(RADIATOR) Should be EAP-TTLS working with inner authentication MSCHAPV2??
Hugh Irvine
hugh at open.com.au
Thu Aug 5 17:44:16 CDT 2004
Hello Jan -
The problem here is the RewriteUsername which cannot work with
MS-CHAPv2.
MS-CHAPv2 does the password checking using the complete username so you
cannot rewrite it.
See the comment block at the top of "Radius/MSCHAP.pm"
regards
Hugh
On 5 Aug 2004, at 21:30, Jan Tomasek wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
> I'm testing what authentication mechanisms are working for our
> combination of
> Cisco AP 1230, Radiator and client software. At this moment I'm
> playing with
> XSupplicant v1.0 for Linux. I successfuly tested EAP-TTLS wit inner
> authentication methods: PAP, CHAP, MSCHAP. But MSCHAPV2 isn't working!
> For
> some strange reason Radiator says that there is problem with password.
> But
> password is always same.
>
> I'm sort of confused, this combination is showed in XSupplicant
> configuration
> examples so it should be working.
>
> Thanks for any help.
>
> XSupplicant configuration is bellow, log from Radiator is attached,
> it's
> configuration too.
>
> XSupplicant configuration:
>
> network_list = all
> default_netname = eduroam
> startup_command = <BEGIN_COMMAND>echo "START"<END_COMMAND>
> reauth_command = <BEGIN_COMMAND>echo "authenticated user
> %i"<END_COMMAND>
> #logfile = /var/log/xsupplicant.log
> allow_interfaces = wlan0
> #allow_interfaces = eth1
> eduroam
> {
> type = wireless
> # allow_types = eap-ttls
> identity = <BEGIN_ID>semik at cesnet.cz<END_ID>
> # eap-md5 {
> # password = <BEGIN_PASS>heslo<END_PASS>
> # }
> # eap_tls {
> # user_cert = /root/JanTomasek.crt.pem
> # user_key = /root/JanTomasek.clear-key.pem
> # #user_key_pass = <BEGIN_PASS>password for user-key.pem<END_PASS>
> # root_cert = /etc/1x/cca.pem.crt
> # #crl_dir = /home/user/certificates/revoked
> # #cncheck = mynet.net
> # #cnexact = no
> # chunk_size = 1398
> # random_file = /dev/urandom
> # session_resume = no
> # }
> # eap-mschapv2 {
> # password = <BEGIN_PASS>heslo<END_PASS>
> # }
> # eap-peap {
> # root_cert = /etc/1x/cca.pem.crt
> # chunk_size = 1398
> # random_file = /dev/urandom
> # #cncheck = radiusserver.mynet.net
> # #cnexact = yes
> # session_resume = no
> #
> # eap-mschapv2 {
> # username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
> # password = <BEGIN_PASS>heslo<END_PASS>
> # }
> # }
> eap-ttls {
> root_cert = /etc/1x/cca.pem.crt
> chunk_size = 1398
> random_file = /dev/urandom
> phase2_type = mschap
> pap {
> username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
> password = <BEGIN_PASS>heslo<END_PASS>
> }
> chap {
> username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
> password = <BEGIN_PASS>heslo<END_PASS>
> }
> mschap {
> username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
> password = <BEGIN_PASS>heslo<END_PASS>
> }
> mschapv2 {
> username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
> password = <BEGIN_PASS>heslo<END_PASS>
> }
> }
> }
>
> - --
> - --------------------------------------------------------------
> Jan Tomasek aka Semik work: CESNET, z.s.p.o.
> http://www.tomasek.cz/ Zikova 4, 160 00 Praha 6
> Czech Republic
> phone(work): +420 2 2435 5279 http://www.cesnet.cz/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBEho279++DGvj6tMRAglXAJ0ViWfkcRE81wHlaexXEiX3Ok4FKgCfWm8i
> wFV91eP9+aunuOrySKPwtBY=
> =Pn6W
> -----END PGP SIGNATURE-----
> Thu Aug 5 12:46:30 2004: DEBUG: Reading users file /dev/null
> Thu Aug 5 12:46:30 2004: DEBUG: Finished reading configuration file
> '/etc/radiator/radius.cfg'
> This Radiator license will expire on 2004-08-01
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your evaluation period, contact admin at open.com.au
>
> Thu Aug 5 12:46:30 2004: DEBUG: Reading dictionary file
> '/home/semik/iproj/Radiator-Demo-3.9/dictionary'
> Thu Aug 5 12:46:30 2004: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Thu Aug 5 12:46:30 2004: DEBUG: Creating authentication port
> 0.0.0.0:1812
> Thu Aug 5 12:46:30 2004: DEBUG: Creating accounting port 0.0.0.0:1646
> Thu Aug 5 12:46:30 2004: DEBUG: Creating accounting port 0.0.0.0:1813
> Thu Aug 5 12:46:30 2004: NOTICE: Server started: Radiator 3.9 on
> ldap1 (EVALUATION)
> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 134
> Authentic: <231>+<7><219><10><185><166>w$<205>w:<27><219>&<236>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator = _-<6>y<20>B&<205><177><176><8>`_<17><221><14>
> EAP-Message = <2><2><0><20><1>semik at cesnet.cz
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 438
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:40 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:40 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug 5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 2, 20
> Thu Aug 5 12:46:40 2004: DEBUG: Response type 1
> Thu Aug 5 12:46:40 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Aug 5 12:46:40 2004: DEBUG: Access challenged for semik: EAP PEAP
> Challenge
> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 134
> Authentic: <231>+<7><219><10><185><166>w$<205>w:<27><219>&<236>
> Attributes:
> EAP-Message = <1><3><0><6><25>!
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 135
> Authentic:
> <248><145><8><142>7<199><228>E<173><21><171><127><139><139>M<193>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> <143><197><193>!<142><25>/<156><236><163><146>(<185>Fc<144>
> EAP-Message = <2><3><0><6><3><21>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 438
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:40 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:40 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug 5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 3, 6
> Thu Aug 5 12:46:40 2004: DEBUG: Response type 3
> Thu Aug 5 12:46:40 2004: INFO: EAP Nak desires type 21
> Thu Aug 5 12:46:40 2004: DEBUG: Resuming session for
> Radius::Context=HASH(0x866da78)
>
> Thu Aug 5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:40 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 135
> Authentic:
> <248><145><8><142>7<199><228>E<173><21><171><127><139><139>M<193>
> Attributes:
> EAP-Message = <1><4><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 136
> Authentic: <12><14>m`<162>~<30><131><191>p6<206><234><7><158><196>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> ,<198><162><235><186><132><220>Ng<134><139><21>P<135><229><234>
> EAP-Message =
> <2><4><0>n<21><128><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>A<19>}<164><
> 173><253><5><30>r<20><168><240>c<202>Y<243><182>\
> <209>q<154>8qE<16><182><3><240><200><136>|<0><0>4<0>9<0>8<0>5<0><22><0>
> <19><0><10><0>3<0>2<0>/
> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><
> 17><0><8><0><6><0><3><1><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 438
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:40 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:40 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug 5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 4, 110
> Thu Aug 5 12:46:40 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:40 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Thu Aug 5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:40 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 136
> Authentic: <12><14>m`<162>~<30><131><191>p6<206><234><7><158><196>
> Attributes:
> EAP-Message =
> <1><5><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<18
> ><16><16><251>]<238>gz<220><172><162><234>X6Z<20><131><189><150><229><1
> 57><176><147>)<5><156>sRB<21>6
> q<205>f<156>C<211>OH3F<193><127>*nx<229><28><155>V<200>C<162>&<152>=<17
> 1><168><230>;
> <1><150>^<0>5<0><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<13
> 0><3><0<130><2>$<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><247>
> <13><1><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4
> ><10><19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET
> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4>
> <10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
> EAP-Message =
> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6><
> 9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><12
> 9><129><0><212><204>S/*/
> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><229
> ><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>-
> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><18
> 5><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><129>
> <150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l<24
> 5><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><129><
> 211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175><165
> ><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192>0<31><
> 6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180><136>
> EAP-Message = <132>U5/<170><6><243><215>
> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/
> crl/
> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29>
> <17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3>U
> <29>
> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>*<
> 134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7<21
> ><15><224><137><210><186><250><155><246><129><10><204><160>F<255><201>!
> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226>
> <173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<254
> ><31><228><198><232><20>~<25>bg<197>0O
> EAP-Message =
> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m<
> 160>,NU<197><30>-<164><242><17>V`g
> <162><237><160>LL<195>/
> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10><2
> 41><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW?
> <27><13>Y<25>
> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L:
> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7>@
> <168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133><2
> 39><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><133><
> 177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>?
> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1>
> <1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><1
> 9><6>CESNET1<18>0<16><6><3>U<4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 137
> Authentic: {yp<237><192><4><133><244>Q<254><228><215><231>b<154>p
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator = <134><138>=FD<'v&<159>Sb<9>Wv<18>
> EAP-Message = <2><5><0><6><21><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 438
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:40 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:40 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug 5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 5, 6
> Thu Aug 5 12:46:40 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:40 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 137
> Authentic: {yp<237><192><4><133><244>Q<254><228><215><231>b<154>p
> Attributes:
> EAP-Message = <1><6><3><199><21><0><3><19><9>CESNET
> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4><
> 6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4><3>
> <19><9>CESNET
> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><
> 15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s<19
> 7>
> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185><1
> 69><191><233>-
> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><240
> ><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221><
> 5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><234>
> <213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<161>C
> EAP-Message =
> <129><144><152><144><204><219><144><8><15>-
> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203><2
> 09><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248><1
> 45>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<232>
> <130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><158>n<
> 187>M<184><215>v<150><216>.<23><251>&W<174>!
> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><13
> 0>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6><
> 3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U5/
> <170><6><243><215>
> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180>
> <136><132>U5/<170><6><243><215>
> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><25
> 5><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
> EAP-Message =
> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171>
> <8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172><1
> 74><130><241><191><168><146><28><238><246><192><150><208><7>/
> <222><140><3>c/
> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c<
> 24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224><
> 184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP<15
> 6><12><161><154><0>r<14><155><233><218><242><244><196><206><232><233><4
> >E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215><139
> ><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><129><254
> >1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23>7v<1><2
> 34><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><171>aY<18
> 2>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185><241>0<1
> 9>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
> EAP-Message =
> <201><138>:
> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1><2
> ><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><
> 19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET
> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14>C
> zech
> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><19
> ><11>Jan
> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247>
> <13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:41 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 138
> Authentic: <168>Z<158>M6<239><24>S<196><167><9>t<242>C<220><141>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> <144><22><21>^<163>$<11><230><163><179><211>._B<27><210>
> EAP-Message =
> <2><6><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0><0
> ><0><22><3><1><0><134><16><0><0><130><0><128><178>(qmc~<230><137>k<226>
> <226><255>4<172><246>Q<216><195><0>QN<138>1<160><176>$<143><179><197>H<
> 178><159><3><206><133><131><171><129>ZY{<237><173>jO<154><182><30><246>
> <154><190><18><205>F4<230><196>6<152><248><24>`<136>{<186><230>v<206><2
> 03><153><222><165><239><158><7><134>(<141><27><194><140><14><233>1@<150
> >Y<127><249><182><238><214><30><195><238><160><29>9&<142><181><160><221
> ><147><162>x<254><249><208><210><5>L<4>Y<10>,<229>=V<132><254>r<22>oG<2
> 51><148>/
> <20><3><1><0><1><1><22><3><1><0>0<185><234><147><128><28><163><175><173
> ><237><198><127>c<158><24>X<23><195><223><151><179><142>0<204><221>A<25
> 2>*<222><22><254>d<236>VYw<152><135><6><254><225><159><152>4<248><198><
> 209><208>x
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 438
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:41 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:41 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug 5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:41 2004: DEBUG: Handling with EAP: code 2, 6, 220
> Thu Aug 5 12:46:41 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:41 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Thu Aug 5 12:46:41 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:41 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:41 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 138
> Authentic: <168>Z<158>M6<239><24>S<196><167><9>t<242>C<220><141>
> Attributes:
> EAP-Message =
> <1><7><0>E<21><128><0><0><0>;
> <20><3><1><0><1><1><22><3><1><0>0<231><184><153><157>m<206>q<127><224><
> 134><167><130><204><208><142>s<199>s<185><129>6N<146>~<0>3<251><201><22
> 8><29><182><255>}<183><226><182><164><131>u<181><153><172><203>c<169><1
> 82><28><175>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:41 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 139
> Authentic: 4J<128>U<18><5>^<194>c/<153>J<253>d<177>3
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> h<2>{<221><177>1<209><206><242><223><165>-.<134>n<183>
> EAP-Message = <2><7><0><192><21><0><23><3><1><0>
> <144><197>S<163><13><186><201>G<24><219><23>P<5>g:
> <169>^<200><237>P<198>P<129><248>s<157>O<137><2><236>&<149><23><3><1><0
> ><144><190><254><207>9<252><140>=Z<244><5>S<166><255><12><194>F,<130><1
> 66><184><132><210><161>3<19><239>vh<127>u<25><255><219>ds<227><14><199>
> <23><6>=<203><161>n[<10><244><138><3><176><131><159><175><151><150><254
> ><245><206><166><127><3>Lb<0><129><159>VOx<129><173><239>k<217><131><17
> 7>ic<178>+<6><211><169>9<148><248><185>(<22><22><188><138>'_<<231>f<147
> ><3><211><163>]<30><250><227><214><2>wP<140>&<178><137>_$<178><246><160
> >+#,<3>NHQ<138><198>Z<253><242><139>=<172>0<30><250><193>\A<202><156><2
> 4>0<182>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 438
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:41 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:41 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 438
> Thu Aug 5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:41 2004: DEBUG: Handling with EAP: code 2, 7, 192
> Thu Aug 5 12:46:41 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:41 2004: DEBUG: EAP TTLS inner authentication request
> for semik at cesnet.cz
> Thu Aug 5 12:46:41 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic:
> *<255><189><174><25><130><223><129><199><212><144>$<203><248>1Q
> Attributes:
> User-Name = "semik at cesnet.cz"
> MS-CHAP-Challenge = <198><171><180>wQ<167><179>wo%<Zn<183>Q<135>
> MS-CHAP2-Response =
> <167><0><198><171><180>wQ<167><179>wo%<Zn<183>Q<135><0><0><0><0><0><0><
> 0><0><182><202><164>n<182>N4~<147><205><206><226><145><14>c<215>*.J<200
> ><14><211>q/
>
> Thu Aug 5 12:46:41 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:41 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154,
> Thu Aug 5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:41 2004: INFO: Connecting to localhost, port 389
> Thu Aug 5 12:46:41 2004: INFO: Attempting to bind to LDAP server
> localhost:389)
> Thu Aug 5 12:46:41 2004: DEBUG: LDAP got result for
> uid=semik,ou=People,dc=cesnet,dc=cz
> Thu Aug 5 12:46:41 2004: DEBUG: LDAP got radiusPassword: heslo
> Thu Aug 5 12:46:41 2004: DEBUG: LDAP got roomnumber:
> Tunnel-Private-Group-ID=1:600
> Thu Aug 5 12:46:41 2004: DEBUG: Radius::AuthLDAP2 looks for match
> with semik
> Thu Aug 5 12:46:41 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
> Thu Aug 5 12:46:41 2004: INFO: Connecting to localhost, port 389
> Thu Aug 5 12:46:41 2004: INFO: Attempting to bind to LDAP server
> localhost:389)
> Thu Aug 5 12:46:41 2004: DEBUG: No entries for DEFAULT found in LDAP
> database
> Thu Aug 5 12:46:41 2004: INFO: Access rejected for semik: Bad Password
> Thu Aug 5 12:46:41 2004: DEBUG: EAP result: 1, EAP TTLS inner
> authentication redespatched to a Handler
> Thu Aug 5 12:46:41 2004: INFO: Access rejected for semik: EAP TTLS
> inner authentication redespatched to a Handler
> Thu Aug 5 12:46:41 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Reject
> Identifier: 139
> Authentic: 4J<128>U<18><5>^<194>c/<153>J<253>d<177>3
> Attributes:
> EAP-Message = <4><7><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
>
> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 140
> Authentic: <137>&<26>~<202><2><177><206><201>r-W<13>F<162><222>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator = %s<208>
> <165><202><140><176>[2<211><151><167><143>R<134>
> EAP-Message = <2><1><0><20><1>semik at cesnet.cz
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 439
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:43 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:43 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug 5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 1, 20
> Thu Aug 5 12:46:43 2004: DEBUG: Response type 1
> Thu Aug 5 12:46:43 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Aug 5 12:46:43 2004: DEBUG: Access challenged for semik: EAP PEAP
> Challenge
> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 140
> Authentic: <137>&<26>~<202><2><177><206><201>r-W<13>F<162><222>
> Attributes:
> EAP-Message = <1><2><0><6><25>!
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 141
> Authentic: 0<198>(<155><25><251><166><160>`<24><194><7><13><154>z<148>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> +<244><169><175>><148><198>N\<<181><132><154><200><178>d
> EAP-Message = <2><2><0><6><3><21>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 439
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:43 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:43 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug 5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 2, 6
> Thu Aug 5 12:46:43 2004: DEBUG: Response type 3
> Thu Aug 5 12:46:43 2004: INFO: EAP Nak desires type 21
> Thu Aug 5 12:46:43 2004: DEBUG: Resuming session for
> Radius::Context=HASH(0x895bc28)
>
> Thu Aug 5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:43 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 141
> Authentic: 0<198>(<155><25><251><166><160>`<24><194><7><13><154>z<148>
> Attributes:
> EAP-Message = <1><3><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 142
> Authentic: P<194><16>7G<30><203><161><153>zb<180><4><131><229>:
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> f<138><211>s<246><2><7><133>AK<191><166><10><7><158>y
> EAP-Message =
> <2><3><0><142><21><128><0><0><0><132><22><3><1><0><127><1><0><0>{<3><1>
> A<19>}<168>d<19>QV4<135><158><176><234><152><201>C<154>naQ/
> <255><244><146>"d{U<170><228>$<152>
> q<205>f<156>C<211>OH3F<193><127>*nx<229><28><155>V<200>C<162>&<152>=<17
> 1><168><230>;
> <1><150>^<0>4<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/
> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><
> 17><0><8><0><6><0><3><1><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 439
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:43 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:43 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug 5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 3, 142
> Thu Aug 5 12:46:43 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:43 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Thu Aug 5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:43 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 142
> Authentic: P<194><16>7G<30><203><161><153>zb<180><4><131><229>:
> Attributes:
> EAP-Message =
> <1><4><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<18
> ><16><19><198><133><23><181><130><213>z<131><194><163>}h<144><18>w<204>
> <198><238>e<12><16><185><218>{<247><151>K9
> i|]S<14>p<153><30><182><137><215><134>-
> %<27>'<27><16><226><209><{x<132><21><12><28><219>r<139><197><138><0>5<0
> ><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<130><3><0<130><2>
> $<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><247><13><1><1><4><5
> ><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CES
> NET1<18>0<16><6><3>U<4><3><19><9>CESNET
> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4>
> <10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
> EAP-Message =
> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6><
> 9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><12
> 9><129><0><212><204>S/*/
> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><229
> ><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>-
> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><18
> 5><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><129>
> <150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l<24
> 5><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><129><
> 211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175><165
> ><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192>0<31><
> 6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180><136>
> EAP-Message = <132>U5/<170><6><243><215>
> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/
> crl/
> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29>
> <17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3>U
> <29>
> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>*<
> 134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7<21
> ><15><224><137><210><186><250><155><246><129><10><204><160>F<255><201>!
> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226>
> <173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<254
> ><31><228><198><232><20>~<25>bg<197>0O
> EAP-Message =
> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m<
> 160>,NU<197><30>-<164><242><17>V`g
> <162><237><160>LL<195>/
> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10><2
> 41><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW?
> <27><13>Y<25>
> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L:
> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7>@
> <168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133><2
> 39><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><133><
> 177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>?
> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1>
> <1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><1
> 9><6>CESNET1<18>0<16><6><3>U<4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 143
> Authentic: <20>u<250><136><145><131><230>V<219><149>UR<244><209>{<142>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> <2><222><175>}o<167><201>I<139><186><188>c<149><189><213><155>
> EAP-Message = <2><4><0><6><21><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 439
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:43 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:43 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug 5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 4, 6
> Thu Aug 5 12:46:43 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:43 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 143
> Authentic: <20>u<250><136><145><131><230>V<219><149>UR<244><209>{<142>
> Attributes:
> EAP-Message = <1><5><3><199><21><0><3><19><9>CESNET
> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4><
> 6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4><3>
> <19><9>CESNET
> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><
> 15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s<19
> 7>
> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185><1
> 69><191><233>-
> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><240
> ><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221><
> 5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><234>
> <213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<161>C
> EAP-Message =
> <129><144><152><144><204><219><144><8><15>-
> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203><2
> 09><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248><1
> 45>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<232>
> <130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><158>n<
> 187>M<184><215>v<150><216>.<23><251>&W<174>!
> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><13
> 0>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6><
> 3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U5/
> <170><6><243><215>
> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180>
> <136><132>U5/<170><6><243><215>
> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><25
> 5><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
> EAP-Message =
> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171>
> <8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172><1
> 74><130><241><191><168><146><28><238><246><192><150><208><7>/
> <222><140><3>c/
> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c<
> 24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224><
> 184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP<15
> 6><12><161><154><0>r<14><155><233><218><242><244><196><206><232><233><4
> >E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215><139
> ><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><129><254
> >1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23>7v<1><2
> 34><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><171>aY<18
> 2>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185><241>0<1
> 9>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
> EAP-Message =
> <201><138>:
> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1><2
> ><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><
> 19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET
> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14>C
> zech
> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><19
> ><11>Jan
> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247>
> <13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:44 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 144
> Authentic:
> <22><222><21><238>0<232><248><21><15><188><185>}\u<222><177>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> <252><21><140>o<243>{<151><230><184><150>DmCm<172>o
> EAP-Message =
> <2><5><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0><0
> ><0><22><3><1><0><134><16><0><0><130><0><128>f<137><129><254><131><236>
> <18><29><157><231>L<182>K<169><213>6<217>f<3>[~<184>*r[<27><14><203>}<1
> 54><190><201>L3<128>O<19><159><249><135>f<211><135><196><174><3>h<191><
> 131><227>]<159>p<2>p<128><162><163>}<169><243><210><26><151>+<1>~y<244>
> <188><215><199><224><250><152>,z<192><12>S)<142><26>r)<180><190>.<172><
> 246><213><3><27>&J<201>y<220><253><251>FQ<203><<138>\<5><186>l<163>k<14
> 2>]<3>X<23>WG<155>{X<191><19><28><18>,<214><250><20><3><1><0><1><1><22>
> <3><1><0>0<194><194><145>\*<192>i<8><139>Y<182><173><20>]:
> <0><1>F<163>n<237>i<218>gE<24><242><223><2><243>I<21>=<137>t<239>S0a<16
> 5><132>_+|<221><241>9<27>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 439
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:44 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:44 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug 5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:44 2004: DEBUG: Handling with EAP: code 2, 5, 220
> Thu Aug 5 12:46:44 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:44 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Thu Aug 5 12:46:44 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:44 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:44 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 144
> Authentic:
> <22><222><21><238>0<232><248><21><15><188><185>}\u<222><177>
> Attributes:
> EAP-Message =
> <1><6><0>E<21><128><0><0><0>;
> <20><3><1><0><1><1><22><3><1><0>0<243>S<186>u<19>Z<156>}V<189>a<30>5<15
> 0><182><214><231><191><152><187>g6x<144><187><187><174><252>y<149>v<207
> ><172><228>H<218><174><206><186>5<13><251><2><231><204>_8M
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:44 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 145
> Authentic: <206><163><222>\D<197><139><229>F<12>)c<150>+Z<17>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> <20><212>z3<130><128><155>-b<179><164><10>}<26><3><229>
> EAP-Message = <2><6><0><192><21><0><23><3><1><0>
> ,<4>c<179>:
> <195><163><181><214>r<17><144><136><222><128><232><164>RI<157><168><18>
> <212><222><160><251><243>b<213><165><224><30><23><3><1><0><144><145><22
> 9>Z<246>8<0><183>*<170><170>}|'<138><154>H<153><25>a<139>#<179>E<247><1
> 3>SE<13><159><218><156><251><190><214><220>j<191>-
> <221>Rc6@<150><201><213><248><187><149><151>C<29><240><211><162>m<152><
> 132>P~%e<239><226><11><25>tFU<144><10>e:]<223><233>n<153><188>'E<191>H%
> <29>0<163><180>Mm<24><164><150><143><252>{<12><204>C4<228><22><244>r<19
> 5><9><253>O<240>j<236>)<11><232><182><18>M<174><253>i<5><172><204>{U9<1
> 83>s<28>e<194><228>|9<203><133>K<204>f<177><211><27><132><191>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 439
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:44 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:44 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 439
> Thu Aug 5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:44 2004: DEBUG: Handling with EAP: code 2, 6, 192
> Thu Aug 5 12:46:44 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:44 2004: DEBUG: EAP TTLS inner authentication request
> for semik at cesnet.cz
> Thu Aug 5 12:46:44 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: 2C<184><220><28><192><27><141><188><190>I<233><177>#8%
> Attributes:
> User-Name = "semik at cesnet.cz"
> MS-CHAP-Challenge = N<4>;t<229><140><251><23>@.<236>UJ<133>A8
> MS-CHAP2-Response =
> G<0>N<4>;
> t<229><140><251><23>@.<236>UJ<133>A8<0><0><0><0><0><0><0><0>$<129>U<224
> ><184>w<2><158><198>T<19>b<188>KxX<132>Y<20>)<4><223>J<157>
>
> Thu Aug 5 12:46:44 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:44 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154,
> Thu Aug 5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:44 2004: INFO: Connecting to localhost, port 389
> Thu Aug 5 12:46:44 2004: INFO: Attempting to bind to LDAP server
> localhost:389)
> Thu Aug 5 12:46:44 2004: DEBUG: LDAP got result for
> uid=semik,ou=People,dc=cesnet,dc=cz
> Thu Aug 5 12:46:44 2004: DEBUG: LDAP got radiusPassword: heslo
> Thu Aug 5 12:46:44 2004: DEBUG: LDAP got roomnumber:
> Tunnel-Private-Group-ID=1:600
> Thu Aug 5 12:46:44 2004: DEBUG: Radius::AuthLDAP2 looks for match
> with semik
> Thu Aug 5 12:46:44 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
> Thu Aug 5 12:46:44 2004: INFO: Connecting to localhost, port 389
> Thu Aug 5 12:46:44 2004: INFO: Attempting to bind to LDAP server
> localhost:389)
> Thu Aug 5 12:46:44 2004: DEBUG: No entries for DEFAULT found in LDAP
> database
> Thu Aug 5 12:46:44 2004: INFO: Access rejected for semik: Bad Password
> Thu Aug 5 12:46:44 2004: DEBUG: EAP result: 1, EAP TTLS inner
> authentication redespatched to a Handler
> Thu Aug 5 12:46:44 2004: INFO: Access rejected for semik: EAP TTLS
> inner authentication redespatched to a Handler
> Thu Aug 5 12:46:44 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Reject
> Identifier: 145
> Authentic: <206><163><222>\D<197><139><229>F<12>)c<150>+Z<17>
> Attributes:
> EAP-Message = <4><6><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
>
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 146
> Authentic: gw<233><219>u<27><209><21><16><143><223>##z<177><210>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> 2h<179><25><255><146>lM<227><139>R<167><11>aq<199>
> EAP-Message = <2><1><0><20><1>semik at cesnet.cz
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 440
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 1, 20
> Thu Aug 5 12:46:46 2004: DEBUG: Response type 1
> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Aug 5 12:46:46 2004: DEBUG: Access challenged for semik: EAP PEAP
> Challenge
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 146
> Authentic: gw<233><219>u<27><209><21><16><143><223>##z<177><210>
> Attributes:
> EAP-Message = <1><2><0><6><25>!
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 147
> Authentic: <139><248><0><241><30>UF$<228>V<192><16><22><223><179><2>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> <254><229><14>Bn<221><222><153><165>u\<1><236><4><190><223>
> EAP-Message = <2><2><0><6><3><21>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 440
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 2, 6
> Thu Aug 5 12:46:46 2004: DEBUG: Response type 3
> Thu Aug 5 12:46:46 2004: INFO: EAP Nak desires type 21
> Thu Aug 5 12:46:46 2004: DEBUG: Resuming session for
> Radius::Context=HASH(0x891eae4)
>
> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:46 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 147
> Authentic: <139><248><0><241><30>UF$<228>V<192><16><22><223><179><2>
> Attributes:
> EAP-Message = <1><3><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 148
> Authentic: <162><196><28>En<142><22><229>a<218><188><0>Cz<166><4>
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator = D,m<132>j<170><223>)<209>%9<220>L<23><141>d
> EAP-Message =
> <2><3><0><142><21><128><0><0><0><132><22><3><1><0><127><1><0><0>{<3><1>
> A<19>}<170>EOo<218>7<<157><3>!
> <173>l<198><181><128><162><248><192><187><188><29><219><26><134>T<171><
> 24>%<227>
> i|]S<14>p<153><30><182><137><215><134>-
> %<27>'<27><16><226><209><{x<132><21><12><28><219>r<139><197><138><0>4<0
> >9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/
> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><
> 17><0><8><0><6><0><3><1><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 440
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 3, 142
> Thu Aug 5 12:46:46 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:46 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:46 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 148
> Authentic: <162><196><28>En<142><22><229>a<218><188><0>Cz<166><4>
> Attributes:
> EAP-Message =
> <1><4><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<18
> ><16><22>s5<250><249>n<229><253><19><170><150><195><220><162><24>z<212>
> <141><165><136>9<140><22>'<139><181>C<249><212>
> <245><188><252><167>U<0>C<237><161>|<3><236><224>:
> <253>e7<184><196><190><190>h<194><207><25><191><209><246><20>$<18><163>
> <0>5<0><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<130><3><0<1
> 30><2>$<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><247><13><1><1
> ><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><19>
> <6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET
> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4>
> <10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
> EAP-Message =
> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6><
> 9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><12
> 9><129><0><212><204>S/*/
> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><229
> ><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>-
> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><18
> 5><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><129>
> <150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l<24
> 5><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><129><
> 211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175><165
> ><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192>0<31><
> 6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180><136>
> EAP-Message = <132>U5/<170><6><243><215>
> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/
> crl/
> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29>
> <17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3>U
> <29>
> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>*<
> 134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7<21
> ><15><224><137><210><186><250><155><246><129><10><204><160>F<255><201>!
> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226>
> <173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<254
> ><31><228><198><232><20>~<25>bg<197>0O
> EAP-Message =
> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m<
> 160>,NU<197><30>-<164><242><17>V`g
> <162><237><160>LL<195>/
> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10><2
> 41><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW?
> <27><13>Y<25>
> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L:
> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7>@
> <168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133><2
> 39><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><133><
> 177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>?
> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1>
> <1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><1
> 9><6>CESNET1<18>0<16><6><3>U<4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 149
> Authentic: <222>3a}<166><173><154>T%<255>W<148>A<194><145>/
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> <7>h<137>B<194>\<154>q<20><146>:H<188><127><244><214>
> EAP-Message = <2><4><0><6><21><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 440
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 4, 6
> Thu Aug 5 12:46:46 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:46 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 149
> Authentic: <222>3a}<166><173><154>T%<255>W<148>A<194><145>/
> Attributes:
> EAP-Message = <1><5><3><199><21><0><3><19><9>CESNET
> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4><
> 6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4><3>
> <19><9>CESNET
> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><
> 15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s<19
> 7>
> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185><1
> 69><191><233>-
> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><240
> ><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221><
> 5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><234>
> <213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<161>C
> EAP-Message =
> <129><144><152><144><204><219><144><8><15>-
> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203><2
> 09><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248><1
> 45>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<232>
> <130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><158>n<
> 187>M<184><215>v<150><216>.<23><251>&W<174>!
> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><13
> 0>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6><
> 3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U5/
> <170><6><243><215>
> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180>
> <136><132>U5/<170><6><243><215>
> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><25
> 5><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
> EAP-Message =
> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171>
> <8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172><1
> 74><130><241><191><168><146><28><238><246><192><150><208><7>/
> <222><140><3>c/
> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c<
> 24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224><
> 184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP<15
> 6><12><161><154><0>r<14><155><233><218><242><244><196><206><232><233><4
> >E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215><139
> ><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><129><254
> >1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23>7v<1><2
> 34><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><171>aY<18
> 2>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185><241>0<1
> 9>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
> EAP-Message =
> <201><138>:
> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1><2
> ><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><
> 19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET
> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14>C
> zech
> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><19
> ><11>Jan
> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247>
> <13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 150
> Authentic: <255><176><226><25><0><155>P<164><3><220>v<242><176><<208>T
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator =
> <241>u<197><225><213><211><162><166><17><213>f<215><248><2><11><172>
> EAP-Message =
> <2><5><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0><0
> ><0><22><3><1><0><134><16><0><0><130><0><128><7><16>`<209><133><157>hU<
> 217>3<192><3>L<249><253>&u<165>$bo<178><27><220><255><190>a#<18><166>Px
> <12><190><243><159><138><172>"9q.Q<10><236><178>m<203>x<213><12>Ft<19><
> 20>I!a at J<14><150><217>=<28><185><255><127><179><141><140>f<169>|_?
> <22><139><187><163><173><232><240><224>*I<255><5>d<234><182>s<131><178>
> <186>ZQ<127><171><5><165>c<188><183><196>I(<134>@<223><196>>r<246><207>
> Va<149><170><226><202><162><25><132><182><31><171><242><20><3><1><0><1>
> <1><22><3><1><0>0<0><168>7<128><255><162>1A<208><251>c<139><146><242>&<
> 128>yz<217><141>,2<162><173><182>EN<247><12><178><8><16><175><237><154>
> <167><197>s<239><201>t,<176>,u<136>*<134>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 440
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 5, 220
> Thu Aug 5 12:46:46 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:46 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Aug 5 12:46:46 2004: DEBUG: Access challenged for semik: EAP TTLS
> Challenge
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Challenge
> Identifier: 150
> Authentic: <255><176><226><25><0><155>P<164><3><220>v<242><176><<208>T
> Attributes:
> EAP-Message =
> <1><6><0>E<21><128><0><0><0>;
> <20><3><1><0><1><1><22><3><1><0>0<253><<31><239>/
> <177><27>4<154><236><153><148><20>$<6><3>_l$<203>|!
> <159><208>8<251><251><232><205>(<137>*<215><171><17><143><215><129>{Q<1
> 47><151><252>T<238>0Y+
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Received from 195.113.205.154 port 21661 ....
> Code: Access-Request
> Identifier: 151
> Authentic: <217>j<177><146>R<208>1<255><8><218><3>[<161>i<224>[
> Attributes:
> User-Name = "semik at cesnet.cz"
> Framed-MTU = 1400
> Called-Station-Id = "000e.383e.0a47"
> Calling-Station-Id = "0060.b38a.dac1"
> Message-Authenticator = PT<139>jj<164><9>rP<179>x<159>u8kz
> EAP-Message = <2><6><0><192><21><0><23><3><1><0>
> "<152>3<255><232>.<211><184>%<158>h<171><0>T<158><1><2>,<160>wO2<211>F9
> /<209>R<234>hia<23><3><1><0><144>|X<214>T9?
> <183><245>"<162><14><9><159><223><211><180><164><216><216><151><140>'<1
> 2><19><144><19><234><182><162>!
> <239><173><244>b<6>w<168><144><129><182><160>!<128>S&J0<145>?
> {<207><144><226>3<246><195><27><230><204>~L1<248>g<139>s<159><10>_<152>
> <127>\<149><220>.<178><134><245><5><181>q<250>N<2><184><180><8><218><24
> 4><251><207>K<213>b<145><235><207>M<18><12>_<189><150>u<27><164><220><2
> 34><201><9><149><159><1>`<217>1A\<14>{<150><143><228><24>_<31><165><209
> ><156>!TU<24><226><231>K<202>za<1><210><199>B<207>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 440
> Service-Type = Framed-User
> NAS-IP-Address = 195.113.205.154
>
> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154, 440
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 6, 192
> Thu Aug 5 12:46:46 2004: DEBUG: Response type 21
> Thu Aug 5 12:46:46 2004: DEBUG: EAP TTLS inner authentication request
> for semik at cesnet.cz
> Thu Aug 5 12:46:46 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic:
> D<166><215><218><144>ZO<221><214>j<254><157><145><160>o<174>
> Attributes:
> User-Name = "semik at cesnet.cz"
> MS-CHAP-Challenge =
> <245><143><232>k<158><130><148><247><174>A<28><172><167>9<204>E
> MS-CHAP2-Response =
> 9<0><245><143><232>k<158><130><148><247><174>A<28><172><167>9<204>E<0><
> 0><0><0><0><0><0><0><22><224><216>o<247><201>5<220><247><18><219>j<141>
> Pt:<251><223><219><138><2><28><164><207>
>
> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 195.113.205.154,
> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:46:46 2004: INFO: Connecting to localhost, port 389
> Thu Aug 5 12:46:46 2004: INFO: Attempting to bind to LDAP server
> localhost:389)
> Thu Aug 5 12:46:46 2004: DEBUG: LDAP got result for
> uid=semik,ou=People,dc=cesnet,dc=cz
> Thu Aug 5 12:46:46 2004: DEBUG: LDAP got radiusPassword: heslo
> Thu Aug 5 12:46:46 2004: DEBUG: LDAP got roomnumber:
> Tunnel-Private-Group-ID=1:600
> Thu Aug 5 12:46:46 2004: DEBUG: Radius::AuthLDAP2 looks for match
> with semik
> Thu Aug 5 12:46:46 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
> Thu Aug 5 12:46:46 2004: INFO: Connecting to localhost, port 389
> Thu Aug 5 12:46:46 2004: INFO: Attempting to bind to LDAP server
> localhost:389)
> Thu Aug 5 12:46:46 2004: DEBUG: No entries for DEFAULT found in LDAP
> database
> Thu Aug 5 12:46:46 2004: INFO: Access rejected for semik: Bad Password
> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 1, EAP TTLS inner
> authentication redespatched to a Handler
> Thu Aug 5 12:46:46 2004: INFO: Access rejected for semik: EAP TTLS
> inner authentication redespatched to a Handler
> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
> *** Sending to 195.113.205.154 port 21661 ....
> Code: Access-Reject
> Identifier: 151
> Authentic: <217>j<177><146>R<208>1<255><8><218><3>[<161>i<224>[
> Attributes:
> EAP-Message = <4><6><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
>
> Thu Aug 5 12:47:11 2004: DEBUG: Packet dump:
> *** Received from 195.113.187.22 port 32980 ....
> Code: Access-Request
> Identifier: 77
> Authentic: <230><156><228>?<18><153>o<225><25>5<21><195><24>L<224><16>
> Attributes:
> User-Name = "semik at cesnet.cz"
> User-Password = "U/<233><h<146>^<158><190>X9<157><2><189>*<187>"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 0
>
> Thu Aug 5 12:47:11 2004: DEBUG: Handling request with Handler
> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
> Thu Aug 5 12:47:11 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:47:11 2004: DEBUG: Rewrote user name to semik
> Thu Aug 5 12:47:11 2004: DEBUG: Deleting session for
> semik at cesnet.cz, 255.255.255.255, 0
> Thu Aug 5 12:47:11 2004: DEBUG: Handling with Radius::AuthLDAP2:
> CheckLDAP
> Thu Aug 5 12:47:11 2004: INFO: Connecting to localhost, port 389
> Thu Aug 5 12:47:11 2004: INFO: Attempting to bind to LDAP server
> localhost:389)
> Thu Aug 5 12:47:11 2004: DEBUG: LDAP got result for
> uid=semik,ou=People,dc=cesnet,dc=cz
> Thu Aug 5 12:47:11 2004: DEBUG: LDAP got radiusPassword: heslo
> Thu Aug 5 12:47:11 2004: DEBUG: LDAP got roomnumber:
> Tunnel-Private-Group-ID=1:600
> Thu Aug 5 12:47:11 2004: DEBUG: Radius::AuthLDAP2 looks for match
> with semik
> Thu Aug 5 12:47:11 2004: DEBUG: Radius::AuthLDAP2 ACCEPT:
> Thu Aug 5 12:47:11 2004: DEBUG: Access accepted for semik
> Thu Aug 5 12:47:11 2004: DEBUG: Packet dump:
> *** Sending to 195.113.187.22 port 32980 ....
> Code: Access-Accept
> Identifier: 77
> Authentic: <230><156><228>?<18><153>o<225><25>5<21><195><24>L<224><16>
> Attributes:
> Tunnel-Type = 1:VLAN
> Tunnel-Medium-Type = 1:Ether_802
> Tunnel-Private-Group-ID = 1:100
>
> Foreground
> LogStdout
> Trace 4
> LogDir /var/log/radiator
> DbDir /home/semik/iproj/Radiator-Demo-3.9
>
> <AuthLog SYSLOG>
> Identifier authlogger
> Facility local7
> LogSuccess 1
> LogFailure 1
> SuccessFormat %U:%P:OK
> FailureFormat %U:%P:FAIL
> </AuthLog>
> <Log SYSLOG>
> Facility local7
> LogIdent radiator
> Trace 4
> </Log>
>
> AuthPort 1645,1812
> AcctPort 1646,1813
>
> <Client localhost>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Client DEFAULT>
> Secret xxx
> </Client>
>
> # -- Definition of local authentication
> ---------------------------------------
> <AuthBy LDAP2>
> Identifier CheckLDAP
>
> # Strip realm
> RewriteUsername s/^(.*?)\@.*$/$1/
> # Convert user name to lowercase
> RewriteUsername tr/A-Z/a-z/
>
> Host localhost
>
> AuthDN uid=rad1,ou=Special Users,dc=cesnet,dc=cz
> AuthPassword xxx
>
> BaseDN dc=cesnet,dc=cz
> UsernameAttr uid
> PasswordAttr radiusPassword
>
> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge,LEAP
>
> EAPTLS_CAFile /etc/ssl/certs/trusted-CA-list.crt
> EAPTLS_CertificateFile /etc/ssl/certs/
> radius_radius1.eduroam.cz.crt.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile /etc/ssl/private/
> radius_radius1.eduroam.cz.key.pem
> #EAPTLS_PrivateKeyPassword whatever
>
> EAPTLS_MaxFragmentSize 1000
>
> EAPTLS_CRLCheck
> EAPTLS_CRLFile /etc/ssl/ed99a497.r0
>
> EAPTLSRewriteCertificateCommonName s/Jan Tomasek/semik/
> EAPTLSRewriteCertificateCommonName s/Jan Ruzicka/janru/
>
> AutoMPPEKeys
>
> SSLeayTrace 0
>
> AllowInReply
> AuthAttrDef roomnumber
> AddToReply Tunnel-Type=1:VLAN,\
> Tunnel-Medium-Type=1:Ether_802,\
> Tunnel-Private-Group-ID=1:100
> </AuthBy>
>
> # -- Local realms
> -------------------------------------------------------------
> <Client saint.cesnet.cz>
> Secret xxx
> </Client>
>
> <Client radius1.eduroam.cz>
> Secret xxx
> </Client>
>
> <Client ldap3.cesnet.cz> # radius2.eduroam.cz
> Secret xxx
> </Client>
>
> <Handler Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/>
> # Strip realm
> RewriteUsername s/^(.*?)\@.*$/$1/
> # Convert user name to lowercase
> RewriteUsername tr/A-Z/a-z/
>
> AuthBy CheckLDAP
> AuthLog authlogger
> </Realm>
>
> <Handler TunnelledByTTLS=1>
> AuthBy CheckLDAP
> AuthLog authlogger
> </Handler>
>
> <Handler TunnelledByPEAP=1>
> AuthBy CheckLDAP
> AuthLog authlogger
> </Handler>
> #
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ^^^^^^
>
> # -- NULL realmy nas nezajimaji takze taky zahazujeme
> -------------------------
> <Handler Realm=/^$/>
> <AuthBy FILE>
> Filename /dev/null
> </AuthBy>
> </Handler>
> #
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ^^^^^^
>
> # -- A vechno co neni nase posilame na narodni radiusy
> ------------------------
> <Handler>
> <AuthBy RADIUS>
> <Host radius1.eduroam.cz>
> AuthPort 1812
> AcctPort 1813
> Secret xxx
> </Host>
> <Host radius2.eduroam.cz>
> AuthPort 1812
> AcctPort 1813
> Secret xxx
> </Host>
> </AuthBy>
>
> AllowInReply
> AddToReply Tunnel-Type=1:VLAN,\
> Tunnel-Medium-Type=1:Ether_802,\
> Tunnel-Private-Group-ID=1:100
> </Handler>
> #
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ^^^^^^
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list