Unfortunately, I ran into the ip problem again. If I'm using PEAP, the supplicant could not get an ip address (the ip is 169.254.1.34, subnet mask 255.255.0.0). However, if I use TLS, the supplicant can get a valid ip from the DHCP server (in my case, it's the AP). Do you think it's the AP's problem? Or winxp's problem?
Also, although TLS works, the ip address the supplicant got isn't the framed ip address I defined in the users file, instead it's just an ip assigned by the DHCP server (AP). Are there ports other than 1812 I should port-forward to my AP?
Finally, a question on logging. How could I get all the screen output from the debug mode to be saved in a file? I've been using pipeline to capture them. Is there a "proper" way to do it? In the radiusd.conf the log path and file is /usr/local/var/log/radius/ and radius.log respectively, but the file is never created nor written even if I create it myself (I have the right permissions set for the directory and file). There're only auth_log, detail and reply_log in the radacct subdir which I enabled in the conf file. What are supposed to be written to the radius.log file?
TIA
From: "Alan DeKok" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: PEAP - Unknown RADIUS packet Date: Mon, 12 Jan 2004 11:38:02 -0500
"matt morris" <[EMAIL PROTECTED]> wrote:
> Hi, I've been trying the PEAP authentication method (with mschapv2) using
> snapshot20040111, a Dlink DWL-900AP+ Access Point, and WinXP
> Supplicant(actually I'm using the driver software of Linksys WirelessG
> PCMCIA card to connect). The TLS portion seems to be alright, but when the
> server got the tunnel reply there are these errors:
>
> PEAP: Got tunnel reply RADIUS code 0
So... what did the *rest* of the debug output say?
You've configured it to do PEAP, for the outer part of the session, but you didn't say how to authenticate the tunneled part of the session.
> In the user file I created a user with Auth-Type := EAP,
Don't do that. Read the list, and the comments in "radiusd.conf".
> while in the radiusd.conf I have default_eap_type = peap (also
> tried =tls), and the peap, mschapv2 and mschap sections are just commented
> out without adding anything.
Commented *out*, as in not being used, or "deleted the comments to make them work"?
> Any idea on what the cause of the problem might be? TIA
Read *all* of the debug output. It tells you why the tunneled session wasn't authenticated.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
