I'm trying to get TTLS-EAP-MSCHAPv2 working. I've found that if I have EAPAnonymous set to %0, It does not work. Here is the portion of the debug log:
Wed May 1 13:19:24 2013 756457: DEBUG: Handling request with Handler 'OSC-Client-Identifier=fromUIOWA, Called-Station-Id=/eduroam$/i, TunnelledByTTLS=1, Realm=/(?:(uiowa\.edu$)|^$)/i', Identifier '' Wed May 1 13:19:24 2013 757588: DEBUG: Deleting session for , 127.0.0.1, Wed May 1 13:19:24 2013 758469: DEBUG: Handling with Radius::AuthLSA: authUIOWAUser Wed May 1 13:19:24 2013 759515: DEBUG: Handling with EAP: code 2, 1, 79, 26 Wed May 1 13:19:24 2013 760346: DEBUG: Response type 26 Wed May 1 13:19:24 2013 761270: DEBUG: Radius::AuthLSA looks for match with wlantest02 [] Wed May 1 13:19:24 2013 762983: DEBUG: Checking LSA Group membership for \\IOWADC5, ITS-WIRELESS-FLAT, Wed May 1 13:19:24 2013 816747: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA User is not a member of any Group: wlantest02 [] Wed May 1 13:19:24 2013 817912: DEBUG: EAP Failure, elapsed time 0.108989 Wed May 1 13:19:24 2013 818991: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user wlantest02 Wed May 1 13:19:24 2013 819841: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP V2 failed: no such user wlantest02 Wed May 1 13:19:24 2013 820661: DEBUG: Handling with Radius::AuthLSA: authUIOWAUser_Quarantine Wed May 1 13:19:24 2013 821585: DEBUG: Handling with EAP: code 2, 1, 79, 26 Wed May 1 13:19:24 2013 822393: DEBUG: Response type 26 Wed May 1 13:19:24 2013 823548: DEBUG: Radius::AuthLSA looks for match with wlantest02 [] Wed May 1 13:19:24 2013 825252: DEBUG: Checking LSA Group membership for \\IOWADC5, ITS-WIRELESS-QUARANTINE, Wed May 1 13:19:24 2013 881270: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA User is not a member of any Group: wlantest02 [] Wed May 1 13:19:24 2013 882439: DEBUG: EAP Failure, elapsed time 0.173511 Wed May 1 13:19:24 2013 883404: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user wlantest02 Wed May 1 13:19:24 2013 884290: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP V2 failed: no such user wlantest02 Wed May 1 13:19:24 2013 885160: DEBUG: Handling with Radius::AuthFILE: authEduroam_test_users Wed May 1 13:19:24 2013 886057: DEBUG: Handling with EAP: code 2, 1, 79, 26 Wed May 1 13:19:24 2013 886898: DEBUG: Response type 26 Wed May 1 13:19:24 2013 888123: DEBUG: Radius::AuthFILE looks for match with [email protected] [] Wed May 1 13:19:24 2013 888906: DEBUG: Radius::AuthFILE REJECT: No such user: [email protected] [] Wed May 1 13:19:24 2013 890074: DEBUG: EAP Failure, elapsed time 0.181156 Wed May 1 13:19:24 2013 890958: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user [email protected] Wed May 1 13:19:24 2013 892064: DEBUG: AuthBy FILE result: REJECT, EAP MSCHAP V2 failed: no such user [email protected] Wed May 1 13:19:24 2013 892975: INFO: Access rejected for : EAP MSCHAP V2 failed: no such user [email protected] Wed May 1 13:19:24 2013 895315: DEBUG: Returned TTLS tunnelled Diameter Packet dump: If I set EAPAnonymous to %{User-Name}, it works. Wed May 1 15:04:44 2013 713905: DEBUG: Handling request with Handler 'OSC-Client-Identifier=fromEduroam, TunnelledByTTLS=1, Realm=/(?:(uiowa\.edu$)|^$)/i ', Identifier '' Wed May 1 15:04:44 2013 715031: DEBUG: Deleting session for [email protected], 127.0.0.1, Wed May 1 15:04:44 2013 715946: DEBUG: Handling with Radius::AuthLSA: authUIOWAUser Wed May 1 15:04:44 2013 717002: DEBUG: Handling with EAP: code 2, 1, 79, 26 Wed May 1 15:04:44 2013 717824: DEBUG: Response type 26 Wed May 1 15:04:44 2013 718768: DEBUG: Radius::AuthLSA looks for match with wlantest02 [[email protected]] Wed May 1 15:04:44 2013 720650: DEBUG: Checking LSA Group membership for \\IOWADC5, ITS-WIRELESS-FLAT, wlantest02 Wed May 1 15:04:44 2013 744119: DEBUG: Radius::AuthLSA ACCEPT: : wlantest02 [[email protected]] Wed May 1 15:04:44 2013 751725: DEBUG: EAP result: 3, EAP MSCHAP V2 Challenge: Success Wed May 1 15:04:44 2013 752731: DEBUG: AuthBy LSA result: CHALLENGE, EAP MSCHAP V2 Challenge: Success Wed May 1 15:04:44 2013 753632: DEBUG: Access challenged for [email protected]: EAP MSCHAP V2 Challenge: Success Wed May 1 15:04:44 2013 755200: DEBUG: Returned TTLS tunnelled Diameter Packet dump: Code: Access-Challenge The only difference I see is that the username is in the [] field is empty when EAPAnonymous %0 is set and is [[email protected]] when EAPAnonymous is set to %{User-Name}. Is this expected behavior, or a bug ? Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: [email protected]
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
