Hello Mark -
There appear to be two problems here.
The first is your configuration file which should only contain Handlers (otherwise the Realm DEFAULT will catch everything).
<Handler TunnelledByPEAP=1>
<AuthBy FILE>
Filename %D/users
EAPType PEAP,MSCHAP-V2
</AuthBy>
</Handler><Handler>
<AuthBy FILE>
Filename %D/users
EAPType PEAP
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
SSLeayTrace 4
</AuthBy>
</Handler>The second problem appears to be a configuration issue with the access point, because Radiator is sending back an access challenge but then receiving nothing further.
regards
Hugh
On Tuesday, Oct 14, 2003, at 20:33 Australia/Melbourne, Mark Verwoerd wrote:
Hello Hugh,
On work we want to setup a wireless network with 802.1x that authenticates users to our LDAP server with Radiator 3.7.1. The LDAP and Wireless parts work fine, but the EAP PEAP part in radiator doesn't.
The AccessPoints are propperly configured, the shared secret is correct and 802.1x is enabled. For testing i'm using the eap_peap.cfg from the goodies, only changed the log en pid stuff. So it Auths by File (%D/users)
CFG: LogDir /var/log/radiator LogFile %L/%Y/%m%d.log PidFile /var/log/radiator/radiator.pid DbDir /usr/local/radiator Trace 4
AuthPort 1645 AcctPort 1646
#Accesspoints: <Client 145.48.64.5> Secret testing123 IgnoreAcctSignature </Client>
<Client DEFAULT> Secret mysecret DupInterval 0 </Client>
<Handler TunnelledByPEAP=1> <AuthBy FILE> Filename %D/users EAPType PEAP,MSCHAP-V2 </AuthBy> </Handler>
<Realm DEFAULT> <AuthBy FILE> Filename %D/users EAPType PEAP EAPTLS_CAFile %D/certificates/demoCA/cacert.pem EAPTLS_CertificateFile %D/certificates/cert-srv.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem EAPTLS_PrivateKeyPassword whatever EAPTLS_MaxFragmentSize 1000 AutoMPPEKeys SSLeayTrace 4 </AuthBy> </Realm>
On a laptop with WinxP Pro the 'WEP key will be provided for me' option is checked. And EAP-Type = EAP (PEAP) When my laptop finds the AccessPoint (Avaya AP-1000) it asks for a username & password, i fill in fred with password fred and it hangs ....
LOG:
Tue Oct 14 12:06:39 2003: DEBUG: Packet dump: *** Received from 145.48.64.5 port 192 .... Code: Access-Request Identifier: 11 Authentic: T=r<246><229><9><196><246>9<187><196><239><3><189><192><153> Attributes: User-Name = "fred" NAS-IP-Address = 145.48.64.5 Called-Station-Id = "00022d75a1ac" Calling-Station-Id = "00601df7f7d0" NAS-Identifier = "AP-1000-HSB-05" NAS-Port-Type = Wireless-IEEE-802-11 Framed-MTU = 1400 EAP-Message = <2><1><0><9><1>fred Message-Authenticator = <166><197><<21><15><208>oT|<128><206><193><255><232>+<234>
Tue Oct 14 12:06:39 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Tue Oct 14 12:06:39 2003: DEBUG: Deleting session for fred, 145.48.64.5, Tue Oct 14 12:06:39 2003: DEBUG: Handling with Radius::AuthFILE: Tue Oct 14 12:06:39 2003: DEBUG: Handling with EAP: code 2, 1, 9 Tue Oct 14 12:06:39 2003: DEBUG: Response type 1 Tue Oct 14 12:06:39 2003: DEBUG: EAP result: 3, EAP PEAP Challenge Tue Oct 14 12:06:39 2003: DEBUG: Access challenged for fred: EAP PEAP Challenge Tue Oct 14 12:06:39 2003: DEBUG: Packet dump: *** Sending to 145.48.64.5 port 192 .... Code: Access-Challenge Identifier: 11 Authentic: T=r<246><229><9><196><246>9<187><196><239><3><189><192><153> Attributes: EAP-Message = <1><2><0><6><25>! Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Where is it waiting on ? or .. what is wrong with the cfg ? or .. what do i miss here :x
Thanks for your time,
Mark === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
