subject:"Re\: Not going past \"Sending Access\-Challenge\""

Re: Not going past "Sending Access-Challenge"

2005-09-09 Thread Adam Tauno Williams

It works!  I set "nastype = other" in the clients.conf file as per an 
example I

saw from someone using the same WAP, and it started working after restarting
Radius.  I don't recall making any other changes, but something had led me to
believe that "other" was the default nastype if not specified.


I'm trying to setup RADIUS/WPA authentication using PEAP as
described in -
http://www.ibiblio.org/pub/Linux/docs/HOWTO/8021X-HOWTO - but I
never seem to get past the "Sending Access-Challenge" after I enter
my username and password on the client.  User is simply an entry in
the users file with a clear text password.  I've gone over the
config several times, but nothing jumps out at me as an error
message.

Alan DeKok wrote:

 The problem most likely is that the AP isn't seeing the response, or
it isn't liking the response.  Check the IP addresses that the packet
use, via "tcpdump".
Okay, I've etherealled the connection and I see an "Access-Request" 
from the WAP

to the RADIUS server, then an "Access-Challenge" from the RADIUS serve to the
WAP,  and nothing else.  What should the WAP's response to an
"Access-Challenge" response be?
The WAP is 192.168.1.42 and the RADIUS server is 192.168.1.47



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Not going past "Sending Access-Challenge"

2005-09-08 Thread Adam Tauno Williams


Adam Tauno Williams  wrote:
>> I'm trying to setup RADIUS/WPA authentication using PEAP as
>> described in -
>> http://www.ibiblio.org/pub/Linux/docs/HOWTO/8021X-HOWTO - but I
>> never seem to get past the "Sending Access-Challenge" after I enter
>> my username and password on the client.  User is simply an entry in
>> the users file with a clear text password.  I've gone over the
>> config several times, but nothing jumps out at me as an error
>> message.
Alan DeKok wrote:
>  The problem most likely is that the AP isn't seeing the response, or
>it isn't liking the response.  Check the IP addresses that the packet
>use, via "tcpdump".

Okay, I've etherealled the connection and I see an "Access-Request" from the WAP
to the RADIUS server, then an "Access-Challenge" from the RADIUS serve to the
WAP,  and nothing else.  What should the WAP's response to an
"Access-Challenge" response be?

The WAP is 192.168.1.42 and the RADIUS server is 192.168.1.47

No. TimeSourceDestination   Protocol Info
  8 0.839425192.168.1.42  192.168.1.47  RADIUS  
Access-Request(1) (id=26, l=133)

Frame 8 (175 bytes on wire, 175 bytes captured)
Ethernet II, Src: noor.morrison.iserv.net (00:0f:3d:43:6a:3c), Dst:
tor.morrison.iserv.net (00:0d:60:0f:fd:4a)
Internet Protocol, Src: 192.168.1.42 (192.168.1.42), Dst: 192.168.1.47
(192.168.1.47)
User Datagram Protocol, Src Port: groove-dpp (1211), Dst Port: radius (1812)
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x1a (26)
Length: 133
Authenticator: 14E77EEE7405E31F02AB6A803EB478A1
Attribute Value Pairs
AVP: l=10  t=User-Name(1): awilliam
AVP: l=6  t=NAS-IP-Address(4): 192.168.1.42
AVP: l=6  t=NAS-Port(5): 0
AVP: l=19  t=Called-Station-Id(30): 00-0F-3D-43-6A-3C
AVP: l=19  t=Calling-Station-Id(31): 00-14-A5-30-BC-27
AVP: l=8  t=NAS-Identifier(32): wap001
AVP: l=6  t=Framed-MTU(12): 1380
AVP: l=6  t=NAS-Port-Type(61): Wireless-802.11(19)
AVP: l=15  t=EAP-Message(79) Last Segment[1]
Length: 13
EAP fragment
Extensible Authentication Protocol
Code: Response (2)
Id: 1
Length: 13
Type: Identity [RFC3748] (1)
Identity (8 bytes): awilliam
AVP: l=18  t=Message-Authenticator(80): 92C34CC691D9BC0D5B49F180B2F4EA59
Length: 16
Message-Authenticator: 92C34CC691D9BC0D5B49F180B2F4EA59

No. TimeSourceDestination   Protocol Info
 15 0.842887192.168.1.47  192.168.1.42  RADIUS  
Access-challenge(11) (id=26, l=83)

Frame 15 (125 bytes on wire, 125 bytes captured)
Ethernet II, Src: tor.morrison.iserv.net (00:0d:60:0f:fd:4a), Dst:
noor.morrison.iserv.net (00:0f:3d:43:6a:3c)
Internet Protocol, Src: 192.168.1.47 (192.168.1.47), Dst: 192.168.1.42
(192.168.1.42)
User Datagram Protocol, Src Port: radius (1812), Dst Port: groove-dpp (1211)
Radius Protocol
Code: Access-challenge (11)
Packet identifier: 0x1a (26)
Length: 83
Authenticator: DE3DC989610D986213D85EF526EA47BD
Attribute Value Pairs
AVP: l=19  t=Reply-Message(18): EAPTEST Hello, %u
Length: 17
Reply-Message: EAPTEST Hello, %u
AVP: l=8  t=EAP-Message(79) Last Segment[1]
Length: 6
EAP fragment
Extensible Authentication Protocol
Code: Request (1)
Id: 2
Length: 6
Type: PEAP [Palekar] (25)
Flags(0x20): Start
PEAP version 0
AVP: l=18  t=Message-Authenticator(80): 36719CCCEE09502EA6C644C5EEC62B87
Length: 16
Message-Authenticator: 36719CCCEE09502EA6C644C5EEC62B87
AVP: l=18  t=State(24): 4CA90CA7DE0086900AEB2E8BB35E773A
Length: 16
State: 4CA90CA7DE0086900AEB2E8BB35E773A

No. TimeSourceDestination   Protocol Info
 16 0.879314192.168.1.42  192.168.1.47  RADIUS  
Access-Request(1) (id=27, l=218)

Frame 16 (260 bytes on wire, 260 bytes captured)
Ethernet II, Src: noor.morrison.iserv.net (00:0f:3d:43:6a:3c), Dst:
tor.morrison.iserv.net (00:0d:60:0f:fd:4a)
Internet Protocol, Src: 192.168.1.42 (192.168.1.42), Dst: 192.168.1.47
(192.168.1.47)
User Datagram Protocol, Src Port: groove-dpp (1211), Dst Port: radius (1812)
Radius Protocol
Code: Access-Request (1)
Packet identifier: 0x1b (27)
Length: 218
Authenticator: FBD53DBF46F4F69697F2427EDE5176A3
Attribute Value Pairs
AVP: l=10  t=User-Name(1): awilliam
AVP: l=6  t=NAS-IP-Address(4): 192.168.1.42
AVP: l=6  t=NAS-Port(5): 0
AVP: l=19  t=Called-Station-Id(30): 00-0F-3D-43-6A-3C
AVP: l=19  t=Calling-Station-Id(31): 00-14-A5-30-BC-27
AVP: l=8  t=NAS-Identifier(32): wap001
AVP: l=6

Re: Not going past "Sending Access-Challenge"

2005-09-02 Thread Alan DeKok

Adam Tauno Williams <[EMAIL PROTECTED]> wrote:
> I'm trying to setup RADIUS/WPA authentication using PEAP as
> described in -
> http://www.ibiblio.org/pub/Linux/docs/HOWTO/8021X-HOWTO - but I
> never seem to get past the "Sending Access-Challenge" after I enter
> my username and password on the client.  User is simply an entry in
> the users file with a clear text password.  I've gone over the
> config several times, but nothing jumps out at me as an error
> message.

  The problem most likely is that the AP isn't seeing the response, or
it isn't liking the response.  Check the IP addresses that the packet
use, via "tcpdump".

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Not going past "Sending Access-Challenge"

Re: Not going past "Sending Access-Challenge"

Re: Not going past "Sending Access-Challenge"

3 matches

Site Navigation

Mail list logo

Footer information