PEAP - Key not valid - Bugs - TekRADIUS

Powered by Jitbit Forum free trial version.

	home	recent topics	recent posts	search	faq

Messages in this topic - RSS

Home » Bugs » PEAP - Key not valid

Bugs

show rated messages only |

16.09.2009 03:27:53 ttm Posts: 2	I'm testing user PEAP authentication. The user defined in TekRADIUS has attribute checks defined for User-password, TLS-Certificate, and Authentication-Method. The server certificate is issued from a Microsoft CA. The rootCA cert is installed as a Trusted Root CA on both the server's machine store and the test client. A protocol analyzer on both sides shows the TLS handshake of: 1) ClientHello 2) ServerHello, Certificate, ServerHelloDone 3) ClientKeyExchange, ChangeCipherSpec, EncryptedHandshakeMessage The server receives the client key exchange message, but seems to stop there. I should be getting the message "TLS Session has been established" at this point. Instead, the TekRADIUS log (set at debug level) reports: "Key not valid for use in specified state." The next post will contain the TekRADIUS log showing one client authentication attempt. I've verified that the certificates used allow for Key Usage of Digital Signature and Key Encipherment, and for Enhanced Key Usage of Server Authentication. Any light shed on this problem would be appreciated.
	0 • permalink
16.09.2009 11:04:30 Admin Administrator Posts: 1684	Hi, Can you send me TekRADIUS.log after setting log level to debug? Best regards, Yasin KAPLAN
	0 • permalink
16.09.2009 19:08:58 ttm Posts: 2	Here's the TekRADIUS log file: 9/15/2009 4:49:41 PM - TekRADIUS Service 3.4.0.0 is being started. 9/15/2009 4:49:41 PM - TekRADIUS Service is listening on : 192.170.1.18 (2 client(s)) RadAuth req. from : 192.168.255.2 - 9/15/2009 4:50:38 PM Size : 161 / 161 Identifier : 94 Attributes : 9/15/2009 4:50:38 PM - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... 9/15/2009 4:50:38 PM - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... 9/15/2009 4:50:38 PM - Sending MD5-Challenge. Calling-Station-Id = 001302B1BED5 NAS-Port-Type = 19 Called-Station-Id = 000B86535300 User-Name = test1 NAS-IP-Address = 192.168.255.2 NAS-Identifier = 192.168.255.2 Service-Type = 1 NAS-Port = 1 Framed-MTU = 1100 9/15/2009 4:50:38 PM - User configured for PEAP authentication; starting PEAP session. 9/15/2009 4:50:38 PM - Check items control - Start. 9/15/2009 4:50:38 PM - Check items control - Stop. 9/15/2009 4:50:38 PM - PEAP Challenge sent for user 'test1'. RadAuth req. from : 192.168.255.2 - 9/15/2009 4:50:38 PM Size : 293 / 293 Identifier : 95 Attributes : 9/15/2009 4:50:38 PM - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... 9/15/2009 4:50:38 PM - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... Calling-Station-Id = 001302B1BED5 NAS-Port-Type = 19 Called-Station-Id = 000B86535300 User-Name = test1 NAS-IP-Address = 192.168.255.2 NAS-Identifier = 192.168.255.2 Service-Type = 1 NAS-Port = 1 State = 183db05b360e7e34de9b8085354fd7da Framed-MTU = 1100 9/15/2009 4:50:38 PM - Check items control - Start. 9/15/2009 4:50:38 PM - Check items control - Stop. 9/15/2009 4:50:38 PM - PEAP Challenge sent for user 'test1'. RadAuth req. from : 192.168.255.2 - 9/15/2009 4:50:38 PM Size : 377 / 377 Identifier : 96 Attributes : 9/15/2009 4:50:38 PM - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... 9/15/2009 4:50:38 PM - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... Calling-Station-Id = 001302B1BED5 NAS-Port-Type = 19 Called-Station-Id = 000B86535300 User-Name = test1 NAS-IP-Address = 192.168.255.2 NAS-Identifier = 192.168.255.2 Service-Type = 1 NAS-Port = 1 State = 183db05b360e7e34de9b8085354fd7da Framed-MTU = 1100 9/15/2009 4:50:38 PM - Debug Message : (Radius Authentication) Key not valid for use in specified state. Calling-Station-Id = 001302B1BED5 NAS-Port-Type = 19 Called-Station-Id = 000B86535300 User-Name = test1 NAS-IP-Address = 192.168.255.2 NAS-Identifier = 192.168.255.2 Service-Type = 1 NAS-Port = 1 State = 183db05b360e7e34de9b8085354fd7da Framed-MTU = 1100 RadAuth req. from : 192.168.255.2 - 9/15/2009 4:50:43 PM Size : 377 / 377 Identifier : 96 Attributes : 9/15/2009 4:50:43 PM - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... 9/15/2009 4:50:43 PM - Unknown or disabled attribute found (Vendor ='unknown', Attribute ='26'), ignoring... 9/15/2009 4:50:43 PM - Not a cached EAP session. Requesting Identity. Calling-Station-Id = 001302B1BED5 NAS-Port-Type = 19 Called-Station-Id = 000B86535300 User-Name = test1 NAS-IP-Address = 192.168.255.2 NAS-Identifier = 192.168.255.2 Service-Type = 1 NAS-Port = 1 State = 183db05b360e7e34de9b8085354fd7da Framed-MTU = 1100 9/15/2009 4:50:43 PM - Check items control - Start. 9/15/2009 4:50:43 PM - Check items control - Stop.
	0 • permalink
16.09.2009 19:49:11 Admin Administrator Posts: 1684	Can you export public key (in .cer format) and send to info at tekradius.com?
	0 • permalink

show rated messages only |

Home » Bugs » PEAP - Key not valid

Powered by Jitbit Forum 7.2.3.0 © 2006-2011 Jitbit Software