On 11/15/2011 07:43 PM, Joy Veronneau wrote: > I've made some progress on this. The windows 7 machine is now contacting > the radius server, but its username starts with "host/" and radiator > doesn't seem to like that. Should the machine be sending some sort of > different username? I don't think I can get the request to the correct > handler until I fix this problem?
Radiator will recognize host/ and do the authentication with correct username. The machine seems to be sending the username correctly, so that's not the problem. Tue Nov 15 12:41:42 2011: INFO: Access rejected for host/CIT-JV11GTEST2.cit.cornell.edu: Invalid character in User-Name Your configuration file has UsernameCharset specified so that it does not include / If you change UsernameCharset this problem will go away. Thanks! Heikki > The network settings on the windows 7 machine are: > Security type: WPA2 Enterprise > encryption type: TKIP > Network authentication method: microsoft: smartcard or other certificate > (Settings-> Use a certificate on this computer, use simple certificate > selection) > advanced settings: 802.1x Specify authentication mode: Computer > authentication. > > > Here is what I see on the radius logs: > > User-Name = "host/CIT-JV11GTEST2.cit.cornell.edu" > NAS-IP-Address = 132.236.115.218 > NAS-Port = 1 > NAS-Identifier = "cit.redrover.secure" > NAS-Port-Type = Wireless-IEEE-802-11 > Calling-Station-Id = "0014D1EA856B" > Called-Station-Id = "000B866222B0" > Service-Type = Login-User > Framed-MTU = 1100 > EAP-Message = <2><1><0>(<1>host/CIT-JV11GTEST2.cit.cornell.edu > Aruba-Essid-Name = "eduroam-test" > Aruba-Location-Id = "test-rhodes-745-ap" > Message-Authenticator = > ]<179>:f<223><241><242>Z<13>:<204><222><150><130>J<181> > > Tue Nov 15 12:41:42 2011: DEBUG: Handling request with Handler '', > Identifier '' > Tue Nov 15 12:41:42 2011: INFO: Access rejected for > host/CIT-JV11GTEST2.cit.cornell.edu: Invalid character in User-Name > Tue Nov 15 12:41:42 2011: DEBUG: Packet dump: > *** Sending to 132.236.115.218 port 33004 .... > Code: Access-Reject > Identifier: 219 > Authentic: <138>5<9><254><236><131>3<184>xLU?N4<139><225> > Attributes: > Reply-Message = "Request Denied" > > Thanks again, > > Joy -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator