On 04/06/2012 03:55 PM, Sudhir Harwalkar wrote: > Please find the attached new log file, users file and config file, because > with same username and password EAP-FAST GTC has worked fine, but for > MSCHAPv2 it shows an error.
Looks like there might be a problem with PAC provision. In other words, you should check your client and see if the PAC provision has worked. I suggest you try turning on support for "Server-Authenticated Tunneled Authentication" (see RFC 5422) and see if the PAC provisioning works. This is what I tried when I tested this. Thanks! Heikki > Regards > Sudhir H > > -----Original Message----- > From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On > Behalf Of Heikki Vatiainen > Sent: Friday, April 06, 2012 4:55 PM > To: radiator@open.com.au > Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/06/2012 10:07 AM, Sudhir Harwalkar wrote: > >> I tried EAP-FAST with GTC as an inner authentication its working fine, but >> for MSCHAPv2 I saw message in log file that rejected. > > The log file you sent previously shows that the user (sudhir) was found from > the users file. MSCHAPv2 then failed which indicates the password was > incorrect or your client calculated EAP-MSCHAPv2 credentials incorrectly. I > would check the password first to see it was correctly entered. > > Heikki > > >> Regards >> Sudhir H >> >> -----Original Message----- >> From: radiator-boun...@open.com.au >> [mailto:radiator-boun...@open.com.au] On Behalf Of Sudhir Harwalkar >> Sent: Friday, April 06, 2012 11:20 AM >> To: radiator@open.com.au >> Subject: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >> >> >> Hi Heikki, >> >> When I run the EAP-FAST I seen rejected message in the log file is it due >> do log file config. >> Please find the attached log file. >> >> Thanks >> Sudhir H >> >> -----Original Message----- >> From: radiator-boun...@open.com.au >> [mailto:radiator-boun...@open.com.au] On Behalf Of Heikki Vatiainen >> Sent: Thursday, April 05, 2012 4:50 PM >> To: radiator@open.com.au >> Subject: Re: [RADIATOR] RADIATOR: EAP-FAST-MSCHAPv2 >> >> On 04/05/2012 10:15 AM, Sudhir Harwalkar wrote: >> >> Hello Sudhir, >> >>> As I am verifying EAP-FAST which uses inner authentication as >>> MSCHAPv2, for this our device requires any certificates like client >>> certificates? >>> >>> I red that it requires PAC means pac key should match from both >>> sides like radius sever and our device? >> >> If the client does not send its PAC, Radiator will try to allocate one to >> it. Then client is then disconnected. Next time when the client tries to >> authenticate, it will have a PAC and the authentication should then proceed. >> By default Radiator keeps the PACs in memory with the other option being >> SQL. So do not restart Radiator unless you want to clear the PAC. >> >> Thanks! >> Heikki >> >> >> -- >> Heikki Vatiainen <h...@open.com.au> >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. >> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system. >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system. >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > Heikki Vatiainen <h...@open.com.au> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, > PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full > source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > > > Larsen & Toubro Limited > > www.larsentoubro.com > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
