On 04/16/2012 11:12 AM, Sudhir Harwalkar wrote: > 1. Please guide me how to keep PACs in memory, what are all the changes need > to make in config files.
You need to change the Handler for outer EAP-FAST authentication to use AuthBy SQL. See goodies/sql.cfg and look for CreateEAPFastPACQuery and GetEAPFastPACQuery. For defintion of the single table that is needed, see goodies/mysqlCreate.sql. The table is EAPFAST_PAC MySQL is not required, it is just used for an example. You could try SQLite for a simple file based DB. http://www.sqlite.org/download.html You can keep all EAPTLS_* settings the same as they are now when setting up AuthBy SQL. > 2. I tried to authenticate with the EAP-TLS, as I was seen Access challenge > message only and I haven't found any error in that case, please find the log, > and config files for this. The log shows two different messages: 1. EAP Identity from your client 2. EAP-TLS start from Radiator The client then resends the identity. Check the client settings. It seems not to accept EAP-TLS or is otherwise incorrectly configured. Note that at some point you need to configure the client to trust the CA certificate in certificates/demoCA/cacert.pem Thanks! Heikki > Regards > Sudhir H > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Heikki Vatiainen > Sent: Friday, April 13, 2012 6:00 PM > To: [email protected] > Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/12/2012 04:14 PM, Sudhir Harwalkar wrote: > >> 1. Whenever I flash the new code to the device it's generating new PAC key >> at that time it's getting authenticate with the server, >> If PACs are gone after a restart, but our device generating the same >> and send to the server so it should authenticate, why that's not happening >> here. > > If the server has lost its PACs, the client PAC are useless. It is the server > that decides if the PAC is valid. If the server refuses the PAC client sends, > then a new PAC needs to be provisioned to the client. That is my take to how > this should work. > >> 2. For EAP-TLS I took CA Certificate from >> C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for >> Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem is >> these are the correct files that I am using. > > Yes. See goodies/eap_tls.cfg for an example of EAP-TLS configuration. > > Heikki > > >> Sudhir H >> >> -----Original Message----- >> From: Heikki Vatiainen [mailto:[email protected]] >> Sent: Thursday, April 12, 2012 2:52 PM >> To: Sudhir Harwalkar >> Subject: Re: FW: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >> >> On 04/12/2012 09:25 AM, Sudhir Harwalkar wrote: >> >>> Thanks for helping me Heikki, when I flash the new code, then start the >>> radius server it's working fine after that I restarted the radius server >>> and power on the device then it's not authenticated. >>> Again I flash the code and verified working fine. >> >> Ok. Good to hear it works. >> >>> Problem arises only if I restart the radius server. >>> This should not happen right. >> >> By default Radiator keeps PACs in memory and they are gone after a restart. >> There is a possibility to keep them in SQL so that they survive across >> reboots. >> >> Heikki >> >> >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system. >> _______________________________________________ >> radiator mailing list >> [email protected] >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, > PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full > source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > > > Larsen & Toubro Limited > > www.larsentoubro.com > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
