Following your advice, I just upgraded to the most recent SSLeay (1.22 -> 1.23), unfortunately the same problem occurs.
--On Monday, June 23, 2003 03:18:52 PM +0200 Tom Rixom <[EMAIL PROTECTED]> wrote: > Make sure you have the correct/latest SSLeay library. > > The output message that Radiator sends back looks weird: > > EAP-Message = "<4><2><0><4>" > Signature = "<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>" > EAP-Message = "<1><3><0><6><25><0>" > > Two EAP-Messages? One reject and one PEAP ack > > Regards, > > Tom. > >> -----Original Message----- >> From: Jerome Fleury [mailto:[EMAIL PROTECTED] >> Sent: Monday, June 23, 2003 2:23 PM >> To: Hugh Irvine >> Cc: [EMAIL PROTECTED] >> Subject: Re: (RADIATOR) Can't get PEAP to work, need help. >> >> >> --On Friday, June 20, 2003 10:10:46 AM +1000 Hugh Irvine >> <[EMAIL PROTECTED]> wrote: >> >> > >> > Salut Jerome - >> > >> > It looks like Radiator is crashing if the log stops as >> shown. You will need to look at the >> > Perl output to see what the error is, but it is usually a >> missing module that has not been >> > loaded. The easiest way to see what is happening is to run >> radiusd from the command line like >> > this: >> > >> > perl radiusd -foreground -log_stdout -trace 4 -config_file ..... >> > >> > where "...." is the name of your configuration file. >> >> Thanks for help Hugh. >> >> I tried this, but the server is not crashing. It just stops >> processing. Added some debug in the >> EAP_25.pm code and got this: >> >> Mon Jun 23 14:04:09 2003: DEBUG: Handling request with Handler '' >> Mon Jun 23 14:04:09 2003: DEBUG: Deleting session for >> testUser, 172.30.24.10, 78 >> Mon Jun 23 14:04:09 2003: DEBUG: Handling with Radius::AuthFILE: >> Mon Jun 23 14:04:09 2003: DEBUG: Handling with EAP: code 2, 2, 94 >> Mon Jun 23 14:04:09 2003: DEBUG: Response type 25 >> Mon Jun 23 14:04:09 2003: DEBUG: jeje - else2 >> Mon Jun 23 14:04:09 2003: DEBUG: jeje - 25, PEAP >> Mon Jun 23 14:04:09 2003: DEBUG: EAP TLS SSL_accept result: >> -1, 2, 8465 >> Mon Jun 23 14:04:09 2003: ERR: jeje - want read >> Mon Jun 23 14:04:09 2003: ERR: EAP TLS error: -1, 2, 8465, >> Mon Jun 23 14:04:09 2003: DEBUG: Access challenged for >> testUser: EAP PEAP Challenge >> Mon Jun 23 14:04:09 2003: DEBUG: Packet dump: >> *** Sending to 172.30.24.10 port 1645 .... >> Code: Access-Challenge >> Identifier: 215 >> Authentic: NW<237>T?<254>DT<202><146><22>|z<4><219><161> >> Attributes: >> EAP-Message = "<4><2><0><4>" >> Signature = "<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>" >> EAP-Message = "<1><3><0><6><25><0>" >> >> >> It seems like I'm stuck in the ERROR_WANT_READ block code, >> which does nothing, and this does >> this all the time, wether I'm doing EAP-TTLS or EAP-PEAP. It >> looks definitely like a >> Radiator/SSL issue, but I'm stuck by this lack of information. >> First I guessed it was my version of OpenSSL (it was 0.9.6c), >> but after upgrading to the most >> recent one, I still have this problem. >> >> I'm looking forward to any suggestion one could have. >> >> >> > Note the list of prerequisite modules that are listed in >> the comment block at the top of the >> > "eap_peap.cfg" file. >> > >> > regards >> > >> > Hugh >> > >> > >> > On Thursday, Jun 19, 2003, at 23:49 Australia/Melbourne, >> Jerome Fleury wrote: >> > >> >> Here is the test config: >> >> >> >> Client: Cisco Aironet/Orinoco >> >> 802.1X client: 2000+hotfix/Funk Odyssey >> >> AP: Cisco Aironet 1100 >> >> >> >> I use the test config from goodies/eap_peap.cfg with this >> modification: >> >> >> >> Filename %D/users-wifi >> >> >> >> (is there any special entry to put in this file ? anonymous user ?) >> >> >> >> As soon as I enter my credentials (802.1X identification >> window from >> >> Windows 2000 appears), the >> >> radius request launches from the AP: >> >> >> >> .Jun 19 13:42:01.250: dot11_dot1x_run_rfsm: current state >> CLIENT_WAIT, >> >> received CLIENT_REPLY, >> >> mac: 0060.1df0.3503 >> >> .Jun 19 13:42:01.250: dot11_dot1x_send_response_to_server: Sending >> >> client data to server >> >> .Jun 19 13:42:01.251: RADIUS/ENCODE(00003489): >> acct_session_id: 13473 >> >> .Jun 19 13:42:01.251: RADIUS(00003489): sending >> >> .Jun 19 13:42:01.252: RADIUS: Send to unknown id 44 >> 172.30.19.3:1812, >> >> Access-Request, len 128 >> >> .Jun 19 13:42:01.252: RADIUS: authenticator 52 44 49 1C >> E4 86 B3 78 - >> >> E9 F8 87 6C B1 59 CA FF >> >> .Jun 19 13:42:01.252: RADIUS: User-Name [1] 5 "ben" >> >> .Jun 19 13:42:01.252: RADIUS: Framed-MTU [12] 6 1400 >> >> .Jun 19 13:42:01.252: RADIUS: Called-Station-Id [30] 16 >> >> "0002.8a5b.400f" >> >> .Jun 19 13:42:01.252: RADIUS: Calling-Station-Id [31] 16 >> >> "0060.1df0.3503" >> >> .Jun 19 13:42:01.252: RADIUS: NAS-Port-Type [61] 6 >> 802.11 >> >> wireless [19] >> >> .Jun 19 13:42:01.252: RADIUS: Message-Authenticato[80] 18 * >> >> .Jun 19 13:42:01.252: RADIUS: EAP-Message [79] 8 >> >> .Jun 19 13:42:01.253: RADIUS: 02 03 00 06 >> >> >> [????] >> >> .Jun 19 13:42:01.253: RADIUS: NAS-Port-Type [61] 6 >> Virtual >> >> [5] >> >> .Jun 19 13:42:01.253: RADIUS: NAS-Port [5] 6 159 >> >> .Jun 19 13:42:01.253: RADIUS: Service-Type [6] 6 >> Login >> >> [1] >> >> .Jun 19 13:42:01.254: RADIUS: NAS-IP-Address [4] 6 >> >> 172.30.24.10 >> >> .Jun 19 13:42:01.254: RADIUS: Nas-Identifier [32] 9 >> "ap2.gre" >> >> .Jun 19 13:42:06.253: RADIUS: Retransmit to >> (172.30.19.3:1812,1813) >> >> for id 44 >> >> .Jun 19 13:42:12.056: RADIUS: Retransmit to >> (172.30.19.3:1812,1813) >> >> for id 44 >> >> .Jun 19 13:42:17.057: RADIUS: Retransmit to >> (172.30.19.3:1812,1813) >> >> for id 44 >> >> .Jun 19 13:42:21.899: dot11_dot1x_parse_client_pak: Received EAPOL >> >> packet from 0060.1df0.3503 >> >> .Jun 19 13:42:21.899: EAPOL pak dump rx >> >> .Jun 19 13:42:21.899: EAPOL Version: 0x1 type: 0x1 length: 0x0000 >> >> 00E126C0: 01010000 .... >> >> .Jun 19 13:42:21.899: dot11_dot1x_run_rfsm: current state >> SERVER_WAIT, >> >> received EAP_START, mac: >> >> 0060.1df0.3503 >> >> .Jun 19 13:42:21.900: dot11_dot1x_ignore_event: Ignore event: do >> >> nothing >> >> .Jun 19 13:42:22.188: RADIUS: Tried all servers. >> >> .Jun 19 13:42:22.188: RADIUS: No valid server found. >> Trying any viable >> >> server >> >> .Jun 19 13:42:22.188: RADIUS: Tried all servers. >> >> .Jun 19 13:42:22.188: RADIUS: No response from >> (172.30.19.3:1812,1813) >> >> for id 44 >> >> .Jun 19 13:42:22.188: RADIUS/DECODE: parse response no app >> start; FAIL >> >> .Jun 19 13:42:22.188: RADIUS/DECODE: parse response; FAIL >> >> >> >> >> >> As you can see, the Radius server seems not to respond, and AP >> >> retransmits. >> >> >> >> Here are the logs on Radiator: >> >> >> >> Code: Access-Request >> >> Identifier: 44 >> >> Authentic: RDI<28><228><134><179>x<233><248><135>l<177>Y<202><255> >> >> Attributes: >> >> User-Name = "ben" >> >> Framed-MTU = 1400 >> >> Called-Station-Id = "0002.8a5b.400f" >> >> Calling-Station-Id = "0060.1df0.3503" >> >> NAS-Port-Type = 19 >> >> Signature = >> >> "<14><184>;<197>Q<12>;<219>Y5<209><240><179>%<181><184>" >> >> EAP-Message = "<2><3><0><6><25>" >> >> NAS-Port-Type = Virtual >> >> NAS-Port = 159 >> >> Service-Type = Login-User >> >> NAS-IP-Address = 172.30.24.10 >> >> NAS-Identifier = "ap2.gre" >> >> >> >> Thu Jun 19 15:42:17 2003: DEBUG: Handling request with Handler '' >> >> Thu Jun 19 15:42:17 2003: DEBUG: Deleting session for ben, >> >> 172.30.24.10, 159 >> >> Thu Jun 19 15:42:17 2003: DEBUG: Handling with Radius::AuthFILE: >> >> Thu Jun 19 15:42:17 2003: DEBUG: Handling with EAP: code 2, 3, 6 >> >> Thu Jun 19 15:42:17 2003: DEBUG: Response type 25 >> >> >> >> and that's pretty all. No error to help me out. >> >> >> >> Has anybody any clue about that ? >> >> >> >> Thanks. >> >> -- >> >> Jerome Fleury >> >> === >> >> Archive at http://www.open.com.au/archives/radiator/ >> >> Announcements on [EMAIL PROTECTED] >> >> To unsubscribe, email '[EMAIL PROTECTED]' with >> >> 'unsubscribe radiator' in the body of the message. >> >> >> >> >> > >> > NB: have you included a copy of your configuration file (no >> secrets), >> > together with a trace 4 debug showing what is happening? >> > >> > -- >> > Radiator: the most portable, flexible and configurable RADIUS server >> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. >> > - >> > Nets: internetwork inventory and management - graphical, extensible, >> > flexible with hardware, software, platform and database >> independence. >> > >> >> >> >> -- >> Jerome Fleury >> === >> Archive at http://www.open.com.au/archives/radiator/ >> Announcements on [EMAIL PROTECTED] >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. >> jeje. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
