Adam Tauno Williams wrote:
>> I'm trying to setup RADIUS/WPA authentication using PEAP as
>> described in -
>> http://www.ibiblio.org/pub/Linux/docs/HOWTO/8021X-HOWTO - but I
>> never seem to get past the "Sending Access-Challenge" after I enter
>> my username and password on the client. User is simply an entry in
>> the users file with a clear text password. I've gone over the
>> config several times, but nothing jumps out at me as an error
>> message.
Alan DeKok wrote:
> The problem most likely is that the AP isn't seeing the response, or
>it isn't liking the response. Check the IP addresses that the packet
>use, via "tcpdump".
Okay, I've etherealled the connection and I see an "Access-Request" from the WAP
to the RADIUS server, then an "Access-Challenge" from the RADIUS serve to the
WAP, and nothing else. What should the WAP's response to an
"Access-Challenge" response be?
The WAP is 192.168.1.42 and the RADIUS server is 192.168.1.47
No. TimeSourceDestination Protocol Info
8 0.839425192.168.1.42 192.168.1.47 RADIUS
Access-Request(1) (id=26, l=133)
Frame 8 (175 bytes on wire, 175 bytes captured)
Ethernet II, Src: noor.morrison.iserv.net (00:0f:3d:43:6a:3c), Dst:
tor.morrison.iserv.net (00:0d:60:0f:fd:4a)
Internet Protocol, Src: 192.168.1.42 (192.168.1.42), Dst: 192.168.1.47
(192.168.1.47)
User Datagram Protocol, Src Port: groove-dpp (1211), Dst Port: radius (1812)
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x1a (26)
Length: 133
Authenticator: 14E77EEE7405E31F02AB6A803EB478A1
Attribute Value Pairs
AVP: l=10 t=User-Name(1): awilliam
AVP: l=6 t=NAS-IP-Address(4): 192.168.1.42
AVP: l=6 t=NAS-Port(5): 0
AVP: l=19 t=Called-Station-Id(30): 00-0F-3D-43-6A-3C
AVP: l=19 t=Calling-Station-Id(31): 00-14-A5-30-BC-27
AVP: l=8 t=NAS-Identifier(32): wap001
AVP: l=6 t=Framed-MTU(12): 1380
AVP: l=6 t=NAS-Port-Type(61): Wireless-802.11(19)
AVP: l=15 t=EAP-Message(79) Last Segment[1]
Length: 13
EAP fragment
Extensible Authentication Protocol
Code: Response (2)
Id: 1
Length: 13
Type: Identity [RFC3748] (1)
Identity (8 bytes): awilliam
AVP: l=18 t=Message-Authenticator(80): 92C34CC691D9BC0D5B49F180B2F4EA59
Length: 16
Message-Authenticator: 92C34CC691D9BC0D5B49F180B2F4EA59
No. TimeSourceDestination Protocol Info
15 0.842887192.168.1.47 192.168.1.42 RADIUS
Access-challenge(11) (id=26, l=83)
Frame 15 (125 bytes on wire, 125 bytes captured)
Ethernet II, Src: tor.morrison.iserv.net (00:0d:60:0f:fd:4a), Dst:
noor.morrison.iserv.net (00:0f:3d:43:6a:3c)
Internet Protocol, Src: 192.168.1.47 (192.168.1.47), Dst: 192.168.1.42
(192.168.1.42)
User Datagram Protocol, Src Port: radius (1812), Dst Port: groove-dpp (1211)
Radius Protocol
Code: Access-challenge (11)
Packet identifier: 0x1a (26)
Length: 83
Authenticator: DE3DC989610D986213D85EF526EA47BD
Attribute Value Pairs
AVP: l=19 t=Reply-Message(18): EAPTEST Hello, %u
Length: 17
Reply-Message: EAPTEST Hello, %u
AVP: l=8 t=EAP-Message(79) Last Segment[1]
Length: 6
EAP fragment
Extensible Authentication Protocol
Code: Request (1)
Id: 2
Length: 6
Type: PEAP [Palekar] (25)
Flags(0x20): Start
PEAP version 0
AVP: l=18 t=Message-Authenticator(80): 36719CCCEE09502EA6C644C5EEC62B87
Length: 16
Message-Authenticator: 36719CCCEE09502EA6C644C5EEC62B87
AVP: l=18 t=State(24): 4CA90CA7DE0086900AEB2E8BB35E773A
Length: 16
State: 4CA90CA7DE0086900AEB2E8BB35E773A
No. TimeSourceDestination Protocol Info
16 0.879314192.168.1.42 192.168.1.47 RADIUS
Access-Request(1) (id=27, l=218)
Frame 16 (260 bytes on wire, 260 bytes captured)
Ethernet II, Src: noor.morrison.iserv.net (00:0f:3d:43:6a:3c), Dst:
tor.morrison.iserv.net (00:0d:60:0f:fd:4a)
Internet Protocol, Src: 192.168.1.42 (192.168.1.42), Dst: 192.168.1.47
(192.168.1.47)
User Datagram Protocol, Src Port: groove-dpp (1211), Dst Port: radius (1812)
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x1b (27)
Length: 218
Authenticator: FBD53DBF46F4F69697F2427EDE5176A3
Attribute Value Pairs
AVP: l=10 t=User-Name(1): awilliam
AVP: l=6 t=NAS-IP-Address(4): 192.168.1.42
AVP: l=6 t=NAS-Port(5): 0
AVP: l=19 t=Called-Station-Id(30): 00-0F-3D-43-6A-3C
AVP: l=19 t=Calling-Station-Id(31): 00-14-A5-30-BC-27
AVP: l=8 t=NAS-Identifier(32): wap001
AVP: l=6