I'm using Microsoft Windows XP Professional SP 2
Quoting Heikki Vatiainen <h...@open.com.au>: > On 12/16/2011 04:13 AM, Indrajaya Pitra Perdana wrote: > >> Thanks, i give it a try, i already enable tls trace in my win xp, and i >> don't see there's an exchange certificate :-) > > What client are you using? I noticed the log shows it sends EAP TLS > (type 13) responses while also logging about detecting PEAP authentication. > >> [1448] 11:49:36:218: PeapReadConnectionData >> [1448] 11:49:36:218: PeapReadUserData >> [1448] 11:49:36:218: RasEapGetInfo >> [2884] 11:49:52:515: EapPeapBegin >> [2884] 11:49:52:515: PeapReadConnectionData >> [2884] 11:49:52:515: PeapReadUserData >> [2884] 11:49:52:515: >> [2884] 11:49:52:515: EapTlsBegin(test) >> [2884] 11:49:52:515: State change to Initial >> [2884] 11:49:52:515: EapTlsBegin: Detected 8021X authentication >> [2884] 11:49:52:515: EapTlsBegin: Detected PEAP authentication >> [2884] 11:49:52:515: MaxTLSMessageLength is now 16384 >> [2884] 11:49:52:515: EapPeapBegin done >> [2884] 11:49:52:515: EapPeapMakeMessage >> [2884] 11:49:52:515: EapPeapCMakeMessage >> [2884] 11:49:52:515: PEAP:PEAP_STATE_INITIAL >> [2884] 11:49:52:515: EapTlsCMakeMessage >> [2884] 11:49:52:515: EapTlsReset >> [2884] 11:49:52:515: State change to Initial >> [2884] 11:49:52:515: GetCredentials >> [2884] 11:49:52:515: Flag is Client and Store is Current User >> [2884] 11:49:52:515: GetCachedCredentials >> [2884] 11:49:52:515: FreeCachedCredentials >> [2884] 11:49:52:515: No Cert Store. Guest Access requested >> [2884] 11:49:52:515: No Cert Name. Guest access requested >> [2884] 11:49:52:515: Will validate server cert >> [2884] 11:49:52:515: MakeReplyMessage >> [2884] 11:49:52:515: SecurityContextFunction >> [2884] 11:49:52:515: InitializeSecurityContext returned 0x90312 >> [2884] 11:49:52:515: State change to SentHello >> [2884] 11:49:52:515: BuildPacket >> [2884] 11:49:52:515: << Sending Response (Code: 2) packet: Id: 2, >> Length: 80, Type: 13, TLS blob length: 70. Flags: L >> [2884] 11:49:52:515: EapPeapCMakeMessage done >> [2884] 11:49:52:515: EapPeapMakeMessage done >> [1352] 11:50:22:531: EapPeapEnd >> [1352] 11:50:22:531: EapTlsEnd >> [1352] 11:50:22:531: EapTlsEnd(test) >> [1352] 11:50:22:531: EapPeapEnd done >> [1352] 11:50:22:562: EapPeapBegin >> [1352] 11:50:22:562: PeapReadConnectionData >> [1352] 11:50:22:562: PeapReadUserData >> [1352] 11:50:22:562: >> [1352] 11:50:22:562: EapTlsBegin(test) >> [1352] 11:50:22:562: State change to Initial >> [1352] 11:50:22:562: EapTlsBegin: Detected 8021X authentication >> [1352] 11:50:22:562: EapTlsBegin: Detected PEAP authentication >> [1352] 11:50:22:562: MaxTLSMessageLength is now 16384 >> [1352] 11:50:22:562: EapPeapBegin done >> [1352] 11:50:22:562: EapPeapMakeMessage >> [1352] 11:50:22:562: EapPeapCMakeMessage >> [1352] 11:50:22:562: PEAP:PEAP_STATE_INITIAL >> [1352] 11:50:22:562: EapTlsCMakeMessage >> [1352] 11:50:22:562: EapTlsReset >> [1352] 11:50:22:562: State change to Initial >> [1352] 11:50:22:562: GetCredentials >> [1352] 11:50:22:562: Flag is Client and Store is Current User >> [1352] 11:50:22:562: GetCachedCredentials >> [1352] 11:50:22:562: FreeCachedCredentials >> [1352] 11:50:22:562: No Cert Store. Guest Access requested >> [1352] 11:50:22:562: No Cert Name. Guest access requested >> [1352] 11:50:22:562: Will validate server cert >> [1352] 11:50:22:562: MakeReplyMessage >> [1352] 11:50:22:562: SecurityContextFunction >> [1352] 11:50:22:562: InitializeSecurityContext returned 0x90312 >> [1352] 11:50:22:562: State change to SentHello >> [1352] 11:50:22:562: BuildPacket >> [1352] 11:50:22:562: << Sending Response (Code: 2) packet: Id: 37, >> Length: 80, Type: 13, TLS blob length: 70. Flags: L >> [1352] 11:50:22:562: EapPeapCMakeMessage done >> [1352] 11:50:22:562: EapPeapMakeMessage done >> [1448] 11:50:52:578: EapPeapEnd >> [1448] 11:50:52:578: EapTlsEnd >> [1448] 11:50:52:578: EapTlsEnd(test) >> [1448] 11:50:52:578: EapPeapEnd done >> [1448] 11:51:52:593: PeapReadConnectionData >> [1448] 11:51:52:593: PeapReadUserData >> [1448] 11:51:52:593: RasEapGetInfo >> [1352] 12:02:42:625: PeapReadConnectionData >> [1352] 12:02:42:640: PeapReadUserData >> [1352] 12:02:42:640: RasEapGetInfo >> [1352] 12:02:42:640: PeapReDoUserData >> [1352] 12:02:42:640: EapTlsInvokeIdentityUI >> [1352] 12:02:42:640: GetCertInfo >> [1352] 12:03:42:640: PeapReadConnectionData >> [1352] 12:03:42:640: PeapReadUserData >> [1352] 12:03:42:640: RasEapGetInfo >> [1352] 12:03:42:671: EapPeapBegin >> [1352] 12:03:42:671: PeapReadConnectionData >> [1352] 12:03:42:671: PeapReadUserData >> [1352] 12:03:42:671: >> [1352] 12:03:42:671: EapTlsBegin(GHOST\indrajaya) >> [1352] 12:03:42:671: State change to Initial >> [1352] 12:03:42:671: EapTlsBegin: Detected 8021X authentication >> [1352] 12:03:42:671: EapTlsBegin: Detected PEAP authentication >> [1352] 12:03:42:671: MaxTLSMessageLength is now 16384 >> [1352] 12:03:42:671: EapPeapBegin done >> [1352] 12:03:42:671: EapPeapMakeMessage >> [1352] 12:03:42:671: EapPeapCMakeMessage >> [1352] 12:03:42:671: PEAP:PEAP_STATE_INITIAL >> [1352] 12:03:42:671: EapTlsCMakeMessage >> [1352] 12:03:42:671: EapTlsReset >> [1352] 12:03:42:671: State change to Initial >> [1352] 12:03:42:671: GetCredentials >> [1352] 12:03:42:671: Flag is Client and Store is Current User >> [1352] 12:03:42:671: GetCachedCredentials >> [1352] 12:03:42:671: FreeCachedCredentials >> [1352] 12:03:42:671: No Cert Store. Guest Access requested >> [1352] 12:03:42:671: No Cert Name. Guest access requested >> [1352] 12:03:42:671: Will validate server cert >> [1352] 12:03:42:671: MakeReplyMessage >> [1352] 12:03:42:671: SecurityContextFunction >> [1352] 12:03:42:671: InitializeSecurityContext returned 0x90312 >> [1352] 12:03:42:671: State change to SentHello >> [1352] 12:03:42:671: BuildPacket >> [1352] 12:03:42:671: << Sending Response (Code: 2) packet: Id: 3, >> Length: 80, Type: 13, TLS blob length: 70. Flags: L >> [1352] 12:03:42:671: EapPeapCMakeMessage done >> [1352] 12:03:42:671: EapPeapMakeMessage done >> [2004] 12:04:12:687: EapPeapEnd >> [2004] 12:04:12:687: EapTlsEnd >> [2004] 12:04:12:687: EapTlsEnd(ghost\indrajaya) >> [2004] 12:04:12:687: EapPeapEnd done >> [2004] 12:04:42:734: EapPeapBegin >> [2004] 12:04:42:734: PeapReadConnectionData >> [2004] 12:04:42:734: PeapReadUserData >> >> /Regards, >> Indrajaya Pitra Perdana/ >> >> On 12/15/2011 6:04 PM, Heikki Vatiainen wrote: >>> On 12/15/2011 06:18 AM, Indrajaya Pitra Perdana wrote: >>> >>>> The problem still persist even i created my own certificate using the >>>> steps in mkcertificate.sh goodies , my windows didn't respon to the eap >>>> challenge sent by Radiator, do u have any clue on this? or perhaps the >>>> problem is within my 2950 catalyst ? thanks :-) >>> You could try enabling debug for EAP authentication on the switch to see >>> how it reacts to EAP messages. >>> >>> Meanwhile you could also try running wireshark on Windows to see if the >>> challenge with the certificate is sent by the switch to the XP box. >>> >>> One thing you could try first is to use even lower value for >>> EAPTLS_MaxFragmentSize >>> >>> The messages before certifcate are much smaller and so this challenge >>> would be the first that can reach the maximum size. >>> >>> Thanks! >>> > > > -- > Heikki Vatiainen <h...@open.com.au> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
