(RADIATOR) LEAP and PEAP authentication, EAP type 25 not permitted
listman
listman at securalis.com
Fri Apr 9 09:06:54 CDT 2004
Hello list,
I'm encountering some problems when trying to authenticate my wlan users
on the Radius (version 3.9).
Users authenticating through cisco Leap do not encounter any problem.
Users trying to authenticate though PEAP are not getting anywhere...
We also had complains from users using Apple Laptops being not able to
authenticated,
as it appears they where trying to use PEAP which brings me back to my
first problem.
We did test the access point using the cisco radius and it seemed to
work straigth forward.
Only thing I see are the log lines "Desired EAP type 25 not permitted"
but I do not have any clue on what I can do about this ...
Any help or idea would be welcome :)
Cheers,
Joined logfile does only contain traces for PEAP authentication attempts
only.
Accesspoint is an Cisco Aironet AP1230 (IOS Version 12.2(11)JA1, EARLY
DEPLOYMENT RELEASE SOFTWARE (fc1)).
----- config file -----
Foreground
LogStdout
#AuthPort 1647
#AcctPort 1648
LogDir /var/log/Radiator
DbDir /usr/local/etc/radius
LogFile %L/logfile-%Y%m%d.log
DictionaryFile /usr/local/etc/radius/dictionary
Trace 4
<AuthLog FILE>
Identifier myauthlogger
Filename %L/authlog-%Y%m%d.log
LogSuccess 1
LogFailure 1
</AuthLog>
<Client DEFAULT>
Secret XXXXXXXXXXXXXX
DupInterval 0
IgnoreAcctSignature
DefaultRealm authentif-wlan
</Client>
...
<Handler TunnelledByPEAP=1>
RewriteUsername s/(.*)\\(.*)/$2/
<AuthBy TEST>
# This tells the PEAP client what types of inner EAP requests
# we will honour
EAPType MSCHAP-V2,TTLS,TLS,MD5-Challenge
# Need these for TTLS:
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 500
</AuthBy>
PasswordLogFileName %L/etudiants-wifi-%Y%m%d.log
AcctLogFileName %L/etudiants-wifi-%Y%m%d.log
</Handler>
<Handler TunnelledByTTLS=1>
<AuthBy TEST>
# This tells the PEAP client what types of inner EAP requests
# we will honour
EAPType MSCHAP-V2,MD5,TLS
# Need these for TLS
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
</AuthBy>
</Handler>
<Realm authentif-wlan>
AuthByPolicy ContinueWhileReject
RewriteUsername s/^([^@]+).*/$1/
<AuthBy GROUP>
AuthByPolicy ContinueWhileReject
<AuthBy SQL>
EAPType LEAP
DBSource dbi:mysql:radius
DBUsername XXXX
DBAuth XYXY
AuthSelect select PASSWORD from student where
IDENTIFIER=%0 AND PASSWORD!='' AND DATE_END>= CURDATE()
NoDefault
AuthColumnDef 0, User-Password, check
</AuthBy>
<AuthBy SQL>
DBSource dbi:mysql:radius
DBUsername XXXX
DBAuth XYXY
AuthSelect select PASSWORD from student where
IDENTIFIER=%0 AND PASSWORD!='' AND DATE_END >= CURDATE()
NoDefault
AuthColumnDef 0, User-Password, check
# This tells the PEAP client what types of inner EAP
requests
# we will honour
# EAPType PEAP,LEAP
EAPType PEAP,TTLS,TLS,MD5
# Need these for TTLS:
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 500
AutoMPPEKeys
SSLeayTrace 4
</AuthBy>
</AuthBy>
</Realm>
----- logfile -----
Fri Apr 9 11:45:55 2004: DEBUG: Packet dump:
*** Received from 10.101.3.245 port 1645 ....
Code: Access-Request
Identifier: 187
Authentic: <20>9<190><8><237>;<2>t<181>CIY<151><131><166><20>
Attributes:
User-Name = "host/Eleni"
Framed-MTU = 1400
Called-Station-Id = "000e.383e.0bc0"
Calling-Station-Id = "000c.f114.9db2"
Message-Authenticator =
ju<244><221>}4H<26>}<196><8><205><171><154><198><152>
EAP-Message = <2><3><0><6><3><25>
NAS-Port-Type = Virtual
NAS-Port = 266
NAS-IP-Address = 10.101.3.245
NAS-Identifier = "AP_ABREU_ET3_2"
Fri Apr 9 11:45:55 2004: DEBUG: Handling request with Handler
'Realm=authentif-wlan'
Fri Apr 9 11:45:55 2004: DEBUG: Rewrote user name to host/Eleni
Fri Apr 9 11:45:55 2004: DEBUG: Deleting session for host/Eleni,
10.101.3.245, 266
Fri Apr 9 11:45:55 2004: DEBUG: Handling with Radius::AuthGROUP
Fri Apr 9 11:45:55 2004: DEBUG: Handling with Radius::AuthSQL
Fri Apr 9 11:45:55 2004: DEBUG: Handling with Radius::AuthSQL:
Fri Apr 9 11:45:55 2004: DEBUG: Handling with EAP: code 2, 3, 6
Fri Apr 9 11:45:55 2004: DEBUG: Response type 3
Fri Apr 9 11:45:55 2004: INFO: EAP Nak desires type 25
Fri Apr 9 11:45:55 2004: DEBUG: EAP result: 1, Desired EAP type 25 not
permitted
Fri Apr 9 11:45:55 2004: DEBUG: Handling with Radius::AuthSQL
Fri Apr 9 11:45:55 2004: DEBUG: Handling with Radius::AuthSQL:
Fri Apr 9 11:45:55 2004: DEBUG: Handling with EAP: code 2, 3, 6
Fri Apr 9 11:45:55 2004: DEBUG: Response type 3
Fri Apr 9 11:45:55 2004: INFO: EAP Nak desires type 25
Fri Apr 9 11:45:55 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Apr 9 11:45:55 2004: DEBUG: Access challenged for host/Eleni: EAP
PEAP Challenge
Fri Apr 9 11:45:55 2004: DEBUG: Packet dump:
*** Sending to 10.101.3.245 port 1645 ....
Code: Access-Challenge
Identifier: 187
Authentic: <20>9<190><8><237>;<2>t<181>CIY<151><131><166><20>
Attributes:
EAP-Message = <1><4><0><6><25>!
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Apr 9 11:45:55 2004: DEBUG: Packet dump:
*** Received from 10.101.3.245 port 1645 ....
Code: Access-Request
Identifier: 188
Authentic: 2<178><171><27><222>b.<127><196>i<192><206>,A<137><160>
Attributes:
User-Name = "host/Eleni"
Framed-MTU = 1400
Called-Station-Id = "000e.383e.0bc0"
Calling-Station-Id = "000c.f114.9db2"
Message-Authenticator =
<190>?g<2><247><140><227>g<250><244>;<27><172><230>a<193>
EAP-Message =
<2><4><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>@vp<212><223>
~RIMR<178><13><252>(Rp4<208>yE
<213><222>Eb<156><254><207>{<1><174><133><0><0><22><0><4><0><5><0><10><0
><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0>
NAS-Port-Type = Virtual
NAS-Port = 266
NAS-IP-Address = 10.101.3.245
NAS-Identifier = "AP_ABREU_ET3_2"
Fri Apr 9 11:45:55 2004: DEBUG: Handling request with Handler
'Realm=authentif-wlan'
Fri Apr 9 11:45:55 2004: DEBUG: Rewrote user name to host/Eleni
Fri Apr 9 11:45:55 2004: DEBUG: Deleting session for host/Eleni,
10.101.3.245, 266
Fri Apr 9 11:45:55 2004: DEBUG: Handling with Radius::AuthGROUP
Fri Apr 9 11:45:55 2004: DEBUG: Handling with Radius::AuthSQL
Fri Apr 9 11:45:55 2004: DEBUG: Handling with Radius::AuthSQL:
Fri Apr 9 11:45:55 2004: DEBUG: Handling with EAP: code 2, 4, 80
Fri Apr 9 11:45:55 2004: DEBUG: Response type 25
Fri Apr 9 11:45:55 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Fri Apr 9 11:45:55 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Apr 9 11:45:55 2004: DEBUG: Access challenged for host/Eleni: EAP
PEAP Challenge
Fri Apr 9 11:45:55 2004: DEBUG: Packet dump:
*** Sending to 10.101.3.245 port 1645 ....
Code: Access-Challenge
Identifier: 188
Authentic: 2<178><171><27><222>b.<127><196>i<192><206>,A<137><160>
Attributes:
EAP-Message =
<1><5><8><10><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@vp<211><1
41><19>3<236><148>)<238>z<161>v<194><132><179>j/<193><205><220><233><233
>V<150><7><194>&<247><167><211>
b<220><143>2<138><226>$<132><151><9>B<163><14><129>^<217><150><169>$mO<1
88>*<11><209><141><201><217><135>Al"<0><4><0><22><3><1><7><27><11><0><7>
<23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1>
<2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6
><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><
3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><
23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6><19><2>
AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Me
lbourne1<24>0<22><6><3>U<4><10><19><15>My Test
Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0
<13><6><9>*<134>H<134><247><13><1><1>
EAP-Message =
<1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><245
><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9<193><1
3><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS<151><30
><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171>5s<187><
229><139>2<250><146><1><187><207><226><203>5<251><178><1><212><178><141>
<219>O<253><134><213>N|<172>:J<23><173><161><191><141><25>&<198>Fi<17><1
81><137>Fy<0><177><210><215><186>x<141><197><212>s<145><235>\<164><8>!<2
><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5>
<5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129>
<0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<24><136><17
2><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><183><230><1
48><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><4>r<239>?<1>
<16><203>
EAP-Message =
T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202>
u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t<196
><188><3><195>.%<19>mD<242><149><237>O<138><193><0><4>=0<130><4>90<130><
3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><
4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8
><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U
<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not
EAP-Message = use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><
23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0<9><6><3>U<4><
6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7>
<19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
EAP-Message = n)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129>
<159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<12
9><137><2><129><129><0><193>@h<28><185>'<7><254><247>{9<233><245>3S<209>
=<173>>c<144>Z<239>?b<150><224><171><219><170><170>i<226><251><234>\Jwi<
210><141><249><141><148><224>|<188>V<24><209><8><223>f?<149><172><6><226
><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<160>e<153>V<166>x<2><162
><<244><4><225>T>n<18><<204><210><135><162>T<16><221><6>Pn<9>7<141><197>
<160><197><245><155>6<3><172><154>p<230><210>Z<159><149><192>C<255><154>
<220><149><3>*<156>q<2><3><1><0><1><163><130><1>+0<130><1>'0<29><6><3>U<
29><14><4><22><4><20><180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9
\<249>s<196>0<129><247><6><3>U<29>#<4><129><239>0<129><236><128><20>
EAP-Message =
<180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9\<249>s<196><161><129
><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30
>0<28><6><3>U<4><10><19><21>OSC Demo
Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><
1><0>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*
EAP-Message =
<134>H<134><247><13><1><1><4><5><0><3><129><129><0>A<130>4<253><23>-<13>
<9><9><222>3<19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<233><14
4><146>&g<162><190><234><145>H<159><10>^6IQ<223><219><193>@><204>b<245><
12><6><133><147><132><192>fU<165><197><180>k<136>:<8><198><152><165>*%<2
21><237><188><23><251><255><172>'n<142>H<25>q<173>t<215><212><221><239><
20>FZyd<205><240>Wbd<143><139>q]h<236><127><16><143>tA<163>4I<236><230><
147><218>><175>B^<130><0>*9<22><3><1><0><220><13><0><0><212><2><1><2><0>
<207><0><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U
<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6
><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4>
EAP-Message = <11><19><24>Test Certificate Section1/0-<6><3>U
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
...
Fri Apr 9 11:46:05 2004: DEBUG: Packet dump:
*** Received from 10.101.3.234 port 1645 ....
Code: Access-Request
Identifier: 147
Authentic: *<214><158><172><234><195>O<225><194>"<246><168>N<229>`<132>
Attributes:
User-Name = "host/Eleni"
Framed-MTU = 1400
Called-Station-Id = "000e.383e.0c80"
Calling-Station-Id = "000c.f114.9db2"
Message-Authenticator = !3}<20>>N<22>Xv<12>=_<198><254>^<26>
EAP-Message = <2><2><0><15><1>host/Eleni
NAS-Port-Type = Virtual
NAS-Port = 355
NAS-IP-Address = 10.101.3.234
Fri Apr 9 11:46:05 2004: DEBUG: Handling request with Handler
'Realm=authentif-wlan'
Fri Apr 9 11:46:05 2004: DEBUG: Rewrote user name to host/Eleni
Fri Apr 9 11:46:05 2004: DEBUG: Deleting session for host/Eleni,
10.101.3.234, 355
Fri Apr 9 11:46:05 2004: DEBUG: Handling with Radius::AuthGROUP
Fri Apr 9 11:46:05 2004: DEBUG: Handling with Radius::AuthSQL
Fri Apr 9 11:46:05 2004: DEBUG: Handling with Radius::AuthSQL:
Fri Apr 9 11:46:05 2004: DEBUG: Handling with EAP: code 2, 2, 15
Fri Apr 9 11:46:05 2004: DEBUG: Response type 1
Fri Apr 9 11:46:05 2004: DEBUG: EAP result: 3, EAP LEAP Challenge
Fri Apr 9 11:46:05 2004: DEBUG: Access challenged for host/Eleni: EAP
LEAP Challenge
Fri Apr 9 11:46:05 2004: DEBUG: Packet dump:
*** Sending to 10.101.3.234 port 1645 ....
Code: Access-Challenge
Identifier: 147
Authentic: *<214><158><172><234><195>O<225><194>"<246><168>N<229>`<132>
Attributes:
EAP-Message =
<1><3><0><26><17><1><0><8><255><137><146><151>6<215><136><196>host/Eleni
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Apr 9 11:46:05 2004: DEBUG: Packet dump:
*** Received from 10.101.3.234 port 1645 ....
Code: Access-Request
Identifier: 148
Authentic: j<226><10>~Zz<187><27><198><174><237>9<172>s<185>D
Attributes:
User-Name = "host/Eleni"
Framed-MTU = 1400
Called-Station-Id = "000e.383e.0c80"
Calling-Station-Id = "000c.f114.9db2"
Message-Authenticator =
<134><139><230>anO,*k<161>i6<137>"<136><149>
EAP-Message = <2><3><0><6><3><25>
NAS-Port-Type = Virtual
NAS-Port = 355
NAS-IP-Address = 10.101.3.234
Fri Apr 9 11:46:05 2004: DEBUG: Handling request with Handler
'Realm=authentif-wlan'
Fri Apr 9 11:46:05 2004: DEBUG: Rewrote user name to host/Eleni
Fri Apr 9 11:46:05 2004: DEBUG: Deleting session for host/Eleni,
10.101.3.234, 355
Fri Apr 9 11:46:05 2004: DEBUG: Handling with Radius::AuthGROUP
Fri Apr 9 11:46:05 2004: DEBUG: Handling with Radius::AuthSQL
Fri Apr 9 11:46:05 2004: DEBUG: Handling with Radius::AuthSQL:
Fri Apr 9 11:46:05 2004: DEBUG: Handling with EAP: code 2, 3, 6
Fri Apr 9 11:46:05 2004: DEBUG: Response type 3
Fri Apr 9 11:46:05 2004: INFO: EAP Nak desires type 25
Fri Apr 9 11:46:05 2004: DEBUG: EAP result: 1, Desired EAP type 25 not
permitted
Fri Apr 9 11:46:05 2004: DEBUG: Handling with Radius::AuthSQL
Fri Apr 9 11:46:05 2004: DEBUG: Handling with Radius::AuthSQL:
Fri Apr 9 11:46:05 2004: DEBUG: Handling with EAP: code 2, 3, 6
Fri Apr 9 11:46:05 2004: DEBUG: Response type 3
Fri Apr 9 11:46:05 2004: INFO: EAP Nak desires type 25
Fri Apr 9 11:46:05 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Apr 9 11:46:05 2004: DEBUG: Access challenged for host/Eleni: EAP
PEAP Challenge
Fri Apr 9 11:46:05 2004: DEBUG: Packet dump:
*** Sending to 10.101.3.234 port 1645 ....
Code: Access-Challenge
Identifier: 148
Authentic: j<226><10>~Zz<187><27><198><174><237>9<172>s<185>D
Attributes:
EAP-Message = <1><4><0><6><25>!
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Apr 9 11:46:05 2004: DEBUG: Packet dump:
*** Received from 10.101.3.234 port 1645 ....
Code: Access-Request
Identifier: 149
Authentic: <218><151><202><251>o<208><169><138> .#<206><208><229><250>F
Attributes:
User-Name = "host/Eleni"
Framed-MTU = 1400
Called-Station-Id = "000e.383e.0c80"
Calling-Station-Id = "000c.f114.9db2"
Message-Authenticator =
<213><218><130>1<187>`<200><165><249><237><16><232><244>x<189><246>
EAP-Message =
<2><4><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>@vp<222><199>
<2><248>FzO<235>0<134><3>gP<205><163><130><173>k<147><158><235><132><144
><16><180>}5<248><173><0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><
0><6><0><19><0><18><0>c<1><0>
NAS-Port-Type = Virtual
NAS-Port = 355
NAS-IP-Address = 10.101.3.234
Fri Apr 9 11:46:05 2004: DEBUG: Handling request with Handler
'Realm=authentif-wlan'
Fri Apr 9 11:46:05 2004: DEBUG: Rewrote user name to host/Eleni
Fri Apr 9 11:46:05 2004: DEBUG: Deleting session for host/Eleni,
10.101.3.234, 355
Fri Apr 9 11:46:05 2004: DEBUG: Handling with Radius::AuthGROUP
Fri Apr 9 11:46:05 2004: DEBUG: Handling with Radius::AuthSQL
Fri Apr 9 11:46:05 2004: DEBUG: Handling with Radius::AuthSQL:
Fri Apr 9 11:46:05 2004: DEBUG: Handling with EAP: code 2, 4, 80
Fri Apr 9 11:46:05 2004: DEBUG: Response type 25
Fri Apr 9 11:46:05 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Fri Apr 9 11:46:05 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Apr 9 11:46:05 2004: DEBUG: Access challenged for host/Eleni: EAP
PEAP Challenge
Fri Apr 9 11:46:05 2004: DEBUG: Packet dump:
*** Sending to 10.101.3.234 port 1645 ....
Code: Access-Challenge
Identifier: 149
Authentic: <218><151><202><251>o<208><169><138> .#<206><208><229><250>F
Attributes:
EAP-Message =
<1><5><8><10><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@vp<221>S<
180><176><131><189><166>%.<0><253>?<146><18>u<252><184><210><207><166><1
53><248>i=<225><230>s<6>[
:<28>2[<198>J<5>9<192><183><206><232>!<154><226><155><160>`'<131><180>^7
<242><165><178>P<230><11><152><205><20><0><4><0><22><3><1><7><27><11><0>
<7><23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2>
<1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9
><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><
6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><
23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6><19><2>
AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Me
lbourne1<24>0<22><6><3>U<4><10><19><15>My Test
Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0
<13><6><9>*<134>H<134><247><13><1><1>
EAP-Message =
<1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><245
><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9<193><1
3><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS<151><30
><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171>5s<187><
229><139>2<250><146><1><187><207><226><203>5<251><178><1><212><178><141>
<219>O<253><134><213>N|<172>:J<23><173><161><191><141><25>&<198>Fi<17><1
81><137>Fy<0><177><210><215><186>x<141><197><212>s<145><235>\<164><8>!<2
><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5>
<5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129>
<0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<24><136><17
2><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><183><230><1
48><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><4>r<239>?<1>
<16><203>
EAP-Message =
T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202>
u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t<196
><188><3><195>.%<19>mD<242><149><237>O<138><193><0><4>=0<130><4>90<130><
3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><
4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8
><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U
<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not
EAP-Message = use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><
23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0<9><6><3>U<4><
6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7>
<19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
EAP-Message = n)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129>
<159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<12
9><137><2><129><129><0><193>@h<28><185>'<7><254><247>{9<233><245>3S<209>
=<173>>c<144>Z<239>?b<150><224><171><219><170><170>i<226><251><234>\Jwi<
210><141><249><141><148><224>|<188>V<24><209><8><223>f?<149><172><6><226
><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<160>e<153>V<166>x<2><162
><<244><4><225>T>n<18><<204><210><135><162>T<16><221><6>Pn<9>7<141><197>
<160><197><245><155>6<3><172><154>p<230><210>Z<159><149><192>C<255><154>
<220><149><3>*<156>q<2><3><1><0><1><163><130><1>+0<130><1>'0<29><6><3>U<
29><14><4><22><4><20><180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9
\<249>s<196>0<129><247><6><3>U<29>#<4><129><239>0<129><236><128><20>
EAP-Message =
<180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9\<249>s<196><161><129
><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30
>0<28><6><3>U<4><10><19><21>OSC Demo
Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><
1><0>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*
EAP-Message =
<134>H<134><247><13><1><1><4><5><0><3><129><129><0>A<130>4<253><23>-<13>
<9><9><222>3<19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<233><14
4><146>&g<162><190><234><145>H<159><10>^6IQ<223><219><193>@><204>b<245><
12><6><133><147><132><192>fU<165><197><180>k<136>:<8><198><152><165>*%<2
21><237><188><23><251><255><172>'n<142>H<25>q<173>t<215><212><221><239><
20>FZyd<205><240>Wbd<143><139>q]h<236><127><16><143>tA<163>4I<236><230><
147><218>><175>B^<130><0>*9<22><3><1><0><220><13><0><0><212><2><1><2><0>
<207><0><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U
<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6
><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4>
EAP-Message = <11><19><24>Test Certificate Section1/0-<6><3>U
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
----- cisco config file ----- (maybe of some use)
Current configuration : 3592 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname AP_ABREU_ET3_2
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.1.9 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius wlccp_rad_infra
!
aaa group server radius wlccp_rad_eap
!
aaa group server radius wlccp_rad_leap
!
aaa group server radius wlccp_rad_mac
!
aaa group server radius wlccp_rad_any
!
aaa group server radius wlccp_rad_acct
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login wlccp_infra group wlccp_rad_infra
aaa authentication login wlccp_eap_client group wlccp_rad_eap
aaa authentication login wlccp_leap_client group wlccp_rad_leap
aaa authentication login wlccp_mac_client group wlccp_rad_mac
aaa authentication login wlccp_any_client group wlccp_rad_any
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa accounting network wlccp_acct_client start-stop group wlccp_rad_acct
aaa session-id common
enable secret 5 blablabla.
!
username CiteU privilege 15 password 7 blablabla
ip subnet-zero
no ip domain lookup
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode wep mandatory
!
broadcast-key change 600
!
!
ssid radiochannel
authentication open eap eap_methods
authentication network-eap eap_methods
guest-mode
!
world-mode
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
rts threshold 2312
channel 2437
station-role root
no dot11 extension aironet
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no cdp enable
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 10.101.3.245 255.255.255.0
no ip route-cache
!
ip default-gateway 10.101.3.254
ip http server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/110
0
ip http access-class 12
ip http authentication aaa
ip radius source-interface BVI1
access-list 12 permit 10.x.x.x
no cdp run
snmp-server chassis-id AP_ABREU_ET3_2
radius-server host 192.168.1.9 auth-port 1645 acct-port 1646 key 7
blablabla
radius-server retransmit 3
radius-server attribute 32 include-in-access-req format %h
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
bridge 1 route ip
!
----- end cisco config file ----- (maybe of some use)
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list