(RADIATOR) Should be EAP-TTLS working with inner authentication MSCHAPV2??

Terry Simons galimore at mac.com
Thu Aug 5 13:17:42 CDT 2004


Hi Jan,

For what it's worth, I have seen a similar problem with Mac OS X, but  
haven't reported it yet...

I suspect there is possibly a bug in Radiator with the TTLS MSCHAPv2  
stuff... :-)

- Terry

On Aug 5, 2004, at 5:30 AM, Jan Tomasek wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
> I'm testing what authentication mechanisms are working for our  
> combination of
> Cisco AP 1230, Radiator and client software. At this moment I'm  
> playing with
> XSupplicant v1.0 for Linux. I successfuly tested EAP-TTLS wit inner
> authentication methods: PAP, CHAP, MSCHAP. But MSCHAPV2 isn't working!  
> For
> some strange reason Radiator says that there is problem with password.  
> But
> password is always same.
>
> I'm sort of confused, this combination is showed in XSupplicant  
> configuration
> examples so it should be working.
>
> Thanks for any help.
>
> XSupplicant configuration is bellow, log from Radiator is attached,  
> it's
> configuration too.
>
> XSupplicant configuration:
>
> network_list = all
> default_netname = eduroam
> startup_command = <BEGIN_COMMAND>echo "START"<END_COMMAND>
> reauth_command = <BEGIN_COMMAND>echo "authenticated user  
> %i"<END_COMMAND>
> #logfile = /var/log/xsupplicant.log
> allow_interfaces = wlan0
> #allow_interfaces = eth1
> eduroam
> {
>   type = wireless
> #  allow_types = eap-ttls
>   identity = <BEGIN_ID>semik at cesnet.cz<END_ID>
> #  eap-md5 {
> #        password = <BEGIN_PASS>heslo<END_PASS>
> #  }
> #  eap_tls {
> #     user_cert = /root/JanTomasek.crt.pem
> #     user_key  = /root/JanTomasek.clear-key.pem
> #     #user_key_pass = <BEGIN_PASS>password for user-key.pem<END_PASS>
> #     root_cert = /etc/1x/cca.pem.crt
> #     #crl_dir = /home/user/certificates/revoked
> #     #cncheck = mynet.net
> #     #cnexact = no
> #     chunk_size = 1398
> #     random_file = /dev/urandom
> #     session_resume = no
> #  }
> #  eap-mschapv2 {
> #      password = <BEGIN_PASS>heslo<END_PASS>
> #  }
> #  eap-peap {
> #    root_cert = /etc/1x/cca.pem.crt
> #     chunk_size = 1398
> #     random_file = /dev/urandom
> #     #cncheck = radiusserver.mynet.net
> #     #cnexact = yes
> #     session_resume = no
> #
> #    eap-mschapv2 {
> #       username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
> #       password = <BEGIN_PASS>heslo<END_PASS>
> #    }
> #  }
>   eap-ttls {
>       root_cert = /etc/1x/cca.pem.crt
>       chunk_size = 1398
>       random_file = /dev/urandom
>       phase2_type = mschap
>       pap {
>         username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>         password = <BEGIN_PASS>heslo<END_PASS>
>       }
>       chap {
>         username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>         password = <BEGIN_PASS>heslo<END_PASS>
>       }
>       mschap {
>         username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>         password = <BEGIN_PASS>heslo<END_PASS>
>       }
>       mschapv2 {
>         username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>         password = <BEGIN_PASS>heslo<END_PASS>
>       }
>   }
> }
>
> - --
> - --------------------------------------------------------------
> Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
> http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
>                                       Czech Republic
> phone(work): +420 2 2435 5279         http://www.cesnet.cz/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBEho279++DGvj6tMRAglXAJ0ViWfkcRE81wHlaexXEiX3Ok4FKgCfWm8i
> wFV91eP9+aunuOrySKPwtBY=
> =Pn6W
> -----END PGP SIGNATURE-----
> Thu Aug  5 12:46:30 2004: DEBUG: Reading users file /dev/null
> Thu Aug  5 12:46:30 2004: DEBUG: Finished reading configuration file  
> '/etc/radiator/radius.cfg'
> This Radiator license will expire on 2004-08-01
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your evaluation period, contact admin at open.com.au
>
> Thu Aug  5 12:46:30 2004: DEBUG: Reading dictionary file  
> '/home/semik/iproj/Radiator-Demo-3.9/dictionary'
> Thu Aug  5 12:46:30 2004: DEBUG: Creating authentication port  
> 0.0.0.0:1645
> Thu Aug  5 12:46:30 2004: DEBUG: Creating authentication port  
> 0.0.0.0:1812
> Thu Aug  5 12:46:30 2004: DEBUG: Creating accounting port 0.0.0.0:1646
> Thu Aug  5 12:46:30 2004: DEBUG: Creating accounting port 0.0.0.0:1813
> Thu Aug  5 12:46:30 2004: NOTICE: Server started: Radiator 3.9 on  
> ldap1 (EVALUATION)
> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 134
> Authentic:  <231>+<7><219><10><185><166>w$<205>w:<27><219>&<236>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator = _-<6>y<20>B&<205><177><176><8>`_<17><221><14>
> 	EAP-Message = <2><2><0><20><1>semik at cesnet.cz
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 438
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:40 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:40 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug  5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 2, 20
> Thu Aug  5 12:46:40 2004: DEBUG: Response type 1
> Thu Aug  5 12:46:40 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Aug  5 12:46:40 2004: DEBUG: Access challenged for semik: EAP PEAP  
> Challenge
> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 134
> Authentic:  <231>+<7><219><10><185><166>w$<205>w:<27><219>&<236>
> Attributes:
> 	EAP-Message = <1><3><0><6><25>!
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 135
> Authentic:   
> <248><145><8><142>7<199><228>E<173><21><171><127><139><139>M<193>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> <143><197><193>!<142><25>/<156><236><163><146>(<185>Fc<144>
> 	EAP-Message = <2><3><0><6><3><21>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 438
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:40 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:40 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug  5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 3, 6
> Thu Aug  5 12:46:40 2004: DEBUG: Response type 3
> Thu Aug  5 12:46:40 2004: INFO: EAP Nak desires type 21
> Thu Aug  5 12:46:40 2004: DEBUG: Resuming session for  
> Radius::Context=HASH(0x866da78)
>
> Thu Aug  5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:40 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 135
> Authentic:   
> <248><145><8><142>7<199><228>E<173><21><171><127><139><139>M<193>
> Attributes:
> 	EAP-Message = <1><4><0><6><21>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 136
> Authentic:  <12><14>m`<162>~<30><131><191>p6<206><234><7><158><196>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> ,<198><162><235><186><132><220>Ng<134><139><21>P<135><229><234>
> 	EAP-Message =  
> <2><4><0>n<21><128><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>A<19>}<164>< 
> 173><253><5><30>r<20><168><240>c<202>Y<243><182>\  
> <209>q<154>8qE<16><182><3><240><200><136>|<0><0>4<0>9<0>8<0>5<0><22><0> 
> <19><0><10><0>3<0>2<0>/ 
> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0>< 
> 17><0><8><0><6><0><3><1><0>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 438
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:40 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:40 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug  5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 4, 110
> Thu Aug  5 12:46:40 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:40 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Thu Aug  5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:40 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 136
> Authentic:  <12><14>m`<162>~<30><131><191>p6<206><234><7><158><196>
> Attributes:
> 	EAP-Message =  
> <1><5><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<18 
> ><16><16><251>]<238>gz<220><172><162><234>X6Z<20><131><189><150><229><1 
> 57><176><147>)<5><156>sRB<21>6  
> q<205>f<156>C<211>OH3F<193><127>*nx<229><28><155>V<200>C<162>&<152>=<17 
> 1><168><230>; 
> <1><150>^<0>5<0><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<13 
> 0><3><0<130><2>$<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><247> 
> <13><1><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4 
> ><10><19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET  
> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4> 
> <10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
> 	EAP-Message =  
> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6>< 
> 9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><12 
> 9><129><0><212><204>S/*/ 
> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><229 
> ><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>- 
> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><18 
> 5><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><129> 
> <150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l<24 
> 5><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><129>< 
> 211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175><165 
> ><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192>0<31>< 
> 6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180><136>
> 	EAP-Message = <132>U5/<170><6><243><215>  
> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/ 
> crl/ 
> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29> 
> <17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3>U 
> <29>  
> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>*< 
> 134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7<21 
> ><15><224><137><210><186><250><155><246><129><10><204><160>F<255><201>! 
> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226> 
> <173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<254 
> ><31><228><198><232><20>~<25>bg<197>0O
> 	EAP-Message =  
> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m< 
> 160>,NU<197><30>-<164><242><17>V`g  
> <162><237><160>LL<195>/ 
> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10><2 
> 41><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW? 
> <27><13>Y<25>  
> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L: 
> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7>@ 
> <168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133><2 
> 39><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><133>< 
> 177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>? 
> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1> 
> <1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><1 
> 9><6>CESNET1<18>0<16><6><3>U<4>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 137
> Authentic:  {yp<237><192><4><133><244>Q<254><228><215><231>b<154>p
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator = <134><138>=FD<'v&<159>Sb<9>Wv<18>
> 	EAP-Message = <2><5><0><6><21><0>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 438
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:40 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:40 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug  5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 5, 6
> Thu Aug  5 12:46:40 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:40 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 137
> Authentic:  {yp<237><192><4><133><244>Q<254><228><215><231>b<154>p
> Attributes:
> 	EAP-Message = <1><6><3><199><21><0><3><19><9>CESNET  
> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4>< 
> 6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4><3> 
> <19><9>CESNET  
> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1>< 
> 15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s<19 
> 7>  
> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185><1 
> 69><191><233>- 
> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><240 
> ><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221>< 
> 5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><234> 
> <213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<161>C
> 	EAP-Message =  
> <129><144><152><144><204><219><144><8><15>- 
> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203><2 
> 09><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248><1 
> 45>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<232> 
> <130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><158>n< 
> 187>M<184><215>v<150><216>.<23><251>&W<174>! 
> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><13 
> 0>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6>< 
> 3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U5/ 
> <170><6><243><215>  
> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180> 
> <136><132>U5/<170><6><243><215>  
> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><25 
> 5><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
> 	EAP-Message =  
> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171> 
> <8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172><1 
> 74><130><241><191><168><146><28><238><246><192><150><208><7>/ 
> <222><140><3>c/ 
> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c< 
> 24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224>< 
> 184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP<15 
> 6><12><161><154><0>r<14><155><233><218><242><244><196><206><232><233><4 
> >E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215><139 
> ><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><129><254 
> >1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23>7v<1><2 
> 34><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><171>aY<18 
> 2>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185><241>0<1 
> 9>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
> 	EAP-Message =  
> <201><138>: 
> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1><2 
> ><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10>< 
> 19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET  
> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14>C 
> zech  
> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><19 
> ><11>Jan  
> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247> 
> <13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:41 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 138
> Authentic:  <168>Z<158>M6<239><24>S<196><167><9>t<242>C<220><141>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> <144><22><21>^<163>$<11><230><163><179><211>._B<27><210>
> 	EAP-Message =  
> <2><6><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0><0 
> ><0><22><3><1><0><134><16><0><0><130><0><128><178>(qmc~<230><137>k<226> 
> <226><255>4<172><246>Q<216><195><0>QN<138>1<160><176>$<143><179><197>H< 
> 178><159><3><206><133><131><171><129>ZY{<237><173>jO<154><182><30><246> 
> <154><190><18><205>F4<230><196>6<152><248><24>`<136>{<186><230>v<206><2 
> 03><153><222><165><239><158><7><134>(<141><27><194><140><14><233>1@<150 
> >Y<127><249><182><238><214><30><195><238><160><29>9&<142><181><160><221 
> ><147><162>x<254><249><208><210><5>L<4>Y<10>,<229>=V<132><254>r<22>oG<2 
> 51><148>/ 
> <20><3><1><0><1><1><22><3><1><0>0<185><234><147><128><28><163><175><173 
> ><237><198><127>c<158><24>X<23><195><223><151><179><142>0<204><221>A<25 
> 2>*<222><22><254>d<236>VYw<152><135><6><254><225><159><152>4<248><198>< 
> 209><208>x
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 438
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:41 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:41 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug  5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:41 2004: DEBUG: Handling with EAP: code 2, 6, 220
> Thu Aug  5 12:46:41 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:41 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Thu Aug  5 12:46:41 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:41 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:41 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 138
> Authentic:  <168>Z<158>M6<239><24>S<196><167><9>t<242>C<220><141>
> Attributes:
> 	EAP-Message =  
> <1><7><0>E<21><128><0><0><0>; 
> <20><3><1><0><1><1><22><3><1><0>0<231><184><153><157>m<206>q<127><224>< 
> 134><167><130><204><208><142>s<199>s<185><129>6N<146>~<0>3<251><201><22 
> 8><29><182><255>}<183><226><182><164><131>u<181><153><172><203>c<169><1 
> 82><28><175>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:41 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 139
> Authentic:  4J<128>U<18><5>^<194>c/<153>J<253>d<177>3
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> h<2>{<221><177>1<209><206><242><223><165>-.<134>n<183>
> 	EAP-Message = <2><7><0><192><21><0><23><3><1><0>  
> <144><197>S<163><13><186><201>G<24><219><23>P<5>g: 
> <169>^<200><237>P<198>P<129><248>s<157>O<137><2><236>&<149><23><3><1><0 
> ><144><190><254><207>9<252><140>=Z<244><5>S<166><255><12><194>F,<130><1 
> 66><184><132><210><161>3<19><239>vh<127>u<25><255><219>ds<227><14><199> 
> <23><6>=<203><161>n[<10><244><138><3><176><131><159><175><151><150><254 
> ><245><206><166><127><3>Lb<0><129><159>VOx<129><173><239>k<217><131><17 
> 7>ic<178>+<6><211><169>9<148><248><185>(<22><22><188><138>'_<<231>f<147 
> ><3><211><163>]<30><250><227><214><2>wP<140>&<178><137>_$<178><246><160 
> >+#,<3>NHQ<138><198>Z<253><242><139>=<172>0<30><250><193>\A<202><156><2 
> 4>0<182>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 438
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:41 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:41 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug  5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:41 2004: DEBUG: Handling with EAP: code 2, 7, 192
> Thu Aug  5 12:46:41 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:41 2004: DEBUG: EAP TTLS inner authentication request  
> for semik at cesnet.cz
> Thu Aug  5 12:46:41 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:   
> *<255><189><174><25><130><223><129><199><212><144>$<203><248>1Q
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	MS-CHAP-Challenge = <198><171><180>wQ<167><179>wo%<Zn<183>Q<135>
> 	MS-CHAP2-Response =  
> <167><0><198><171><180>wQ<167><179>wo%<Zn<183>Q<135><0><0><0><0><0><0>< 
> 0><0><182><202><164>n<182>N4~<147><205><206><226><145><14>c<215>*.J<200 
> ><14><211>q/
>
> Thu Aug  5 12:46:41 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:41 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154,
> Thu Aug  5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:41 2004: INFO: Connecting to localhost, port 389
> Thu Aug  5 12:46:41 2004: INFO: Attempting to bind to LDAP server  
> localhost:389)
> Thu Aug  5 12:46:41 2004: DEBUG: LDAP got result for  
> uid=semik,ou=People,dc=cesnet,dc=cz
> Thu Aug  5 12:46:41 2004: DEBUG: LDAP got radiusPassword: heslo
> Thu Aug  5 12:46:41 2004: DEBUG: LDAP got roomnumber:  
> Tunnel-Private-Group-ID=1:600
> Thu Aug  5 12:46:41 2004: DEBUG: Radius::AuthLDAP2 looks for match  
> with semik
> Thu Aug  5 12:46:41 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
> Thu Aug  5 12:46:41 2004: INFO: Connecting to localhost, port 389
> Thu Aug  5 12:46:41 2004: INFO: Attempting to bind to LDAP server  
> localhost:389)
> Thu Aug  5 12:46:41 2004: DEBUG: No entries for DEFAULT found in LDAP  
> database
> Thu Aug  5 12:46:41 2004: INFO: Access rejected for semik: Bad Password
> Thu Aug  5 12:46:41 2004: DEBUG: EAP result: 1, EAP TTLS inner  
> authentication redespatched to a Handler
> Thu Aug  5 12:46:41 2004: INFO: Access rejected for semik: EAP TTLS  
> inner authentication redespatched to a Handler
> Thu Aug  5 12:46:41 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Reject
> Identifier: 139
> Authentic:  4J<128>U<18><5>^<194>c/<153>J<253>d<177>3
> Attributes:
> 	EAP-Message = <4><7><0><4>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Reply-Message = "Request Denied"
>
> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 140
> Authentic:  <137>&<26>~<202><2><177><206><201>r-W<13>F<162><222>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator = %s<208>  
> <165><202><140><176>[2<211><151><167><143>R<134>
> 	EAP-Message = <2><1><0><20><1>semik at cesnet.cz
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 439
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:43 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:43 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug  5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 1, 20
> Thu Aug  5 12:46:43 2004: DEBUG: Response type 1
> Thu Aug  5 12:46:43 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Aug  5 12:46:43 2004: DEBUG: Access challenged for semik: EAP PEAP  
> Challenge
> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 140
> Authentic:  <137>&<26>~<202><2><177><206><201>r-W<13>F<162><222>
> Attributes:
> 	EAP-Message = <1><2><0><6><25>!
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 141
> Authentic:  0<198>(<155><25><251><166><160>`<24><194><7><13><154>z<148>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> +<244><169><175>><148><198>N\<<181><132><154><200><178>d
> 	EAP-Message = <2><2><0><6><3><21>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 439
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:43 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:43 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug  5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 2, 6
> Thu Aug  5 12:46:43 2004: DEBUG: Response type 3
> Thu Aug  5 12:46:43 2004: INFO: EAP Nak desires type 21
> Thu Aug  5 12:46:43 2004: DEBUG: Resuming session for  
> Radius::Context=HASH(0x895bc28)
>
> Thu Aug  5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:43 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 141
> Authentic:  0<198>(<155><25><251><166><160>`<24><194><7><13><154>z<148>
> Attributes:
> 	EAP-Message = <1><3><0><6><21>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 142
> Authentic:  P<194><16>7G<30><203><161><153>zb<180><4><131><229>:
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> f<138><211>s<246><2><7><133>AK<191><166><10><7><158>y
> 	EAP-Message =  
> <2><3><0><142><21><128><0><0><0><132><22><3><1><0><127><1><0><0>{<3><1> 
> A<19>}<168>d<19>QV4<135><158><176><234><152><201>C<154>naQ/ 
> <255><244><146>"d{U<170><228>$<152>  
> q<205>f<156>C<211>OH3F<193><127>*nx<229><28><155>V<200>C<162>&<152>=<17 
> 1><168><230>; 
> <1><150>^<0>4<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/ 
> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0>< 
> 17><0><8><0><6><0><3><1><0>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 439
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:43 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:43 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug  5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 3, 142
> Thu Aug  5 12:46:43 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:43 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Thu Aug  5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:43 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 142
> Authentic:  P<194><16>7G<30><203><161><153>zb<180><4><131><229>:
> Attributes:
> 	EAP-Message =  
> <1><4><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<18 
> ><16><19><198><133><23><181><130><213>z<131><194><163>}h<144><18>w<204> 
> <198><238>e<12><16><185><218>{<247><151>K9  
> i|]S<14>p<153><30><182><137><215><134>- 
> %<27>'<27><16><226><209><{x<132><21><12><28><219>r<139><197><138><0>5<0 
> ><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<130><3><0<130><2> 
> $<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><247><13><1><1><4><5 
> ><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CES 
> NET1<18>0<16><6><3>U<4><3><19><9>CESNET  
> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4> 
> <10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
> 	EAP-Message =  
> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6>< 
> 9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><12 
> 9><129><0><212><204>S/*/ 
> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><229 
> ><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>- 
> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><18 
> 5><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><129> 
> <150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l<24 
> 5><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><129>< 
> 211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175><165 
> ><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192>0<31>< 
> 6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180><136>
> 	EAP-Message = <132>U5/<170><6><243><215>  
> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/ 
> crl/ 
> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29> 
> <17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3>U 
> <29>  
> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>*< 
> 134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7<21 
> ><15><224><137><210><186><250><155><246><129><10><204><160>F<255><201>! 
> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226> 
> <173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<254 
> ><31><228><198><232><20>~<25>bg<197>0O
> 	EAP-Message =  
> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m< 
> 160>,NU<197><30>-<164><242><17>V`g  
> <162><237><160>LL<195>/ 
> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10><2 
> 41><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW? 
> <27><13>Y<25>  
> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L: 
> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7>@ 
> <168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133><2 
> 39><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><133>< 
> 177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>? 
> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1> 
> <1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><1 
> 9><6>CESNET1<18>0<16><6><3>U<4>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 143
> Authentic:  <20>u<250><136><145><131><230>V<219><149>UR<244><209>{<142>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> <2><222><175>}o<167><201>I<139><186><188>c<149><189><213><155>
> 	EAP-Message = <2><4><0><6><21><0>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 439
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:43 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:43 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug  5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 4, 6
> Thu Aug  5 12:46:43 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:43 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 143
> Authentic:  <20>u<250><136><145><131><230>V<219><149>UR<244><209>{<142>
> Attributes:
> 	EAP-Message = <1><5><3><199><21><0><3><19><9>CESNET  
> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4>< 
> 6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4><3> 
> <19><9>CESNET  
> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1>< 
> 15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s<19 
> 7>  
> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185><1 
> 69><191><233>- 
> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><240 
> ><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221>< 
> 5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><234> 
> <213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<161>C
> 	EAP-Message =  
> <129><144><152><144><204><219><144><8><15>- 
> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203><2 
> 09><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248><1 
> 45>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<232> 
> <130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><158>n< 
> 187>M<184><215>v<150><216>.<23><251>&W<174>! 
> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><13 
> 0>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6>< 
> 3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U5/ 
> <170><6><243><215>  
> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180> 
> <136><132>U5/<170><6><243><215>  
> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><25 
> 5><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
> 	EAP-Message =  
> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171> 
> <8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172><1 
> 74><130><241><191><168><146><28><238><246><192><150><208><7>/ 
> <222><140><3>c/ 
> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c< 
> 24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224>< 
> 184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP<15 
> 6><12><161><154><0>r<14><155><233><218><242><244><196><206><232><233><4 
> >E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215><139 
> ><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><129><254 
> >1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23>7v<1><2 
> 34><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><171>aY<18 
> 2>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185><241>0<1 
> 9>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
> 	EAP-Message =  
> <201><138>: 
> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1><2 
> ><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10>< 
> 19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET  
> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14>C 
> zech  
> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><19 
> ><11>Jan  
> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247> 
> <13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:44 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 144
> Authentic:   
> <22><222><21><238>0<232><248><21><15><188><185>}\u<222><177>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> <252><21><140>o<243>{<151><230><184><150>DmCm<172>o
> 	EAP-Message =  
> <2><5><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0><0 
> ><0><22><3><1><0><134><16><0><0><130><0><128>f<137><129><254><131><236> 
> <18><29><157><231>L<182>K<169><213>6<217>f<3>[~<184>*r[<27><14><203>}<1 
> 54><190><201>L3<128>O<19><159><249><135>f<211><135><196><174><3>h<191>< 
> 131><227>]<159>p<2>p<128><162><163>}<169><243><210><26><151>+<1>~y<244> 
> <188><215><199><224><250><152>,z<192><12>S)<142><26>r)<180><190>.<172>< 
> 246><213><3><27>&J<201>y<220><253><251>FQ<203><<138>\<5><186>l<163>k<14 
> 2>]<3>X<23>WG<155>{X<191><19><28><18>,<214><250><20><3><1><0><1><1><22> 
> <3><1><0>0<194><194><145>\*<192>i<8><139>Y<182><173><20>]: 
> <0><1>F<163>n<237>i<218>gE<24><242><223><2><243>I<21>=<137>t<239>S0a<16 
> 5><132>_+|<221><241>9<27>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 439
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:44 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:44 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug  5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:44 2004: DEBUG: Handling with EAP: code 2, 5, 220
> Thu Aug  5 12:46:44 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:44 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Thu Aug  5 12:46:44 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:44 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:44 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 144
> Authentic:   
> <22><222><21><238>0<232><248><21><15><188><185>}\u<222><177>
> Attributes:
> 	EAP-Message =  
> <1><6><0>E<21><128><0><0><0>; 
> <20><3><1><0><1><1><22><3><1><0>0<243>S<186>u<19>Z<156>}V<189>a<30>5<15 
> 0><182><214><231><191><152><187>g6x<144><187><187><174><252>y<149>v<207 
> ><172><228>H<218><174><206><186>5<13><251><2><231><204>_8M
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:44 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 145
> Authentic:  <206><163><222>\D<197><139><229>F<12>)c<150>+Z<17>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> <20><212>z3<130><128><155>-b<179><164><10>}<26><3><229>
> 	EAP-Message = <2><6><0><192><21><0><23><3><1><0>  
> ,<4>c<179>: 
> <195><163><181><214>r<17><144><136><222><128><232><164>RI<157><168><18> 
> <212><222><160><251><243>b<213><165><224><30><23><3><1><0><144><145><22 
> 9>Z<246>8<0><183>*<170><170>}|'<138><154>H<153><25>a<139>#<179>E<247><1 
> 3>SE<13><159><218><156><251><190><214><220>j<191>- 
> <221>Rc6@<150><201><213><248><187><149><151>C<29><240><211><162>m<152>< 
> 132>P~%e<239><226><11><25>tFU<144><10>e:]<223><233>n<153><188>'E<191>H% 
> <29>0<163><180>Mm<24><164><150><143><252>{<12><204>C4<228><22><244>r<19 
> 5><9><253>O<240>j<236>)<11><232><182><18>M<174><253>i<5><172><204>{U9<1 
> 83>s<28>e<194><228>|9<203><133>K<204>f<177><211><27><132><191>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 439
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:44 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:44 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug  5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:44 2004: DEBUG: Handling with EAP: code 2, 6, 192
> Thu Aug  5 12:46:44 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:44 2004: DEBUG: EAP TTLS inner authentication request  
> for semik at cesnet.cz
> Thu Aug  5 12:46:44 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  2C<184><220><28><192><27><141><188><190>I<233><177>#8%
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	MS-CHAP-Challenge = N<4>;t<229><140><251><23>@.<236>UJ<133>A8
> 	MS-CHAP2-Response =  
> G<0>N<4>; 
> t<229><140><251><23>@.<236>UJ<133>A8<0><0><0><0><0><0><0><0>$<129>U<224 
> ><184>w<2><158><198>T<19>b<188>KxX<132>Y<20>)<4><223>J<157>
>
> Thu Aug  5 12:46:44 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:44 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154,
> Thu Aug  5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:44 2004: INFO: Connecting to localhost, port 389
> Thu Aug  5 12:46:44 2004: INFO: Attempting to bind to LDAP server  
> localhost:389)
> Thu Aug  5 12:46:44 2004: DEBUG: LDAP got result for  
> uid=semik,ou=People,dc=cesnet,dc=cz
> Thu Aug  5 12:46:44 2004: DEBUG: LDAP got radiusPassword: heslo
> Thu Aug  5 12:46:44 2004: DEBUG: LDAP got roomnumber:  
> Tunnel-Private-Group-ID=1:600
> Thu Aug  5 12:46:44 2004: DEBUG: Radius::AuthLDAP2 looks for match  
> with semik
> Thu Aug  5 12:46:44 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
> Thu Aug  5 12:46:44 2004: INFO: Connecting to localhost, port 389
> Thu Aug  5 12:46:44 2004: INFO: Attempting to bind to LDAP server  
> localhost:389)
> Thu Aug  5 12:46:44 2004: DEBUG: No entries for DEFAULT found in LDAP  
> database
> Thu Aug  5 12:46:44 2004: INFO: Access rejected for semik: Bad Password
> Thu Aug  5 12:46:44 2004: DEBUG: EAP result: 1, EAP TTLS inner  
> authentication redespatched to a Handler
> Thu Aug  5 12:46:44 2004: INFO: Access rejected for semik: EAP TTLS  
> inner authentication redespatched to a Handler
> Thu Aug  5 12:46:44 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Reject
> Identifier: 145
> Authentic:  <206><163><222>\D<197><139><229>F<12>)c<150>+Z<17>
> Attributes:
> 	EAP-Message = <4><6><0><4>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Reply-Message = "Request Denied"
>
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 146
> Authentic:  gw<233><219>u<27><209><21><16><143><223>##z<177><210>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> 2h<179><25><255><146>lM<227><139>R<167><11>aq<199>
> 	EAP-Message = <2><1><0><20><1>semik at cesnet.cz
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 440
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 1, 20
> Thu Aug  5 12:46:46 2004: DEBUG: Response type 1
> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Aug  5 12:46:46 2004: DEBUG: Access challenged for semik: EAP PEAP  
> Challenge
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 146
> Authentic:  gw<233><219>u<27><209><21><16><143><223>##z<177><210>
> Attributes:
> 	EAP-Message = <1><2><0><6><25>!
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 147
> Authentic:  <139><248><0><241><30>UF$<228>V<192><16><22><223><179><2>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> <254><229><14>Bn<221><222><153><165>u\<1><236><4><190><223>
> 	EAP-Message = <2><2><0><6><3><21>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 440
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 2, 6
> Thu Aug  5 12:46:46 2004: DEBUG: Response type 3
> Thu Aug  5 12:46:46 2004: INFO: EAP Nak desires type 21
> Thu Aug  5 12:46:46 2004: DEBUG: Resuming session for  
> Radius::Context=HASH(0x891eae4)
>
> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:46 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 147
> Authentic:  <139><248><0><241><30>UF$<228>V<192><16><22><223><179><2>
> Attributes:
> 	EAP-Message = <1><3><0><6><21>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 148
> Authentic:  <162><196><28>En<142><22><229>a<218><188><0>Cz<166><4>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator = D,m<132>j<170><223>)<209>%9<220>L<23><141>d
> 	EAP-Message =  
> <2><3><0><142><21><128><0><0><0><132><22><3><1><0><127><1><0><0>{<3><1> 
> A<19>}<170>EOo<218>7<<157><3>! 
> <173>l<198><181><128><162><248><192><187><188><29><219><26><134>T<171>< 
> 24>%<227>  
> i|]S<14>p<153><30><182><137><215><134>- 
> %<27>'<27><16><226><209><{x<132><21><12><28><219>r<139><197><138><0>4<0 
> >9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/ 
> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0>< 
> 17><0><8><0><6><0><3><1><0>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 440
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 3, 142
> Thu Aug  5 12:46:46 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:46 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:46 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 148
> Authentic:  <162><196><28>En<142><22><229>a<218><188><0>Cz<166><4>
> Attributes:
> 	EAP-Message =  
> <1><4><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<18 
> ><16><22>s5<250><249>n<229><253><19><170><150><195><220><162><24>z<212> 
> <141><165><136>9<140><22>'<139><181>C<249><212>  
> <245><188><252><167>U<0>C<237><161>|<3><236><224>: 
> <253>e7<184><196><190><190>h<194><207><25><191><209><246><20>$<18><163> 
> <0>5<0><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<130><3><0<1 
> 30><2>$<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><247><13><1><1 
> ><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><19> 
> <6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET  
> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4> 
> <10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
> 	EAP-Message =  
> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6>< 
> 9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><12 
> 9><129><0><212><204>S/*/ 
> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><229 
> ><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>- 
> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><18 
> 5><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><129> 
> <150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l<24 
> 5><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><129>< 
> 211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175><165 
> ><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192>0<31>< 
> 6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180><136>
> 	EAP-Message = <132>U5/<170><6><243><215>  
> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/ 
> crl/ 
> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29> 
> <17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3>U 
> <29>  
> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>*< 
> 134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7<21 
> ><15><224><137><210><186><250><155><246><129><10><204><160>F<255><201>! 
> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226> 
> <173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<254 
> ><31><228><198><232><20>~<25>bg<197>0O
> 	EAP-Message =  
> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m< 
> 160>,NU<197><30>-<164><242><17>V`g  
> <162><237><160>LL<195>/ 
> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10><2 
> 41><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW? 
> <27><13>Y<25>  
> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L: 
> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7>@ 
> <168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133><2 
> 39><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><133>< 
> 177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>? 
> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1> 
> <1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><1 
> 9><6>CESNET1<18>0<16><6><3>U<4>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 149
> Authentic:  <222>3a}<166><173><154>T%<255>W<148>A<194><145>/
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> <7>h<137>B<194>\<154>q<20><146>:H<188><127><244><214>
> 	EAP-Message = <2><4><0><6><21><0>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 440
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 4, 6
> Thu Aug  5 12:46:46 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:46 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 149
> Authentic:  <222>3a}<166><173><154>T%<255>W<148>A<194><145>/
> Attributes:
> 	EAP-Message = <1><5><3><199><21><0><3><19><9>CESNET  
> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4>< 
> 6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4><3> 
> <19><9>CESNET  
> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1>< 
> 15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s<19 
> 7>  
> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185><1 
> 69><191><233>- 
> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><240 
> ><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221>< 
> 5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><234> 
> <213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<161>C
> 	EAP-Message =  
> <129><144><152><144><204><219><144><8><15>- 
> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203><2 
> 09><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248><1 
> 45>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<232> 
> <130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><158>n< 
> 187>M<184><215>v<150><216>.<23><251>&W<174>! 
> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><13 
> 0>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6>< 
> 3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U5/ 
> <170><6><243><215>  
> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180> 
> <136><132>U5/<170><6><243><215>  
> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><25 
> 5><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
> 	EAP-Message =  
> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171> 
> <8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172><1 
> 74><130><241><191><168><146><28><238><246><192><150><208><7>/ 
> <222><140><3>c/ 
> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c< 
> 24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224>< 
> 184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP<15 
> 6><12><161><154><0>r<14><155><233><218><242><244><196><206><232><233><4 
> >E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215><139 
> ><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><129><254 
> >1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23>7v<1><2 
> 34><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><171>aY<18 
> 2>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185><241>0<1 
> 9>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
> 	EAP-Message =  
> <201><138>: 
> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1><2 
> ><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10>< 
> 19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET  
> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14>C 
> zech  
> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><19 
> ><11>Jan  
> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247> 
> <13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 150
> Authentic:  <255><176><226><25><0><155>P<164><3><220>v<242><176><<208>T
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator =  
> <241>u<197><225><213><211><162><166><17><213>f<215><248><2><11><172>
> 	EAP-Message =  
> <2><5><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0><0 
> ><0><22><3><1><0><134><16><0><0><130><0><128><7><16>`<209><133><157>hU< 
> 217>3<192><3>L<249><253>&u<165>$bo<178><27><220><255><190>a#<18><166>Px 
> <12><190><243><159><138><172>"9q.Q<10><236><178>m<203>x<213><12>Ft<19>< 
> 20>I!a at J<14><150><217>=<28><185><255><127><179><141><140>f<169>|_? 
> <22><139><187><163><173><232><240><224>*I<255><5>d<234><182>s<131><178> 
> <186>ZQ<127><171><5><165>c<188><183><196>I(<134>@<223><196>>r<246><207> 
> Va<149><170><226><202><162><25><132><182><31><171><242><20><3><1><0><1> 
> <1><22><3><1><0>0<0><168>7<128><255><162>1A<208><251>c<139><146><242>&< 
> 128>yz<217><141>,2<162><173><182>EN<247><12><178><8><16><175><237><154> 
> <167><197>s<239><201>t,<176>,u<136>*<134>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 440
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 5, 220
> Thu Aug  5 12:46:46 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:46 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug  5 12:46:46 2004: DEBUG: Access challenged for semik: EAP TTLS  
> Challenge
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Challenge
> Identifier: 150
> Authentic:  <255><176><226><25><0><155>P<164><3><220>v<242><176><<208>T
> Attributes:
> 	EAP-Message =  
> <1><6><0>E<21><128><0><0><0>; 
> <20><3><1><0><1><1><22><3><1><0>0<253><<31><239>/ 
> <177><27>4<154><236><153><148><20>$<6><3>_l$<203>|! 
> <159><208>8<251><251><232><205>(<137>*<215><171><17><143><215><129>{Q<1 
> 47><151><252>T<238>0Y+
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code:       Access-Request
> Identifier: 151
> Authentic:  <217>j<177><146>R<208>1<255><8><218><3>[<161>i<224>[
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "000e.383e.0a47"
> 	Calling-Station-Id = "0060.b38a.dac1"
> 	Message-Authenticator = PT<139>jj<164><9>rP<179>x<159>u8kz
> 	EAP-Message = <2><6><0><192><21><0><23><3><1><0>  
> "<152>3<255><232>.<211><184>%<158>h<171><0>T<158><1><2>,<160>wO2<211>F9 
> /<209>R<234>hia<23><3><1><0><144>|X<214>T9? 
> <183><245>"<162><14><9><159><223><211><180><164><216><216><151><140>'<1 
> 2><19><144><19><234><182><162>! 
> <239><173><244>b<6>w<168><144><129><182><160>!<128>S&J0<145>? 
> {<207><144><226>3<246><195><27><230><204>~L1<248>g<139>s<159><10>_<152> 
> <127>\<149><220>.<178><134><245><5><181>q<250>N<2><184><180><8><218><24 
> 4><251><207>K<213>b<145><235><207>M<18><12>_<189><150>u<27><164><220><2 
> 34><201><9><149><159><1>`<217>1A\<14>{<150><143><228><24>_<31><165><209 
> ><156>!TU<24><226><231>K<202>za<1><210><199>B<207>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 440
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 195.113.205.154
>
> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 6, 192
> Thu Aug  5 12:46:46 2004: DEBUG: Response type 21
> Thu Aug  5 12:46:46 2004: DEBUG: EAP TTLS inner authentication request  
> for semik at cesnet.cz
> Thu Aug  5 12:46:46 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:   
> D<166><215><218><144>ZO<221><214>j<254><157><145><160>o<174>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	MS-CHAP-Challenge =  
> <245><143><232>k<158><130><148><247><174>A<28><172><167>9<204>E
> 	MS-CHAP2-Response =  
> 9<0><245><143><232>k<158><130><148><247><174>A<28><172><167>9<204>E<0>< 
> 0><0><0><0><0><0><0><22><224><216>o<247><201>5<220><247><18><219>j<141> 
> Pt:<251><223><219><138><2><28><164><207>
>
> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 195.113.205.154,
> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:46:46 2004: INFO: Connecting to localhost, port 389
> Thu Aug  5 12:46:46 2004: INFO: Attempting to bind to LDAP server  
> localhost:389)
> Thu Aug  5 12:46:46 2004: DEBUG: LDAP got result for  
> uid=semik,ou=People,dc=cesnet,dc=cz
> Thu Aug  5 12:46:46 2004: DEBUG: LDAP got radiusPassword: heslo
> Thu Aug  5 12:46:46 2004: DEBUG: LDAP got roomnumber:  
> Tunnel-Private-Group-ID=1:600
> Thu Aug  5 12:46:46 2004: DEBUG: Radius::AuthLDAP2 looks for match  
> with semik
> Thu Aug  5 12:46:46 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
> Thu Aug  5 12:46:46 2004: INFO: Connecting to localhost, port 389
> Thu Aug  5 12:46:46 2004: INFO: Attempting to bind to LDAP server  
> localhost:389)
> Thu Aug  5 12:46:46 2004: DEBUG: No entries for DEFAULT found in LDAP  
> database
> Thu Aug  5 12:46:46 2004: INFO: Access rejected for semik: Bad Password
> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 1, EAP TTLS inner  
> authentication redespatched to a Handler
> Thu Aug  5 12:46:46 2004: INFO: Access rejected for semik: EAP TTLS  
> inner authentication redespatched to a Handler
> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code:       Access-Reject
> Identifier: 151
> Authentic:  <217>j<177><146>R<208>1<255><8><218><3>[<161>i<224>[
> Attributes:
> 	EAP-Message = <4><6><0><4>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Reply-Message = "Request Denied"
>
> Thu Aug  5 12:47:11 2004: DEBUG: Packet dump:
> *** Received from 195.113.187.22 port 32980 ....
> Code:       Access-Request
> Identifier: 77
> Authentic:  <230><156><228>?<18><153>o<225><25>5<21><195><24>L<224><16>
> Attributes:
> 	User-Name = "semik at cesnet.cz"
> 	User-Password = "U/<233><h<146>^<158><190>X9<157><2><189>*<187>"
> 	NAS-IP-Address = 255.255.255.255
> 	NAS-Port = 0
>
> Thu Aug  5 12:47:11 2004: DEBUG: Handling request with Handler  
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug  5 12:47:11 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:47:11 2004: DEBUG: Rewrote user name to semik
> Thu Aug  5 12:47:11 2004: DEBUG:  Deleting session for  
> semik at cesnet.cz, 255.255.255.255, 0
> Thu Aug  5 12:47:11 2004: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Thu Aug  5 12:47:11 2004: INFO: Connecting to localhost, port 389
> Thu Aug  5 12:47:11 2004: INFO: Attempting to bind to LDAP server  
> localhost:389)
> Thu Aug  5 12:47:11 2004: DEBUG: LDAP got result for  
> uid=semik,ou=People,dc=cesnet,dc=cz
> Thu Aug  5 12:47:11 2004: DEBUG: LDAP got radiusPassword: heslo
> Thu Aug  5 12:47:11 2004: DEBUG: LDAP got roomnumber:  
> Tunnel-Private-Group-ID=1:600
> Thu Aug  5 12:47:11 2004: DEBUG: Radius::AuthLDAP2 looks for match  
> with semik
> Thu Aug  5 12:47:11 2004: DEBUG: Radius::AuthLDAP2 ACCEPT:
> Thu Aug  5 12:47:11 2004: DEBUG: Access accepted for semik
> Thu Aug  5 12:47:11 2004: DEBUG: Packet dump:
> *** Sending to 195.113.187.22 port 32980 ....
> Code:       Access-Accept
> Identifier: 77
> Authentic:  <230><156><228>?<18><153>o<225><25>5<21><195><24>L<224><16>
> Attributes:
> 	Tunnel-Type = 1:VLAN
> 	Tunnel-Medium-Type = 1:Ether_802
> 	Tunnel-Private-Group-ID = 1:100
>
> Foreground
> LogStdout
> Trace		4
> LogDir		/var/log/radiator
> DbDir		/home/semik/iproj/Radiator-Demo-3.9
>
> <AuthLog SYSLOG>
> 		Identifier authlogger
> 		Facility	local7
> 		LogSuccess	1
> 		LogFailure	1
> 		SuccessFormat	%U:%P:OK
> 		FailureFormat	%U:%P:FAIL
> </AuthLog>
> <Log SYSLOG>
> 		Facility	local7
> 		LogIdent	radiator
> 		Trace		4
> </Log>
>
> AuthPort	1645,1812
> AcctPort	1646,1813
>
> <Client localhost>
> 	Secret		mysecret
> 	DupInterval 	0
> </Client>
>
> <Client DEFAULT>
> 	Secret		xxx
> </Client>
>
> # -- Definition of local authentication  
> ---------------------------------------
> <AuthBy LDAP2>
> 	Identifier CheckLDAP
>
> 	# Strip realm
> 	RewriteUsername		s/^(.*?)\@.*$/$1/
> 	# Convert user name to lowercase
> 	RewriteUsername		tr/A-Z/a-z/
>
> 	Host		localhost
>
> 	AuthDN		uid=rad1,ou=Special Users,dc=cesnet,dc=cz
> 	AuthPassword	xxx
>
> 	BaseDN		dc=cesnet,dc=cz
> 	UsernameAttr	uid
> 	PasswordAttr    radiusPassword
>
> 	EAPType		PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge,LEAP
>
> 	EAPTLS_CAFile	/etc/ssl/certs/trusted-CA-list.crt
> 	EAPTLS_CertificateFile	/etc/ssl/certs/ 
> radius_radius1.eduroam.cz.crt.pem
> 	EAPTLS_CertificateType	PEM
> 	EAPTLS_PrivateKeyFile	/etc/ssl/private/ 
> radius_radius1.eduroam.cz.key.pem
> 	#EAPTLS_PrivateKeyPassword whatever
>
> 	EAPTLS_MaxFragmentSize	1000
>
> 	EAPTLS_CRLCheck
> 	EAPTLS_CRLFile	/etc/ssl/ed99a497.r0
>
> 	EAPTLSRewriteCertificateCommonName s/Jan Tomasek/semik/
> 	EAPTLSRewriteCertificateCommonName s/Jan Ruzicka/janru/
> 	
> 	AutoMPPEKeys
>
> 	SSLeayTrace 0
>
> 	AllowInReply
> 	AuthAttrDef	roomnumber
> 	AddToReply	Tunnel-Type=1:VLAN,\
> 			Tunnel-Medium-Type=1:Ether_802,\
> 			Tunnel-Private-Group-ID=1:100
> </AuthBy>
>
> # -- Local realms  
> -------------------------------------------------------------
> <Client saint.cesnet.cz>
>         Secret          xxx
> </Client>
>
> <Client radius1.eduroam.cz>
> 	Secret		xxx
> </Client>
>
> <Client ldap3.cesnet.cz> # radius2.eduroam.cz
> 	Secret		xxx	
> </Client>
>
> <Handler Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/>
> 	# Strip realm
> 	RewriteUsername		s/^(.*?)\@.*$/$1/
> 	# Convert user name to lowercase
> 	RewriteUsername		tr/A-Z/a-z/
>
> 	AuthBy	CheckLDAP
> 	AuthLog authlogger
> </Realm>
>
> <Handler TunnelledByTTLS=1>
> 	AuthBy	CheckLDAP
> 	AuthLog authlogger
> </Handler>
>
> <Handler TunnelledByPEAP=1>
> 	AuthBy	CheckLDAP
> 	AuthLog authlogger
> </Handler>
> #  
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
> ^^^^^^
>
> # -- NULL realmy nas nezajimaji takze taky zahazujeme  
> -------------------------
> <Handler Realm=/^$/>
>         <AuthBy FILE>
>                 Filename /dev/null
>         </AuthBy>
> </Handler>
> #  
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
> ^^^^^^
>
> # -- A vechno co neni nase posilame na narodni radiusy  
> ------------------------
> <Handler>
>         <AuthBy RADIUS>
>                 <Host radius1.eduroam.cz>
>                         AuthPort        1812
>                         AcctPort        1813
>                         Secret          xxx
>                 </Host>
>                 <Host radius2.eduroam.cz>
>                         AuthPort        1812
>                         AcctPort        1813
>                         Secret          xxx
>                 </Host>
>         </AuthBy>
>
> 	AllowInReply
> 	AddToReply	Tunnel-Type=1:VLAN,\
> 			Tunnel-Medium-Type=1:Ether_802,\
> 			Tunnel-Private-Group-ID=1:100
> </Handler>
> #  
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
> ^^^^^^

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list