On Wed, 20 Aug 2003 08:42 pm, Pavel Paprok wrote:
Hallo,
I am trying to get work wifi access point Orinoco/Proxim AP-2000 with 802.1x EAP/PEAP user auth by Radiator: - Radiator 3.6 eval version RPM on RedHat 9, configured for EAP/PEAP with demo certificates. - Orinoco/Proxim AP-2000 (latest firmware 2.1.3) - Test client is notebook Dell with Win XP (all patches applied), wireless card Orinoco Silver and/or builtin Intel Pro/WirelessLAN 2100 3A
After all known install and config issues I meet (described in FAQ,
archive and UtahGeeks) I moved to status where
user is authenticated OK and radius send "Access-Accept". But its last
info from radius log, no real connection follows, no accounting on log.
Especially basic UtahGeeks config of Access point is pretty closed to
our config, but unfortunatelly there are not published Radiator
configuration so here maybe I have a problem. Or problem is in using
different wifi client? Please help me somebody where is a problem?
That sounds a lot like the client is not configured to expect a dynamic WEP key, but your Radiator is configured to send themto the AP.
Check the 'WEP key will be provided for me' option in your client configuration.
of course, as I have written below in Windows XP client config:
"- Key is provided for me automatically ON" yesterday i also turn on eap tracing in WinXP, see log below, interesting is last line:
"We got a EAP_failure after we got a PEAP_SUCCESS. Failing auth."
...i dont know what it means.
Pavel
log from windows xp 802.1x client:
Cheers.
My configuration:
------ users ------ wifitest User-Password=wifi Session-Timeout=60
------ radius.cfg ------ AuthPort 1812 AcctPort 1813
LogStdout LogDir /var/log/radius DbDir /etc/radiator
Trace 5
<Client XXX.XXX.XXX.XXX> Secret XXXXX Identifier wifi-testnet IgnoreAcctSignature yes </Client> # now core config from eap_peap.cfg example:
<Handler TunnelledByPEAP=1> AcctLogFileName %L/detail <AuthBy FILE> Filename %D/users EAPType MSCHAP-V2 </AuthBy> </Handler> <Handler> <AuthBy FILE> Filename %D/users EAPType PEAP EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1024
AutoMPPEKeys # i did try also #AddToReply MS-MPPE-Encryption-Policy = Encryption-Allowed,\ # MS-MPPE-Encryption-Types = Encryption-Any SSLeayTrace 4
</AuthBy> </Handler>
------ WinXP client configuration ------
- Data encryption (WEP enabled) ON - Network Authentication (Shared mode) OFF - Key is provided for me automatically ON - Adhoc network OFF - Enable 802.1x auth ON - EAP type: PEAP -Authenticate as computer OFF - Authenticate as guest OFF - Validate server certificate OFF - Authentication method: EAP-MSCHAP v2 (automatically use Windows logon name OFF) - Enable fast reconnect OFF
----- something from Orinoco-2000 config -----
Operational Mode Wireless A: 802.11bg physical iface 802.11g OFDM / DSSS 2.4 GHz, enable auto channel select ON, transmit rate: auto fallback, dtim period: 1 rts/cts medium reservation: 2347, enable closed system: OFF
Wireless B: 802.11b only physical iface 802.11b DSSS 2.4 GHz enable auto channel select ON, mcast rate: 2mbit, dtim period: 1 rts/cts medium reservation: 2347, dist AP: large, enable closed system: OFF, enable load balancing: ON, enable medium density distribution: ON
MAC access control: OFF
Authentication: wireless slot A: mode 802.1x, rekeying interval: 900, encr key lenght: 64bits wireless slot B: mode 802.1x, rekeying interval: 900, encr key lenght: 64bits
Radius auth: enable radius mac access control: OFF, enable primary radius: ON, enable backup radius: OFF, auth lifetime: 900sec, primary radius server ip, port and shared secret set properly, resp time: 3sec, max retr: 3
Radius acct: enable radius accounting: ON, enable primary radius: ON, enable backup radius: OFF, primary radius server ip, port and shared secret set properly, resp time: 3sec, max retr: 3 DHCP server: enabled
------ radius log recorded ------ (tainted, only last lines, real ip of radiator
and AP replaced, there are no ERROR lines in log...)
Packet length = 163 01 0a 00 a3 35 01 00 00 d3 70 00 00 ea 7f 00 00 fc 20 00 00 01 0a 77 69 66 69 74 65 73 74 04 06 d5 c2 c2 5e 1e 13 30 30 2d 32 30 2d 61 36 2d 34 38 2d 65 37 2d 33 66 1f 13 30 30 2d 30 34 2d 32 33 2d 34 38 2d 66 31 2d 66 33 20 13 4f 52 69 4e 4f 43 4f 2d 41 50 2d 32 30 30 30 41 45 0c 06 00 00 05 78 3d 06 00 00 00 13 4f 28 02 0b 00 26 19 00 17 03 01 00 1b 21 3a 80 0e 47 22 d7 62 48 7e 9e 6c 5f 02 a9 68 ba 5f 5d 43 03 a4 20 bb 7d 3c 04 50 12 4d 14 ad 48 15 4e 0b 5a da b5 23 9f ab a0 b4 b8 Code: Access-Request Identifier: 10 Authentic: 5<1><0><0><211>p<0><0><234><127><0><0><252> <0><0> Attributes: User-Name = "wifitest" NAS-IP-Address = ORI.NO.CO.IP Called-Station-Id = "00-20-a6-48-e7-3f" Calling-Station-Id = "00-04-23-48-f1-f3" NAS-Identifier = "ORiNOCO-AP-2000AE" Framed-MTU = 1400 NAS-Port-Type = Wireless-IEEE-802-11 EAP-Message = <2><11><0>&<25><0><23><3><1><0><27>!:<128><14>G"<215>bH~<158>l_<2><169>h<18 6>_]C<3><164> <187>}<<4> Message-Authenticator = M<20><173>H<21>N<11>Z<218><181>#<159><171><160><180><184>
Tue Aug 19 14:20:36 2003: DEBUG: Handling request with Handler '' Tue Aug 19 14:20:36 2003: DEBUG: Deleting session for wifitest, ORI.NO.CO.IP , Tue Aug 19 14:20:36 2003: DEBUG: Handling with Radius::AuthFILE: Tue Aug 19 14:20:36 2003: DEBUG: Handling with EAP: code 2, 11, 38 Tue Aug 19 14:20:36 2003: DEBUG: Response type 25 Tue Aug 19 14:20:36 2003: DEBUG: Access accepted for wifitest Tue Aug 19 14:20:36 2003: DEBUG: Packet dump: *** Sending to ORI.NO.CO.IP port 6001 ....
Packet length = 160 02 0a 00 a0 16 83 b2 81 33 aa 76 f3 c4 8c bd f6 80 76 b9 ea 1a 3a 00 00 01 37 10 34 ed 16 5d 7f 0e 74 a1 73 03 45 9c 75 15 67 22 90 c7 3d b5 b1 71 60 1d ba be d4 29 00 42 83 18 62 b0 2f 61 c6 ca db b1 02 2d f4 76 4e 67 65 2c 98 f2 ea 1a 3a 00 00 01 37 11 34 87 c2 87 6c 05 9a 2e c2 87 c5 39 89 e5 45 73 57 63 e9 02 be 82 f2 21 84 ea 0d f9 8e cc fd 4d 72 8e d9 4b 72 37 5e 55 e9 f7 65 87 79 8d 45 2d 79 46 99 4f 06 03 0b 00 04 50 12 9d 85 0f 55 3f ea 50 c9 85 db 50 75 01 92 67 ec Code: Access-Accept Identifier: 10 Authentic: 5<1><0><0><211>p<0><0><234><127><0><0><252> <0><0> Attributes: MS-MPPE-Send-Key = "<237><22>]<127><14>t<161>s<3>E<156>u<21>g"<144><199>=<181><177>q`<29><186> <190><212>)<0>B<131><24>b<176>/a<198><202><219><177><2>-<244>vNge,<152><242> <234>"
MS-MPPE-Recv-Key = "<135><194><135>l<5><154>.<194><135><197>9<137><229>EsWc<233><2><190><130>< 242>!<132><234><13><249><142><204><253>Mr<142><217>Kr7^U<233><247>e<135>y<14 1>E-yF<153>"
EAP-Message = <3><11><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
[5584] 12:58:01:192: PeapReadConnectionData
[5584] 12:58:01:192: PeapReadUserData
[5584] 12:58:01:192: RasEapGetInfo
[5584] 12:58:01:192: PeapReDoUserData
[5584] 12:58:30:234: PeapReadConnectionData
[5584] 12:58:30:234: PeapReadUserData
[5584] 12:58:30:244: RasEapGetInfo
[5584] 12:58:30:244: PeapReDoUserData
[5584] 12:58:43:203: EapPeapBegin
[5584] 12:58:43:203: PeapReadConnectionData
[5584] 12:58:43:203: PeapReadUserData
[5584] 12:58:43:203:
[5584] 12:58:43:203: EapTlsBegin(wifitest)
[5584] 12:58:43:203: State change to Initial
[5584] 12:58:43:203: EapTlsBegin: Detected 8021X authentication
[5584] 12:58:43:203: EapTlsBegin: Detected PEAP authentication
[5584] 12:58:43:203: MaxTLSMessageLength is now 16384
[5584] 12:58:43:203: EapPeapBegin done
[5584] 12:58:43:203: EapPeapMakeMessage
[5584] 12:58:43:203: EapPeapCMakeMessage
[5584] 12:58:43:203: PEAP:PEAP_STATE_INITIAL
[5584] 12:58:43:203: EapTlsCMakeMessage
[5584] 12:58:43:203: EapTlsReset
[5584] 12:58:43:203: State change to Initial
[5584] 12:58:43:203: GetCredentials
[5584] 12:58:43:203: Flag is Client and Store is Current User
[5584] 12:58:43:203: GetCachedCredentials
[5584] 12:58:43:203: PEAP GetCachedCredentials: Using cached credentials.
[5584] 12:58:43:203: MakeReplyMessage
[5584] 12:58:43:203: SecurityContextFunction
[5584] 12:58:43:243: InitializeSecurityContext returned 0x90312
[5584] 12:58:43:243: State change to SentHello
[5584] 12:58:43:243: BuildPacket
[5584] 12:58:43:243: << Sending Response (Code: 2) packet: Id: 4, Length: 80, Type: 13, TLS blob length: 70. Flags: L
[5584] 12:58:43:243: EapPeapCMakeMessage done
[5584] 12:58:43:243: EapPeapMakeMessage done
[5584] 12:58:43:263: EapPeapMakeMessage
[5584] 12:58:43:263: EapPeapCMakeMessage
[5584] 12:58:43:263: PEAP:PEAP_STATE_TLS_INPROGRESS
[5584] 12:58:43:263: EapTlsCMakeMessage
[5584] 12:58:43:263: MakeReplyMessage
[5584] 12:58:43:263: Reallocating input TLS blob buffer
[5584] 12:58:43:263: BuildPacket
[5584] 12:58:43:263: << Sending Response (Code: 2) packet: Id: 5, Length: 6, Type: 13, TLS blob length: 0. Flags:
[5584] 12:58:43:263: EapPeapCMakeMessage done
[5584] 12:58:43:263: EapPeapMakeMessage done
[5584] 12:58:43:323: EapPeapMakeMessage
[5584] 12:58:43:323: EapPeapCMakeMessage
[5584] 12:58:43:323: PEAP:PEAP_STATE_TLS_INPROGRESS
[5584] 12:58:43:323: EapTlsCMakeMessage
[5584] 12:58:43:323: MakeReplyMessage
[5584] 12:58:43:323: BuildPacket
[5584] 12:58:43:323: << Sending Response (Code: 2) packet: Id: 6, Length: 6, Type: 13, TLS blob length: 0. Flags:
[5584] 12:58:43:323: EapPeapCMakeMessage done
[5584] 12:58:43:323: EapPeapMakeMessage done
[5584] 12:58:43:333: EapPeapMakeMessage
[5584] 12:58:43:333: EapPeapCMakeMessage
[5584] 12:58:43:333: PEAP:PEAP_STATE_TLS_INPROGRESS
[5584] 12:58:43:333: EapTlsCMakeMessage
[5584] 12:58:43:333: MakeReplyMessage
[5584] 12:58:43:333: SecurityContextFunction
[5584] 12:58:43:393: InitializeSecurityContext returned 0x90312
[5584] 12:58:43:393: State change to SentFinished
[5584] 12:58:43:393: BuildPacket
[5584] 12:58:43:393: << Sending Response (Code: 2) packet: Id: 7, Length: 199, Type: 13, TLS blob length: 189. Flags: L
[5584] 12:58:43:393: EapPeapCMakeMessage done
[5584] 12:58:43:393: EapPeapMakeMessage done
[5584] 12:58:43:413: EapPeapMakeMessage
[5584] 12:58:43:413: EapPeapCMakeMessage
[5584] 12:58:43:413: PEAP:PEAP_STATE_TLS_INPROGRESS
[5584] 12:58:43:413: EapTlsCMakeMessage
[5584] 12:58:43:413: MakeReplyMessage
[5584] 12:58:43:413: SecurityContextFunction
[5584] 12:58:43:413: InitializeSecurityContext returned 0x0
[5584] 12:58:43:413: AuthenticateServer
[5584] 12:58:43:413: CreateMPPEKeyAttributes
[5584] 12:58:43:413: State change to RecdFinished
[5584] 12:58:43:413: BuildPacket
[5584] 12:58:43:413: << Sending Response (Code: 2) packet: Id: 8, Length: 6, Type: 13, TLS blob length: 0. Flags:
[5584] 12:58:43:413: EapPeapCMakeMessage done
[5584] 12:58:43:413: EapPeapMakeMessage done
[5584] 12:58:43:423: EapPeapMakeMessage
[5584] 12:58:43:423: EapPeapCMakeMessage
[5584] 12:58:43:423: PEAP:PEAP_STATE_TLS_INPROGRESS
[5584] 12:58:43:423: EapTlsCMakeMessage
[5584] 12:58:43:423: Negotiation successful
[5584] 12:58:43:423: PeapGetTunnelProperties
[5584] 12:58:43:423: Successfully negotiated TLS with following parametersdwProtocol = 0x80, Cipher= 0x6801, CipherStrength=0x80,Hash=0x8003
[5584] 12:58:43:423: PeapGetTunnelProperties done
[5584] 12:58:43:423: PeapClientDecryptTunnelData
[5584] 12:58:43:423: IsDuplicatePacket
[5584] 12:58:43:423: PeapDecryptTunnelData dwSizeofData = 0x16, pData = 0x4261ff4
[5584] 12:58:43:423: PeapDecryptTunnelData completed with status 0x0
[5584] 12:58:43:423: PeapEncryptTunnelData
[5584] 12:58:43:423: PeapEncryptTunnelData completed with status 0x0
[5584] 12:58:43:423: EapPeapCMakeMessage done
[5584] 12:58:43:423: EapPeapMakeMessage done
[5584] 12:58:43:483: EapPeapMakeMessage
[5584] 12:58:43:483: EapPeapCMakeMessage
[5584] 12:58:43:483: PEAP:PEAP_STATE_IDENTITY_RESPONSE_SENT
[5584] 12:58:43:483: PeapClientDecryptTunnelData
[5584] 12:58:43:483: IsDuplicatePacket
[5584] 12:58:43:483: PeapDecryptTunnelData dwSizeofData = 0x38, pData = 0x4261ff4
[5584] 12:58:43:483: PeapDecryptTunnelData completed with status 0x0
[5584] 12:58:43:483: PeapEncryptTunnelData
[5584] 12:58:43:483: PeapEncryptTunnelData completed with status 0x0
[5584] 12:58:43:483: EapPeapCMakeMessage done
[5584] 12:58:43:483: EapPeapMakeMessage done
[5584] 12:58:43:503: EapPeapMakeMessage
[5584] 12:58:43:503: EapPeapCMakeMessage
[5584] 12:58:43:503: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
[5584] 12:58:43:503: PeapClientDecryptTunnelData
[5584] 12:58:43:503: IsDuplicatePacket
[5584] 12:58:43:503: PeapDecryptTunnelData dwSizeofData = 0x4e, pData = 0x4261ff4
[5584] 12:58:43:503: PeapDecryptTunnelData completed with status 0x0
[5584] 12:58:43:503: PeapEncryptTunnelData
[5584] 12:58:43:503: PeapEncryptTunnelData completed with status 0x0
[5584] 12:58:43:503: EapPeapCMakeMessage done
[5584] 12:58:43:503: EapPeapMakeMessage done
[5584] 12:58:43:513: EapPeapMakeMessage
[5584] 12:58:43:513: EapPeapCMakeMessage
[5584] 12:58:43:513: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
[5584] 12:58:43:513: PeapClientDecryptTunnelData
[5584] 12:58:43:513: IsDuplicatePacket
[5584] 12:58:43:513: PeapDecryptTunnelData dwSizeofData = 0x20, pData = 0x4261ff4
[5584] 12:58:43:513: PeapDecryptTunnelData completed with status 0x0
[5584] 12:58:43:513: GetPEAPTLVStatusMessageValue
[5584] 12:58:43:523: CreatePEAPTLVStatusMessage
[5584] 12:58:43:523: PeapEncryptTunnelData
[5584] 12:58:43:523: PeapEncryptTunnelData completed with status 0x0
[5584] 12:58:43:523: EapPeapCMakeMessage done
[5584] 12:58:43:523: EapPeapMakeMessage done
[5584] 12:58:43:533: EapPeapMakeMessage
[5584] 12:58:43:533: EapPeapCMakeMessage
[5584] 12:58:43:533: PEAP:PEAP_STATE_PEAP_SUCCESS_SEND
[5584] 12:58:43:533: We got a EAP_failure after we got a PEAP_SUCCESS. Failing auth.
[5584] 12:58:43:533: EapPeapCMakeMessage done
[5584] 12:58:43:533: EapPeapMakeMessage done
[5584] 12:59:43:349: EapPeapEnd
[5584] 12:59
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
