Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)
Hello Neil, Can you reply with Trace 4 logfile so that we can see what happens? Best Regards, Sami On 07/26/2013 10:39 PM, Johnson, Neil M wrote: I had our server folks completely re-install windows on the server and I'm still getting the same problem (Accounting requests are processing fine. EAP Authentication id failing). I'm using the same version of RADIATOR, Perl, Perl modules, certificates, and configuration as 8 other servers that are working, but something about this server is different. Trace logs, output from eapol_test, and packet captures show that there is an initial request to RADIATOR and RADIATOR responds, but when the client makes it's next request RADIATOR never responds. No error messages in the the RADIATOR trace log. Ideas? -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu From: Johnson, Neil Johnson neil-john...@uiowa.edu mailto:neil-john...@uiowa.edu Date: Thursday, June 27, 2013 2:47 PM To: Alan Buxey a.l.m.bu...@lboro.ac.uk mailto:a.l.m.bu...@lboro.ac.uk Cc: radiator@open.com.au mailto:radiator@open.com.au radiator@open.com.au mailto:radiator@open.com.au Subject: Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing) Well, according to our server support folks, they performed this same procedure on our other 8 RADIUS servers and didn't have any issues. They were using SCCM (Microsoft's System Center Configuration Manager) to automate the uninstall and re-install of the software rather than a manual process. I wonder if performing the actions by hand would make a difference. Since it appears to be one box, I'm assuming there was something wrong with it before the upgrade and it should be wiped and reinstalled from scratch. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu mailto:neil-john...@uiowa.edu From: Alan Buxey a.l.m.bu...@lboro.ac.uk mailto:a.l.m.bu...@lboro.ac.uk Reply-To: Alan Buxey a.l.m.bu...@lboro.ac.uk mailto:a.l.m.bu...@lboro.ac.uk Date: Thursday, June 27, 2013 1:35 PM To: Neil Johnson neil-john...@uiowa.edu mailto:neil-john...@uiowa.edu Cc: Heikki Vatiainen h...@open.com.au mailto:h...@open.com.au, radiator@open.com.au mailto:radiator@open.com.au radiator@open.com.au mailto:radiator@open.com.au Subject: Re: Microsoft AV (Was Re: [RADIATOR] EAP PEAP Authentication Failing) What would be interesting is whether a clean install of Windows and just the installation of the Microsoft SEP kills it alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Sami Keski-Kasari sam...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)
It's kind of hard get a trace 4 log as the server is processing a lot of accounting requests at the same time. I did do additional packet captures and on the RADIUS server I see requests going in and responses going out, but capturing packets on the client side shows only 1 initial response getting back to the client. I suspect a network/Firewall issue now and am pursuing that, but why it is only affecting one RADIUS server, I don't know. -Neil Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu On 7/29/13 6:37 AM, Sami Keski-Kasari sam...@open.com.au wrote: Hello Neil, Can you reply with Trace 4 logfile so that we can see what happens? Best Regards, Sami On 07/26/2013 10:39 PM, Johnson, Neil M wrote: I had our server folks completely re-install windows on the server and I'm still getting the same problem (Accounting requests are processing fine. EAP Authentication id failing). I'm using the same version of RADIATOR, Perl, Perl modules, certificates, and configuration as 8 other servers that are working, but something about this server is different. Trace logs, output from eapol_test, and packet captures show that there is an initial request to RADIATOR and RADIATOR responds, but when the client makes it's next request RADIATOR never responds. No error messages in the the RADIATOR trace log. Ideas? -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu From: Johnson, Neil Johnson neil-john...@uiowa.edu mailto:neil-john...@uiowa.edu Date: Thursday, June 27, 2013 2:47 PM To: Alan Buxey a.l.m.bu...@lboro.ac.uk mailto:a.l.m.bu...@lboro.ac.uk Cc: radiator@open.com.au mailto:radiator@open.com.au radiator@open.com.au mailto:radiator@open.com.au Subject: Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing) Well, according to our server support folks, they performed this same procedure on our other 8 RADIUS servers and didn't have any issues. They were using SCCM (Microsoft's System Center Configuration Manager) to automate the uninstall and re-install of the software rather than a manual process. I wonder if performing the actions by hand would make a difference. Since it appears to be one box, I'm assuming there was something wrong with it before the upgrade and it should be wiped and reinstalled from scratch. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu mailto:neil-john...@uiowa.edu From: Alan Buxey a.l.m.bu...@lboro.ac.uk mailto:a.l.m.bu...@lboro.ac.uk Reply-To: Alan Buxey a.l.m.bu...@lboro.ac.uk mailto:a.l.m.bu...@lboro.ac.uk Date: Thursday, June 27, 2013 1:35 PM To: Neil Johnson neil-john...@uiowa.edu mailto:neil-john...@uiowa.edu Cc: Heikki Vatiainen h...@open.com.au mailto:h...@open.com.au, radiator@open.com.au mailto:radiator@open.com.au radiator@open.com.au mailto:radiator@open.com.au Subject: Re: Microsoft AV (Was Re: [RADIATOR] EAP PEAP Authentication Failing) What would be interesting is whether a clean install of Windows and just the installation of the Microsoft SEP kills it alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Sami Keski-Kasari sam...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)
I had our server folks completely re-install windows on the server and I'm still getting the same problem (Accounting requests are processing fine. EAP Authentication id failing). I'm using the same version of RADIATOR, Perl, Perl modules, certificates, and configuration as 8 other servers that are working, but something about this server is different. Trace logs, output from eapol_test, and packet captures show that there is an initial request to RADIATOR and RADIATOR responds, but when the client makes it's next request RADIATOR never responds. No error messages in the the RADIATOR trace log. Ideas? -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu From: Johnson, Neil Johnson neil-john...@uiowa.edumailto:neil-john...@uiowa.edu Date: Thursday, June 27, 2013 2:47 PM To: Alan Buxey a.l.m.bu...@lboro.ac.ukmailto:a.l.m.bu...@lboro.ac.uk Cc: radiator@open.com.aumailto:radiator@open.com.au radiator@open.com.aumailto:radiator@open.com.au Subject: Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing) Well, according to our server support folks, they performed this same procedure on our other 8 RADIUS servers and didn't have any issues. They were using SCCM (Microsoft's System Center Configuration Manager) to automate the uninstall and re-install of the software rather than a manual process. I wonder if performing the actions by hand would make a difference. Since it appears to be one box, I'm assuming there was something wrong with it before the upgrade and it should be wiped and reinstalled from scratch. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edumailto:neil-john...@uiowa.edu From: Alan Buxey a.l.m.bu...@lboro.ac.ukmailto:a.l.m.bu...@lboro.ac.uk Reply-To: Alan Buxey a.l.m.bu...@lboro.ac.ukmailto:a.l.m.bu...@lboro.ac.uk Date: Thursday, June 27, 2013 1:35 PM To: Neil Johnson neil-john...@uiowa.edumailto:neil-john...@uiowa.edu Cc: Heikki Vatiainen h...@open.com.aumailto:h...@open.com.au, radiator@open.com.aumailto:radiator@open.com.au radiator@open.com.aumailto:radiator@open.com.au Subject: Re: Microsoft AV (Was Re: [RADIATOR] EAP PEAP Authentication Failing) What would be interesting is whether a clean install of Windows and just the installation of the Microsoft SEP kills it alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)
What would be interesting is whether a clean install of Windows and just the installation of the Microsoft SEP kills it alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Microsoft AV (Was Re: EAP PEAP Authentication Failing)
Well, according to our server support folks, they performed this same procedure on our other 8 RADIUS servers and didn't have any issues. They were using SCCM (Microsoft's System Center Configuration Manager) to automate the uninstall and re-install of the software rather than a manual process. I wonder if performing the actions by hand would make a difference. Since it appears to be one box, I'm assuming there was something wrong with it before the upgrade and it should be wiped and reinstalled from scratch. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu From: Alan Buxey a.l.m.bu...@lboro.ac.ukmailto:a.l.m.bu...@lboro.ac.uk Reply-To: Alan Buxey a.l.m.bu...@lboro.ac.ukmailto:a.l.m.bu...@lboro.ac.uk Date: Thursday, June 27, 2013 1:35 PM To: Neil Johnson neil-john...@uiowa.edumailto:neil-john...@uiowa.edu Cc: Heikki Vatiainen h...@open.com.aumailto:h...@open.com.au, radiator@open.com.aumailto:radiator@open.com.au radiator@open.com.aumailto:radiator@open.com.au Subject: Re: Microsoft AV (Was Re: [RADIATOR] EAP PEAP Authentication Failing) What would be interesting is whether a clean install of Windows and just the installation of the Microsoft SEP kills it alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator