(RADIATOR) running into snags trying to get EAP-FAST working
Mike McCauley
mikem at open.com.au
Wed Feb 13 15:59:18 CST 2008
Hello Jim,
You log shows that there are no module or dependency problems.
Looks like you have your openssl correctly patched to support extensions.
Looks like your net-ssleay is OK, too.
I think the problem you are seeing is triggered by an earlier error reported
from the client:
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST TLS data: 800300020002
> Wed Feb 13 07:30:35 2008: ERR: EAP-FAST peer RESULT failure
> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 2, EAP-FAST peer RESULT
This appears to be your client reporting a TLV RESULT type FAILURE from the
previous message sent to it by Radiator. Radiator is not replying to this
result failure message (which is incorrect, and a patch has now been posted
to fix that).
The previous message (the one that resulted in this result failure) was the
provisioning of a PAC to the client.
So I think the next step is for you to look at your client logs to see what it
is complaining about when it receives a PAC.
BTW, what version of client are you using?
Also will you please send your Radiator config file with your next report?
Cheers.
On Wednesday 13 February 2008 22:36, Jim Veneskey wrote:
> Hi Hugh,
> I am running radiusd from the command line now - that is how I am seeing
> the TLS not initialised issue...
>
> >>> Tue Feb 12 15:36:17 2008: DEBUG: EAP result: 2, TLS not initialised
> >>> Tue Feb 12 15:36:17 2008: DEBUG: AuthBy FILE result: IGNORE, TLS not
> >>> initialised
>
> My wireless client seems to get to the point where it wants to provision
> a PAC, and then things break after that.
>
> I am not getting any errors (Perl) that might suggest I am missing a
> module, but this morning I added HMAC_SHA1, just in case. No difference.
>
> Attached is the complete output that I am seeing thus far.
>
> I am using the eap_fast.cfg sample config (copied to
> /etc/radiator/radius.cfg) w/out any alterations, and I simply added a
>
> test user to the "users" file, using the original user as a template:
> > widevaio User-Password=widevaio
> > Service-Type = Framed-User,
> > Framed-Protocol = PPP,
> > Framed-IP-Netmask = 255.255.255.255,
> > Framed-Routing = None,
> > Framed-MTU = 1500,
> > Framed-Compression = Van-Jacobson-TCP-IP
>
> Complete log showing the failure follows.
>
> Thanks,
>
> Jim
>
>
>
>
>
> Wed Feb 13 07:30:26 2008: DEBUG: Finished reading configuration file
> '/etc/radiator/radius.cfg'
> Wed Feb 13 07:30:26 2008: DEBUG: Reading dictionary file './dictionary'
> Wed Feb 13 07:30:26 2008: DEBUG: Creating authentication port 0.0.0.0:1645
> Wed Feb 13 07:30:26 2008: DEBUG: Creating accounting port 0.0.0.0:1646
> Wed Feb 13 07:30:26 2008: NOTICE: Server started: Radiator 4.0 on
> deathwing (LOCKED)
> Wed Feb 13 07:30:30 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
> Code: Access-Request
> Identifier: 205
> Authentic: 4<183><247><178><138><243><173>/<215>1Gw<201>!^<233>
> Attributes:
> User-Name = "PEAP-00-40-96-A4-4E-24"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-0B-FC-FB-7F-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message = <2><2><0><27><1>PEAP-00-40-96-A4-4E-24
> Message-Authenticator =
> <128><160><214><190>m<166><255>=<173>y<198><9>ie<149>>
>
> Wed Feb 13 07:30:30 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:30 2008: DEBUG: Deleting session for
> PEAP-00-40-96-A4-4E-24, 192.168.50.15, 29
> Wed Feb 13 07:30:30 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:30 2008: DEBUG: Handling with EAP: code 2, 2, 27, 1
> Wed Feb 13 07:30:30 2008: DEBUG: Response type 1
> Wed Feb 13 07:30:30 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
> Wed Feb 13 07:30:30 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
> Challenge
> Wed Feb 13 07:30:30 2008: DEBUG: Access challenged for
> PEAP-00-40-96-A4-4E-24: EAP-FAST Challenge
> Wed Feb 13 07:30:30 2008: DEBUG: Packet dump:
> *** Sending to 192.168.50.15 port 32770 ....
> Code: Access-Challenge
> Identifier: 205
> Authentic: 4<183><247><178><138><243><173>/<215>1Gw<201>!^<233>
> Attributes:
> EAP-Message = <1><3><0>
> +!<0><4><0><9>deathwing<0><7><0><9>deathwing
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Feb 13 07:30:34 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
> Code: Access-Request
> Identifier: 206
> Authentic: <247><188>*<25><193><201><218><160><233>?<206>4<218>};<26>
> Attributes:
> User-Name = "PEAP-00-40-96-A4-4E-24"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-0B-FC-FB-7F-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message =
> <2><3><0>8+<1><22><3><1><0>-<1><0><0>)<3><1>G<178><227><128><178><190><191>
><140><192><20><207><193><229>F;<213>"V<2>Kbm<175><11><226>X<4><5><178>p<163>
><245><0><0><2><0>4<1><0> Message-Authenticator =
> <190><153><187><9>#7l<217><170>~<28><157><206><140><153><178>
>
> Wed Feb 13 07:30:34 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:34 2008: DEBUG: Deleting session for
> PEAP-00-40-96-A4-4E-24, 192.168.50.15, 29
> Wed Feb 13 07:30:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:34 2008: DEBUG: Handling with EAP: code 2, 3, 56, 43
> Wed Feb 13 07:30:34 2008: DEBUG: Response type 43
> Wed Feb 13 07:30:34 2008: DEBUG: Enable Server-Unauthenticated
> Provisioning mode
> Wed Feb 13 07:30:34 2008: DEBUG: EAP-FAST a new PAC will be provisioned
> Wed Feb 13 07:30:34 2008: DEBUG: EAP-FAST SSL_accept result: -1, 2, 8576
> Wed Feb 13 07:30:34 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
> Wed Feb 13 07:30:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
> Challenge
> Wed Feb 13 07:30:34 2008: DEBUG: Access challenged for
> PEAP-00-40-96-A4-4E-24: EAP-FAST Challenge
> Wed Feb 13 07:30:34 2008: DEBUG: Packet dump:
> *** Sending to 192.168.50.15 port 32770 ....
> Code: Access-Challenge
> Identifier: 206
> Authentic: <247><188>*<25><193><201><218><160><233>?<206>4<218>};<26>
> Attributes:
> EAP-Message =
> <1><4><2>r+<129><0><0><2>h<22><3><1><0>J<2><0><0>F<3><1>G<178><226><234><22
>7>[<145>aj=<182>1<208><145><250><200><148><162><23><245><154><231><6><174><2
>39>ue<235><14><161>c<160>
> {<215>$c<164><10><247><127>0g~<172>U<213><181>4<179><161><149><22><253>.<24
>1><23>-<155>N<30>2<28><21><9><0>4<0><22><3><1><2><11><12><0><2><7><1><0><255
>><255><255><255><255><255><255><255><201><15><218><162>!h<194>4<196><198>b<1
>39><128><220><28><209>)<2>N<8><138>g<204>t<2><11><190><166>;<19><155>"QJ<8>y
><142>4<4><221><239><149><25><179><205>:C<27>0+<10>m<242>_<20>7O<225>5mmQ<194
>>E<228><133><181>vb^~<198><244>LB<233><166>7<237>k<11><255>\<182><244><6><18
>3><237><238>8k<251>Z<137><159><165><174><159>$<17>|K<31><230>I(fQ<236><228>[
>=<194><0>|<184><161>c<191><5><152><218>H6<28>U<211><154>i<22>?<168><253>$<20
>7>_<131>e]#<220><163><173><150><28> EAP-Message = b<243>V
> <133>R<187><158><213>)<7>p<150><150>mg<12>5NJ<188><152><4><241>tl<8><202><2
>4>!|2<144>^F.6<206>;<227><158>w,<24><14><134><3><155>'<131><162><236><7><162
>><143><181><197>]<240>oLR<201><222>+<203><246><149>X<23><24>9<149>I|<234><14
>9>j<229><21><210>&<24><152><250><5><16><21>r<142>Z<138><172><170>h<255><255>
><255><255><255><255><255><255><0><1><2><1><0>\uv
> <185>:<17><198>:Z<20>%<2>~<147><228>#<220><225><245>=<158><222><149><170><1
>99>z<152>z<144><196>@<136>b<208><132>a<7>L<230>E<134>O<196><214><129>(f<164>
><219><137>&a<131><222>@*<194><195><236><212>EU"<218><161><230>z<254><5>^X<25
>2><139><185><240>{<182>P-<5><210>+<12>\_&Y<196><18>x<130><227>t<18><151>6<23
>7>=`<21>pY<10><225><225><29><18>I&<153>n<255>Ht<155><146><5>|8~Y"<172><208><
>165>Rl<165><228><17><3><131><31><201><149><11> <151>^<17>Z<169><131><9>
> EAP-Message =
> <133><154><144><28><5><4>?8<154><30><18>K<155><133><246><172><192>#,<242><i
><239><200>UmZZ<165><245>!<15><184><7><207>&<146>5<199><143>J<187><140><196><
>17><23><237><177><205><208><0>b<249><25>nQ<193><203>c<14>u,<6><204><170><228
>><136><246>bc<170><236>%Z<21>Y&<14><163><206><186><30>{Avn<5>S<140><203><145
>>,<220>^<215><128><248>S<249><246>x[<154><214>0<240>
> ^<140><174>,<22><3><1><0><4><14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
> Code: Access-Request
> Identifier: 207
> Authentic: =<18>Z<250>|<7><214>C<204><189><167>x=n<172>C
> Attributes:
> User-Name = "PEAP-00-40-96-A4-4E-24"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-0B-FC-FB-7F-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message =
> <2><4><1>L+<1><22><3><1><1><6><16><0><1><2><1><0>w<155>}|@<165>"E<253>}<192
>><2>Z<149><214><134>Z,<192><29><163>~=V<188>%<238><<142><179><208>o<224><247
>>y<206>>N<25>}DT
> g<203>gM<136>y<236><140>G7<255><228><246><176>]<243>YKo<160><228>w&<241><20
>7><190><143><132>)<193>#<174>Z;;<140><22><230><18><228>p<245><169>hL<163><18
>8><177><156>PY<7>LO<142><22><138><178>s<171>:$<7>1%x<237>`<181><247><30><161
>><226><202>d<8><146><139><180>XN<127><188><233>'=Z$<178>Y<235><12>b<186><149
>>?{<195>l<173>\P<27><148>:<248><216>c^<30><20><224>X<147><154><15><240><223>
>iD<134>:<10><231><211>1F<132>q<28><176><24>i6<187><192><230><137>@\:q<174><1
>2><149><172><200><251><161><178>Ij<215>w<149>3<168><149><160><147>Y,}<213>,<
>249><213>eG<168><206><165>w<6><188>hN<3><192>G<151><30>g0QVe<150><226><229>\
>&E EAP-Message =
> E<171>1B\O<9><250>H<168><253>D`<133><158>x<235><160>mH<20><3><1><0><1><1><2
>2><3><1><0>0l<7><221><215>t<19><253><202>!z<229><203><5>(<222><24>_<168><174
>><15><217><144><163><127><162><132><19><147><242>s<196><162>T<225>a<2><203><
>154><240><142>D<210><252><183>r<127><219><7> Message-Authenticator =
> <252>I<29><28><14><184><203>,pF&<179><235>p<208><137>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:35 2008: DEBUG: Deleting session for
> PEAP-00-40-96-A4-4E-24, 192.168.50.15, 29
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with EAP: code 2, 4, 332, 43
> Wed Feb 13 07:30:35 2008: DEBUG: Response type 43
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST SSL_accept result: 1, 0, 3
> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
> Wed Feb 13 07:30:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
> Challenge
> Wed Feb 13 07:30:35 2008: DEBUG: Access challenged for
> PEAP-00-40-96-A4-4E-24: EAP-FAST Challenge
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Sending to 192.168.50.15 port 32770 ....
> Code: Access-Challenge
> Identifier: 207
> Authentic: =<18>Z<250>|<7><214>C<204><189><167>x=n<172>C
> Attributes:
> EAP-Message =
> <1><5><0>E+<129><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0:<131><11><22><1
>97><215><171><134>}"C\v<198>6K<25>I<150><185><221><139><12>3SY<248>P<250>gNE
><218><128><131><2>m<177><138>b=<26>9d<173>)<24><23> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
> Code: Access-Request
> Identifier: 208
> Authentic: L<211><165><25><28><179><155>A<213><236>-<196><17><157><25>d
> Attributes:
> User-Name = "PEAP-00-40-96-A4-4E-24"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-0B-FC-FB-7F-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message = <2><5><0><6>+<1>
> Message-Authenticator =
> <219><219>g"<226><239>N<31><152>5<242><29><255><24><185><170>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:35 2008: DEBUG: Deleting session for
> PEAP-00-40-96-A4-4E-24, 192.168.50.15, 29
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with EAP: code 2, 5, 6, 43
> Wed Feb 13 07:30:35 2008: DEBUG: Response type 43
> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 3, EAP-FAST Challenge
> Wed Feb 13 07:30:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
> Challenge
> Wed Feb 13 07:30:35 2008: DEBUG: Access challenged for
> PEAP-00-40-96-A4-4E-24: EAP-FAST Challenge
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Sending to 192.168.50.15 port 32770 ....
> Code: Access-Challenge
> Identifier: 208
> Authentic: L<211><165><25><28><179><155>A<213><236>-<196><17><157><25>d
> Attributes:
> EAP-Message = <1><6><0>++<1><23><3><1><0>
> <148>[<203>4=<187><243>t<24><206><166><152>4<210><220><148><22><5>#<236>H<2
>46>}l<207>p<251><134><17><154><142>| Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
> Code: Access-Request
> Identifier: 209
> Authentic: <184>q(<15>9<165><243><24><227>8"<229><244><252><223><163>
> Attributes:
> User-Name = "PEAP-00-40-96-A4-4E-24"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-0B-FC-FB-7F-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message =
> <2><6><0>;+<1><23><3><1><0>0<1>[h<15><7>i<223><223><232>s<129><188><15><232
>>g~n<26><247><161><178>$<176><199><240><27><199><242><150><214>f<181><251><2
>28>S<135>pO<146><185><4>V*<31><234><158><10><254> Message-Authenticator =
> <254><245><170>S|<207><208><142>E<145>g9<201><10>t<228>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:35 2008: DEBUG: Deleting session for
> PEAP-00-40-96-A4-4E-24, 192.168.50.15, 29
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with EAP: code 2, 6, 59, 43
> Wed Feb 13 07:30:35 2008: DEBUG: Response type 43
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST TLS data:
> 8009000d0200000d01776964657661696f
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST inner authentication request
> for anonymous
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST Tunnelled request Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: <202>6uB<242><167><247><174>-r<129>$E<169>n<26>
> Attributes:
> EAP-Message = <2><0><0><13><1>widevaio
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> User-Name = "anonymous"
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> NAS-Port = 29
> Calling-Station-Id = "00-40-96-A4-4E-24"
>
> Wed Feb 13 07:30:35 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:35 2008: DEBUG: Deleting session for anonymous,
> 192.168.50.15, 29
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with EAP: code 2, 0, 13, 1
> Wed Feb 13 07:30:35 2008: DEBUG: Response type 1
> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
> Wed Feb 13 07:30:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> MSCHAP-V2 Challenge
> Wed Feb 13 07:30:35 2008: DEBUG: Access challenged for anonymous: EAP
> MSCHAP-V2 Challenge
> Wed Feb 13 07:30:35 2008: DEBUG: Returned FAST inner Packet dump:
> Code: Access-Challenge
> Identifier: UNDEF
> Authentic: <202>6uB<242><167><247><174>-r<129>$E<169>n<26>
> Attributes:
> EAP-Message =
> <1><1><0>#<26><1><1><0><30><16>0<168><190><207>6<220>vP<5>|L<6><192>9<210><
>9>deathwing Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 3, EAP-FAST inner
> authentication redespatched to a Handler
> Wed Feb 13 07:30:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
> inner authentication redespatched to a Handler
> Wed Feb 13 07:30:35 2008: DEBUG: Access challenged for
> PEAP-00-40-96-A4-4E-24: EAP-FAST inner authentication redespatched to a
> Handler
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Sending to 192.168.50.15 port 32770 ....
> Code: Access-Challenge
> Identifier: 209
> Authentic: <184>q(<15>9<165><243><24><227>8"<229><244><252><223><163>
> Attributes:
> EAP-Message =
> <1><7><0>O+<129><0><0><0>E<23><3><1><0>@<178>F<233><130><246><200>`<225><21
>3>y<6>$H<197><23><232>s<28><254>Tm<176>H<140>*2<198>5i<194><147><31><190><25
>2><248><183>dU<219>^<213>g@<150><137><240><152>d<202><9>R<155><195><247><237
>><219><172><158>5<138><29><156><144>' Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
> Code: Access-Request
> Identifier: 210
> Authentic:
> <16><31><255><199><146><182>O<18><130><172><214><175><237><175>z<132>
> Attributes:
> User-Name = "PEAP-00-40-96-A4-4E-24"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-0B-FC-FB-7F-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message =
> <2><7><0>k+<1><23><3><1><0>`<180>T<234><180><237><206>k$<150><185>Yt<151>e<
>181>G<127><156><215>4<178><25><162><244>v<141>/:3<219><221><173><176>Hv|<140
>><19><181><202><200><10><202><13><193>\<187>Vb<217><220><207>5D}<177><19><17
>9><168><220><173><207><0>4<254><138>%E9<165><219><170><234><"<136><147><24>H
>X<151>xl<28>n<218><5><139>JH<192><152><203>K<244><221> Message-Authenticator
> =
> 3F<135><186><237><172><172><231><175>"<16>s<23><232>4<219>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:35 2008: DEBUG: Deleting session for
> PEAP-00-40-96-A4-4E-24, 192.168.50.15, 29
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with EAP: code 2, 7, 107, 43
> Wed Feb 13 07:30:35 2008: DEBUG: Response type 43
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST TLS data:
> 80090043020100431a0201003e3100000000000000000000000000000000000000000000000
>080600a211ace8435c30bfd2c53db9f9eaadf86132f501d5d00776964657661696f Wed Feb
> 13 07:30:35 2008: DEBUG: EAP-FAST inner authentication request for
> anonymous
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST Tunnelled request Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: <236><131><158><154>H7<141>Q!<252>A<18><205>k<186><148>
> Attributes:
> EAP-Message =
> <2><1><0>C<26><2><1><0>>1<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0
>><0><0><0><0><0><0><0><128>`<10>!<26><206><132>5<195><11><253>,S<219><159><1
>58><170><223><134><19>/P<29>]<0>widevaio Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> User-Name = "anonymous"
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> NAS-Port = 29
> Calling-Station-Id = "00-40-96-A4-4E-24"
>
> Wed Feb 13 07:30:35 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:35 2008: DEBUG: Deleting session for anonymous,
> 192.168.50.15, 29
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with EAP: code 2, 1, 67, 26
> Wed Feb 13 07:30:35 2008: DEBUG: Response type 26
> Wed Feb 13 07:30:35 2008: DEBUG: Reading users file ./users
> Wed Feb 13 07:30:35 2008: DEBUG: Radius::AuthFILE looks for match with
> widevaio [anonymous]
> Wed Feb 13 07:30:35 2008: DEBUG: Radius::AuthFILE ACCEPT: : widevaio
> [anonymous]
> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 3, EAP MSCHAP V2 Challenge:
> Success
> Wed Feb 13 07:30:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> MSCHAP V2 Challenge: Success
> Wed Feb 13 07:30:35 2008: DEBUG: Access challenged for anonymous: EAP
> MSCHAP V2 Challenge: Success
> Wed Feb 13 07:30:35 2008: DEBUG: Returned FAST inner Packet dump:
> Code: Access-Challenge
> Identifier: UNDEF
> Authentic: <236><131><158><154>H7<141>Q!<252>A<18><205>k<186><148>
> Attributes:
> EAP-Message =
> <1><2><0>=<26><3><1><0>8S=172094BBA465A2D1DEA2B48895943942D9D13330
> M=success Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 3, EAP-FAST inner
> authentication redespatched to a Handler
> Wed Feb 13 07:30:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
> inner authentication redespatched to a Handler
> Wed Feb 13 07:30:35 2008: DEBUG: Access challenged for
> PEAP-00-40-96-A4-4E-24: EAP-FAST inner authentication redespatched to a
> Handler
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Sending to 192.168.50.15 port 32770 ....
> Code: Access-Challenge
> Identifier: 210
> Authentic:
> <16><31><255><199><146><182>O<18><130><172><214><175><237><175>z<132>
> Attributes:
> EAP-Message =
> <1><8><0>o+<129><0><0><0>e<23><3><1><0>`<241>P`<232><30>Nm>u!<201><17>#iW+<
>248><208><133><156>.<163><5>j2<156>GN<4><251>,<193><132>^<131><G*~<207><179>
><11><253>A<231><17><235><233>m<185>=F?Y<246><238>$<0>b<165>3V?<173>!s<217>?s
><137><173>Zt<211><194><238><197><159><149><155>4<174><217><168><133>a<152>.<
>20>`<139><192>~$<169><191> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
> Code: Access-Request
> Identifier: 211
> Authentic:
> <133><187><141><171><214><5><26>:<23><162><210><148><173><221>Rs
> Attributes:
> User-Name = "PEAP-00-40-96-A4-4E-24"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-0B-FC-FB-7F-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message = <2><8><0>++<1><23><3><1><0>
> <190><177><171><251><134><197><144>8<166><151><176>"t<21><255><197>p<199>{<
>223>IeW<240>?<154>J<212>9T<158><223> Message-Authenticator =
> g<132><157><173><7>e<134>I<164><174><155><246><132>C<252>9
>
> Wed Feb 13 07:30:35 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:35 2008: DEBUG: Deleting session for
> PEAP-00-40-96-A4-4E-24, 192.168.50.15, 29
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with EAP: code 2, 8, 43, 43
> Wed Feb 13 07:30:35 2008: DEBUG: Response type 43
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST TLS data: 80090006020200061a03
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST inner authentication request
> for anonymous
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST Tunnelled request Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic:
> <230>N<204><133><213>5<232><228><164><247><241><208><237><15>c<132>
> Attributes:
> EAP-Message = <2><2><0><6><26><3>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> User-Name = "anonymous"
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> NAS-Port = 29
> Calling-Station-Id = "00-40-96-A4-4E-24"
>
> Wed Feb 13 07:30:35 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:35 2008: DEBUG: Deleting session for anonymous,
> 192.168.50.15, 29
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with EAP: code 2, 2, 6, 26
> Wed Feb 13 07:30:35 2008: DEBUG: Response type 26
> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 0,
> Wed Feb 13 07:30:35 2008: DEBUG: AuthBy FILE result: ACCEPT,
> Wed Feb 13 07:30:35 2008: DEBUG: Access accepted for anonymous
> Wed Feb 13 07:30:35 2008: DEBUG: Returned FAST inner Packet dump:
> Code: Access-Accept
> Identifier: UNDEF
> Authentic:
> <230>N<204><133><213>5<232><228><164><247><241><208><237><15>c<132>
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
> MS-MPPE-Send-Key =
> 9<240><23><198>U-<24><203><196><147><11><149>kr;<228>
> MS-MPPE-Recv-Key =
> zL<169>%<7>c<251><197><7><159><156><177>k<167><165><161>
> EAP-Message = <3><2><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 3, EAP-FAST inner
> authentication redespatched to a Handler
> Wed Feb 13 07:30:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
> inner authentication redespatched to a Handler
> Wed Feb 13 07:30:35 2008: DEBUG: Access challenged for
> PEAP-00-40-96-A4-4E-24: EAP-FAST inner authentication redespatched to a
> Handler
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Sending to 192.168.50.15 port 32770 ....
> Code: Access-Challenge
> Identifier: 211
> Authentic:
> <133><187><141><171><214><5><26>:<23><162><210><148><173><221>Rs
> Attributes:
> EAP-Message =
> <1><9><0>o+<129><0><0><0>e<23><3><1><0>`<131><201><218>k:<182><20>{<219><25
>0>Vh<242>Af<157><156><166>1*m<151>Uf<223>H<245>D(t<145><215>L45<222><161><22
>0>#1<164>*<178><214>#<144>p<229>/p<251>e<136>pj%[><182><212><245><149><164>T
>l<163><238>{<5><11>B<232><134>Q(<24>1?<189><250>wV,<139><167><167><208>!'<16
>6><29><131><136><151>B<224> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
> Code: Access-Request
> Identifier: 212
> Authentic: <229><249>?<227>Z<164><214>t<176><146>IN4<206><218><132>
> Attributes:
> User-Name = "PEAP-00-40-96-A4-4E-24"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-0B-FC-FB-7F-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message =
> <2><9><0>k+<1><23><3><1><0>`<223>)<242><177>_<9>+"<190><150><255><209><128>
><236><217>Br<164><218><130>4<197>9<174><4><197><223>f^<17><29>Y<252><244>b<1
>50><131><185><203><172>ZBw)<222>3<29>q<182><16><216><8><154><217><169><149><
>128><204>l<151>+l<254><217><204><240><212>
> '<170><205>/<159><230>ZdQ<175><175><4><135><236>-/<17>[<215>.<189>o<199><18
>8>r<155><28><143> Message-Authenticator =
> F<178><168><248><248><130>A<161><173><235><255><200><31>e<192>n
>
> Wed Feb 13 07:30:35 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:35 2008: DEBUG: Deleting session for
> PEAP-00-40-96-A4-4E-24, 192.168.50.15, 29
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with EAP: code 2, 9, 107, 43
> Wed Feb 13 07:30:35 2008: DEBUG: Response type 43
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST TLS data:
> 800a00020001800c003800010101cd6c4e8a9fb41a4b42a8e905fc890538350f09a37cbda9d
>12c125883aef47591fc5bfcc8a5d9ea8bea16372f137fcc3a732b2105 Wed Feb 13
> 07:30:35 2008: DEBUG: EAP-FAST Provisioning a new PAC
> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 3, EAP-FAST PAC Provision
> Wed Feb 13 07:30:35 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP-FAST
> PAC Provision
> Wed Feb 13 07:30:35 2008: DEBUG: Access challenged for
> PEAP-00-40-96-A4-4E-24: EAP-FAST PAC Provision
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Sending to 192.168.50.15 port 32770 ....
> Code: Access-Challenge
> Identifier: 212
> Authentic: <229><249>?<227>Z<164><214>t<176><146>IN4<206><218><132>
> Attributes:
> EAP-Message =
> <1><10><0><175>+<129><0><0><0><165><23><3><1><0><160><225>,<221>'GW<177>D<2
>09><252><188><220><254>U<153>L<6>h<177>Ab*v<1><132><190><250><153><138><130>
><195><219><149><250><146>;#<169><182><132><171><142><242>1f<144><180><181>xu
>U<194><145>_*<234><192><147><243>T<222>v<141>r<132><156>R<155>j'<177><240><2
>41><240>Z<254><6><159><181><205><5><157><172><27>gz<213><18>L<28><243><31><1
>55><240>Nr^<9><196><221>$<<0>)^u<240><173>N<234>X<14><167><246><8><8>K&<175>
><208><10><244><168>W<237>}<149><136><154>_&&&s<127><209><251>em<232><155><23
>1><168><204><14>S<131><178><20><251>~'<160><164><160><244><28><223><159>+
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
> Code: Access-Request
> Identifier: 213
> Authentic: <22>%X<215>?<194><133>F<192><168><229>|<8><224>Z<149>
> Attributes:
> User-Name = "PEAP-00-40-96-A4-4E-24"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-0B-FC-FB-7F-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message = <2><10><0>++<1><23><3><1><0>
>
> >XS<206>&8<245><146><134><185><175><155><13><174><208>P'<31><183><132>e<20
> >>b<171><148>H<2><23><253>xMS
>
> Message-Authenticator =
> <140>[<154><206><219>HwmF<16><184><209><8><178><249><15>
>
> Wed Feb 13 07:30:35 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:35 2008: DEBUG: Deleting session for
> PEAP-00-40-96-A4-4E-24, 192.168.50.15, 29
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:35 2008: DEBUG: Handling with EAP: code 2, 10, 43, 43
> Wed Feb 13 07:30:35 2008: DEBUG: Response type 43
> Wed Feb 13 07:30:35 2008: DEBUG: EAP-FAST TLS data: 800300020002
> Wed Feb 13 07:30:35 2008: ERR: EAP-FAST peer RESULT failure
> Wed Feb 13 07:30:35 2008: DEBUG: EAP result: 2, EAP-FAST peer RESULT
> failure Wed Feb 13 07:30:35 2008: DEBUG: AuthBy FILE result: IGNORE,
> EAP-FAST peer RESULT failure
> Wed Feb 13 07:30:37 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
> Code: Access-Request
> Identifier: 213
> Authentic: <22>%X<215>?<194><133>F<192><168><229>|<8><224>Z<149>
> Attributes:
> User-Name = "PEAP-00-40-96-A4-4E-24"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-0B-FC-FB-7F-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message = <2><10><0>++<1><23><3><1><0>
>
> >XS<206>&8<245><146><134><185><175><155><13><174><208>P'<31><183><132>e<20
> >>b<171><148>H<2><23><253>xMS
>
> Message-Authenticator =
> <140>[<154><206><219>HwmF<16><184><209><8><178><249><15>
>
> Wed Feb 13 07:30:37 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:37 2008: DEBUG: Deleting session for
> PEAP-00-40-96-A4-4E-24, 192.168.50.15, 29
> Wed Feb 13 07:30:37 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:37 2008: DEBUG: Handling with EAP: code 2, 10, 43, 43
> Wed Feb 13 07:30:37 2008: DEBUG: Response type 43
> Wed Feb 13 07:30:37 2008: DEBUG: EAP result: 2, TLS not initialised
> Wed Feb 13 07:30:37 2008: DEBUG: AuthBy FILE result: IGNORE, TLS not
> initialised
> Wed Feb 13 07:30:39 2008: DEBUG: Packet dump:
> *** Received from 192.168.50.15 port 32770 ....
> Code: Access-Request
> Identifier: 213
> Authentic: <22>%X<215>?<194><133>F<192><168><229>|<8><224>Z<149>
> Attributes:
> User-Name = "PEAP-00-40-96-A4-4E-24"
> Calling-Station-Id = "00-40-96-A4-4E-24"
> Called-Station-Id = "00-0B-FC-FB-7F-20:leaper"
> NAS-Port = 29
> NAS-IP-Address = 192.168.50.15
> NAS-Identifier = "cntl3750-w"
> Airespace-WLAN-Id = 6
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message = <2><10><0>++<1><23><3><1><0>
>
> >XS<206>&8<245><146><134><185><175><155><13><174><208>P'<31><183><132>e<20
> >>b<171><148>H<2><23><253>xMS
>
> Message-Authenticator =
> <140>[<154><206><219>HwmF<16><184><209><8><178><249><15>
>
> Wed Feb 13 07:30:39 2008: DEBUG: Handling request with Handler ''
> Wed Feb 13 07:30:39 2008: DEBUG: Deleting session for
> PEAP-00-40-96-A4-4E-24, 192.168.50.15, 29
> Wed Feb 13 07:30:39 2008: DEBUG: Handling with Radius::AuthFILE:
> Wed Feb 13 07:30:39 2008: DEBUG: Handling with EAP: code 2, 10, 43, 43
> Wed Feb 13 07:30:39 2008: DEBUG: Response type 43
> Wed Feb 13 07:30:39 2008: DEBUG: EAP result: 2, TLS not initialised
> Wed Feb 13 07:30:39 2008: DEBUG: AuthBy FILE result: IGNORE, TLS not
> initialised
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list