PEAP or TTLS and Microsoft Vista.

Thu Jul 24 14:28:05 CEST 2008

Lech Karol Pawłaszek wrote:
> SecureW2 (List) wrote:
>> http://msdn.microsoft.com/en-us/library/aa813696(VS.85).aspx
> 
> Nice article. However I don't understand a few things. What's "pdb
> <pdbpath>"? I'm not good at Windows.

Good lord... they've made the EAP logging *worse*. I didn't think that 
was possible.

It looks to me like the authentication is succeeding in those latest 
files; onex.txt says (at line 1367):

[4924] 12:03:49.152 Port(38): Received an Eap packet length=4, 
type=EapSuccess, identifier=10, eapType=0

..then a few lines later:

[2896] 12:03:49.202 Port(38): MPPE-Send/Recv-Keys derived by supplicant
<snip>
[2896] 12:03:49.202 Port(38): The auth succeeded. Deleting all cached UI 
Responses
<snip>
[2896] 12:03:49.284 Port(38): Start processing local event: 
(PAESuppSuccess)
[2896] 12:03:49.284 Port(38): Completed the 802.1X authentication 
successfully

So, all is good. But about 5 seconds later:

[2108] 12:04:03.819 OneXIndicatePacket
[2108] 12:04:03.819 Port(38): Received an Eap packet length=5, 
type=EapRequestId, identifier=11, eapType=0
<snip>
[4924] 12:04:03.820 Port(38): Restarting authentication due to reason = 
PeerInitiated

similarly in eaphost.txt:

[3432] 12:04:03.831 Received an identity request packet without an 
active session - restart auth

Are you sure the problem is what you think it is?

Also, I see in your windows logs reference to the securew2 supplicant; 
are you sure you haven't broken the EAP stack on the windows box? Maybe 
got it confused?

Can you get a trace from both the windows machine and FreeRadius run 
under "-X" at the *same time*? The "freeradius.log" in your original 
email does not appear to be the same issue - that looks more like there 
are no compatible EAP types at both ends.

I'm not in the office this week so can't try to reproduce it, but I have 
have a try next week.