17.01.2010 13:21:31
ezequiel
Posts: 3
|
Yasin,
Sorry to bother you, I'm Ezequiel from Argentina. I'm trying to have a Engenius EAP3660 access point working in WPA or WPA2 mode, working with tekradius.
I configured my AP this way:
SSID "prueba", security "WPA", encryption "TKIP" (also tryed AES), radius server ip, port 1812, radius secret key and group key update interval in 3600 secs.
Then my tekradius seems to be properly installed, with the sql working (tables appear in database looking with the mgmt studio).
Service parameters are: IP is correct, por tis 1812, PEAP inner auth.method is "EAP-MD5" (but tryed both).
Then created NAS at client table, using the AP ip address and ietf dictionary, and created a user with a "user-password"attribute.
At the client side I'm using a PC with WinXP and I tried connecting using the windows wireless network adaper configured for WPA and also I'm trying with WIRE1x software.
Strange thing is that tekradius log shows nothing, as if the NAS wasn't working at all.
At the AP, the log just repeats infinite times this:
Dec 31 22:45:47 (none) daemon.debug hostapd: ath1: STA 00:15:af:33:13:fd WPA: event 5 notification
Dec 31 22:45:47 (none) daemon.debug hostapd: ath1: STA 00:15:af:33:13:fd IEEE 802.1X: received EAPOL-Start from STA
Dec 31 22:45:47 (none) daemon.debug hostapd: ath1: STA 00:15:af:33:13:fd WPA: event 5 notification
Dec 31 22:45:47 (none) daemon.debug hostapd: ath1: STA 00:15:af:33:13:fd IEEE 802.1X: received EAPOL-Start from STA
Dec 31 22:45:47 (none) daemon.debug hostapd: ath1: STA 00:15:af:33:13:fd WPA: event 5 notification
Dec 31 22:45:47 (none) daemon.debug hostapd: ath1: STA 00:15:af:33:13:fd IEEE 802.1X: received EAPOL-Start from STA
then I wiresharked both interfaces, at client and at tekradius server. The only thing that appears is a packet that came from the client MAC (and goes a MAC that I cannot identify) and is a 802.1X Authentication packet with this attributes: version:1, Type:Start(1), and Lengh:0
this paket appears at both NICs (at the notebook and at the server!) and repeats thousands of times in few second (a very insisting retry!).
I'm sure all connectivity in my lab is fine, the AP works correctly when configured with WPA-PSK and I configure the AP from the very same server in which tekradius is installed.
Do you have any idea for further troubleshooting? Do you know if it's possible that this AP is somehow non-compatible with ietf dictionary and tekradius? An I doing somethin wrong and as is in my very nose I'm not seeing it?
Thanks a lot in advance!, Ezequiel.
|
|
• permalink
• reply with quote
|
17.01.2010 14:40:48
admin
Administrator
Posts: 881
|
Hi,
Have configured a Client-Certificate in user or group profile? Please aslo examine TekRADIUS.log after setting log level to debug at
settings / service parameters.
Best regards,
Yasin KAPLAN
|
|
• permalink
• reply with quote
|
18.01.2010 00:00:45
ezequiel
Posts: 3
|
Hi,
Thanks for your immediate reply. I tryed creating a certificate with tekcert as instructed on te website, but my problen there was that my winXP (at my mmc) -perhaps due to some time hose differences- said the certificate was still invalid because it was expired or still not valid!
Is there no other workarround but to install in all clients the certificates??? I'm implementing this in a school... trust me, it could be hell...
In the log side, this was very sad, absolute nothing appeared. as if my NAS was dead.
I'm beggining to lose my feith in the access point, I'm trying some firmware upgrade approach now...
Thanks, Ezequiel.
|
|
• permalink
• reply with quote
|
18.01.2010 11:22:26
admin
Administrator
Posts: 881
|
Hi,
Please examine TekRADIUS.log under C:\Program Files\TekRADIUS. Windows has an option to disable certificate
validation checking.
edited by admin on 18.01.2010
|
|
• permalink
• reply with quote
|
28.01.2010 09:09:45
ezequiel
Posts: 3
|
HI,
I finally got my NAS fixed -good news- but I still can't get access -bad news- I'm attaching what appears at my tekradius.log file, perhaps you can find the reason... as I think I'm doing it all just by the book! (my config is just as appears at the "Computer can not access AP" thread)
28/01/2010 01:20:38 a.m. - TekRADIUS Service 3.4.0.0 is being started.
28/01/2010 01:20:38 a.m. - TekRADIUS Service is listening on : 192.168.1.71 (2 client(s))
RadAuth req. from : 192.168.1.21 - 28/01/2010 01:20:56 a.m.
Size : 174 / 174
Identifier : 200
Attributes :
28/01/2010 01:20:56 a.m. - Starting PEAP (A).
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-15-AF-33-13-FD
NAS-Port-Type = 19
Called-Station-Id = 00-02-6F-5C-22-26:prueba
User-Name = egarcia
NAS-IP-Address = 192.168.1.21
Framed-MTU = 1400
NAS-Port = 0
28/01/2010 01:20:56 a.m. - Check items control - Start.
28/01/2010 01:20:56 a.m. - Check items control - Stop.
28/01/2010 01:20:56 a.m. - PEAP Challenge sent for user '00-15-AF-33-13-FD'.
RadAuth req. from : 192.168.1.21 - 28/01/2010 01:20:56 a.m.
Size : 266 / 266
Identifier : 201
Attributes :
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-15-AF-33-13-FD
NAS-Port-Type = 19
Called-Station-Id = 00-02-6F-5C-22-26:prueba
User-Name = egarcia
NAS-IP-Address = 192.168.1.21
Framed-MTU = 1400
NAS-Port = 0
State = 8ee7e8241a48789830ee66b6d0a8f8d0
28/01/2010 01:20:56 a.m. - Debug Message : (Radius Authentication)
Object reference not set to an instance of an object.
Connect-Info = CONNECT 11Mbps 802.11b
Calling-Station-Id = 00-15-AF-33-13-FD
NAS-Port-Type = 19
Called-Station-Id = 00-02-6F-5C-22-26:prueba
User-Name = egarcia
NAS-IP-Address = 192.168.1.21
Framed-MTU = 1400
NAS-Port = 0
State = 8ee7e8241a48789830ee66b6d0a8f8d0
...And It repeats constantly as windows retries...
Any ideas?
Thanks again, Ezequiel. 
|
|
• permalink
• reply with quote
|
29.01.2010 10:38:13
admin
Administrator
Posts: 881
|
Hi,
Which tool did you use to create the certificate in the user profile?
|
|
• permalink
• reply with quote
|