(RADIATOR) PEAP-MSCHAPv2 Machine Authentication

Kapp, John R john_kapp at merck.com
Sun Apr 11 21:31:37 CDT 2004


I'm trying to replace our Microsoft IAS server with Radiator (on Windows)
for PEAP-MSCHAPv2 wireless authentication from Windows XP clients.  User
authentication is working perfectly, but I'm running into trouble with
Windows machine authentication (host/).  Prior to a user logging into their
XP machine, the machine tries to perform an authentication against Active
Directory.  When using Radiator, this authentication fails.  I've tried to
add our domain information in the TunnelledByPEAP=1 section, but still no
joy.  I've also played a little with AuthBy ADSI, but from my understanding
it won't work for PEAP-MSCHAPv2, so I didn't put a whole lot of time into
it.

Is it possible for Radiator to perform XP machine authentication via PEAP?

Thanks,
John

==========================================
Foreground
LogStdout
LogDir          .
DbDir           .
Trace           4

<Client DEFAULT>
        Secret  mysecret
        DupInterval 0
</Client>

<Handler TunnelledByPEAP=1>
        <AuthBy LSA>
#               Domain northamerica
                EAPType MSCHAP-V2
        </AuthBy>
</Handler>

<Handler>
        <AuthBy FILE>
                Filename %D/users

                EAPType PEAP
                EAPTLS_CAFile %D/certificates/cert-root.pem
                EAPTLS_CertificateFile %D/certificates/cert-server.pem
                EAPTLS_CertificateType PEM
                EAPTLS_PrivateKeyFile %D/certificates/cert-private.pem
                EAPTLS_PrivateKeyPassword password
                EAPTLS_MaxFragmentSize 1000

                AutoMPPEKeys
                SSLeayTrace 4
        </AuthBy>
</Handler>



==========================================
Fri Apr  9 16:32:59 2004: DEBUG: Reading users file ./users
Fri Apr  9 16:32:59 2004: DEBUG: Finished reading configuration file
'wlan.cfg'
Fri Apr  9 16:32:59 2004: DEBUG: Reading dictionary file './dictionary'
Fri Apr  9 16:32:59 2004: DEBUG: Creating authentication port 0.0.0.0:1645
Fri Apr  9 16:32:59 2004: DEBUG: Creating accounting port 0.0.0.0:1646
Fri Apr  9 16:32:59 2004: NOTICE: Server started: Radiator 3.9 on
USWSCO07873 (EVALUATION)
Fri Apr  9 16:33:22 2004: DEBUG: Packet dump:
*** Received from 10.23.42.241 port 21664 ....
Code:       Access-Request
Identifier: 1
Authentic:  <1><202>#<183><190>[>@C6<183><245><230>'8<229>
Attributes:
	User-Name = "host/USWSCO50050"
	Framed-MTU = 1400
	Called-Station-Id = "0007.50d5.a609"
	Calling-Station-Id = "000b.cd8d.1aa9"
	Message-Authenticator =
<249><17>aY<158><193>``F<162><218><197><223>pOh
	EAP-Message = <2><2><0><21><1>host/USWSCO50050
	NAS-Port-Type = Wireless-IEEE-802-11
	NAS-Port = 410
	Service-Type = Framed-User
	NAS-IP-Address = 10.23.42.241
	NAS-Identifier = "uswhsw1-1d34"

Fri Apr  9 16:33:22 2004: DEBUG: Handling request with Handler ''
Fri Apr  9 16:33:22 2004: DEBUG:  Deleting session for host/USWSCO50050,
10.23.42.241, 410
Fri Apr  9 16:33:22 2004: DEBUG: Handling with Radius::AuthFILE: 
Fri Apr  9 16:33:22 2004: DEBUG: Handling with EAP: code 2, 2, 21
Fri Apr  9 16:33:22 2004: DEBUG: Response type 1
Fri Apr  9 16:33:22 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Apr  9 16:33:22 2004: DEBUG: Access challenged for host/USWSCO50050: EAP
PEAP Challenge
Fri Apr  9 16:33:22 2004: DEBUG: Packet dump:
*** Sending to 10.23.42.241 port 21664 ....
Code:       Access-Challenge
Identifier: 1
Authentic:  <1><202>#<183><190>[>@C6<183><245><230>'8<229>
Attributes:
	EAP-Message = <1><3><0><6><25>!
	Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Fri Apr  9 16:33:22 2004: DEBUG: Packet dump:
*** Received from 10.23.42.241 port 21664 ....
Code:       Access-Request
Identifier: 2
Authentic:  <150><142><246>o?,zJK<7>w<20>r%<141>y
Attributes:
	User-Name = "host/USWSCO50050"
	Framed-MTU = 1400
	Called-Station-Id = "0007.50d5.a609"
	Calling-Station-Id = "000b.cd8d.1aa9"
	Message-Authenticator =
y<173>'7<1><203><130><174>BaJ*<160><166><210>_
	EAP-Message =
<2><3><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>@w<8><145><186>[<
143><180>E<23><226><180><203>b#<161><222><152>wJB<222><200><1><138>[<160><18
1><186><216>n<158><0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0>
<19><0><18><0>c<1><0>
	NAS-Port-Type = Wireless-IEEE-802-11
	NAS-Port = 410
	Service-Type = Framed-User
	NAS-IP-Address = 10.23.42.241
	NAS-Identifier = "uswhsw1-1d34"

Fri Apr  9 16:33:22 2004: DEBUG: Handling request with Handler ''
Fri Apr  9 16:33:22 2004: DEBUG:  Deleting session for host/USWSCO50050,
10.23.42.241, 410
Fri Apr  9 16:33:22 2004: DEBUG: Handling with Radius::AuthFILE: 
Fri Apr  9 16:33:22 2004: DEBUG: Handling with EAP: code 2, 3, 80
Fri Apr  9 16:33:22 2004: DEBUG: Response type 25
Fri Apr  9 16:33:22 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Fri Apr  9 16:33:22 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Apr  9 16:33:22 2004: DEBUG: Access challenged for host/USWSCO50050: EAP
PEAP Challenge
Fri Apr  9 16:33:22 2004: DEBUG: Packet dump:
*** Sending to 10.23.42.241 port 21664 ....
Code:       Access-Challenge
Identifier: 2
Authentic:  <150><142><246>o?,zJK<7>w<20>r%<141>y
Attributes:
	EAP-Message =
<1><4><3><242><25><192><0><0><7><159><22><3><1><0>J<2><0><0>F<3><1>@w<8><146
><243><230><241><180><173><132><176>0<247><182><201>zA<229><231><204><16>V<2
52>0<148><30>;<200><182>4#<162>
<177><225>'<217>~<138>C<204><28><227><192><133><204>I<170><185>+<174>"<127><
1>oB<205><153><163><1><137><206><148>f<221><0><4><0><22><3><1><6>p<11><0><6>
l<0><6>i<0><3>L0<130><3>H0<130><2><177><160><3><2><1><2><2><3><31><186><199>
0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><196>1<11>0<9><6><3>U<4
><6><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>Western
Cape1<18>0<16><6><3>U<4><7><19><9>Cape
Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting
cc1(0&<6><3>U<4><11><19><31>Certification S
	EAP-Message = ervices Division1<25>0<23><6><3>U<4><3><19><16>Thawte
Server
CA1&0$<6><9>*<134>H<134><247><13><1><9><1><22><23>server-certs at thawte.com0<3
0><23><13>040316172829Z<23><13>050325181526Z0<129><160>1<11>0<9><6><3>U<4><6
><19><2>US1<19>0<17><6><3>U<4><8><19><10>New
Jersey1<27>0<25><6><3>U<4><7><19><18>Whitehouse
Station1<27>0<25><6><3>U<4><10><19><18>xxxx and Co.
Inc.1$0"<6><3>U<4><11><19><27>IS - Communication Services1<28>0<26><6>
	EAP-Message =
<3>U<4><3><19><19>uswsrad01.xxxx.com0<129><159>0<13><6><9>*<134>H<134><247><
13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><185><170>C<146
>#0<234>t<160><187><128><171>'<31>-<207><0><4>W<189><190>^<195><165><11><178
><145><211>+<12><127>g<139><173>q<140>ct<164>1<175><254>A4<223><182><163><30
><131><235><214><150><250><238><135><219><249><185><1><210><144><156><135>j<
142><204><234>x<135>J<218>$_@<27>=<8><141><232><221><232><153><161><227><10>
8<157>p&R41f<208><147><138>W=<28><219>SB<173>;<4>Zm<143><208><178><230><199>
<128><250><198>_<191><157><214><21>T<207>U,Wo<168><223><2><3><1><0><1><163>j
0h0<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>+<6><1><5><
5><7><3><2>09<6><3>U<29><31><4>2000.<160>,<160>*<134>(http://crl.t
	EAP-Message =
hawte.com/ThawteServerCA.crl0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<13><6
><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>2$a<213><191><182><2
10><162><209><184><206><195>=<166>f<179>e<206><21><127><200><227><151><166>N
M<2><140><164>oM<29><242>9%<252>_<2>><194>6<253>C<202>T<204><12>x<226>4:<249
><182><12>/<179><144>tp<18>?<227>~<164>
<249><243>@l<211><140>r<232><252>b<156><236>[<234>N<233><161><7><141><22><13
9>G<9><135><145><252><232>n<206><212><243><151><145>o]<21><227>ii<145>N<131>
<241><215>4yN<26>f?<133><198><179><220>H<209><25>9
<157><159>=<198><0><3><23>0<130><3><19>0<130><2>|<160><3><2><1><2><2><1><1>0
<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><196>1<11>0<9><6><3>U<4>
<6><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>W
	Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Fri Apr  9 16:33:22 2004: DEBUG: Packet dump:
*** Received from 10.23.42.241 port 21664 ....
Code:       Access-Request
Identifier: 3
Authentic:  <208><251><139>R<190><156>0<129> <130><130><243><150>{:5
Attributes:
	User-Name = "host/USWSCO50050"
	Framed-MTU = 1400
	Called-Station-Id = "0007.50d5.a609"
	Calling-Station-Id = "000b.cd8d.1aa9"
	Message-Authenticator =
<174>=<8><225>y<151>><188><246><161>(<241><180>w<150><131>
	EAP-Message = <2><4><0><6><25><0>
	NAS-Port-Type = Wireless-IEEE-802-11
	NAS-Port = 410
	Service-Type = Framed-User
	NAS-IP-Address = 10.23.42.241
	NAS-Identifier = "uswhsw1-1d34"

Fri Apr  9 16:33:22 2004: DEBUG: Handling request with Handler ''
Fri Apr  9 16:33:22 2004: DEBUG:  Deleting session for host/USWSCO50050,
10.23.42.241, 410
Fri Apr  9 16:33:22 2004: DEBUG: Handling with Radius::AuthFILE: 
Fri Apr  9 16:33:22 2004: DEBUG: Handling with EAP: code 2, 4, 6
Fri Apr  9 16:33:22 2004: DEBUG: Response type 25
Fri Apr  9 16:33:22 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Apr  9 16:33:22 2004: DEBUG: Access challenged for host/USWSCO50050: EAP
PEAP Challenge
Fri Apr  9 16:33:23 2004: DEBUG: Packet dump:
*** Sending to 10.23.42.241 port 21664 ....
Code:       Access-Challenge
Identifier: 3
Authentic:  <208><251><139>R<190><156>0<129> <130><130><243><150>{:5
Attributes:
	EAP-Message = <1><5><3><189><25><0>estern
Cape1<18>0<16><6><3>U<4><7><19><9>Cape
Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting
cc1(0&<6><3>U<4><11><19><31>Certification Services
Division1<25>0<23><6><3>U<4><3><19><16>Thawte Server
CA1&0$<6><9>*<134>H<134><247><13><1><9><1><22><23>server-certs at thawte.com0<3
0><23><13>960801000000Z<23><13>201231235959Z0<129><196>1<11>0<9><6><3>U<4><6
><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>Western Cape1<18>0<16><6>
	EAP-Message = <3>U<4><7><19><9>Cape
Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting
cc1(0&<6><3>U<4><11><19><31>Certification Services
Division1<25>0<23><6><3>U<4><3><19><16>Thawte Server
CA1&0$<6><9>*<134>H<134><247><13><1><9><1><22><23>server-certs at thawte.com0<1
29><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129
><137><2><129><129><0><211><164>Pn<200><255>Vk<230><207>]<182><234><12>huG<1
62><170><194><218><132>%<252><168><244>GQ<218><133><181>
t<148><134><30><15>u<201><233><8>a<245><6>m0n<21><25><2><233>R<192>b<219>M<1
53><158><226>j<12>D8<205><254><190><227>d<9>
	EAP-Message =
p<197><254><177>k)<182>/I<200>;<212>'<4>%<16><151>/<231><144>m<192>(B<153><2
15>LC<222><195><245>!mT<159>]<195>X<225><192><228><217>[<176><184><220><180>
{<223>6:<194><181>f"<18><214><135><13><2><3><1><0><1><163><19>0<17>0<15><6><
3>U<29><19><1><1><255><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><
1><1><4><5><0><3><129><129><0><7><250>Li\<251><149><204>F<238><133><131>M!0<
142><202><217><168>oI<26><230><218>Q<227>`pl<132>a<17><161><26><200>H>YC}O<1
49>=<161><139><183><11>b<152>zu<138><221><136>NN<158>@<219><168><204>2t<185>
o<13><198><227><179>D<11><217><138>o<154>)<155><153><24>(;<209><227>@(<154>Z
<<213><181><231>
<27><139><202><164><171><141><233>Q<217><226>L,Y<169><218><185><178>u<27><24
6>B<242><239><199><242><24><249><137><188><163><255><138>#.pG<22><3><1><0><2
14><13><0><0><206><2><1><2><0><201><0><199>0<129><196>1<11>
	EAP-Message =
0<9><6><3>U<4><6><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>Western
Cape1<18>0<16><6><3>U<4><7><19><9>Cape
Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting
cc1(0&<6><3>U<4><11><19><31>Certification Services
Division1<25>0<23><6><3>U<4><3><19><16>Thawte Server
CA1&0$<6><9>*<134>H<134><247><13><1><9><1><22><23>server-certs at thawte.com<14
><0><0><0>
	Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Fri Apr  9 16:33:23 2004: DEBUG: Packet dump:
*** Received from 10.23.42.241 port 21664 ....
Code:       Access-Request
Identifier: 4
Authentic:  kk^<214>w<168><9>M<252><15><248><190>&<177><162><0>
Attributes:
	User-Name = "host/USWSCO50050"
	Framed-MTU = 1400
	Called-Station-Id = "0007.50d5.a609"
	Calling-Station-Id = "000b.cd8d.1aa9"
	Message-Authenticator = M
<139><201><139><150><234><171>`<26>k<128><228><242>E!
	EAP-Message =
<2><5><0><199><25><128><0><0><0><189><22><3><1><0><141><11><0><0><3><0><0><0
><16><0><0><130><0><128>/<28><145>8<132>c<207><255><226><200><239>J<236><169
><197>O(~<216><214><170><208><148><133><232>6<184><206><31>^*<253>Ju<176>!<1
94><3><206><187><145><159><196><218><245>7<C<153>0<140><173>)c6?<180>+<145><
146>8<209>[L<19><252><177>pE<168><177><210><181><176><137>+<176>Y/<209>C=+ej
<7><248><17><238>:<143><197>B<195><250>R[Au<228><196>F<238>p<130><216><146><
5><13>S<216>`<17>^<175><247>YSjW<252><233><24>X<15><28>%n<20><3><1><0><1><1>
<22><3><1><0>
`<220>j3<207><240><28>Cm<243><250>%<174><3><175><164>U<30><11><171><9><<214>
Y;0&<207><136><255><5>)
	NAS-Port-Type = Wireless-IEEE-802-11
	NAS-Port = 410
	Service-Type = Framed-User
	NAS-IP-Address = 10.23.42.241
	NAS-Identifier = "uswhsw1-1d34"

Fri Apr  9 16:33:23 2004: DEBUG: Handling request with Handler ''
Fri Apr  9 16:33:23 2004: DEBUG:  Deleting session for host/USWSCO50050,
10.23.42.241, 410
Fri Apr  9 16:33:23 2004: DEBUG: Handling with Radius::AuthFILE: 
Fri Apr  9 16:33:23 2004: DEBUG: Handling with EAP: code 2, 5, 199
Fri Apr  9 16:33:23 2004: DEBUG: Response type 25
Fri Apr  9 16:33:23 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Fri Apr  9 16:33:23 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Apr  9 16:33:23 2004: DEBUG: Access challenged for host/USWSCO50050: EAP
PEAP Challenge
Fri Apr  9 16:33:23 2004: DEBUG: Packet dump:
*** Sending to 10.23.42.241 port 21664 ....
Code:       Access-Challenge
Identifier: 4
Authentic:  kk^<214>w<168><9>M<252><15><248><190>&<177><162><0>
Attributes:
	EAP-Message =
<1><6><0>5<25><128><0><0><0>+<20><3><1><0><1><1><22><3><1><0>
z]sW<170><0>!<171><237><30><205><214><11><239>BS<255>[%MW<142>Oe#<133>Hj<183
><219><21><179>
	Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Fri Apr  9 16:33:23 2004: DEBUG: Packet dump:
*** Received from 10.23.42.241 port 21664 ....
Code:       Access-Request
Identifier: 5
Authentic:  <247>=<1><28><26><202><202><253>c<189><254><10>mdX|
Attributes:
	User-Name = "host/USWSCO50050"
	Framed-MTU = 1400
	Called-Station-Id = "0007.50d5.a609"
	Calling-Station-Id = "000b.cd8d.1aa9"
	Message-Authenticator =
<170><161>)<151>n5W<19>q<186><231><158>me<189><165>
	EAP-Message = <2><6><0><6><25><0>
	NAS-Port-Type = Wireless-IEEE-802-11
	NAS-Port = 410
	Service-Type = Framed-User
	NAS-IP-Address = 10.23.42.241
	NAS-Identifier = "uswhsw1-1d34"

Fri Apr  9 16:33:23 2004: DEBUG: Handling request with Handler ''
Fri Apr  9 16:33:23 2004: DEBUG:  Deleting session for host/USWSCO50050,
10.23.42.241, 410
Fri Apr  9 16:33:23 2004: DEBUG: Handling with Radius::AuthFILE: 
Fri Apr  9 16:33:23 2004: DEBUG: Handling with EAP: code 2, 6, 6
Fri Apr  9 16:33:23 2004: DEBUG: Response type 25
Fri Apr  9 16:33:23 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Apr  9 16:33:23 2004: DEBUG: Access challenged for host/USWSCO50050: EAP
PEAP Challenge
Fri Apr  9 16:33:23 2004: DEBUG: Packet dump:
*** Sending to 10.23.42.241 port 21664 ....
Code:       Access-Challenge
Identifier: 5
Authentic:  <247>=<1><28><26><202><202><253>c<189><254><10>mdX|
Attributes:
	EAP-Message =
<1><7><0><28><25><0><23><3><1><0><17><175>8&<143><178><27><245><2>JTF<154>l?
<136>@9
	Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Fri Apr  9 16:33:23 2004: DEBUG: Packet dump:
*** Received from 10.23.42.241 port 21664 ....
Code:       Access-Request
Identifier: 6
Authentic:  "<3><154><223><248><183><201><162>j<185><31><193><165>oj<225>
Attributes:
	User-Name = "host/USWSCO50050"
	Framed-MTU = 1400
	Called-Station-Id = "0007.50d5.a609"
	Calling-Station-Id = "000b.cd8d.1aa9"
	Message-Authenticator = <242><254>m8<13>m~~<176>45<193>`J/<20>
	EAP-Message =
<2><7><0>,<25><0><23><3><1><0>!<185>b<159>j<221><244><141><185>'<231>~H<12><
155><27><10><21>d<170><172><214><7>yG<238><185><26><231><141>+<166>1<21>
	NAS-Port-Type = Wireless-IEEE-802-11
	NAS-Port = 410
	Service-Type = Framed-User
	NAS-IP-Address = 10.23.42.241
	NAS-Identifier = "uswhsw1-1d34"

Fri Apr  9 16:33:23 2004: DEBUG: Handling request with Handler ''
Fri Apr  9 16:33:23 2004: DEBUG:  Deleting session for host/USWSCO50050,
10.23.42.241, 410
Fri Apr  9 16:33:23 2004: DEBUG: Handling with Radius::AuthFILE: 
Fri Apr  9 16:33:23 2004: DEBUG: Handling with EAP: code 2, 7, 44
Fri Apr  9 16:33:23 2004: DEBUG: Response type 25
Fri Apr  9 16:33:23 2004: DEBUG: EAP PEAP inner authentication request for
anonymous
Fri Apr  9 16:33:23 2004: DEBUG: PEAP Tunnelled request Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  b<136>xH%<153><195>Q-<132><206>R$y<251><215>
Attributes:
	EAP-Message = <2><7><0><17><1>host/USWSCO50050
	Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
	User-Name = "anonymous"
	NAS-IP-Address = 10.23.42.241
	NAS-Identifier = "uswhsw1-1d34"
	NAS-Port = 410
	Calling-Station-Id = "000b.cd8d.1aa9"

Fri Apr  9 16:33:23 2004: DEBUG: Handling request with Handler
'TunnelledByPEAP=1'
Fri Apr  9 16:33:23 2004: DEBUG:  Deleting session for , 10.23.42.241, 410
Fri Apr  9 16:33:23 2004: DEBUG: Handling with Radius::AuthLSA: 
Fri Apr  9 16:33:23 2004: DEBUG: Handling with EAP: code 2, 7, 17
Fri Apr  9 16:33:23 2004: DEBUG: Response type 1
Fri Apr  9 16:33:23 2004: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Fri Apr  9 16:33:23 2004: DEBUG: Access challenged for anonymous: EAP
MSCHAP-V2 Challenge
Fri Apr  9 16:33:23 2004: DEBUG: EAP result: 3, EAP PEAP inner
authentication redespatched to a Handler
Fri Apr  9 16:33:23 2004: DEBUG: Access challenged for host/USWSCO50050: EAP
PEAP inner authentication redespatched to a Handler
Fri Apr  9 16:33:23 2004: DEBUG: Packet dump:
*** Sending to 10.23.42.241 port 21664 ....
Code:       Access-Challenge
Identifier: 6
Authentic:  "<3><154><223><248><183><201><162>j<185><31><193><165>oj<225>
Attributes:
	EAP-Message =
<1><8><0><<25><0><23><3><1><0>1oK}c<223><148><233><200>x<143><225>Q.<178><25
0><191>Y<194><244><8><228>n1<195><8>Q<153>0<160>D<189>dq=xQ<179><12><206>7<1
95><134><22>6<150>,<236><130>l
	Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Fri Apr  9 16:33:23 2004: DEBUG: Packet dump:
*** Received from 10.23.42.241 port 21664 ....
Code:       Access-Request
Identifier: 7
Authentic:  VZnl<191>[g<15><<197><30><164>z<3><244><208>
Attributes:
	User-Name = "host/USWSCO50050"
	Framed-MTU = 1400
	Called-Station-Id = "0007.50d5.a609"
	Calling-Station-Id = "000b.cd8d.1aa9"
	Message-Authenticator =
<135><25><179><31><183><200><154>W<198>N<178><185>di<206><248>
	EAP-Message =
<2><8><0>b<25><0><23><3><1><0>W<239><248><0>Yb<156>+<<5>G<218>,<162>:<230>(@
,B<148>:<22><225><188><148><148><175>aT<249><159><206><213><183><10><195><25
3><200><235>*<165>7<137>\<220><21><8><7>.%ug<130><140><209><177><21><1><235>
<147><144><159><149><254>!<21><223>Qr<249>^a<<5>=<150>p<155><186><204>2b<209
><2><210>]<248>
	NAS-Port-Type = Wireless-IEEE-802-11
	NAS-Port = 410
	Service-Type = Framed-User
	NAS-IP-Address = 10.23.42.241
	NAS-Identifier = "uswhsw1-1d34"

Fri Apr  9 16:33:23 2004: DEBUG: Handling request with Handler ''
Fri Apr  9 16:33:23 2004: DEBUG:  Deleting session for host/USWSCO50050,
10.23.42.241, 410
Fri Apr  9 16:33:23 2004: DEBUG: Handling with Radius::AuthFILE: 
Fri Apr  9 16:33:23 2004: DEBUG: Handling with EAP: code 2, 8, 98
Fri Apr  9 16:33:23 2004: DEBUG: Response type 25
Fri Apr  9 16:33:23 2004: DEBUG: EAP PEAP inner authentication request for
anonymous
Fri Apr  9 16:33:23 2004: DEBUG: PEAP Tunnelled request Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:
<13><243>)<197><214><152><1><135><211><128><192><169><240><163><193><217>
Attributes:
	EAP-Message =
<2><8><0>G<26><2><8><0>F1I<7><189><210><193>*<10><147><197>\t
<212>v<153><133><0><0><0><0><0><0><0><0>=w<130><192><6><139>m<161>}<239>)<22
7><217><148><155><176>F<213>D<152>$<22><10><194><0>host/USWSCO50050
	Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
	User-Name = "anonymous"
	NAS-IP-Address = 10.23.42.241
	NAS-Identifier = "uswhsw1-1d34"
	NAS-Port = 410
	Calling-Station-Id = "000b.cd8d.1aa9"

Fri Apr  9 16:33:23 2004: DEBUG: Handling request with Handler
'TunnelledByPEAP=1'
Fri Apr  9 16:33:23 2004: DEBUG:  Deleting session for , 10.23.42.241, 410
Fri Apr  9 16:33:23 2004: DEBUG: Handling with Radius::AuthLSA: 
Fri Apr  9 16:33:23 2004: DEBUG: Handling with EAP: code 2, 8, 71
Fri Apr  9 16:33:23 2004: DEBUG: Response type 26
Fri Apr  9 16:33:23 2004: DEBUG: Radius::AuthLSA looks for match with
host/USWSCO50050
Fri Apr  9 16:33:23 2004: DEBUG: Radius::AuthLSA ACCEPT: 
Fri Apr  9 16:33:23 2004: WARNING: Could not LogonUserNetworkCHAP: Logon
failure: unknown user name or bad password. 
Fri Apr  9 16:33:23 2004: DEBUG: EAP result: 1, EAP MSCHAP-V2 Authentication
failure
Fri Apr  9 16:33:23 2004: INFO: Access rejected for anonymous: EAP MSCHAP-V2
Authentication failure
Fri Apr  9 16:33:23 2004: DEBUG: EAP result: 3, EAP PEAP inner
authentication redespatched to a Handler
Fri Apr  9 16:33:23 2004: DEBUG: Access challenged for host/USWSCO50050: EAP
PEAP inner authentication redespatched to a Handler
Fri Apr  9 16:33:23 2004: DEBUG: Packet dump:
*** Sending to 10.23.42.241 port 21664 ....
Code:       Access-Challenge
Identifier: 7
Authentic:  VZnl<191>[g<15><<197><30><164>z<3><244><208>
Attributes:
	EAP-Message =
<1><9><0>&<25><0><23><3><1><0><27><157><220><133><175><154><215>K<182><176><
176><236><195><152><216><206><252><16>><159><202>Z<197>C<155><3>5<148>
	Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Fri Apr  9 16:33:23 2004: DEBUG: Packet dump:
*** Received from 10.23.42.241 port 21664 ....
Code:       Access-Request
Identifier: 8
Authentic:  <137><210><148><232>WT<18><11><2><9>p\<243><134><252>g
Attributes:
	User-Name = "host/USWSCO50050"
	Framed-MTU = 1400
	Called-Station-Id = "0007.50d5.a609"
	Calling-Station-Id = "000b.cd8d.1aa9"
	Message-Authenticator =
C<180><204><139><205><13>kT<209>6q<197><182><147><144><198>
	EAP-Message =
<2><9><0>&<25><0><23><3><1><0><27><178><171>^<145>A*:<172>of><195><246>S<158
><219>S<165>T<153>6S(<246><11><175><184>
	NAS-Port-Type = Wireless-IEEE-802-11
	NAS-Port = 410
	Service-Type = Framed-User
	NAS-IP-Address = 10.23.42.241
	NAS-Identifier = "uswhsw1-1d34"

Fri Apr  9 16:33:23 2004: DEBUG: Handling request with Handler ''
Fri Apr  9 16:33:23 2004: DEBUG:  Deleting session for host/USWSCO50050,
10.23.42.241, 410
Fri Apr  9 16:33:23 2004: DEBUG: Handling with Radius::AuthFILE: 
Fri Apr  9 16:33:23 2004: DEBUG: Handling with EAP: code 2, 9, 38
Fri Apr  9 16:33:23 2004: DEBUG: Response type 25
Fri Apr  9 16:33:23 2004: DEBUG: EAP result: 1, PEAP Authentication Failure
Fri Apr  9 16:33:23 2004: INFO: Access rejected for host/USWSCO50050: PEAP
Authentication Failure
Fri Apr  9 16:33:23 2004: DEBUG: Packet dump:
*** Sending to 10.23.42.241 port 21664 ....
Code:       Access-Reject
Identifier: 8
Authentic:  <137><210><148><232>WT<18><11><2><9>p\<243><134><252>g
Attributes:
	EAP-Message = <4><9><0><4>
	Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
	Reply-Message = "Request Denied"
=======================================================================


------------------------------------------------------------------------------
Notice:  This e-mail message, together with any attachments, contains
information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station, New
Jersey, USA 08889), and/or its affiliates (which may be known outside the
United States as Merck Frosst, Merck Sharp & Dohme or MSD and in Japan as
Banyu) that may be confidential, proprietary copyrighted and/or legally
privileged. It is intended solely for the use of the individual or entity
named on this message.  If you are not the intended recipient, and have
received this message in error, please notify us immediately by reply e-mail
and then delete it from your system.
------------------------------------------------------------------------------

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list