Can you explain me how to make on " Server-Authenticated Tunneled Authentication", because I am not getting where is that option.
Regards Sudhir H -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Heikki Vatiainen Sent: Tuesday, April 10, 2012 1:56 AM To: [email protected] Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 On 04/06/2012 03:55 PM, Sudhir Harwalkar wrote: > Please find the attached new log file, users file and config file, because > with same username and password EAP-FAST GTC has worked fine, but for > MSCHAPv2 it shows an error. Looks like there might be a problem with PAC provision. In other words, you should check your client and see if the PAC provision has worked. I suggest you try turning on support for "Server-Authenticated Tunneled Authentication" (see RFC 5422) and see if the PAC provisioning works. This is what I tried when I tested this. Thanks! Heikki > Regards > Sudhir H > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Heikki Vatiainen > Sent: Friday, April 06, 2012 4:55 PM > To: [email protected] > Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/06/2012 10:07 AM, Sudhir Harwalkar wrote: > >> I tried EAP-FAST with GTC as an inner authentication its working fine, but >> for MSCHAPv2 I saw message in log file that rejected. > > The log file you sent previously shows that the user (sudhir) was found from > the users file. MSCHAPv2 then failed which indicates the password was > incorrect or your client calculated EAP-MSCHAPv2 credentials incorrectly. I > would check the password first to see it was correctly entered. > > Heikki > > >> Regards >> Sudhir H >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Sudhir Harwalkar >> Sent: Friday, April 06, 2012 11:20 AM >> To: [email protected] >> Subject: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >> >> >> Hi Heikki, >> >> When I run the EAP-FAST I seen rejected message in the log file is it due >> do log file config. >> Please find the attached log file. >> >> Thanks >> Sudhir H >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Heikki Vatiainen >> Sent: Thursday, April 05, 2012 4:50 PM >> To: [email protected] >> Subject: Re: [RADIATOR] RADIATOR: EAP-FAST-MSCHAPv2 >> >> On 04/05/2012 10:15 AM, Sudhir Harwalkar wrote: >> >> Hello Sudhir, >> >>> As I am verifying EAP-FAST which uses inner authentication as >>> MSCHAPv2, for this our device requires any certificates like client >>> certificates? >>> >>> I red that it requires PAC means pac key should match from both >>> sides like radius sever and our device? >> >> If the client does not send its PAC, Radiator will try to allocate one to >> it. Then client is then disconnected. Next time when the client tries to >> authenticate, it will have a PAC and the authentication should then proceed. >> By default Radiator keeps the PACs in memory with the other option being >> SQL. So do not restart Radiator unless you want to clear the PAC. >> >> Thanks! >> Heikki >> >> >> -- >> Heikki Vatiainen <[email protected]> >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. >> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >> _______________________________________________ >> radiator mailing list >> [email protected] >> http://www.open.com.au/mailman/listinfo/radiator >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system. >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system. >> _______________________________________________ >> radiator mailing list >> [email protected] >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, > PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full > source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > > > Larsen & Toubro Limited > > www.larsentoubro.com > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator Larsen & Toubro Limited www.larsentoubro.com This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
