Hi Henry, On Thu, 18 Jul 2002 11:55, Henry Su wrote: > Thanks, Mike. I think tried to subscribe the mail-list yesterday and I did > get confirmation from [EMAIL PROTECTED] with subject "Majordomo > results: subscribe", but I still did receive any email from mailing list.
You were not subscribed, so I have subscribed you manually. > > For the client config, I just use windows XP, and the network setting for > the wireless is DHCP. There's really not much at all. I'll try a linux > client to see if it make any difference. OK. I dont think I can shed much light on client DHCP issues. Sorry. Perhaps someone else on the list? Cheers. > > -----Original Message----- > From: Mike McCauley [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 17, 2002 6:43 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: EAP TLS > > > > > Hello Henry, > > On Thu, 18 Jul 2002 11:27, Henry Su wrote: > > Thanks a lot, Mike. I tried to re-install the CA on XP machine, it seems > > worked on the radius side. I have 10 frames for eap-tls auth, and radius > > send access-accept packet (see it in the attachment). I also have an dhcp > > server running on the same box as radiator server, I tested it works > > well, > > The log looks good. > > > however my client can not get an IP address, I do not know why. Do you > > have > > > any clue? > > No, Im afraid I cant tell from the material you sent. Allocation of an IP > address from the DHCP server would normally be done by your client. > Normally, > Radiator would not be involved with address allocation. > > I think you need to check your client configuration. > > Cheers. > > > Thanks. > > > > -----Original Message----- > > From: Mike McCauley [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 16, 2002 4:33 PM > > To: Henry Su > > Cc: [EMAIL PROTECTED] > > Subject: Re: EAP TLS > > > > > > > > > > Hello Henry, > > > > Looks like you have not subscribed to the Radiator mailing list. I will > > try > > > to > > help you with this problem, but you should subscribe and send all future > > requests to the mailing list. > > > > In the log below, it shows that Radiator has received an EAP identity and > > has > > responded with a EAP-TLS start. This is the correct behaviour, and it > > shows > > > that your Radiator configuration file is OK so far. > > > > I suspect that the problem is in the AP or the client. The most likely > > reason > > is that the XP client is not configured for EAP-TLS, and it is expecting > > something else like maybe EAP-MD5 etc. I would check your XP wireless > > client settings first. > > > > Cheers. > > > > On Wed, 17 Jul 2002 09:00, [EMAIL PROTECTED] wrote: > > > From [EMAIL PROTECTED] Tue Jul 16 18:00:41 2002 > > > Received: from alicia.nttmcl.com (alicia.nttmcl.com [216.69.69.10]) > > > by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g6GN0f311978 > > > for <[EMAIL PROTECTED]>; Tue, 16 Jul 2002 18:00:41 -0500 > > > Received: from hsu (dhcp252.nttmcl.com [216.69.69.252]) > > > by alicia.nttmcl.com (8.10.1/8.10.1) with SMTP id g6GMxZ724001 > > > for <[EMAIL PROTECTED]>; Tue, 16 Jul 2002 15:59:40 -0700 (PDT) > > > Reply-To: <[EMAIL PROTECTED]> > > > From: "Henry Su" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Subject: EAP TLS > > > Date: Tue, 16 Jul 2002 16:00:03 -0700 > > > Message-ID: <[EMAIL PROTECTED]> > > > MIME-Version: 1.0 > > > Content-Type: text/plain; > > > charset="iso-8859-1" > > > Content-Transfer-Encoding: 7bit > > > X-Priority: 3 (Normal) > > > X-MSMail-Priority: Normal > > > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) > > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > > > Importance: Normal > > > > > > I am using Radiator 3.1 with patch on freeBSD4.5, my client is windows > > > XP, AP is Orinoco AP1000, and openssl is 0.9.7 beta2. > > > > > > My problem is that it works partially, radius server get request and > > send > > > > challage, but there's no further actions going on. > > > > > > I'm not sure how to set users for eap-tls. I just add following > > > > > > # For testing 802 1x (EAP-TLS) > > > 1x-client > > > > > > Is it correct? > > > > Yes, thats OK, but its best to have a password too, just in case someone > > tries > > to do a dialup connection that uses that user entry. The password is not > > used > > or required by EAP-TLS. > > > > > Could u pls point out me any clue? Thanks. > > > > > > Radius log: > > > Tue Jul 16 15:13:58 2002: DEBUG: Packet dump: > > > *** Received from 10.10.10.101 port 192 .... > > > Code: Access-Request > > > Identifier: 51 > > > Authentic: g<218>n<142><216><211>!<25><198><183><184><153><147><4>^P > > > Attributes: > > > User-Name = "1x-client" > > > NAS-IP-Address = 10.10.10.101 > > > Called-Station-Id = "00022d2e8a1a" > > > Calling-Station-Id = "00022d150780" > > > NAS-Identifier = "00-02-2D-15-07-80" > > > NAS-Port-Type = 19 > > > Framed-MTU = 1400 > > > EAP-Message = <2><4><0><14><1>1x-client > > > Message-Authenticator = > > > <20><2><139><180><214><231><241><189><195>J<175>(<146><230><152>F > > > > > > Tue Jul 16 15:13:58 2002: DEBUG: Handling request with Handler > > > 'Realm=DEFAULT' > > > Tue Jul 16 15:13:58 2002: DEBUG: Deleting session for 1x-client, > > > 10.10.10.101, > > > Tue Jul 16 15:13:58 2002: DEBUG: Handling with Radius::AuthFILE: > > > Tue Jul 16 15:13:58 2002: DEBUG: Radius::AuthFILE looks for match with > > > 1x-client > > > Tue Jul 16 15:13:58 2002: DEBUG: Handling with EAP > > > Tue Jul 16 15:13:58 2002: DEBUG: EAP code 2, 4, 14 > > > Tue Jul 16 15:13:58 2002: DEBUG: Response type 1 > > > Tue Jul 16 15:13:58 2002: DEBUG: Radius::AuthFILE CHALLENGE: EAP TLS > > > Challenge > > > Tue Jul 16 15:13:58 2002: DEBUG: Access challenged for 1x-client: EAP > > TLS > > > > Challenge > > > Tue Jul 16 15:13:58 2002: DEBUG: Packet dump: > > > *** Sending to 10.10.10.101 port 192 .... > > > Code: Access-Challenge > > > Identifier: 51 > > > Authentic: g<218>n<142><216><211>!<25><198><183><184><153><147><4>^P > > > Attributes: > > > EAP-Message = <1><5><0><6><13> > > > Message-Authenticator = > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > > > > > > Ethereal dump: > > > Frame 193 (172 on wire, 172 captured) > > > Arrival Time: Jul 16, 2002 14:21:26.741422000 > > > Time delta from previous packet: 30.040387000 seconds > > > Time relative to first packet: 11703.517713000 seconds > > > Frame Number: 193 > > > Packet Length: 172 bytes > > > Capture Length: 172 bytes > > > Ethernet II > > > Destination: 00:80:c8:b9:ad:bd (D-Link_b9:ad:bd) > > > Source: 00:02:2d:15:07:80 (Agere_15:07:80) > > > Type: IP (0x0800) > > > Internet Protocol, Src Addr: 10.10.10.101 (10.10.10.101), Dst Addr: > > > 10.10.10.1 (10.10.10.1) > > > Version: 4 > > > Header length: 20 bytes > > > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) > > > 0000 00.. = Differentiated Services Codepoint: Default (0x00) > > > .... ..0. = ECN-Capable Transport (ECT): 0 > > > .... ...0 = ECN-CE: 0 > > > Total Length: 158 > > > Identification: 0x0043 > > > Flags: 0x00 > > > .0.. = Don't fragment: Not set > > > ..0. = More fragments: Not set > > > Fragment offset: 0 > > > Time to live: 64 > > > Protocol: UDP (0x11) > > > Header checksum: 0x5193 (correct) > > > Source: 10.10.10.101 (10.10.10.101) > > > Destination: 10.10.10.1 (10.10.10.1) > > > User Datagram Protocol, Src Port: osu-nms (192), Dst Port: radius > > > (1812) Source port: osu-nms (192) > > > Destination port: radius (1812) > > > Length: 138 > > > Checksum: 0x7249 (correct) > > > Radius Protocol > > > Code: Access Request (1) > > > Packet identifier: 0xe (14) > > > Length: 130 > > > Authenticator > > > Attribute value pairs > > > t:User Name(1) l:11, Value:"1x-client" > > > t:NAS IP Address(4) l:6, Value:10.10.10.101 > > > t:Called Station Id(30) l:14, Value:"00022d2e8a1a" > > > t:Calling Station Id(31) l:14, Value:"00022d150780" > > > t:NAS identifier(32) l:19, Value:"00-02-2D-15-07-80" > > > t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19) > > > t:Framed MTU(12) l:6, Value:1400 > > > t:EAP Message(79) l:16 > > > Extensible Authentication Protocol > > > Code: Response (2) > > > Id: 1 > > > Length: 14 > > > Type: Identity [RFC2284] (1) > > > Identity (9 bytes): 1x-client > > > t:Message Authenticator(80) l:18, > > > Value:6DF2CB94176DE03541C3F701AC641E08 > > > > > > Frame 194 (88 on wire, 88 captured) > > > Arrival Time: Jul 16, 2002 14:21:26.753859000 > > > Time delta from previous packet: 0.012437000 seconds > > > Time relative to first packet: 11703.530150000 seconds > > > Frame Number: 194 > > > Packet Length: 88 bytes > > > Capture Length: 88 bytes > > > Ethernet II > > > Destination: 00:02:2d:15:07:80 (Agere_15:07:80) > > > Source: 00:80:c8:b9:ad:bd (D-Link_b9:ad:bd) > > > Type: IP (0x0800) > > > Internet Protocol, Src Addr: 10.10.10.1 (10.10.10.1), Dst Addr: > > > 10.10.10.101 (10.10.10.101) > > > Version: 4 > > > Header length: 20 bytes > > > Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) > > > 0000 00.. = Differentiated Services Codepoint: Default (0x00) > > > .... ..0. = ECN-Capable Transport (ECT): 0 > > > .... ...0 = ECN-CE: 0 > > > Total Length: 74 > > > Identification: 0x6692 > > > Flags: 0x00 > > > .0.. = Don't fragment: Not set > > > ..0. = More fragments: Not set > > > Fragment offset: 0 > > > Time to live: 64 > > > Protocol: UDP (0x11) > > > Header checksum: 0xeb97 (correct) > > > Source: 10.10.10.1 (10.10.10.1) > > > Destination: 10.10.10.101 (10.10.10.101) > > > User Datagram Protocol, Src Port: radius (1812), Dst Port: osu-nms > > > (192) Source port: radius (1812) > > > Destination port: osu-nms (192) > > > Length: 54 > > > Checksum: 0x1f28 (correct) > > > Radius Protocol > > > Code: Access challenge (11) > > > Packet identifier: 0xe (14) > > > Length: 46 > > > Authenticator > > > Attribute value pairs > > > t:EAP Message(79) l:8 > > > Extensible Authentication Protocol > > > Code: Request (1) > > > Id: 2 > > > Length: 6 > > > Type: EAP-TLS [RFC2716] [Aboba] (13) > > > Flags(0x20): Start > > > t:Message Authenticator(80) l:18, > > > Value:249C94D64B4ED518CEBDC54A053B4982 > > > > > > > > > ------------------------------------------------ > > > > > > Henry Su > > > > > > NTT Multimedia Communications Laboratories, Inc. > > > > > > 250 Cambridge Avenue Suite 300 > > > > > > Palo Alto, CA 94306, USA (PST:UTC -8H) > > > > > > Tel: +1 650 833 3652 > > > > > > Fax: +1 650 326 1878 > > > > > > http://www.nttmcl.com/ -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.