Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)

2013-07-29 Thread Johnson, Neil M 

It's kind of hard get a trace 4 log as the server is processing a lot of
accounting requests at the same time.

I did do additional packet captures and on the RADIUS server I see
requests going in and responses going out, but capturing packets on the
client side shows only 1 initial response getting back to the client.

I suspect a network/Firewall issue now and am pursuing that, but why it is
only affecting one RADIUS server, I don't know.

-Neil


Thanks.
-Neil

-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-john...@uiowa.edu






On 7/29/13 6:37 AM, "Sami Keski-Kasari"  wrote:

>Hello Neil,
>
>Can you reply with Trace 4 logfile so that we can see what happens?
>
>Best Regards,
>  Sami
>
>On 07/26/2013 10:39 PM, Johnson, Neil M wrote:
>>
>> I had our server folks completely re-install windows on the server and
>> I'm still getting the same problem (Accounting requests are processing
>> fine. EAP Authentication id failing).
>>
>> I'm using the same version of RADIATOR, Perl, Perl modules,
>> certificates, and configuration as 8 other servers that are working, but
>> something about this server is different.
>>
>> Trace logs, output from eapol_test, and packet captures show that there
>> is an initial request to RADIATOR and RADIATOR responds, but when the
>> client makes it's next request RADIATOR never responds. No error
>> messages in the the RADIATOR trace log.
>>
>> Ideas?
>>
>> -Neil
>>
>> --
>> Neil Johnson
>> Network Engineer
>> The University of Iowa
>> Phone: 319 384-0938
>> Fax: 319 335-2951
>> Mobile: 319 540-2081
>> E-Mail: neil-john...@uiowa.edu
>>
>>
>> From: , Neil Johnson > <mailto:neil-john...@uiowa.edu>>
>> Date: Thursday, June 27, 2013 2:47 PM
>> To: Alan Buxey ><mailto:a.l.m.bu...@lboro.ac.uk>>
>> Cc: "radiator@open.com.au <mailto:radiator@open.com.au>"
>> mailto:radiator@open.com.au>>
>> Subject: Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication
>> Failing)
>>
>> Well, according to our server support folks, they performed this same
>> procedure on our other 8 RADIUS servers and didn't have any issues.
>>
>> They were using SCCM (Microsoft's System Center Configuration Manager)
>> to automate the uninstall and re-install of the software rather than a
>> manual process. I wonder if performing the actions by hand would make a
>> difference.
>>
>> Since it appears to be one box, I'm assuming there was something wrong
>> with it before the upgrade and it should be wiped and reinstalled from
>> scratch.
>>
>> -Neil
>> --
>> Neil Johnson
>> Network Engineer
>> The University of Iowa
>> Phone: 319 384-0938
>> Fax: 319 335-2951
>> Mobile: 319 540-2081
>> E-Mail: neil-john...@uiowa.edu <mailto:neil-john...@uiowa.edu>
>>
>>
>> From: Alan Buxey ><mailto:a.l.m.bu...@lboro.ac.uk>>
>> Reply-To: Alan Buxey > <mailto:a.l.m.bu...@lboro.ac.uk>>
>> Date: Thursday, June 27, 2013 1:35 PM
>> To: Neil Johnson ><mailto:neil-john...@uiowa.edu>>
>> Cc: Heikki Vatiainen mailto:h...@open.com.au>>,
>> "radiator@open.com.au <mailto:radiator@open.com.au>"
>> mailto:radiator@open.com.au>>
>> Subject: Re: Microsoft AV (Was Re: [RADIATOR] EAP PEAP Authentication
>> Failing)
>>
>> What would be interesting is whether a clean install of Windows and just
>> the installation of the Microsoft SEP kills it
>>
>> alan
>>
>>
>>
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>
>
>-- 
>Sami Keski-Kasari 
>
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>NetWare etc.
>___
>radiator mailing list
>radiator@open.com.au
>http://www.open.com.au/mailman/listinfo/radiator

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)

2013-07-29 Thread Sami Keski-Kasari 
Hello Neil,

Can you reply with Trace 4 logfile so that we can see what happens?

Best Regards,
  Sami

On 07/26/2013 10:39 PM, Johnson, Neil M wrote:
>
> I had our server folks completely re-install windows on the server and
> I'm still getting the same problem (Accounting requests are processing
> fine. EAP Authentication id failing).
>
> I'm using the same version of RADIATOR, Perl, Perl modules,
> certificates, and configuration as 8 other servers that are working, but
> something about this server is different.
>
> Trace logs, output from eapol_test, and packet captures show that there
> is an initial request to RADIATOR and RADIATOR responds, but when the
> client makes it's next request RADIATOR never responds. No error
> messages in the the RADIATOR trace log.
>
> Ideas?
>
> -Neil
>
> --
> Neil Johnson
> Network Engineer
> The University of Iowa
> Phone: 319 384-0938
> Fax: 319 335-2951
> Mobile: 319 540-2081
> E-Mail: neil-john...@uiowa.edu
>
>
> From: , Neil Johnson  <mailto:neil-john...@uiowa.edu>>
> Date: Thursday, June 27, 2013 2:47 PM
> To: Alan Buxey mailto:a.l.m.bu...@lboro.ac.uk>>
> Cc: "radiator@open.com.au <mailto:radiator@open.com.au>"
> mailto:radiator@open.com.au>>
> Subject: Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication
> Failing)
>
> Well, according to our server support folks, they performed this same
> procedure on our other 8 RADIUS servers and didn't have any issues.
>
> They were using SCCM (Microsoft's System Center Configuration Manager)
> to automate the uninstall and re-install of the software rather than a
> manual process. I wonder if performing the actions by hand would make a
> difference.
>
> Since it appears to be one box, I'm assuming there was something wrong
> with it before the upgrade and it should be wiped and reinstalled from
> scratch.
>
> -Neil
> --
> Neil Johnson
> Network Engineer
> The University of Iowa
> Phone: 319 384-0938
> Fax: 319 335-2951
> Mobile: 319 540-2081
> E-Mail: neil-john...@uiowa.edu <mailto:neil-john...@uiowa.edu>
>
>
> From: Alan Buxey mailto:a.l.m.bu...@lboro.ac.uk>>
> Reply-To: Alan Buxey  <mailto:a.l.m.bu...@lboro.ac.uk>>
> Date: Thursday, June 27, 2013 1:35 PM
> To: Neil Johnson mailto:neil-john...@uiowa.edu>>
> Cc: Heikki Vatiainen mailto:h...@open.com.au>>,
> "radiator@open.com.au <mailto:radiator@open.com.au>"
> mailto:radiator@open.com.au>>
> Subject: Re: Microsoft AV (Was Re: [RADIATOR] EAP PEAP Authentication
> Failing)
>
> What would be interesting is whether a clean install of Windows and just
> the installation of the Microsoft SEP kills it
>
> alan
>
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>


-- 
Sami Keski-Kasari 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)

2013-07-26 Thread Johnson, Neil M 

I had our server folks completely re-install windows on the server and I'm 
still getting the same problem (Accounting requests are processing fine. EAP 
Authentication id failing).

I'm using the same version of RADIATOR, Perl, Perl modules, certificates, and 
configuration as 8 other servers that are working, but something about this 
server is different.

Trace logs, output from eapol_test, and packet captures show that there is an 
initial request to RADIATOR and RADIATOR responds, but when the client makes 
it's next request RADIATOR never responds. No error messages in the the 
RADIATOR trace log.

Ideas?

-Neil

--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-john...@uiowa.edu


From: , Neil Johnson 
mailto:neil-john...@uiowa.edu>>
Date: Thursday, June 27, 2013 2:47 PM
To: Alan Buxey mailto:a.l.m.bu...@lboro.ac.uk>>
Cc: "radiator@open.com.au<mailto:radiator@open.com.au>" 
mailto:radiator@open.com.au>>
Subject: Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)

Well, according to our server support folks, they performed this same procedure 
on our other 8 RADIUS servers and didn't have any issues.

They were using SCCM (Microsoft's System Center Configuration Manager) to 
automate the uninstall and re-install of the software rather than a manual 
process. I wonder if performing the actions by hand would make a difference.

Since it appears to be one box, I'm assuming there was something wrong with it 
before the upgrade and it should be wiped and reinstalled from scratch.

-Neil
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu>


From: Alan Buxey mailto:a.l.m.bu...@lboro.ac.uk>>
Reply-To: Alan Buxey mailto:a.l.m.bu...@lboro.ac.uk>>
Date: Thursday, June 27, 2013 1:35 PM
To: Neil Johnson mailto:neil-john...@uiowa.edu>>
Cc: Heikki Vatiainen mailto:h...@open.com.au>>, 
"radiator@open.com.au<mailto:radiator@open.com.au>" 
mailto:radiator@open.com.au>>
Subject: Re: Microsoft AV (Was Re: [RADIATOR] EAP PEAP Authentication Failing)

What would be interesting is whether a clean install of Windows and just the 
installation of the Microsoft SEP kills it

alan

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)

2013-06-27 Thread Johnson, Neil M 
Well, according to our server support folks, they performed this same procedure 
on our other 8 RADIUS servers and didn't have any issues.

They were using SCCM (Microsoft's System Center Configuration Manager) to 
automate the uninstall and re-install of the software rather than a manual 
process. I wonder if performing the actions by hand would make a difference.

Since it appears to be one box, I'm assuming there was something wrong with it 
before the upgrade and it should be wiped and reinstalled from scratch.

-Neil
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-john...@uiowa.edu


From: Alan Buxey mailto:a.l.m.bu...@lboro.ac.uk>>
Reply-To: Alan Buxey mailto:a.l.m.bu...@lboro.ac.uk>>
Date: Thursday, June 27, 2013 1:35 PM
To: Neil Johnson mailto:neil-john...@uiowa.edu>>
Cc: Heikki Vatiainen mailto:h...@open.com.au>>, 
"radiator@open.com.au" 
mailto:radiator@open.com.au>>
Subject: Re: Microsoft AV (Was Re: [RADIATOR] EAP PEAP Authentication Failing)

What would be interesting is whether a clean install of Windows and just the 
installation of the Microsoft SEP kills it

alan

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)

2013-06-27 Thread Alan Buxey 
What would be interesting is whether a clean install of Windows and just the 
installation of the Microsoft SEP kills it

alan

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

[RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)

2013-06-27 Thread Johnson, Neil M 
Well we rolled back to an image of the system made the day before the
change and it started working.

AndÅ  we managed to break it again uninstalling Symantec and installing
Microsoft's Anti-virus like we did before.

I agree that something is hosing the network stackÅ .

Definitely not a RADIATOR problem, but a just a cautionary note to others
running RADIATOR under windows 2008 R2 (64) to test software installs and
patches.


-Neil

-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-john...@uiowa.edu






On 6/25/13 1:33 PM, "a.l.m.bu...@lboro.ac.uk" 
wrote:

>Hi,
>> 
>> 
>> I have EAPTLS_MaxFragmentSize set to 1400 bytes.  The Server should have
>> the same firewall configuration as the other eight servers that are
>> working.
>> 
>> Our server support staff think its a library that got corrupted while
>> installing the Anti-Virus software and recommend that I delete and
>> re-install RADIATOR first.
>
>possible..but more likely that the server firewall settings arent
>the same or the TCP/IP stack got blatted by its removal.
>
>any chance of running it on a Linux box instead? ;-)
>
>alan

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator