URGENT!!! CAR and PEAP

Unanswered Question
Dec 14th, 2007

I can't figure this one out.

I've configured CAR for PEAP V0 using MS-CHAPv2 (I'm going to use the supplicant installed on Windows XP on wireless networks).

The test AP has been configured and the server is receiving the requests, however it seems that it doesn't receive the passwords.

If I try to connect to the wireless network I get the prompt for username/password, but it always rejects them. Here is the trace output:

12/13/2007 1:10:14: P915: Packet received from 192.168.0.1

12/13/2007 1:10:14: P915: Checking Message-Authenticator

12/13/2007 1:10:14: P915: Trace of Access-Request packet

12/13/2007 1:10:14: P915: identifier = 0

12/13/2007 1:10:14: P915: length = 126

12/13/2007 1:10:14: P915: reqauth = ef:ce:47:c1:4d:e3:47:a0:7b:f4:1d:eb:28:c3:7e:08

12/13/2007 1:10:14: P915: User-Name = alonso

12/13/2007 1:10:14: P915: NAS-IP-Address = 192.168.0.1

12/13/2007 1:10:14: P915: NAS-Port = 60

12/13/2007 1:10:14: P915: Framed-MTU = 1400

12/13/2007 1:10:14: P915: Called-Station-Id = 0018f8f7b98e

12/13/2007 1:10:14: P915: Calling-Station-Id = 001c106f09da

12/13/2007 1:10:14: P915: NAS-Identifier = 0018f8f7b98e

12/13/2007 1:10:14: P915: NAS-Port-Type = Wireless - IEEE 802.11

12/13/2007 1:10:14: P915: EAP-Message = 02:00:00:0b:01:61:6c:6f:6e:73:6f

12/13/2007 1:10:14: P915: Message-Authenticator = 6b:47:57:71:8c:97:37:61:21:d2:84:49:05:d3:96:8a

12/13/2007 1:10:14: P915: Using Client: Suesser

12/13/2007 1:10:14: P915: Using NAS: Suesser (192.168.0.1)

12/13/2007 1:10:14: P915: Request is directly from a NAS: TRUE

12/13/2007 1:10:14: P915: Authenticating and Authorizing with Service local-users

12/13/2007 1:10:14: P915: Getting User alonso's UserRecord from UserList Default

12/13/2007 1:10:14: Log: Request from Suesser (192.168.0.1): Authentication request for User alonso had no User-Password or CHAP-Password attribute in packet

12/13/2007 1:10:14: P915: Adding Message-Authenticator to response

12/13/2007 1:10:14: P915: Trace of Access-Reject packet

12/13/2007 1:10:14: P915: identifier = 0

12/13/2007 1:10:14: P915: length = 54

12/13/2007 1:10:14: P915: respauth = 19:02:50:72:df:29:db:bd:ca:99:6a:02:49:e0:66:c0

12/13/2007 1:10:14: P915: Reply-Message = Access Denied

12/13/2007 1:10:14: P915: Message-Authenticator = cb:d3:43:ed:1a:84:c7:1a:89:39:9b:ee:24:c9:50:45

12/13/2007 1:10:14: P915: Sending response to 192.168.0.1

12/13/2007 1:10:14: Log: Request from Suesser (192.168.0.1): User alonso rejected (MalformedRequest)

It's complaining about not having a password, right?

Well, the request did in fact had a password, but it doesn't matter, I get the same reply if I try to login with or without the password.

Obviously I'm missing something here, but I can't figure it out.

Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jpodolanko Wed, 12/19/2007 - 14:44

What platform are you using for your RADIUS server? I have had trouble with the same type of setup. I eventually figured it out though. I was running a Win2k3 Server, and I am just using the IAS Tool for RADIUS. I had to adjust a couple of settings in the "wireless" policy in IAS to get this to work (and I had to place it at the top of the policy list).

Actions

This Discussion