[RADIATOR] PEAP/EAP MSCHAPV2 with WPA configuration
Hugh Irvine
hugh at open.com.au
Wed Jul 8 05:38:47 CDT 2009
Hello Khurram -
Can you please tell me what version of Radiator you are running? (The
most recent is Radiator 4.4 plus patches).
Can you also please tell me what hardware/software plafrom you are
running on and what version of Perl etc.?
I can see at least 3 problems:
The first is your configuration file which mixes Realms and Handlers -
you should use Handlers only (see the examples in "goodies/eap_*.cfg").
The second is the dictionary you are using which does not appear to be
the most recent one which contains these attributes:
>
> Mon Jul 6 16:17:13 2009: WARNING: Bad EAP Message-Authenticator
> Mon Jul 6 16:17:13 2009: WARNING: Bad authenticator in request from
> 192.168.22.99
> (192.168.22.99)
> Mon Jul 6 16:17:14 2009: ERR: Attribute number 35 (vendor 311) is not
> defined in
> your dictionary
> Mon Jul 6 16:17:14 2009: ERR: Attribute number 34 (vendor 311) is not
> defined in
> your dictionary
> Mon Jul 6 16:17:14 2009: DEBUG: Packet dump:
And third - "Bad authenticator ....." usually indicates an incorrect
shared secret.
hope that helps
regards
Hugh
On 7 Jul 2009, at 19:33, Khurram Masood wrote:
> Hello Hugh
>
> I am having a problem configuring the radiator for securing my WiFi
> network. Following are the necessary details
>
> Access point security protocol: WPA with AES
> Client : XP SP3 with PEAP/EAP MSCHAP-V2
> Other Info : Using DHCP for the clients although the AP has
> static IP addresse.
>
> Problem : Unable to authenticate the user.
>
>
> Config file:
> # Example Radiator configuration file that allows you to
> # authenticate from an SQL database.
> # With Radiator you can interface with almost any databse schema,
> # and there are many more configurable parameters that allow you
> # to control database fallback, select statements, column names
> # and arrangements etc etc etc.
> # See the reference manual for more details.
> # This is a very simple exmaple to get you started. It will
> # work with the tables created by the goodies/*.sql scripts.
> #
> # You should consider this file to be a starting point only
> # $Id: sql.cfg,v 1.4 2000/03/21 01:25:16 mikem Exp $
>
> Foreground
> LogStdout
> LogDir .
> DbDir .
> Trace 4
> AuthPort 1645
> AcctPort 1646
> # You will probably want to change this to suit your site.
> <Client 10.100.0.2>
> Secret abc
> DupInterval 4
> </Client>
>
> <Client DEFAULT>
> Secret xyz
> DupInterval 4
> </Client>
>
> # You can put client details in a database table
> # and get their details from there with something like this:
>
> # This will authenticate users from SUBSCRIBERS
> <Handler TunnelledByPEAP=1>
> <AuthBy FILE>
> Filename %D/users
> # This tells the PEAP client what types of inner EAP
> requests
> # we will honour
> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
> </AuthBy>
> </Handler>
>
>
> <Realm WIFI>
> <AuthBy FILE>
> Filename /home/oracle/Radiator-3.12/wifi_users
> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
> EAPTLS_CAFile
> /home/oracle/Radiator-3.12/certificates/demoCA/cacert.pem
> EAPTLS_CAPath
> EAPTLS_CertificateFile
> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile
> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
> EAPTLS_PrivateKeyPassword whatever
> AutoMPPEKeys
> EAPTLS_PEAPVersion 0
> </AuthBy>
> </Realm>
>
> <Realm DEFAULT>
> AuthByPolicy ContinueWhileAccept
> PasswordLogFileName %L/password_log
> MaxSessions 1
> <AuthBy SQL>
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
> DBSource dbi:Oracle:orcl
> DBUsername abc
> DBAuth xyz
> AuthSelect select password from subaccounts where ((active=1
> or (active=0
> and freeaccess=1)) and login=concat('%n',
> 'l') and nas=substr('%N',1,3) and locked=0) or (active=1 and
> login=concat('%n','d')
> and nas =substr('%N',1,3) and locked=0)
> # You may want to tailor these for your ACCOUNTING table
> # You can add your own columns to store whatever you like
> AccountingTable CALLS
> DateFormat %Y-%m-%d %H:%M:%S
> AcctSQLStatement insert into
> calls
> (calldate
> ,username
> ,acctsessionid,acctsessiontime,acctterminatecause,nasidentifier,f
> ramedaddress,callstationid) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-
> mm-dd
> hh24:mi:ss'),'%{User-Name}','%{Acct-Session-Id}',%
> {Acct-Session-Time},'%{Acct-Terminate-Cause}','%N','%{Framed-IP-
> Address}','%{Calling-Station-Id}')
> # AcctSQLStatement insert into
> calls
> (calldate
> ,username
> ,acctstatustype,acctsessionid,acctsessiontime,nasidentifier,naspo
> rt) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-mm-dd
> hh24:mi:ss'),'%{User-Name}','%{Acct-Status-Type}','%{Acct-Session-
> Id}',%{A
> cct-Session-Time},'%N',%{NAS-Port})
> AccountingStopsOnly
>
> AddToReply Service-Type = Framed-User, \
> Framed-Protocol = PPP, \
> Framed-IP-Netmask = 255.255.255.0, \
> Framed-Routing = None, \
> Acct-Terminate-Cause = %{Reply:Acct-Terminate-Cause}, \
> Framed-MTU = 1500, \
> Framed-Compression = Van-Jacobson-TCP-IP, \
> # Idle-Timeout = 600 As on 4th Nov 2006 disabled on instruction
> of MI by Faisl
> Qadri
> </AuthBy>
> </Realm>
>
> <SessionDatabase SQL>
> DBSource dbi:Oracle:orcl
> DBUsername abc
> DBAuth xyz
>
> AddQuery update serverports set
> username='%n',acctstatustype='%{Acct-Status-Type}',framedaddress='%
> {Framed-IP-
> Address}',callstationid='%{Calling-Station-Id}',calldate=to_date('%Y-
> %m-%d
> %H:%M:%S','yyyy-mm-dd HH24:MI:SS') where port=%{NA
> S-Port} and substr(ipaddress,1,2)=substr('%N',1,2)
>
> DeleteQuery update serverports set acctstatustype='Stop'
> where
> port=%{NAS-Port} and substr(ipaddress,1,2)=substr('%N
> ',1,2)
> ClearNasQuery update serverports set
> acctstatustype='Stop' where
> substr(ipaddress,1,2)=substr('%N',1,2)
>
> </SessionDatabase SQL>
> -----------------------------------------------------------------------
>
> Level 4 Debug trace:
>
>
> *** Received from 192.168.22.99 port 1027 ....
> Code: Access-Request
> Identifier: 0
> Authentic: t<222>l<137>U<156>Gj<17>}<7><170>\<152><7>k
> Attributes:
> Message-Authenticator = <2><139>?
> <241><10><176><178>Q:`<160>";r,$
> Service-Type = Framed-User
> User-Name = "mfqadri at WIFI"
> Framed-MTU = 1488
> Called-Station-Id = "00-1E-58-A9-E7-3D:dlink"
> Calling-Station-Id = "00-18-F8-2E-5B-B3"
> NAS-Identifier = "D-Link Access Point"
> NAS-Port-Type = Wireless-IEEE-802-11
> Connect-Info = "CONNECT 54Mbps 802.11g"
> EAP-Message = <2><0><0><17><1>mfqadri at WIFI
> NAS-IP-Address = 192.168.22.99
> NAS-Port = 1
> NAS-Port-Id = "STA port # 1"
> Mon Jul 6 16:17:10 2009: DEBUG: Handling request with Handler
> 'Realm=WIFI'
> Mon Jul 6 16:17:10 2009: DEBUG: Deleting session for mfqadri at WIFI,
> 192.168.22.99, 1
> Mon Jul 6 16:17:10 2009: DEBUG: do query is: 'update serverports set
> acctstatustype='Stop' where port=1 and substr(ipaddress
> ,1,2)=substr('192.168.22.99',1,2)':
> Mon Jul 6 16:17:10 2009: DEBUG: Handling with Radius::AuthFILE:
> Mon Jul 6 16:17:10 2009: DEBUG: Handling with EAP: code 2, 0, 17
> Mon Jul 6 16:17:10 2009: DEBUG: Response type 1
> Mon Jul 6 16:17:10 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Jul 6 16:17:10 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Mon Jul 6 16:17:10 2009: DEBUG: Access challenged for mfqadri at WIFI:
> EAP PEAP Challenge
> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
> *** Sending to 192.168.22.99 port 1027 ....
> Code: Access-Challenge
> Identifier: 0
> Authentic: t<222>l<137>U<156>Gj<17>}<7><170>\<152><7>k
> Attributes:
> EAP-Message = <1><1><0><6><25>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
> *** Received from 192.168.22.99 port 1027 ....
> Code: Access-Request
> Identifier: 1
> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
> Attributes:
> Message-Authenticator =
> <195><23><144>t<230><162><149><247><209><213>VZ<225>p"<150>
> Service-Type = Framed-User
> User-Name = "mfqadri at WIFI"
> Framed-MTU = 1488
> Called-Station-Id = "00-1E-58-A9-E7-3D:dlink"
> Calling-Station-Id = "00-18-F8-2E-5B-B3"
> NAS-Identifier = "D-Link Access Point"
> NAS-Port-Type = Wireless-IEEE-802-11
> Connect-Info = "CONNECT 54Mbps 802.11g"
> EAP-Message =
> <
> 2
> >
> <
> 1
> >
> <
> 0
> >
> P
> <
> 25
> >
> <
> 128
> >
> <
> 0
> >
> <
> 0
> >
> <
> 0
> >
> F
> <
> 22
> >
> <3><1><0>A<1><0><0>=<3><1>JQ<207><214>2<240><204><224><133>i<193><132>
> <
> 176
> >
> <
> 26
> >
> <
> 198
> >
> <
> 23
> >
> h
> <
> 251
> >
> B
> <
> 23
> >
> <
> 191
> >
> <
> 3
> >
> ;W
> ]<
> 160
> >
> <
> 162
> >
> <
> 154
> >
> <232><187>*<154><0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6
>> <0><19><0><18><0>c<1><0>
> NAS-IP-Address = 192.168.22.99
> NAS-Port = 1
> NAS-Port-Id = "STA port # 1"
> Mon Jul 6 16:17:10 2009: DEBUG: Handling request with Handler
> 'Realm=WIFI'
> Mon Jul 6 16:17:10 2009: DEBUG: Deleting session for mfqadri at WIFI,
> 192.168.22.99, 1
> Mon Jul 6 16:17:10 2009: DEBUG: do query is: 'update serverports set
> acctstatustype='Stop' where port=1 and substr(ipaddress
> ,1,2)=substr('192.168.22.99',1,2)':
> Mon Jul 6 16:17:10 2009: DEBUG: Handling with Radius::AuthFILE:
> Mon Jul 6 16:17:10 2009: DEBUG: Handling with EAP: code 2, 1, 80
> Mon Jul 6 16:17:10 2009: DEBUG: Response type 25
> Mon Jul 6 16:17:10 2009: DEBUG: EAP TLS SSL_accept result: -1, 2,
> 8576
> Mon Jul 6 16:17:10 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Jul 6 16:17:10 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Mon Jul 6 16:17:10 2009: DEBUG: Access challenged for mfqadri at WIFI:
> EAP PEAP Challenge
> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
> *** Sending to 192.168.22.99 port 1027 ....
> Code: Access-Challenge
> Identifier: 1
> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
> Attributes:
> EAP-Message =
> <
> 1
> >
> <
> 2
> >
> <
> 5
> >
> <
> 218
> >
> <
> 25
> >
> <
> 192
> >
> <
> 0
> >
> <
> 0
> >
> <
> 8
> >
> P
> <22><3><1><0>J<2><0><0>F<3><1>JQ<221>6<223>5C<192><254><128><222><250>
> p<223>B<230><246><143>j8z<177><226>v<20><241><2><198><219><196>/<144>
> <156><27>#<9><215>Qq<131>0q<182><196>(<23><147><159>3<2
> 11
> >
> <
> 178
> >
> <
> 178
> >
> <
> 159
> >
> U
> <
> 158
> >
> <
> 1
> >
> <
> 251
> >
> <
> 142
> >
> <
> 154
> >
> <
> 27
> >
> <
> 212
> >
> A
> <
> 144
> ><139><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<
> 130
> >
> <
> 2
> >
> <
> 205
> >
> 0
> <
> 130
> >
> <
> 2
> >
> 6
> <
> 160
> >
> <
> 3
> >
> <
> 2
> >
> <
> 1
> >
> <
> 2
> >
> <
> 2
> >
> <
> 1
> >
> <
> 2
> >
> 0
> <
> 13
> >
> <
> 6
> ><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4>
> <
> 6
> >
> <
> 19
> >
> <
> 2
> >
> AU1
> <
> 17
> >
> 0
> <
> 15
> >
> <
> 6
> >
> <
> 3
> >
> U
> <
> 4
> >
> <
> 8
> >
> <
> 19
> >
> <
> 8
> >
> Victoria1
> <
> 18
> >0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not
> use in
> production)1 0<30><6><9>*<134>H<134><247><13><1><9
>> <
>> 1
>> >
>> <
>> 22
>> >
>> <
>> 17
>> >
>> mikem
>> @open
>> .com
>> .au0
>> <
>> 30
>> >
>> <
>> 23
>> >
>> <
>> 13
>> >
>> 040316080209Z
>> <
>> 23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
> U
> <
> 4
> >
> <
> 8
> >
> <
> 19
> >
> <
> 8
> >
> Victoria1
> <
> 18
> >0<16><6><3>U<4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
> Test
> Company1
> %0
> #<
> 6
> >
> <
> 3
> >
> U
> <
> 4
> >
> <
> 3
> >
> <
> 19
> >
> <
> 28
> >
> test
> .server
> .some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1>
> EAP-Message =
> <
> 1
> >
> <
> 5
> >
> <0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/
> <241>.9<209><250>\y<1><149>[
> <215><24>e<133><15><223>d<176><132>Z<222>#<234><12>
> %<
> 133
> >aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19><2
> 47>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><
> 171
> >
> <
> 154
> >
> <
> 249
> >
> <
> 220
> >v<17><159><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>
> +<233><135>0<212>Y<207><158>N<226><136
>> <
>> 12
>> >
>> <
>> 132
>> ><143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>
>> %<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6>
> <
> 9
> >
> *<
> 134
> >
> H
> <
> 134
> >
> <
> 247
> >
> <
> 13
> >
> <
> 1
> >
> <1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?
> <174><155><170><162><189><20>
> <25>az<19>o<202><250>|B8N<209><225><253>?
> hv<170><193><235><2>b<16><201>}<250>,<181>q<154>
> %<182><29><179>p<211><248>oba<
> EAP-Message =
> JP<13>p<12>
> +
> <
> 154
> >
> <
> 199
> >
> 1
> <
> 16
> >
> <
> 208
> >
> <
> 138><21><141>'wrX<214>NUW<231><173><25>w<215><13><152><154>T<218><8><2
> 46><202>.<177>9s*<220><219>n"Gu<188><254><206>U?
> <
> 214
> >
> )<
> 181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><162
>> <
>> 160
>> >
>> <
>> 3
>> >
>> <
>> 2
>> >
>> <
>> 1
>> >
>> <
>> 2
>> >
>> <
>> 2
>> >
>> <
>> 1
>> >
>> <
>> 0
>> >
>> 0
>> <
>> 13
>> >
>> <
>> 6
>> >
>> <
>> 9
>> >
>> *<
>> 134
>> >
>> H
>> <
>> 134
>> >
>> <
>> 247
>> >
>> <
>> 13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
>> <
>> 6
>> >
>> <
>> 3
>> >
>> U
>> <
>> 4
>> >
>> <
>> 8
>> >
>> <
>> 19
>> >
>> <
>> 8
>> >
>> Victoria1
>> <
>> 18
>> >
>> 0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<
> 31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not
> EAP-Message = use in production)1
> 0
> <
> 30
> >
> <
> 6
> >
> <
> 9
> >
> *<
> 134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>0403
> 16080125Z
> <
> 23
> >
> <
> 13
> >
> 060316080125Z0
> <
> 129
> >
> <
> 202
> >
> 1
> <
> 11
> >
> 0
> <
> 9
> >
> <
> 6
> >
> <
> 3
> >U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3
>> U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Se
> ction1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
> EAP-Message = n)1
> 0
> <
> 30
> >
> <
> 6
> >
> <
> 9
> >
> *<
> 134
> >
> H
> <
> 134
> >
> <
> 247
> >
> <
> 13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134
>> <
>> 247
>> >
>> <
>> 13
>> >
>> <1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><204><181>
>> %Q<192>7g0<140><153>0xg<240><152><248><199><214
>> <253>W<7><220>|fd<163><137>
>> %F
>> <
>> 216
>> >
>> <
>> 220
>> >
>> <
>> 148
>> >
>> <
>> 230
>> >
>> <
>> 6
>> >
>> <
>> 18
>> >ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><
> 145
> >
> <
> 138
> >
> <
> 143
> >
> <
> 136
> >
> <
> 127
> >
> <
> 230
> >
> <
> <
> 9
> >
> l
> <
> 172
> >
> <
> 210
> >
> <
> 205
> >
> <
> 136
> >
> <
> 162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<22
> 1
> >
> <
> 252
> >
> <
> 168
> >
> H
> <
> 178
> >
> <
> 158
> >
> <
> 25
> >
> <
> 235
> >
> <
> 152
> >
> <
> 250
> >
> g
> <
> 199
> >
> <
> 172
> >
> <
> 250
> >uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0
>> <1><163><130><1>
>> +
>> 0
>> <
>> 130
>> >
>> <
>> 1
>> >
>> '0
>> <
>> 29
>> >
>> <
>> 6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Mon Jul 6 16:17:13 2009: DEBUG: Packet dump:
> *** Received from 192.168.22.99 port 1027 ....
> Code: UNDEF
> Identifier: 63
> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
> Attributes:
> EAP-Message =
> <
> 1
> >
> <
> 2
> >
> <
> 5
> >
> <
> 218
> >
> <
> 25
> >
> <
> 192
> >
> <
> 0
> >
> <
> 0
> >
> <
> 8
> >
> P
> <22><3><1><0>J<2><0><0>F<3><1>JQ<221>6<223>5C<192><254><128><222><250>
> p<223>B<230><246><143>j8z<177><226>v<20><241><2><198><219><196>/<144>
> <156><27>#<9><215>Qq<131>0q<182><196>(<23><147><159>3<2
> 11
> >
> <
> 178
> >
> <
> 178
> >
> <
> 159
> >
> U
> <
> 158
> >
> <
> 1
> >
> <
> 251
> >
> <
> 142
> >
> <
> 154
> >
> <
> 27
> >
> <
> 212
> >
> A
> <
> 144
> ><139><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<
> 130
> >
> <
> 2
> >
> <
> 205
> >
> 0
> <
> 130
> >
> <
> 2
> >
> 6
> <
> 160
> >
> <
> 3
> >
> <
> 2
> >
> <
> 1
> >
> <
> 2
> >
> <
> 2
> >
> <
> 1
> >
> <
> 2
> >
> 0
> <
> 13
> >
> <
> 6
> ><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4>
> <
> 6
> >
> <
> 19
> >
> <
> 2
> >
> AU1
> <
> 17
> >
> 0
> <
> 15
> >
> <
> 6
> >
> <
> 3
> >
> U
> <
> 4
> >
> <
> 8
> >
> <
> 19
> >
> <
> 8
> >
> Victoria1
> <
> 18
> >0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not
> use in
> production)1 0<30><6><9>*<134>H<134><247><13><1><9
>> <
>> 1
>> >
>> <
>> 22
>> >
>> <
>> 17
>> >
>> mikem
>> @open
>> .com
>> .au0
>> <
>> 30
>> >
>> <
>> 23
>> >
>> <
>> 13
>> >
>> 040316080209Z
>> <
>> 23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
> U
> <
> 4
> >
> <
> 8
> >
> <
> 19
> >
> <
> 8
> >
> Victoria1
> <
> 18
> >0<16><6><3>U<4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
> Test Company1%0#<6><3>U<4><3>
> <
> 19
> >
> <
> 28
> >
> test
> .server
> .some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1>
> EAP-Message =
> <
> 1
> >
> <
> 5
> >
> <0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/
> <241>.9<209><250>\y<1><149>[
> <215><24>e<133><15><223>d<176><132>Z<222>#<234><12>
> %<
> 133
> >
> aF
> <
> 28
> >
> <
> 20
> >
> <
> 24
> >
> <
> 218
> >
> <
> 160
> >
> <
> 197
> >
> <
> 239
> >
> <
> 237
> >
> <
> 136
> >
> <
> 222
> >
> <
> 218
> >
> <
> 138
> ><6><19><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><
> 171
> >
> <
> 154
> >
> <
> 249
> >
> <
> 220
> >v<17><159><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>
> +<233><135>0<212>Y<207><158>N<226><136
>> <
>> 12
>> >
>> <
>> 132
>> ><143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>
>> %<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6>
> <
> 9
> >
> *<
> 134
> >
> H
> <
> 134
> >
> <
> 247
> >
> <
> 13
> >
> <
> 1
> >
> <1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?
> <174><155><170><162><189><20>
> <25>az<19>o<202><250>|B8N<209><225><253>?
> hv<170><193><235><2>b<16><201>}<250>,<181>q<154>
> %<182><29><179>p<211><248>oba<
> EAP-Message =
> JP<13>p<12>
> +
> <
> 154
> >
> <
> 199
> >
> 1
> <
> 16
> >
> <
> 208
> >
> <
> 138><21><141>'wrX<214>NUW<231><173><25>w<215><13><152><154>T<218><8><2
> 46><202>.<177>9s*<220><219>n"Gu<188><254><206>U?
> <
> 214
> >
> )<
> 181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><162
>> <
>> 160
>> >
>> <
>> 3
>> >
>> <
>> 2
>> >
>> <
>> 1
>> >
>> <
>> 2
>> >
>> <
>> 2
>> >
>> <
>> 1
>> >
>> <
>> 0
>> >
>> 0
>> <
>> 13
>> >
>> <
>> 6
>> >
>> <
>> 9
>> >
>> *<
>> 134
>> >
>> H
>> <
>> 134
>> >
>> <
>> 247
>> >
>> <
>> 13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
>> <
>> 6
>> >
>> <
>> 3
>> >
>> U
>> <
>> 4
>> >
>> <
>> 8
>> >
>> <
>> 19
>> >
>> <
>> 8
>> >
>> Victoria1
>> <
>> 18
>> >
>> 0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<
> 31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not
> EAP-Message = use in production)1
> 0
> <
> 30
> >
> <
> 6
> >
> <
> 9
> >
> *<
> 134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>0403
> 16080125Z
> <
> 23
> >
> <
> 13
> >
> 060316080125Z0
> <
> 129
> >
> <
> 202
> >
> 1
> <
> 11
> >
> 0
> <
> 9
> >
> <
> 6
> >
> <
> 3
> >U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3
>> U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Se
> ction1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
> EAP-Message = n)1
> 0
> <
> 30
> >
> <
> 6
> >
> <
> 9
> >
> *<
> 134
> >
> H
> <
> 134
> >
> <
> 247
> >
> <
> 13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134
>> <
>> 247
>> >
>> <
>> 13
>> >
>> <1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><204><181>
>> %Q<192>7g0<140><153>0xg<240><152><248><199><214
>> <253>W<7><220>|fd<163><137>
>> %F
>> <
>> 216
>> >
>> <
>> 220
>> >
>> <
>> 148
>> >
>> <
>> 230
>> >
>> <
>> 6
>> >
>> <
>> 18
>> >ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><
> 145
> >
> <
> 138
> >
> <
> 143
> >
> <
> 136
> >
> <
> 127
> >
> <
> 230
> >
> <
> <
> 9
> >
> l
> <
> 172
> >
> <
> 210
> >
> <
> 205
> >
> <
> 136
> >
> <
> 162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<22
> 1
> >
> <
> 252
> >
> <
> 168
> >
> H
> <
> 178
> >
> <
> 158
> >
> <
> 25
> >
> <
> 235
> >
> <
> 152
> >
> <
> 250
> >
> g
> <
> 199
> >
> <
> 172
> >
> <
> 250
> >uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0
>> <1><163><130><1>
>> +
>> 0
>> <
>> 130
>> >
>> <
>> 1
>> >
>> '0
>> <
>> 29
>> >
>> <
>> 6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
> Message-Authenticator =
> <6>9<27><229><183><152>S<159><249><248><229>~1<253><136><135>
> Mon Jul 6 16:17:13 2009: WARNING: Bad EAP Message-Authenticator
> Mon Jul 6 16:17:13 2009: WARNING: Bad authenticator in request from
> 192.168.22.99
> (192.168.22.99)
> Mon Jul 6 16:17:14 2009: ERR: Attribute number 35 (vendor 311) is not
> defined in
> your dictionary
> Mon Jul 6 16:17:14 2009: ERR: Attribute number 34 (vendor 311) is not
> defined in
> your dictionary
> Mon Jul 6 16:17:14 2009: DEBUG: Packet dump:
>
> Looking forward for your reply.
>
> Regards
>
> Khurram Masood
> khurram.groups at gmail.com
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list