22.12.2011 10:08:33
lqy881
Posts: 10
|
Hi, ihave a ASUS RT-N12B1 router, IP is 192.168.1.1. My pc's IP is 192.168.1.2, installed TekRadius, set up client:NAS:default ; secret:test ; Vendor:ietf .
Server setting: ListenIP: 192.168.1.2, authentication port:1812; Authorization only:checked; Auth. Method: EAP-MS-CHAP-V2.
Add some user, and set User-Password check attribute.
But notebook wireless failed to linkup, It keep tips me type username and passwod. If I use atheros client tool to manage wireless network, it show me that authentication failed.
|
|
|
0
• permalink
|
22.12.2011 10:12:04
Admin
Administrator
Posts: 1833
|
Hi,
Can you send TekRADIUS log entries (Accessible through File menu) after setting log level to debug at Settings / Service Parameters?
Best regards,
Yasin KAPLAN
|
|
|
0
• permalink
|
22.12.2011 10:27:09
lqy881
Posts: 10
|
Thank you for reply. When Authorization-only is checked, Authorization success; When Authorization-only is unchecked, message will show failed(next post).
2011-12-22 11:38:54 - TekRADIUS LT Service is listening on : 192.168.1.2 (1 client(s))
RadAuth req. from : 192.168.1.1:32769 - 2011-12-22 11:39:24
Size : 133 / 133
Identifier : 0
Attributes :
2011-12-22 11:39:24 - Starting PEAP (A).
Framed-MTU = 1400
NAS-Port-Type = 19
Called-Station-Id = bcaec5a51874
Calling-Station-Id = f07bcb79000e
NAS-IP-Address = 192.168.1.1
NAS-Port = 55
NAS-Identifier = bcaec5a51874
User-Name = lqy
2011-12-22 11:39:24 - EAP Authentication commencing for user 'lqy'
2011-12-22 11:39:24 - Fetching Success-Reply items - Start.
2011-12-22 11:39:24 - Fetching Success-Reply items - Stop.
2011-12-22 11:39:24 - Generating Reply Packet - Start.
2011-12-22 11:39:24 - Generating Reply Packet - Stop.
2011-12-22 11:39:24 - Authorization successfull for user lqy
|
|
|
0
• permalink
|
22.12.2011 11:09:51
Admin
Administrator
Posts: 1833
|
You must not use Authorization-Only with EAP authentication method. Please send log entries after unchecking Authorization-Only option.
|
|
|
0
• permalink
|
22.12.2011 15:33:48
lqy881
Posts: 10
|
I uncheck the Authorization-Only option, then get this message, not change anything , 2011-12-22 16:01:19 check the Authorization-Only option. But at notebook, both show me authentication failed.
2011-12-22 15:59:14 - TekRADIUS LT Service 4.3.0.0 is being started (Microsoft Windows NT 5.1.2600 Service Pack 3).
2011-12-22 15:59:20 - Updating periodic credit limits - Start.
2011-12-22 15:59:20 - Updating periodic credit limits - Stop.
2011-12-22 15:59:20 - TekRADIUS LT Service is listening on : 192.168.1.2 (1 client(s))
RadAuth req. from : 192.168.1.1:33535 - 2011-12-22 15:59:58
Size : 119 / 119
Identifier : 1
Attributes :
2011-12-22 15:59:58 - Starting PEAP (A).
Framed-MTU = 1400
NAS-Port-Type = 19
Called-Station-Id = bcaec5a51874
Calling-Station-Id = 001cbf394310
NAS-IP-Address = 192.168.1.1
NAS-Port = 42
NAS-Identifier = bcaec5a51874
User-Name = xzx
2011-12-22 15:59:58 - EAP Authentication commencing for user 'xzx'
2011-12-22 15:59:58 - PEAP Challenge sent for user 'xzx'.
RadAuth req. from : 192.168.1.1:33535 - 2011-12-22 15:59:58
Size : 232 / 232
Identifier : 1
Attributes :
Framed-MTU = 1400
NAS-Port-Type = 19
Called-Station-Id = bcaec5a51874
Calling-Station-Id = 001cbf394310
NAS-IP-Address = 192.168.1.1
NAS-Port = 42
State = bc91f3b313649ccfa858fcdd4ebdf05e
NAS-Identifier = bcaec5a51874
User-Name = xzx
2011-12-22 15:59:58 - PEAP Authentication commencing for user 'xzx'
2011-12-22 15:59:58 - Check items control - Start (Group : Default).
2011-12-22 15:59:58 - PEAP Authentication failed. A valid certificate could not be found for user 'xzx'
2011-12-22 16:01:19 - TekRADIUS LT Service 4.3.0.0 (Revision 0) is being stopped.
2011-12-22 16:01:20 - TekRADIUS LT Service 4.3.0.0 is being started (Microsoft Windows NT 5.1.2600 Service Pack 3).
2011-12-22 16:01:29 - Updating periodic credit limits - Start.
2011-12-22 16:01:29 - Updating periodic credit limits - Stop.
2011-12-22 16:01:29 - TekRADIUS LT Service is listening on : 192.168.1.2 (1 client(s))
RadAuth req. from : 192.168.1.1:33535 - 2011-12-22 16:01:53
Size : 119 / 119
Identifier : 1
Attributes :
2011-12-22 16:01:53 - Starting PEAP (A).
Framed-MTU = 1400
NAS-Port-Type = 19
Called-Station-Id = bcaec5a51874
Calling-Station-Id = 001cbf394310
NAS-IP-Address = 192.168.1.1
NAS-Port = 42
NAS-Identifier = bcaec5a51874
User-Name = xzx
2011-12-22 16:01:54 - EAP Authentication commencing for user 'xzx'
2011-12-22 16:01:54 - Fetching Success-Reply items - Start.
2011-12-22 16:01:54 - Fetching Success-Reply items - Stop.
2011-12-22 16:01:54 - Generating Reply Packet - Start.
2011-12-22 16:01:54 - Generating Reply Packet - Stop.
2011-12-22 16:01:54 - Authorization successfull for user xzx
RadAuth reply to : 192.168.1.1:33535 - 2011-12-22 16:01:54
Size : 49
Identifier : 1
Attributes :
User-Name = xzx
2011-12-22 16:02:29 - Session timer expired for the session : 3a368cdf3c9f67eae0517784f0c5285f
|
|
|
0
• permalink
|
22.12.2011 16:45:32
Admin
Administrator
Posts: 1833
|
Hi,
You need to have a valid server certificate in user profile (You must add TLS-Server-Certificate attribute as a Check attribute). You can generate server certificate
using TekCERT. Please see TekRADIUS manual for details.
Best regards,
Yasin KAPLAN
|
|
|
0
• permalink
|
22.12.2011 16:58:37
lqy881
Posts: 10
|
Thank you! I will check this next day.
|
|
|
0
• permalink
|
23.12.2011 04:20:35
lqy881
Posts: 10
|
Great product! I set TLS-Server-Certificate in default group ,which generate by TekCERT, all wireless client can link up to router . Thank you very much!
|
|
|
0
• permalink
|
23.12.2011 08:02:36
Admin
Administrator
Posts: 1833
|
You welcome
|
|
|
0
• permalink
|