Hello Heikki,
> Your configuration looks correct.
> You need to check the client settings because there is no usable
> identity (username) received with the inner EAP-MSCHAP-V2 request.
>
> The PEAP problem is related to this line:
>
> EAP-Message =
> <2><1><0>H<26><2><1><0>C1<159><221>P<23><249><176>E<0>~<206>r<183><212><233>G<167><0><0><0><0><0><0><0><0><136
>
>
> This is the inner EAP-MSCHAP-V2 Challenge from the client. Was the line
> perhaps cut when pasting it to email?
>
You're right. I'm sorry but the last part of the line got lost during
the copy and paste.
Anyway it seems to be a client problem.
If I use a laptop with ubuntu 10.04 I get:
Code: Access-Request
Identifier: 36
Authentic: 7<1><13><127>oJ<212><219><237><176>{<165>Z<249>p<214>
Attributes:
Acct-Multi-Session-Id =
"00-03-52-9A-C6-C9-00-15-00-49-6D-75-4E-1F-FC-7D-00-0E-65-37"
Acct-Session-Id = "21a85895-00000253"
NAS-Port = 513
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Identifier = "CNSRV2-ISTI-CNR-IT"
NAS-IP-Address = 146.48.80.245
Framed-MTU = 1496
User-Name = "[email protected]"
Calling-Station-Id = "00-15-00-49-6D-75"
Called-Station-Id = "00-03-52-9A-C6-C9"
Service-Type = Framed-User
EAP-Message = <2><1><0><144><25><1><23><3><1><0> -M
<159><206><208>[<239>T<226><233>I<31>
<141>$C<232><247><220>2BsS<142>=<185><182><250><169><200><163><165><23><3><1><0>`B<252><184>&<141>
RO<255><146><152><213>o<176><175><134><229>p<157>2<222><180>}<242><16>V<247><250>4y<241>ib<186><164>v
<210><206><237><205>w[<209>'<161><243><240>J<251>P<150><11>><151>_<193>o<204>q<244><244>a<233><134><198><25>.stX
<193><209><254><19><178>v1<127><21><7><215>Nt'<151>JJ<141><143><174><246><1><237><242><167><253><144>
Colubris-AVPAIR = "ssid=test-network"
Colubris-AVPAIR = "group=test-group"
Colubris-AVPAIR = "vsc-unique-id=10"
Colubris-AVPAIR = "phytype=IEEE802dot11g"
Colubris-Attr-250 = "<0><0><0><1>"
Colubris-Attr-249 = "<146>0k<10>"
Message-Authenticator =
<185>R(<223>5<219><165>H<207><210>!T><170>.<160>
ssid = test-network
group = test-group
vsc-unique-id = 10
phytype = IEEE802dot11g
Fri Jul 15 10:38:19 2011: DEBUG: Handling request with Handler 'Realm =
test.it, ssid=test-network'
Fri Jul 15 10:38:19 2011: DEBUG: Rewrote user name to [email protected]
Fri Jul 15 10:38:19 2011: DEBUG: Deleting session for [email protected],
146.48.80.245, 513
Fri Jul 15 10:38:19 2011: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 15 10:38:19 2011: DEBUG: Handling with EAP: code 2, 1, 144, 25
Fri Jul 15 10:38:19 2011: DEBUG: Response type 25
Fri Jul 15 10:38:19 2011: DEBUG: EAP PEAP inner authentication request
for [email protected]
Fri Jul 15 10:38:19 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <148>j)n"5<177><29>V<18><22>><207>i<166><215>
Attributes:
EAP-Message =
<2><1><0>H<26><2><1><0>C1am<164><202><160><158>\<181><153>3HCYCZ<158><0><0><0><0>
<0><0><0><0><149><180>s<244>L<128><148>Mx<1><155><149><5><229><210>M0<205><166><195><137><219><245>,<0>[email protected]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "[email protected]"
NAS-IP-Address = 146.48.80.245
NAS-Identifier = "CNSRV2-ISTI-CNR-IT"
NAS-Port = 513
Calling-Station-Id = "00-15-00-49-6D-75"
Fri Jul 15 10:38:19 2011: DEBUG: Handling request with Handler
'TunnelledByPEAP=1, request_src = test-src'
Fri Jul 15 10:38:19 2011: DEBUG: Rewrote user name to [email protected]
Fri Jul 15 10:38:19 2011: DEBUG: Deleting session for [email protected],
146.48.80.245, 513
Fri Jul 15 10:38:19 2011: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 15 10:38:19 2011: DEBUG: Handling with EAP: code 2, 1, 72, 26
Fri Jul 15 10:38:19 2011: DEBUG: Response type 26
Fri Jul 15 10:38:19 2011: DEBUG: Radius::AuthFILE looks for match with
[[email protected]]
Fri Jul 15 10:38:19 2011: DEBUG: Radius::AuthFILE REJECT: No such user:
[[email protected]]
Fri Jul 15 10:38:19 2011: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no
such user
Fri Jul 15 10:38:19 2011: DEBUG: AuthBy FILE result: REJECT, EAP MSCHAP
V2 failed: no such user
Fri Jul 15 10:38:19 2011: INFO: Access rejected for [email protected]: EAP
MSCHAP V2 failed: no such user
Fri Jul 15 10:38:19 2011: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Reject
Instead, with an identical radiator configuration, using windows vista I
obtain:
*** Received from 146.48.107.5 port 32786 ....
Code: Access-Request
Identifier: 211
Authentic: h<155><186>bz}<172>BE<179><207><191><145><2>6<181>
Attributes:
Acct-Multi-Session-Id =
"00-03-52-9A-C6-C9-00-24-D6-87-D9-6E-4E-20-02-25-00-04-65-4E"
Acct-Session-Id = "5bc8ed11-00000255"
NAS-Port = 515
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Identifier = "CNSRV2-ISTI-CNR-IT"
NAS-IP-Address = 146.48.80.245
Framed-MTU = 1496
User-Name = "[email protected]"
Calling-Station-Id = "00-24-D6-87-D9-6E"
Called-Station-Id = "00-03-52-9A-C6-C9"
Service-Type = Framed-User
EAP-Message =
<2><27><0>k<25><0><23><3><1><0>`E<174><27><14><129><188><200><217><192>s<164>5<5>
<185>k<1>O<169><174>"`<150><147><10>d<185>`<242>MJ<180><128>a<218><142><240><160><189><168>5<21><231>
<168>x4<216><17><179><146>k<166>l<212><217><171><12><219>b<237><250><160><161>-<131><144><238>e<215><200>m<191>
<14><174><21><170><172><211>?<142><198><194>G<26><168>^<159>@B<245><143><173>vlj0<4>
Colubris-AVPAIR = "ssid=test-network"
Colubris-AVPAIR = "group=test-group"
Colubris-AVPAIR = "vsc-unique-id=10"
Colubris-AVPAIR = "phytype=IEEE802dot11g"
Colubris-Attr-250 = ""
Colubris-Attr-249 = ""
Message-Authenticator =
<11><231>{<128><183><144><214><205><135><153><141><176><25><172><14><159>
ssid = test-network
group = test-group
vsc-unique-id = 10
phytype = IEEE802dot11g
Fri Jul 15 11:02:24 2011: DEBUG: Handling request with Handler 'Realm =
test.it, ssid=test-network'
Fri Jul 15 11:02:24 2011: DEBUG: Rewrote user name to [email protected]
Fri Jul 15 11:02:24 2011: DEBUG: Deleting session for [email protected],
146.48.80.245, 515
Fri Jul 15 11:02:25 2011: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 15 11:02:25 2011: DEBUG: Handling with EAP: code 2, 27, 107, 25
Fri Jul 15 11:02:25 2011: DEBUG: Response type 25
Fri Jul 15 11:02:25 2011: DEBUG: EAP PEAP inner authentication request
for [email protected]
Fri Jul 15 11:02:25 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: 8M<149>w<220><251><16><214><248>.<12><5><166>F<247><154>
Attributes:
EAP-Message =
<2><27><0>D<26><2><27><0>C1\<212>P%<7>K<150><6>[<186><154><212><15><157><240><164>
<0><0><0><0><0><0><0><0><233><220>/<137><140><136>1h<184>8<242><137><193><2><209><216>M;5Y<223><174><163><22><0>[email protected]
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "[email protected]"
NAS-IP-Address = 146.48.80.245
NAS-Identifier = "CNSRV2-ISTI-CNR-IT"
NAS-Port = 515
Calling-Station-Id = "00-24-D6-87-D9-6E"
Fri Jul 15 11:02:25 2011: DEBUG: Handling request with Handler
'TunnelledByPEAP=1, request_src = test-src'
Fri Jul 15 11:02:25 2011: DEBUG: Rewrote user name to [email protected]
Fri Jul 15 11:02:25 2011: DEBUG: Deleting session for [email protected],
146.48.80.245, 515
Fri Jul 15 11:02:25 2011: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 15 11:02:25 2011: DEBUG: Handling with EAP: code 2, 27, 68, 26
Fri Jul 15 11:02:25 2011: DEBUG: Response type 26
Fri Jul 15 11:02:25 2011: DEBUG: Radius::AuthFILE looks for match with
[email protected] [[email protected]]
Fri Jul 15 11:02:25 2011: DEBUG: Radius::AuthFILE ACCEPT: :
[email protected] [[email protected]]
Fri Jul 15 11:02:25 2011: DEBUG: EAP result: 3, EAP MSCHAP V2 Challenge:
Success
Fri Jul 15 11:02:25 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP
MSCHAP V2 Challenge: Success
Fri Jul 15 11:02:25 2011: DEBUG: Access challenged for [email protected]:
EAP MSCHAP V2 Challenge: Success
Fri Jul 15 11:02:25 2011: DEBUG: Returned PEAP tunnelled packet dump:
I have a quite old radiator version (v-4.3.1). Do you think that an
update can be useful for this problem or, in your opinion, this is
related to an
ubuntu 10.04 misbehaviour?
Thank you
Regards
Fabio
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
