modification: > >> > >> Filename %D/users-wifi > >> > >> (is there any special entry to put in this file ? anonymous user ?) > >> > >> As soon as I enter my credentials (802.1X identification window from > >> Windows 2000 appears), the > >> radius request launches from the AP: > >> > >> .Jun 19 13:42:01.250: dot11_dot1x_run_rfsm: current state CLIENT_WAIT, > >> received CLIENT_REPLY, > >> mac: 0060.1df0.3503 > >> .Jun 19 13:42:01.250: dot11_dot1x_send_response_to_server: Sending > >> client data to server > >> .Jun 19 13:42:01.251: RADIUS/ENCODE(00003489): acct_session_id: 13473 > >> .Jun 19 13:42:01.251: RADIUS(00003489): sending > >> .Jun 19 13:42:01.252: RADIUS: Send to unknown id 44 172.30.19.3:1812, > >> Access-Request, len 128 > >> .Jun 19 13:42:01.252: RADIUS: authenticator 52 44 49 1C E4 86 B3 78 - > >> E9 F8 87 6C B1 59 CA FF > >> .Jun 19 13:42:01.252: RADIUS: User-Name [1] 5 "ben" > >> .Jun 19 13:42:01.252: RADIUS: Framed-MTU [12] 6 1400 > >> .Jun 19 13:42:01.252: RADIUS: Called-Station-Id [30] 16 > >> "0002.8a5b.400f" > >> .Jun 19 13:42:01.252: RADIUS: Calling-Station-Id [31] 16 > >> "0060.1df0.3503" > >> .Jun 19 13:42:01.252: RADIUS: NAS-Port-Type [61] 6 802.11 > >> wireless [19] > >> .Jun 19 13:42:01.252: RADIUS: Message-Authenticato[80] 18 * > >> .Jun 19 13:42:01.252: RADIUS: EAP-Message [79] 8 > >> .Jun 19 13:42:01.253: RADIUS: 02 03 00 06 > >> [????] > >> .Jun 19 13:42:01.253: RADIUS: NAS-Port-Type [61] 6 Virtual > >> [5] > >> .Jun 19 13:42:01.253: RADIUS: NAS-Port [5] 6 159 > >> .Jun 19 13:42:01.253: RADIUS: Service-Type [6] 6 Login > >> [1] > >> .Jun 19 13:42:01.254: RADIUS: NAS-IP-Address [4] 6 > >> 172.30.24.10 > >> .Jun 19 13:42:01.254: RADIUS: Nas-Identifier [32] 9 "ap2.gre" > >> .Jun 19 13:42:06.253: RADIUS: Retransmit to (172.30.19.3:1812,1813) > >> for id 44 > >> .Jun 19 13:42:12.056: RADIUS: Retransmit to (172.30.19.3:1812,1813) > >> for id 44 > >> .Jun 19 13:42:17.057: RADIUS: Retransmit to (172.30.19.3:1812,1813) > >> for id 44 > >> .Jun 19 13:42:21.899: dot11_dot1x_parse_client_pak: Received EAPOL > >> packet from 0060.1df0.3503 > >> .Jun 19 13:42:21.899: EAPOL pak dump rx > >> .Jun 19 13:42:21.899: EAPOL Version: 0x1 type: 0x1 length: 0x0000 > >> 00E126C0: 01010000 .... > >> .Jun 19 13:42:21.899: dot11_dot1x_run_rfsm: current state SERVER_WAIT, > >> received EAP_START, mac: > >> 0060.1df0.3503 > >> .Jun 19 13:42:21.900: dot11_dot1x_ignore_event: Ignore event: do > >> nothing > >> .Jun 19 13:42:22.188: RADIUS: Tried all servers. > >> .Jun 19 13:42:22.188: RADIUS: No valid server found. Trying any viable > >> server > >> .Jun 19 13:42:22.188: RADIUS: Tried all servers. > >> .Jun 19 13:42:22.188: RADIUS: No response from (172.30.19.3:1812,1813) > >> for id 44 > >> .Jun 19 13:42:22.188: RADIUS/DECODE: parse response no app start; FAIL > >> .Jun 19 13:42:22.188: RADIUS/DECODE: parse response; FAIL > >> > >> > >> As you can see, the Radius server seems not to respond, and AP > >> retransmits. > >> > >> Here are the logs on Radiator: > >> > >> Code: Access-Request > >> Identifier: 44 > >> Authentic: RDI<28><228><134><179>x<233><248><135>l<177>Y<202><255> > >> Attributes: > >> User-Name = "ben" > >> Framed-MTU = 1400 > >> Called-Station-Id = "0002.8a5b.400f" > >> Calling-Station-Id = "0060.1df0.3503" > >> NAS-Port-Type = 19 > >> Signature = > >> "<14><184>;<197>Q<12>;<219>Y5<209><240><179>%<181><184>" > >> EAP-Message = "<2><3><0><6><25>" > >> NAS-Port-Type = Virtual > >> NAS-Port = 159 > >> Service-Type = Login-User > >> NAS-IP-Address = 172.30.24.10 > >> NAS-Identifier = "ap2.gre" > >> > >> Thu Jun 19 15:42:17 2003: DEBUG: Handling request with Handler '' > >> Thu Jun 19 15:42:17 2003: DEBUG: Deleting session for ben, > >> 172.30.24.10, 159 > >> Thu Jun 19 15:42:17 2003: DEBUG: Handling with Radius::AuthFILE: > >> Thu Jun 19 15:42:17 2003: DEBUG: Handling with EAP: code 2, 3, 6 > >> Thu Jun 19 15:42:17 2003: DEBUG: Response type 25 > >> > >> and that's pretty all. No error to help me out. > >> > >> Has anybody any clue about that ? > >> > >> Thanks. > >> -- > >> Jerome Fleury > >> === > >> Archive at http://www.open.com.au/archives/radiator/ > >> Announcements on [EMAIL PROTECTED] > >> To unsubscribe, email '[EMAIL PROTECTED]' with > >> 'unsubscribe radiator' in the body of the message. > > > > NB: have you included a copy of your configuration file (no secrets), > > together with a trace 4 debug showing what is happening? > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > -- > Jerome Fleury > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
