On 04/18/2012 11:55 AM, Sudhir Harwalkar wrote: > Please see the EAP-TLS Client log file, Radius log file and eap_tls.cfg file.
The wireshark capture is not that useful, the same information is in the Radiator logfile. If you can get a log from your client, not wireshark capture, that would be more useful. Radiator log shows Radiator sends EAP-TLS start message, but your client never responds. It just keeps on sending EAP Identity. Check your client. Why does it not react to EAP-TLS start? Thanks! Heikki > Regards > Sudhir H > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Heikki Vatiainen > Sent: Wednesday, April 18, 2012 1:41 PM > To: [email protected] > Subject: Re: [RADIATOR] RADIATOR, EAP-TLS > > On 04/18/2012 10:00 AM, Sudhir Harwalkar wrote: > >> How to configure the client to trust the CA certificate? > > That depends on the client. What you wrote below sounds correct. > >> What I done was, converted CA, Client and Client Pvt key to hex value >> because in our code we are giving as hex code. > > Ok. > >> Using this I run the radius server using TLS config file its showing >> continuously as Challenge. > > What does the client log show? The client log should show why it is not > responding to the Challenge Radiator sends. > > Heikki > > >> Regards >> Sudhir H >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Heikki Vatiainen >> Sent: Monday, April 16, 2012 2:39 PM >> To: [email protected] >> Subject: Re: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2 >> >> On 04/16/2012 11:12 AM, Sudhir Harwalkar wrote: >> >>> 1. Please guide me how to keep PACs in memory, what are all the changes >>> need to make in config files. >> >> You need to change the Handler for outer EAP-FAST authentication to use >> AuthBy SQL. See goodies/sql.cfg and look for CreateEAPFastPACQuery and >> GetEAPFastPACQuery. >> >> For defintion of the single table that is needed, see >> goodies/mysqlCreate.sql. The table is EAPFAST_PAC >> >> MySQL is not required, it is just used for an example. You could try >> SQLite for a simple file based DB. http://www.sqlite.org/download.html >> >> You can keep all EAPTLS_* settings the same as they are now when setting up >> AuthBy SQL. >> >>> 2. I tried to authenticate with the EAP-TLS, as I was seen Access challenge >>> message only and I haven't found any error in that case, please find the >>> log, and config files for this. >> >> The log shows two different messages: >> 1. EAP Identity from your client >> 2. EAP-TLS start from Radiator >> >> The client then resends the identity. Check the client settings. It >> seems not to accept EAP-TLS or is otherwise incorrectly configured. >> Note that at some point you need to configure the client to trust the >> CA certificate in certificates/demoCA/cacert.pem >> >> Thanks! >> Heikki >> >> >>> Regards >>> Sudhir H >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Heikki Vatiainen >>> Sent: Friday, April 13, 2012 6:00 PM >>> To: [email protected] >>> Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >>> >>> On 04/12/2012 04:14 PM, Sudhir Harwalkar wrote: >>> >>>> 1. Whenever I flash the new code to the device it's generating new PAC key >>>> at that time it's getting authenticate with the server, >>>> If PACs are gone after a restart, but our device generating the same >>>> and send to the server so it should authenticate, why that's not happening >>>> here. >>> >>> If the server has lost its PACs, the client PAC are useless. It is the >>> server that decides if the PAC is valid. If the server refuses the PAC >>> client sends, then a new PAC needs to be provisioned to the client. That is >>> my take to how this should work. >>> >>>> 2. For EAP-TLS I took CA Certificate from >>>> C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for >>>> Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem >>>> is these are the correct files that I am using. >>> >>> Yes. See goodies/eap_tls.cfg for an example of EAP-TLS configuration. >>> >>> Heikki >>> >>> >>>> Sudhir H >>>> >>>> -----Original Message----- >>>> From: Heikki Vatiainen [mailto:[email protected]] >>>> Sent: Thursday, April 12, 2012 2:52 PM >>>> To: Sudhir Harwalkar >>>> Subject: Re: FW: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >>>> >>>> On 04/12/2012 09:25 AM, Sudhir Harwalkar wrote: >>>> >>>>> Thanks for helping me Heikki, when I flash the new code, then start the >>>>> radius server it's working fine after that I restarted the radius server >>>>> and power on the device then it's not authenticated. >>>>> Again I flash the code and verified working fine. >>>> >>>> Ok. Good to hear it works. >>>> >>>>> Problem arises only if I restart the radius server. >>>>> This should not happen right. >>>> >>>> By default Radiator keeps PACs in memory and they are gone after a >>>> restart. There is a possibility to keep them in SQL so that they survive >>>> across reboots. >>>> >>>> Heikki >>>> >>>> >>>> >>>> >>>> Larsen & Toubro Limited >>>> >>>> www.larsentoubro.com >>>> >>>> This Email may contain confidential or privileged information for the >>>> intended recipient (s) If you are not the intended recipient, please do >>>> not use or disseminate the information, notify the sender and delete it >>>> from your system. >>>> _______________________________________________ >>>> radiator mailing list >>>> [email protected] >>>> http://www.open.com.au/mailman/listinfo/radiator >>> >>> >>> -- >>> Heikki Vatiainen <[email protected]> >>> >>> Radiator: the most portable, flexible and configurable RADIUS server >>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER >>> etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >>> _______________________________________________ >>> radiator mailing list >>> [email protected] >>> http://www.open.com.au/mailman/listinfo/radiator >>> >>> >>> Larsen & Toubro Limited >>> >>> www.larsentoubro.com >>> >>> This Email may contain confidential or privileged information for the >>> intended recipient (s) If you are not the intended recipient, please do not >>> use or disseminate the information, notify the sender and delete it from >>> your system. >> >> >> -- >> Heikki Vatiainen <[email protected]> >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. >> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >> _______________________________________________ >> radiator mailing list >> [email protected] >> http://www.open.com.au/mailman/listinfo/radiator >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system. > > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, > PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full > source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > > > Larsen & Toubro Limited > > www.larsentoubro.com > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
