[RADIATOR] EAP-PEAP Windows XP Wired Ethernet

Tue, 13 Dec 2011 22:11:14 -0800 

Hi,
I try to setup EAP where cisco catalyst 2950 as authenticator and windows xp as the supplicant, but after i enter the credentials in Win xp, radiator send eap access challenge but never got replied by win XP and in the end the windows xp told me that the authentication is failed, am i missing something in my configuration? btw i'm using the demo cert provided by Radiator goodies, and imported the root.der and cert-clt.p12 into my win xp, thanks 

Config file:


<Handler TunnelledByPEAP=1>
        MaxSessions 1
        AuthByPolicy ContinueWhileAccept


#<Realm DEFAULT>
<AuthBy SQL>
                DBSource        dbi:mysql:radius:localhost
                DBUsername      radius
                DBAuth          r4d1usLocal


                AuthSelect select PASSWORD FROM SUBSCRIBERS WHERE 
USERNAME=%0


                AcctColumnDef   User-Password, check
                AcctColumnDef   USERNAME,User-Name
                AcctColumnDef   TIME_STAMP,Timestamp,integer
                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
                AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                AcctColumnDef   NASPORT,NAS-Port,integer
                EAPType MSCHAP-V2
         #      EAPType PEAP
</AuthBy>

</Handler>

<Handler>

<AuthBy SQL>
                DBSource        dbi:mysql:radius:localhost
                DBUsername      radius
                DBAuth          r4d1usLocal


                AuthSelect select PASSWORD FROM SUBSCRIBERS WHERE 
USERNAME=%0


                AcctColumnDef   User-Password, check
                AcctColumnDef   USERNAME,User-Name
                AcctColumnDef   TIME_STAMP,Timestamp,integer
                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
                AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                AcctColumnDef   NASPORT,NAS-Port,integer

                EAPType PEAP
          #     EAPType MSCHAP-V2

                EAPTLS_CAFile 
/usr/share/doc/packages/Radiator/certificates/demoCA/cacert.pem
                EAPTLS_CertificateFile 
/usr/share/doc/packages/Radiator/certificates/cert-srv.pem

                EAPTLS_CertificateType PEM

                EAPTLS_PrivateKeyFile 
/usr/share/doc/packages/Radiator/certificates/cert-srv.pem

                EAPTLS_PrivateKeyPassword whatever
                EAPTLS_MaxFragmentSize 1000
                AutoMPPEKeys

</AuthBy>

</Handler>


Debug:

*** Received from 202.53.249.28 port 1812 ....
Code:       Access-Request
Identifier: 55
Authentic:  S<155><173>*<150><226><172><149>!<245>i<30>B<229><133><211>
Attributes:
        NAS-IP-Address = 202.53.249.28
        NAS-Port = 50011
        NAS-Port-Type = Ethernet
        User-Name = "indrajaya"
        Calling-Station-Id = "00-1B-38-A5-45-A5"
        Service-Type = Framed-User

        EAP-Message = 
<2><148><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>N<232>;<17><191>k<228><146><254>'<27>U<187><187><26>nf%NK<154><8>-<198><186>8<129>u<170><210>#P<0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0>

        Message-Authenticator = <220>DJ<146>1M<9>S5"q<132><197>x<19>


Wed Dec 14 12:57:29 2011: DEBUG: Handling request with Handler '', 
Identifier ''
Wed Dec 14 12:57:29 2011: DEBUG:  Deleting session for indrajaya, 
202.53.249.28, 50011
Wed Dec 14 12:57:29 2011: DEBUG: do query is: 'delete from RADONLINE 
where NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':

Wed Dec 14 12:57:29 2011: DEBUG: Handling with Radius::AuthSQL:
Wed Dec 14 12:57:29 2011: DEBUG: Handling with Radius::AuthSQL:
Wed Dec 14 12:57:29 2011: DEBUG: Handling with EAP: code 2, 148, 80, 25
Wed Dec 14 12:57:29 2011: DEBUG: Response type 25
Wed Dec 14 12:57:29 2011: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Wed Dec 14 12:57:29 2011: DEBUG: EAP result: 3, EAP PEAP Challenge

Wed Dec 14 12:57:29 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP 
Challenge
Wed Dec 14 12:57:29 2011: DEBUG: Access challenged for indrajaya: EAP 
PEAP Challenge

Wed Dec 14 12:57:29 2011: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ....
Code:       Access-Challenge
Identifier: 55
Authentic: <3>.<248><243>a<172>b`<181>l<138>E<214>6<154><213>
Attributes:

        EAP-Message = 
<1><149><3><242><25><192><0><0><7><178><22><3><1><0>J<2><0><0>F<3><1>N<232>:<201><12><1><17><235>z<22><181> 
<186><171><150>9<252>@|q<18>,R<134><203>\<27>Vf<27><133><136> 
<247>B<140><150>j'<152><24>C<163><228><244>_<150>i<141><176><252><149><177>T<182>R8<159><178><20><187><19>Q<22>!<0><4><0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC 
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
        EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use 
in production)1 
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mi...@open.com.au0<30><23><13>100128213155Z<23><13>120128213155Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC 
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate 
Section1%0#<6><3>U<4><3><19><28>t
        EAP-Message = 
est.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><203>?(<193><229><128><183><136>q<166><202><21><168><224><157>M<139><204>{<209><131><10><156><164><254>Z<214><231><254>g<245>+y~<210><147><171><8><131><143><139><186>{<221><224>)<161>`<140>z<193><247><244><210><152><149><4><204><225><139><204><159><29><1><12><162><219><142><176>)/<189><163>vV<208><250><213><212><144><137><211><207><10><215><19><206><14><228>umT<7><239><198>_Y<231><197><202><14><166><211><145><181><226><226>|<201>E<128>F<165><189><<250><20><18><227>6t<243><177>ZNv<133><153><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><30><137>N<139><212>><249><25><151><161>N<31><183><246><141>'<233>V<198><203>
        EAP-Message = 
<206><146>9*<19><219>0<28><209><244>e<17><199>`<236>g<189>q<<200><185>{<219><252><31>+<245><10><208>M<181>!<248><20><1>K)E<2><158><128>#<169><162><179><224>W08<19><<16>ts<226>~<11>4<8><251>!d<201><223><230>~E<133><166>r<0>:<19>4<206>D<136>8<232>n<26><195>v<13><192>&ws<175>n@0D<175><29>E<162>:<239>d 
<17>?<153><184>C4?<0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><249><170>@<232><246>7<146>$0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC 
Demo Certificates1!0<31><6><3>U<4><11><19><24>Tes
        Message-Authenticator = 
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>





--
/Regards,
Indrajaya Pitra Perdana/

_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator





















					Reply via email to