On 06/03/2012 01:16 AM, Adam Bishop wrote: > What do the log files say? Is an accept/reject packet being sent, or is the > request just terminating part way through (or even not reaching the radiusd)?
I would check if the PEAP TLS tunnel setup succeeds and you get something like this in the logs: Sun May 6 11:34:33 2012: DEBUG: EAP PEAP inner authentication request for mikem Sun May 6 11:34:33 2012: DEBUG: PEAP Tunnelled request Packet dump: Because if you do not get the above, this might be a fragmentation issue, as Adam noted. Also, with PEAP/EAP-MSCHAP-V2 there is no User-Password (or password in any form), but the authentication is done with challenges and responses. With this protocol the username length changes the message length, but the EAP-MSCHAP-V2 messages are shorter than messages that setup the TLS tunnel. In other words, if possible, check the logs to see if the TLS tunnel setup is successful and there are tunnelled messages sent inside the tunnel. > If you can't pull the logs for any reason, a packet capture will do the same > job. > > Only thing I can think of that directly relates to any sort of length, is > that if you were running close to a fragment size limit, a longer password > could trigger an issue. > > Start with the log files before tweaking your config though. -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
