We are using a Zyxel Prestige 300 Series. The router connects via one radius server (0.8.1) (yea yea...no comments on the fact that it is a dinosaur...it works). Then we are using the router's interal radius authentication to authenticate via a secondary radius server 1.0.0pre3. I can see the user authenticate, but then it almost instantly times-out. We are connecting with an XP sp1 box using Intel Pro/wireless 2100 3B
mini pci adapter. I've tried starting radius (1.0.0 version) with -X and i'm still not getting any extra output (unless it is logging someplace i don't know about) (i've checked system logs and radius logs (and no there is no extra output to the screen which starts radius)). The default timeout in the users file is set at 900 (seconds?). In the router it is set at 1800 seconds. The timeout for the specific user we are testing with is set at 0 (in old version meaning none...in 1.0.0??)
oh yea...peap, tls, mschav2 (with more or less default settings while testing)
All i'm seeing in the radius logs is repititions of the following
Wed Jul 14 17:26:22 2004 : Info: rlm_eap_tls: Length Included
Wed Jul 14 17:26:22 2004 : Error: TLS_accept:error in SSLv3 read client certificate A
Wed Jul 14 17:26:22 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Wed Jul 14 17:26:23 2004 : Info: rlm_eap_tls: Length Included
Wed Jul 14 17:26:23 2004 : Info: (other): SSL negotiation finished successfully
Wed Jul 14 17:26:23 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Wed Jul 14 17:26:23 2004 : Info: rlm_eap_mschapv2: Issuing Challenge
Wed Jul 14 17:26:23 2004 : Auth: Login OK: [username] (from client localhost port 0)
Wed Jul 14 17:26:23 2004 : Auth: Login OK: [username] (from client testrouter port 0 cli 00-04-23-70-af-06)
The user can "browse" (as long as there aren't a lot of pictures) and is authenticated via the server. they only "log in" once. (i see this via the detail file) Both the Nas-IP-Addy and Client-IP-Addy are that of the router. Now, lets add another layer of mud here. i only see the start/timeout combo once per "session" even though the link is constantly up and down.
Wed Jul 14 15:33:11 2004
User-Name = "username"
NAS-Identifier = "wifitest"
Called-Station-Id = "00-a0-c5-8d-c6-18:Sysadmin"
Calling-Station-Id = "00-04-23-70-af-06"
Acct-Status-Type = Start
Acct-Delay-Time = 0
NAS-IP-Address = 1.2.3.4
Client-IP-Address = 1.2.3.4
Acct-Unique-Session-Id = "3f04fa070e7a0e17"
Timestamp = 1089847991
Wed Jul 14 15:33:13 2004 User-Name = "username" NAS-Identifier = "wifitest" Called-Station-Id = "00-a0-c5-8d-c6-18:Sysadmin" Calling-Station-Id = "00-04-23-70-af-06" Acct-Status-Type = Stop Acct-Input-Octets = 555 Acct-Output-Octets = 753 Acct-Input-Packets = 5 Acct-Output-Packets = 4 Acct-Delay-Time = 0 Acct-Session-Time = 1 Acct-Terminate-Cause = Idle-Timeout Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 NAS-IP-Address = 1.2.3.4 Client-IP-Address = 1.2.3.4 Acct-Unique-Session-Id = "3f04fa070e7a0e17" Timestamp = 1089847993
any ideas, pointers, slaps accross the face...are welcome and appreciated.
Thank you
-- Terry J Fike Jr System Administrator MTA Solutions 907-793-4100 [EMAIL PROTECTED]
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
