Thanks, i give it a try, i already enable tls trace in my win xp, and i
don't see there's an exchange certificate :-)
[1448] 11:49:36:218: PeapReadConnectionData
[1448] 11:49:36:218: PeapReadUserData
[1448] 11:49:36:218: RasEapGetInfo
[2884] 11:49:52:515: EapPeapBegin
[2884] 11:49:52:515: PeapReadConnectionData
[2884] 11:49:52:515: PeapReadUserData
[2884] 11:49:52:515:
[2884] 11:49:52:515: EapTlsBegin(test)
[2884] 11:49:52:515: State change to Initial
[2884] 11:49:52:515: EapTlsBegin: Detected 8021X authentication
[2884] 11:49:52:515: EapTlsBegin: Detected PEAP authentication
[2884] 11:49:52:515: MaxTLSMessageLength is now 16384
[2884] 11:49:52:515: EapPeapBegin done
[2884] 11:49:52:515: EapPeapMakeMessage
[2884] 11:49:52:515: EapPeapCMakeMessage
[2884] 11:49:52:515: PEAP:PEAP_STATE_INITIAL
[2884] 11:49:52:515: EapTlsCMakeMessage
[2884] 11:49:52:515: EapTlsReset
[2884] 11:49:52:515: State change to Initial
[2884] 11:49:52:515: GetCredentials
[2884] 11:49:52:515: Flag is Client and Store is Current User
[2884] 11:49:52:515: GetCachedCredentials
[2884] 11:49:52:515: FreeCachedCredentials
[2884] 11:49:52:515: No Cert Store. Guest Access requested
[2884] 11:49:52:515: No Cert Name. Guest access requested
[2884] 11:49:52:515: Will validate server cert
[2884] 11:49:52:515: MakeReplyMessage
[2884] 11:49:52:515: SecurityContextFunction
[2884] 11:49:52:515: InitializeSecurityContext returned 0x90312
[2884] 11:49:52:515: State change to SentHello
[2884] 11:49:52:515: BuildPacket
[2884] 11:49:52:515: << Sending Response (Code: 2) packet: Id: 2,
Length: 80, Type: 13, TLS blob length: 70. Flags: L
[2884] 11:49:52:515: EapPeapCMakeMessage done
[2884] 11:49:52:515: EapPeapMakeMessage done
[1352] 11:50:22:531: EapPeapEnd
[1352] 11:50:22:531: EapTlsEnd
[1352] 11:50:22:531: EapTlsEnd(test)
[1352] 11:50:22:531: EapPeapEnd done
[1352] 11:50:22:562: EapPeapBegin
[1352] 11:50:22:562: PeapReadConnectionData
[1352] 11:50:22:562: PeapReadUserData
[1352] 11:50:22:562:
[1352] 11:50:22:562: EapTlsBegin(test)
[1352] 11:50:22:562: State change to Initial
[1352] 11:50:22:562: EapTlsBegin: Detected 8021X authentication
[1352] 11:50:22:562: EapTlsBegin: Detected PEAP authentication
[1352] 11:50:22:562: MaxTLSMessageLength is now 16384
[1352] 11:50:22:562: EapPeapBegin done
[1352] 11:50:22:562: EapPeapMakeMessage
[1352] 11:50:22:562: EapPeapCMakeMessage
[1352] 11:50:22:562: PEAP:PEAP_STATE_INITIAL
[1352] 11:50:22:562: EapTlsCMakeMessage
[1352] 11:50:22:562: EapTlsReset
[1352] 11:50:22:562: State change to Initial
[1352] 11:50:22:562: GetCredentials
[1352] 11:50:22:562: Flag is Client and Store is Current User
[1352] 11:50:22:562: GetCachedCredentials
[1352] 11:50:22:562: FreeCachedCredentials
[1352] 11:50:22:562: No Cert Store. Guest Access requested
[1352] 11:50:22:562: No Cert Name. Guest access requested
[1352] 11:50:22:562: Will validate server cert
[1352] 11:50:22:562: MakeReplyMessage
[1352] 11:50:22:562: SecurityContextFunction
[1352] 11:50:22:562: InitializeSecurityContext returned 0x90312
[1352] 11:50:22:562: State change to SentHello
[1352] 11:50:22:562: BuildPacket
[1352] 11:50:22:562: << Sending Response (Code: 2) packet: Id: 37,
Length: 80, Type: 13, TLS blob length: 70. Flags: L
[1352] 11:50:22:562: EapPeapCMakeMessage done
[1352] 11:50:22:562: EapPeapMakeMessage done
[1448] 11:50:52:578: EapPeapEnd
[1448] 11:50:52:578: EapTlsEnd
[1448] 11:50:52:578: EapTlsEnd(test)
[1448] 11:50:52:578: EapPeapEnd done
[1448] 11:51:52:593: PeapReadConnectionData
[1448] 11:51:52:593: PeapReadUserData
[1448] 11:51:52:593: RasEapGetInfo
[1352] 12:02:42:625: PeapReadConnectionData
[1352] 12:02:42:640: PeapReadUserData
[1352] 12:02:42:640: RasEapGetInfo
[1352] 12:02:42:640: PeapReDoUserData
[1352] 12:02:42:640: EapTlsInvokeIdentityUI
[1352] 12:02:42:640: GetCertInfo
[1352] 12:03:42:640: PeapReadConnectionData
[1352] 12:03:42:640: PeapReadUserData
[1352] 12:03:42:640: RasEapGetInfo
[1352] 12:03:42:671: EapPeapBegin
[1352] 12:03:42:671: PeapReadConnectionData
[1352] 12:03:42:671: PeapReadUserData
[1352] 12:03:42:671:
[1352] 12:03:42:671: EapTlsBegin(GHOST\indrajaya)
[1352] 12:03:42:671: State change to Initial
[1352] 12:03:42:671: EapTlsBegin: Detected 8021X authentication
[1352] 12:03:42:671: EapTlsBegin: Detected PEAP authentication
[1352] 12:03:42:671: MaxTLSMessageLength is now 16384
[1352] 12:03:42:671: EapPeapBegin done
[1352] 12:03:42:671: EapPeapMakeMessage
[1352] 12:03:42:671: EapPeapCMakeMessage
[1352] 12:03:42:671: PEAP:PEAP_STATE_INITIAL
[1352] 12:03:42:671: EapTlsCMakeMessage
[1352] 12:03:42:671: EapTlsReset
[1352] 12:03:42:671: State change to Initial
[1352] 12:03:42:671: GetCredentials
[1352] 12:03:42:671: Flag is Client and Store is Current User
[1352] 12:03:42:671: GetCachedCredentials
[1352] 12:03:42:671: FreeCachedCredentials
[1352] 12:03:42:671: No Cert Store. Guest Access requested
[1352] 12:03:42:671: No Cert Name. Guest access requested
[1352] 12:03:42:671: Will validate server cert
[1352] 12:03:42:671: MakeReplyMessage
[1352] 12:03:42:671: SecurityContextFunction
[1352] 12:03:42:671: InitializeSecurityContext returned 0x90312
[1352] 12:03:42:671: State change to SentHello
[1352] 12:03:42:671: BuildPacket
[1352] 12:03:42:671: << Sending Response (Code: 2) packet: Id: 3,
Length: 80, Type: 13, TLS blob length: 70. Flags: L
[1352] 12:03:42:671: EapPeapCMakeMessage done
[1352] 12:03:42:671: EapPeapMakeMessage done
[2004] 12:04:12:687: EapPeapEnd
[2004] 12:04:12:687: EapTlsEnd
[2004] 12:04:12:687: EapTlsEnd(ghost\indrajaya)
[2004] 12:04:12:687: EapPeapEnd done
[2004] 12:04:42:734: EapPeapBegin
[2004] 12:04:42:734: PeapReadConnectionData
[2004] 12:04:42:734: PeapReadUserData
/Regards,
Indrajaya Pitra Perdana/
On 12/15/2011 6:04 PM, Heikki Vatiainen wrote:
On 12/15/2011 06:18 AM, Indrajaya Pitra Perdana wrote:
The problem still persist even i created my own certificate using the
steps in mkcertificate.sh goodies , my windows didn't respon to the eap
challenge sent by Radiator, do u have any clue on this? or perhaps the
problem is within my 2950 catalyst ? thanks :-)
You could try enabling debug for EAP authentication on the switch to see
how it reacts to EAP messages.
Meanwhile you could also try running wireshark on Windows to see if the
challenge with the certificate is sent by the switch to the XP box.
One thing you could try first is to use even lower value for
EAPTLS_MaxFragmentSize
The messages before certifcate are much smaller and so this challenge
would be the first that can reach the maximum size.
Thanks!
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
