I'm trying to authenticate the w XP client with radiator trough the interepoch AP. I created certs and installed them in radiator and on the client. I'm using the nightly builds of openssl, since no 0.9.8 is available yet.
The conversation goes on with a few messages in which the AP and radiator agree on EAP-TLS, the server sends it's certificate, the client sends it's one, at which point in radiator's logfile (stdout actually) I see:
Wed Jul 30 23:15:26 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Jul 30 23:15:26 2003: DEBUG: Deleting session for , 192.168.100.2,
Wed Jul 30 23:15:26 2003: DEBUG: Handling with Radius::AuthFILE:
Wed Jul 30 23:15:26 2003: DEBUG: Handling with EAP: code 2, 3, 908
Wed Jul 30 23:15:26 2003: DEBUG: Response type 13
Wed Jul 30 23:15:26 2003: INFO: Access rejected for : TLS not initialised
Wed Jul 30 23:15:26 2003: DEBUG: Packet dump:
*** Sending to 192.168.100.2 port 1812 ....
Code: Access-Reject
Identifier: 64
Authentic: z<134><200><205><153><161>m<137><163><141><155>)<143><31><185><225>
Attributes:
Reply-Message = "Request Denied"
Any hints about how to debug TLS initialization? I tried setting $Net::SSLeay::trace=4 in radiator code where SSLeay is used, but it printed nothing.
Is there maybe any known issue between the interepoch AP and radiator (or xp client)?
I append the last two packets exchanged.
Frame 7 (1052 bytes on wire, 1052 bytes captured)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x40 (64)
Length: 1010
Authenticator
Attribute value pairs
t:NAS IP Address(4) l:6, Value:192.168.100.2
t:Called Station Id(30) l:19, Value:"00-09-92-00-61-DF"
t:Calling Station Id(31) l:19, Value:"00-06-F4-00-92-84"
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:Framed MTU(12) l:6, Value:1400
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:255
EAP fragment
t:EAP Message(79) l:151
EAP fragment
Extensible Authentication Protocol
Code: Response (2)
Id: 3
Length: 908
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x80): Length
Length: 898
Secure Socket Layer
TLS Record Layer: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 850
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 578
Certificates Length: 575
Certificates (575 bytes)
Certificate Length: 572
Certificate (572 bytes)
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 130
Handshake Protocol: Certificate Verify
Handshake Type: Certificate Verify (15)
Length: 130
TLS Record Layer: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.0 (0x0301)
Length: 1
Change Cipher Spec Message
TLS Record Layer: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 32
Handshake Protocol: Encrypted Handshake Message
t:Message Authenticator(80) l:18, Value:3BAFDBEF5A4C3515F91CCB159C67C873
Frame 8 (78 bytes on wire, 78 bytes captured) Radius Protocol Code: Access Reject (3) Packet identifier: 0x40 (64) Length: 36 Authenticator Attribute value pairs t:Reply Message(18) l:16, Value:"Request Denied"
Thank you.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
