On 03/31/2011 03:51 PM, Jim Veneskey wrote:
> I have gone back to openssl 1.0.0d and installed newer versions of the
> modules.
Ok, I did also some testing. Please see below for more.
> Attached is a full log of my test session, including the radius.cfg and
> users file I am using.
> My radius.cfg is basically the example one found in goodies/.
Same here.
> I am testing the setup using a Windows client running Funk Odyssey and I
> have verified that
> the credentials I am using on the client match what is in the users file.
>
> Funk will prompt me to acquire new EAP-FAST credentials, however, when
> I instruct it to do so - it just
> keeps popping back up.
I tested with eapol_test from wpa_supplicant package. Here's the
configuration I used:
network={
ssid="eapol"
proto=WPA2
pairwise=CCMP
key_mgmt=WPA-EAP
eap=FAST
anonymous_identity="hvn"
identity="hvn"
password="password"
ca_cert="cacert.pem"
phase1="fast_provisioning=2"
pac_file="wpasupplicant.eap-fast-pac"
phase2="autheap=MSCHAPV2"
#dh_file="dh2048.pem"
}
Command was: ./eapol_test -p1645 -s mysecret -c eapol-eap-fast.conf
If run twice, it will succeed. The first run fetches the pac file and
then subsequent logins will succeed.
> It appears to be failing here: (for full trace - see attachment)
Same here if I run it when there is no pac_file and fast_provisioning is
set to 1. The MSCHAP calculated challenge response does not match what
was expected.
>> Thu Mar 31 08:29:51 2011: DEBUG: Radius::AuthFILE ACCEPT: : anonymous
>> [anonymous]
It got the user and its password from users file.
>> Thu Mar 31 08:29:51 2011: DEBUG: EAP result: 1, EAP MSCHAP-V2
>> Authentication failure
Challenge was not what was expected.
> At this point, I am not sure if I now have Radiator configured properly,
> and the issue is with my client.
The Radiator configuration should be good. I think this is related to
what happens or does not happens during pac provisioning. I'll try with
a different client, iPod, later to see how it behaves.
> Radiator is not displaying any errors about modules any more - so I'm
> guessing it may be configured properly?
Thanks!
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
