(RADIATOR) Should be EAP-TTLS working with inner authentication MSCHAPV2??

Terry Simons galimore at mac.com
Thu Aug 5 18:43:00 CDT 2004


Ah yes... I remember that conversation now.  :-)

- Terry


On Aug 5, 2004, at 4:44 PM, Hugh Irvine wrote:

>
> Hello Jan -
>
> The problem here is the RewriteUsername which cannot work with  
> MS-CHAPv2.
>
> MS-CHAPv2 does the password checking using the complete username so  
> you cannot rewrite it.
>
> See the comment block at the top of "Radius/MSCHAP.pm"
>
> regards
>
> Hugh
>
>
> On 5 Aug 2004, at 21:30, Jan Tomasek wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hello,
>> I'm testing what authentication mechanisms are working for our  
>> combination of
>> Cisco AP 1230, Radiator and client software. At this moment I'm  
>> playing with
>> XSupplicant v1.0 for Linux. I successfuly tested EAP-TTLS wit inner
>> authentication methods: PAP, CHAP, MSCHAP. But MSCHAPV2 isn't  
>> working! For
>> some strange reason Radiator says that there is problem with  
>> password. But
>> password is always same.
>>
>> I'm sort of confused, this combination is showed in XSupplicant  
>> configuration
>> examples so it should be working.
>>
>> Thanks for any help.
>>
>> XSupplicant configuration is bellow, log from Radiator is attached,  
>> it's
>> configuration too.
>>
>> XSupplicant configuration:
>>
>> network_list = all
>> default_netname = eduroam
>> startup_command = <BEGIN_COMMAND>echo "START"<END_COMMAND>
>> reauth_command = <BEGIN_COMMAND>echo "authenticated user  
>> %i"<END_COMMAND>
>> #logfile = /var/log/xsupplicant.log
>> allow_interfaces = wlan0
>> #allow_interfaces = eth1
>> eduroam
>> {
>>   type = wireless
>> #  allow_types = eap-ttls
>>   identity = <BEGIN_ID>semik at cesnet.cz<END_ID>
>> #  eap-md5 {
>> #        password = <BEGIN_PASS>heslo<END_PASS>
>> #  }
>> #  eap_tls {
>> #     user_cert = /root/JanTomasek.crt.pem
>> #     user_key  = /root/JanTomasek.clear-key.pem
>> #     #user_key_pass = <BEGIN_PASS>password for user-key.pem<END_PASS>
>> #     root_cert = /etc/1x/cca.pem.crt
>> #     #crl_dir = /home/user/certificates/revoked
>> #     #cncheck = mynet.net
>> #     #cnexact = no
>> #     chunk_size = 1398
>> #     random_file = /dev/urandom
>> #     session_resume = no
>> #  }
>> #  eap-mschapv2 {
>> #      password = <BEGIN_PASS>heslo<END_PASS>
>> #  }
>> #  eap-peap {
>> #    root_cert = /etc/1x/cca.pem.crt
>> #     chunk_size = 1398
>> #     random_file = /dev/urandom
>> #     #cncheck = radiusserver.mynet.net
>> #     #cnexact = yes
>> #     session_resume = no
>> #
>> #    eap-mschapv2 {
>> #       username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>> #       password = <BEGIN_PASS>heslo<END_PASS>
>> #    }
>> #  }
>>   eap-ttls {
>>       root_cert = /etc/1x/cca.pem.crt
>>       chunk_size = 1398
>>       random_file = /dev/urandom
>>       phase2_type = mschap
>>       pap {
>>         username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>>         password = <BEGIN_PASS>heslo<END_PASS>
>>       }
>>       chap {
>>         username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>>         password = <BEGIN_PASS>heslo<END_PASS>
>>       }
>>       mschap {
>>         username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>>         password = <BEGIN_PASS>heslo<END_PASS>
>>       }
>>       mschapv2 {
>>         username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>>         password = <BEGIN_PASS>heslo<END_PASS>
>>       }
>>   }
>> }
>>
>> - --
>> - --------------------------------------------------------------
>> Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
>> http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
>>                                       Czech Republic
>> phone(work): +420 2 2435 5279         http://www.cesnet.cz/
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.5 (GNU/Linux)
>> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>>
>> iD8DBQFBEho279++DGvj6tMRAglXAJ0ViWfkcRE81wHlaexXEiX3Ok4FKgCfWm8i
>> wFV91eP9+aunuOrySKPwtBY=
>> =Pn6W
>> -----END PGP SIGNATURE-----
>> Thu Aug  5 12:46:30 2004: DEBUG: Reading users file /dev/null
>> Thu Aug  5 12:46:30 2004: DEBUG: Finished reading configuration file  
>> '/etc/radiator/radius.cfg'
>> This Radiator license will expire on 2004-08-01
>> This Radiator license will stop operating after 1000 requests
>> To purchase an unlimited full source version of Radiator, see
>> http://www.open.com.au/ordering.html
>> To extend your evaluation period, contact admin at open.com.au
>>
>> Thu Aug  5 12:46:30 2004: DEBUG: Reading dictionary file  
>> '/home/semik/iproj/Radiator-Demo-3.9/dictionary'
>> Thu Aug  5 12:46:30 2004: DEBUG: Creating authentication port  
>> 0.0.0.0:1645
>> Thu Aug  5 12:46:30 2004: DEBUG: Creating authentication port  
>> 0.0.0.0:1812
>> Thu Aug  5 12:46:30 2004: DEBUG: Creating accounting port 0.0.0.0:1646
>> Thu Aug  5 12:46:30 2004: DEBUG: Creating accounting port 0.0.0.0:1813
>> Thu Aug  5 12:46:30 2004: NOTICE: Server started: Radiator 3.9 on  
>> ldap1 (EVALUATION)
>> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 134
>> Authentic:  <231>+<7><219><10><185><166>w$<205>w:<27><219>&<236>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator = _-<6>y<20>B&<205><177><176><8>`_<17><221><14>
>> 	EAP-Message = <2><2><0><20><1>semik at cesnet.cz
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 438
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:40 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 2, 20
>> Thu Aug  5 12:46:40 2004: DEBUG: Response type 1
>> Thu Aug  5 12:46:40 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Aug  5 12:46:40 2004: DEBUG: Access challenged for semik: EAP  
>> PEAP Challenge
>> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 134
>> Authentic:  <231>+<7><219><10><185><166>w$<205>w:<27><219>&<236>
>> Attributes:
>> 	EAP-Message = <1><3><0><6><25>!
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 135
>> Authentic:   
>> <248><145><8><142>7<199><228>E<173><21><171><127><139><139>M<193>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> <143><197><193>!<142><25>/<156><236><163><146>(<185>Fc<144>
>> 	EAP-Message = <2><3><0><6><3><21>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 438
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:40 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 3, 6
>> Thu Aug  5 12:46:40 2004: DEBUG: Response type 3
>> Thu Aug  5 12:46:40 2004: INFO: EAP Nak desires type 21
>> Thu Aug  5 12:46:40 2004: DEBUG: Resuming session for  
>> Radius::Context=HASH(0x866da78)
>>
>> Thu Aug  5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:40 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 135
>> Authentic:   
>> <248><145><8><142>7<199><228>E<173><21><171><127><139><139>M<193>
>> Attributes:
>> 	EAP-Message = <1><4><0><6><21>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 136
>> Authentic:  <12><14>m`<162>~<30><131><191>p6<206><234><7><158><196>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> ,<198><162><235><186><132><220>Ng<134><139><21>P<135><229><234>
>> 	EAP-Message =  
>> <2><4><0>n<21><128><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>A<19>}<164> 
>> <173><253><5><30>r<20><168><240>c<202>Y<243><182>\  
>> <209>q<154>8qE<16><182><3><240><200><136>|<0><0>4<0>9<0>8<0>5<0><22><0 
>> ><19><0><10><0>3<0>2<0>/ 
>> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0> 
>> <17><0><8><0><6><0><3><1><0>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 438
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:40 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 4, 110
>> Thu Aug  5 12:46:40 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:40 2004: DEBUG: EAP TLS SSL_accept result: -1, 2,  
>> 8576
>> Thu Aug  5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:40 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 136
>> Authentic:  <12><14>m`<162>~<30><131><191>p6<206><234><7><158><196>
>> Attributes:
>> 	EAP-Message =  
>> <1><5><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<1 
>> 8><16><16><251>]<238>gz<220><172><162><234>X6Z<20><131><189><150><229> 
>> <157><176><147>)<5><156>sRB<21>6  
>> q<205>f<156>C<211>OH3F<193><127>*nx<229><28><155>V<200>C<162>&<152>=<1 
>> 71><168><230>; 
>> <1><150>^<0>5<0><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<1 
>> 30><3><0<130><2>$<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><24 
>> 7><13><1><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3> 
>> U<4><10><19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET  
>> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4 
>> ><10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
>> 	EAP-Message =  
>> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6> 
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2>< 
>> 129><129><0><212><204>S/*/ 
>> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><22 
>> 9><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>- 
>> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><1 
>> 85><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><12 
>> 9><150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l 
>> <245><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><1 
>> 29><211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175 
>> ><165><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192> 
>> 0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180> 
>> <136>
>> 	EAP-Message = <132>U5/<170><6><243><215>  
>> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/ 
>> crl/ 
>> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29 
>> ><17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3 
>> >U<29>  
>> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>* 
>> <134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7< 
>> 21><15><224><137><210><186><250><155><246><129><10><204><160>F<255><20 
>> 1>! 
>> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226 
>> ><173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<2 
>> 54><31><228><198><232><20>~<25>bg<197>0O
>> 	EAP-Message =  
>> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m 
>> <160>,NU<197><30>-<164><242><17>V`g  
>> <162><237><160>LL<195>/ 
>> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10>< 
>> 241><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW? 
>> <27><13>Y<25>  
>> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L: 
>> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7> 
>> @<168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133> 
>> <239><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><13 
>> 3><177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>? 
>> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1 
>> ><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10> 
>> <19><6>CESNET1<18>0<16><6><3>U<4>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 137
>> Authentic:  {yp<237><192><4><133><244>Q<254><228><215><231>b<154>p
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator = <134><138>=FD<'v&<159>Sb<9>Wv<18>
>> 	EAP-Message = <2><5><0><6><21><0>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 438
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:40 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 5, 6
>> Thu Aug  5 12:46:40 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:40 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:40 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 137
>> Authentic:  {yp<237><192><4><133><244>Q<254><228><215><231>b<154>p
>> Attributes:
>> 	EAP-Message = <1><6><3><199><21><0><3><19><9>CESNET  
>> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4> 
>> <6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4>< 
>> 3><19><9>CESNET  
>> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1> 
>> <15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s< 
>> 197>  
>> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185>< 
>> 169><191><233>- 
>> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><24 
>> 0><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221 
>> ><5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><2 
>> 34><213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<1 
>> 61>C
>> 	EAP-Message =  
>> <129><144><152><144><204><219><144><8><15>- 
>> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203>< 
>> 209><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248> 
>> <145>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<2 
>> 32><130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><15 
>> 8>n<187>M<184><215>v<150><216>.<23><251>&W<174>! 
>> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><1 
>> 30>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6 
>> ><3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U 
>> 5/<170><6><243><215>  
>> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180 
>> ><136><132>U5/<170><6><243><215>  
>> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><2 
>> 55><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
>> 	EAP-Message =  
>> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171 
>> ><8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172> 
>> <174><130><241><191><168><146><28><238><246><192><150><208><7>/ 
>> <222><140><3>c/ 
>> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c 
>> <24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224 
>> ><184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP 
>> <156><12><161><154><0>r<14><155><233><218><242><244><196><206><232><23 
>> 3><4>E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215 
>> ><139><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><12 
>> 9><254>1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23> 
>> 7v<1><234><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><1 
>> 71>aY<182>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185 
>> ><241>0<19>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
>> 	EAP-Message =  
>> <201><138>: 
>> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1>< 
>> 2><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10 
>> ><19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET  
>> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14> 
>> Czech  
>> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><1 
>> 9><11>Jan  
>> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247 
>> ><13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:41 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 138
>> Authentic:  <168>Z<158>M6<239><24>S<196><167><9>t<242>C<220><141>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> <144><22><21>^<163>$<11><230><163><179><211>._B<27><210>
>> 	EAP-Message =  
>> <2><6><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0>< 
>> 0><0><22><3><1><0><134><16><0><0><130><0><128><178>(qmc~<230><137>k<22 
>> 6><226><255>4<172><246>Q<216><195><0>QN<138>1<160><176>$<143><179><197 
>> >H<178><159><3><206><133><131><171><129>ZY{<237><173>jO<154><182><30>< 
>> 246><154><190><18><205>F4<230><196>6<152><248><24>`<136>{<186><230>v<2 
>> 06><203><153><222><165><239><158><7><134>(<141><27><194><140><14><233> 
>> 1@<150>Y<127><249><182><238><214><30><195><238><160><29>9&<142><181><1 
>> 60><221><147><162>x<254><249><208><210><5>L<4>Y<10>,<229>=V<132><254>r 
>> <22>oG<251><148>/ 
>> <20><3><1><0><1><1><22><3><1><0>0<185><234><147><128><28><163><175><17 
>> 3><237><198><127>c<158><24>X<23><195><223><151><179><142>0<204><221>A< 
>> 252>*<222><22><254>d<236>VYw<152><135><6><254><225><159><152>4<248><19 
>> 8><209><208>x
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 438
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:41 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:41 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug  5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:41 2004: DEBUG: Handling with EAP: code 2, 6, 220
>> Thu Aug  5 12:46:41 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:41 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
>> Thu Aug  5 12:46:41 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:41 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:41 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 138
>> Authentic:  <168>Z<158>M6<239><24>S<196><167><9>t<242>C<220><141>
>> Attributes:
>> 	EAP-Message =  
>> <1><7><0>E<21><128><0><0><0>; 
>> <20><3><1><0><1><1><22><3><1><0>0<231><184><153><157>m<206>q<127><224> 
>> <134><167><130><204><208><142>s<199>s<185><129>6N<146>~<0>3<251><201>< 
>> 228><29><182><255>}<183><226><182><164><131>u<181><153><172><203>c<169 
>> ><182><28><175>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:41 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 139
>> Authentic:  4J<128>U<18><5>^<194>c/<153>J<253>d<177>3
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> h<2>{<221><177>1<209><206><242><223><165>-.<134>n<183>
>> 	EAP-Message = <2><7><0><192><21><0><23><3><1><0>  
>> <144><197>S<163><13><186><201>G<24><219><23>P<5>g: 
>> <169>^<200><237>P<198>P<129><248>s<157>O<137><2><236>&<149><23><3><1>< 
>> 0><144><190><254><207>9<252><140>=Z<244><5>S<166><255><12><194>F,<130> 
>> <166><184><132><210><161>3<19><239>vh<127>u<25><255><219>ds<227><14><1 
>> 99><23><6>=<203><161>n[<10><244><138><3><176><131><159><175><151><150> 
>> <254><245><206><166><127><3>Lb<0><129><159>VOx<129><173><239>k<217><13 
>> 1><177>ic<178>+<6><211><169>9<148><248><185>(<22><22><188><138>'_<<231 
>> >f<147><3><211><163>]<30><250><227><214><2>wP<140>&<178><137>_$<178><2 
>> 46><160>+#,<3>NHQ<138><198>Z<253><242><139>=<172>0<30><250><193>\A<202 
>> ><156><24>0<182>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 438
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:41 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:41 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug  5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:41 2004: DEBUG: Handling with EAP: code 2, 7, 192
>> Thu Aug  5 12:46:41 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:41 2004: DEBUG: EAP TTLS inner authentication  
>> request for semik at cesnet.cz
>> Thu Aug  5 12:46:41 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
>> Code:       Access-Request
>> Identifier: UNDEF
>> Authentic:   
>> *<255><189><174><25><130><223><129><199><212><144>$<203><248>1Q
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	MS-CHAP-Challenge = <198><171><180>wQ<167><179>wo%<Zn<183>Q<135>
>> 	MS-CHAP2-Response =  
>> <167><0><198><171><180>wQ<167><179>wo%<Zn<183>Q<135><0><0><0><0><0><0> 
>> <0><0><182><202><164>n<182>N4~<147><205><206><226><145><14>c<215>*.J<2 
>> 00><14><211>q/
>>
>> Thu Aug  5 12:46:41 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:41 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154,
>> Thu Aug  5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:41 2004: INFO: Connecting to localhost, port 389
>> Thu Aug  5 12:46:41 2004: INFO: Attempting to bind to LDAP server  
>> localhost:389)
>> Thu Aug  5 12:46:41 2004: DEBUG: LDAP got result for  
>> uid=semik,ou=People,dc=cesnet,dc=cz
>> Thu Aug  5 12:46:41 2004: DEBUG: LDAP got radiusPassword: heslo
>> Thu Aug  5 12:46:41 2004: DEBUG: LDAP got roomnumber:  
>> Tunnel-Private-Group-ID=1:600
>> Thu Aug  5 12:46:41 2004: DEBUG: Radius::AuthLDAP2 looks for match  
>> with semik
>> Thu Aug  5 12:46:41 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad  
>> Password
>> Thu Aug  5 12:46:41 2004: INFO: Connecting to localhost, port 389
>> Thu Aug  5 12:46:41 2004: INFO: Attempting to bind to LDAP server  
>> localhost:389)
>> Thu Aug  5 12:46:41 2004: DEBUG: No entries for DEFAULT found in LDAP  
>> database
>> Thu Aug  5 12:46:41 2004: INFO: Access rejected for semik: Bad  
>> Password
>> Thu Aug  5 12:46:41 2004: DEBUG: EAP result: 1, EAP TTLS inner  
>> authentication redespatched to a Handler
>> Thu Aug  5 12:46:41 2004: INFO: Access rejected for semik: EAP TTLS  
>> inner authentication redespatched to a Handler
>> Thu Aug  5 12:46:41 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Reject
>> Identifier: 139
>> Authentic:  4J<128>U<18><5>^<194>c/<153>J<253>d<177>3
>> Attributes:
>> 	EAP-Message = <4><7><0><4>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Reply-Message = "Request Denied"
>>
>> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 140
>> Authentic:  <137>&<26>~<202><2><177><206><201>r-W<13>F<162><222>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator = %s<208>  
>> <165><202><140><176>[2<211><151><167><143>R<134>
>> 	EAP-Message = <2><1><0><20><1>semik at cesnet.cz
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 439
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:43 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 1, 20
>> Thu Aug  5 12:46:43 2004: DEBUG: Response type 1
>> Thu Aug  5 12:46:43 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Aug  5 12:46:43 2004: DEBUG: Access challenged for semik: EAP  
>> PEAP Challenge
>> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 140
>> Authentic:  <137>&<26>~<202><2><177><206><201>r-W<13>F<162><222>
>> Attributes:
>> 	EAP-Message = <1><2><0><6><25>!
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 141
>> Authentic:   
>> 0<198>(<155><25><251><166><160>`<24><194><7><13><154>z<148>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> +<244><169><175>><148><198>N\<<181><132><154><200><178>d
>> 	EAP-Message = <2><2><0><6><3><21>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 439
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:43 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 2, 6
>> Thu Aug  5 12:46:43 2004: DEBUG: Response type 3
>> Thu Aug  5 12:46:43 2004: INFO: EAP Nak desires type 21
>> Thu Aug  5 12:46:43 2004: DEBUG: Resuming session for  
>> Radius::Context=HASH(0x895bc28)
>>
>> Thu Aug  5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:43 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 141
>> Authentic:   
>> 0<198>(<155><25><251><166><160>`<24><194><7><13><154>z<148>
>> Attributes:
>> 	EAP-Message = <1><3><0><6><21>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 142
>> Authentic:  P<194><16>7G<30><203><161><153>zb<180><4><131><229>:
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> f<138><211>s<246><2><7><133>AK<191><166><10><7><158>y
>> 	EAP-Message =  
>> <2><3><0><142><21><128><0><0><0><132><22><3><1><0><127><1><0><0>{<3><1 
>> >A<19>}<168>d<19>QV4<135><158><176><234><152><201>C<154>naQ/ 
>> <255><244><146>"d{U<170><228>$<152>  
>> q<205>f<156>C<211>OH3F<193><127>*nx<229><28><155>V<200>C<162>&<152>=<1 
>> 71><168><230>; 
>> <1><150>^<0>4<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/ 
>> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0> 
>> <17><0><8><0><6><0><3><1><0>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 439
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:43 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 3, 142
>> Thu Aug  5 12:46:43 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:43 2004: DEBUG: EAP TLS SSL_accept result: -1, 2,  
>> 8576
>> Thu Aug  5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:43 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 142
>> Authentic:  P<194><16>7G<30><203><161><153>zb<180><4><131><229>:
>> Attributes:
>> 	EAP-Message =  
>> <1><4><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<1 
>> 8><16><19><198><133><23><181><130><213>z<131><194><163>}h<144><18>w<20 
>> 4><198><238>e<12><16><185><218>{<247><151>K9  
>> i|]S<14>p<153><30><182><137><215><134>- 
>> %<27>'<27><16><226><209><{x<132><21><12><28><219>r<139><197><138><0>5< 
>> 0><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<130><3><0<130>< 
>> 2>$<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><247><13><1><1><4 
>> ><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6 
>> >CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET  
>> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4 
>> ><10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
>> 	EAP-Message =  
>> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6> 
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2>< 
>> 129><129><0><212><204>S/*/ 
>> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><22 
>> 9><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>- 
>> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><1 
>> 85><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><12 
>> 9><150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l 
>> <245><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><1 
>> 29><211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175 
>> ><165><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192> 
>> 0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180> 
>> <136>
>> 	EAP-Message = <132>U5/<170><6><243><215>  
>> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/ 
>> crl/ 
>> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29 
>> ><17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3 
>> >U<29>  
>> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>* 
>> <134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7< 
>> 21><15><224><137><210><186><250><155><246><129><10><204><160>F<255><20 
>> 1>! 
>> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226 
>> ><173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<2 
>> 54><31><228><198><232><20>~<25>bg<197>0O
>> 	EAP-Message =  
>> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m 
>> <160>,NU<197><30>-<164><242><17>V`g  
>> <162><237><160>LL<195>/ 
>> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10>< 
>> 241><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW? 
>> <27><13>Y<25>  
>> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L: 
>> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7> 
>> @<168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133> 
>> <239><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><13 
>> 3><177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>? 
>> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1 
>> ><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10> 
>> <19><6>CESNET1<18>0<16><6><3>U<4>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 143
>> Authentic:   
>> <20>u<250><136><145><131><230>V<219><149>UR<244><209>{<142>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> <2><222><175>}o<167><201>I<139><186><188>c<149><189><213><155>
>> 	EAP-Message = <2><4><0><6><21><0>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 439
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:43 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 4, 6
>> Thu Aug  5 12:46:43 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:43 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:43 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 143
>> Authentic:   
>> <20>u<250><136><145><131><230>V<219><149>UR<244><209>{<142>
>> Attributes:
>> 	EAP-Message = <1><5><3><199><21><0><3><19><9>CESNET  
>> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4> 
>> <6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4>< 
>> 3><19><9>CESNET  
>> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1> 
>> <15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s< 
>> 197>  
>> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185>< 
>> 169><191><233>- 
>> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><24 
>> 0><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221 
>> ><5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><2 
>> 34><213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<1 
>> 61>C
>> 	EAP-Message =  
>> <129><144><152><144><204><219><144><8><15>- 
>> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203>< 
>> 209><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248> 
>> <145>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<2 
>> 32><130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><15 
>> 8>n<187>M<184><215>v<150><216>.<23><251>&W<174>! 
>> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><1 
>> 30>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6 
>> ><3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U 
>> 5/<170><6><243><215>  
>> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180 
>> ><136><132>U5/<170><6><243><215>  
>> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><2 
>> 55><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
>> 	EAP-Message =  
>> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171 
>> ><8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172> 
>> <174><130><241><191><168><146><28><238><246><192><150><208><7>/ 
>> <222><140><3>c/ 
>> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c 
>> <24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224 
>> ><184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP 
>> <156><12><161><154><0>r<14><155><233><218><242><244><196><206><232><23 
>> 3><4>E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215 
>> ><139><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><12 
>> 9><254>1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23> 
>> 7v<1><234><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><1 
>> 71>aY<182>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185 
>> ><241>0<19>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
>> 	EAP-Message =  
>> <201><138>: 
>> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1>< 
>> 2><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10 
>> ><19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET  
>> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14> 
>> Czech  
>> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><1 
>> 9><11>Jan  
>> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247 
>> ><13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:44 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 144
>> Authentic:   
>> <22><222><21><238>0<232><248><21><15><188><185>}\u<222><177>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> <252><21><140>o<243>{<151><230><184><150>DmCm<172>o
>> 	EAP-Message =  
>> <2><5><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0>< 
>> 0><0><22><3><1><0><134><16><0><0><130><0><128>f<137><129><254><131><23 
>> 6><18><29><157><231>L<182>K<169><213>6<217>f<3>[~<184>*r[<27><14><203> 
>> }<154><190><201>L3<128>O<19><159><249><135>f<211><135><196><174><3>h<1 
>> 91><131><227>]<159>p<2>p<128><162><163>}<169><243><210><26><151>+<1>~y 
>> <244><188><215><199><224><250><152>,z<192><12>S)<142><26>r)<180><190>. 
>> <172><246><213><3><27>&J<201>y<220><253><251>FQ<203><<138>\<5><186>l<1 
>> 63>k<142>]<3>X<23>WG<155>{X<191><19><28><18>,<214><250><20><3><1><0><1 
>> ><1><22><3><1><0>0<194><194><145>\*<192>i<8><139>Y<182><173><20>]: 
>> <0><1>F<163>n<237>i<218>gE<24><242><223><2><243>I<21>=<137>t<239>S0a<1 
>> 65><132>_+|<221><241>9<27>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 439
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:44 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:44 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug  5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:44 2004: DEBUG: Handling with EAP: code 2, 5, 220
>> Thu Aug  5 12:46:44 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:44 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
>> Thu Aug  5 12:46:44 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:44 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:44 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 144
>> Authentic:   
>> <22><222><21><238>0<232><248><21><15><188><185>}\u<222><177>
>> Attributes:
>> 	EAP-Message =  
>> <1><6><0>E<21><128><0><0><0>; 
>> <20><3><1><0><1><1><22><3><1><0>0<243>S<186>u<19>Z<156>}V<189>a<30>5<1 
>> 50><182><214><231><191><152><187>g6x<144><187><187><174><252>y<149>v<2 
>> 07><172><228>H<218><174><206><186>5<13><251><2><231><204>_8M
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:44 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 145
>> Authentic:  <206><163><222>\D<197><139><229>F<12>)c<150>+Z<17>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> <20><212>z3<130><128><155>-b<179><164><10>}<26><3><229>
>> 	EAP-Message = <2><6><0><192><21><0><23><3><1><0>  
>> ,<4>c<179>: 
>> <195><163><181><214>r<17><144><136><222><128><232><164>RI<157><168><18 
>> ><212><222><160><251><243>b<213><165><224><30><23><3><1><0><144><145>< 
>> 229>Z<246>8<0><183>*<170><170>}|'<138><154>H<153><25>a<139>#<179>E<247 
>> ><13>SE<13><159><218><156><251><190><214><220>j<191>- 
>> <221>Rc6@<150><201><213><248><187><149><151>C<29><240><211><162>m<152> 
>> <132>P~%e<239><226><11><25>tFU<144><10>e:]<223><233>n<153><188>'E<191> 
>> H%<29>0<163><180>Mm<24><164><150><143><252>{<12><204>C4<228><22><244>r 
>> <195><9><253>O<240>j<236>)<11><232><182><18>M<174><253>i<5><172><204>{ 
>> U9<183>s<28>e<194><228>|9<203><133>K<204>f<177><211><27><132><191>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 439
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:44 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:44 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug  5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:44 2004: DEBUG: Handling with EAP: code 2, 6, 192
>> Thu Aug  5 12:46:44 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:44 2004: DEBUG: EAP TTLS inner authentication  
>> request for semik at cesnet.cz
>> Thu Aug  5 12:46:44 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
>> Code:       Access-Request
>> Identifier: UNDEF
>> Authentic:  2C<184><220><28><192><27><141><188><190>I<233><177>#8%
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	MS-CHAP-Challenge = N<4>;t<229><140><251><23>@.<236>UJ<133>A8
>> 	MS-CHAP2-Response =  
>> G<0>N<4>; 
>> t<229><140><251><23>@.<236>UJ<133>A8<0><0><0><0><0><0><0><0>$<129>U<22 
>> 4><184>w<2><158><198>T<19>b<188>KxX<132>Y<20>)<4><223>J<157>
>>
>> Thu Aug  5 12:46:44 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:44 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154,
>> Thu Aug  5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:44 2004: INFO: Connecting to localhost, port 389
>> Thu Aug  5 12:46:44 2004: INFO: Attempting to bind to LDAP server  
>> localhost:389)
>> Thu Aug  5 12:46:44 2004: DEBUG: LDAP got result for  
>> uid=semik,ou=People,dc=cesnet,dc=cz
>> Thu Aug  5 12:46:44 2004: DEBUG: LDAP got radiusPassword: heslo
>> Thu Aug  5 12:46:44 2004: DEBUG: LDAP got roomnumber:  
>> Tunnel-Private-Group-ID=1:600
>> Thu Aug  5 12:46:44 2004: DEBUG: Radius::AuthLDAP2 looks for match  
>> with semik
>> Thu Aug  5 12:46:44 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad  
>> Password
>> Thu Aug  5 12:46:44 2004: INFO: Connecting to localhost, port 389
>> Thu Aug  5 12:46:44 2004: INFO: Attempting to bind to LDAP server  
>> localhost:389)
>> Thu Aug  5 12:46:44 2004: DEBUG: No entries for DEFAULT found in LDAP  
>> database
>> Thu Aug  5 12:46:44 2004: INFO: Access rejected for semik: Bad  
>> Password
>> Thu Aug  5 12:46:44 2004: DEBUG: EAP result: 1, EAP TTLS inner  
>> authentication redespatched to a Handler
>> Thu Aug  5 12:46:44 2004: INFO: Access rejected for semik: EAP TTLS  
>> inner authentication redespatched to a Handler
>> Thu Aug  5 12:46:44 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Reject
>> Identifier: 145
>> Authentic:  <206><163><222>\D<197><139><229>F<12>)c<150>+Z<17>
>> Attributes:
>> 	EAP-Message = <4><6><0><4>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Reply-Message = "Request Denied"
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 146
>> Authentic:  gw<233><219>u<27><209><21><16><143><223>##z<177><210>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> 2h<179><25><255><146>lM<227><139>R<167><11>aq<199>
>> 	EAP-Message = <2><1><0><20><1>semik at cesnet.cz
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 440
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 1, 20
>> Thu Aug  5 12:46:46 2004: DEBUG: Response type 1
>> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Aug  5 12:46:46 2004: DEBUG: Access challenged for semik: EAP  
>> PEAP Challenge
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 146
>> Authentic:  gw<233><219>u<27><209><21><16><143><223>##z<177><210>
>> Attributes:
>> 	EAP-Message = <1><2><0><6><25>!
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 147
>> Authentic:  <139><248><0><241><30>UF$<228>V<192><16><22><223><179><2>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> <254><229><14>Bn<221><222><153><165>u\<1><236><4><190><223>
>> 	EAP-Message = <2><2><0><6><3><21>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 440
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 2, 6
>> Thu Aug  5 12:46:46 2004: DEBUG: Response type 3
>> Thu Aug  5 12:46:46 2004: INFO: EAP Nak desires type 21
>> Thu Aug  5 12:46:46 2004: DEBUG: Resuming session for  
>> Radius::Context=HASH(0x891eae4)
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:46 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 147
>> Authentic:  <139><248><0><241><30>UF$<228>V<192><16><22><223><179><2>
>> Attributes:
>> 	EAP-Message = <1><3><0><6><21>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 148
>> Authentic:  <162><196><28>En<142><22><229>a<218><188><0>Cz<166><4>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator = D,m<132>j<170><223>)<209>%9<220>L<23><141>d
>> 	EAP-Message =  
>> <2><3><0><142><21><128><0><0><0><132><22><3><1><0><127><1><0><0>{<3><1 
>> >A<19>}<170>EOo<218>7<<157><3>! 
>> <173>l<198><181><128><162><248><192><187><188><29><219><26><134>T<171> 
>> <24>%<227>  
>> i|]S<14>p<153><30><182><137><215><134>- 
>> %<27>'<27><16><226><209><{x<132><21><12><28><219>r<139><197><138><0>4< 
>> 0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/ 
>> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0> 
>> <17><0><8><0><6><0><3><1><0>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 440
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 3, 142
>> Thu Aug  5 12:46:46 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:46 2004: DEBUG: EAP TLS SSL_accept result: -1, 2,  
>> 8576
>> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:46 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 148
>> Authentic:  <162><196><28>En<142><22><229>a<218><188><0>Cz<166><4>
>> Attributes:
>> 	EAP-Message =  
>> <1><4><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<1 
>> 8><16><22>s5<250><249>n<229><253><19><170><150><195><220><162><24>z<21 
>> 2><141><165><136>9<140><22>'<139><181>C<249><212>  
>> <245><188><252><167>U<0>C<237><161>|<3><236><224>: 
>> <253>e7<184><196><190><190>h<194><207><25><191><209><246><20>$<18><163 
>> ><0>5<0><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<130><3><0 
>> <130><2>$<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><247><13><1 
>> ><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10> 
>> <19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET  
>> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4 
>> ><10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
>> 	EAP-Message =  
>> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6> 
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2>< 
>> 129><129><0><212><204>S/*/ 
>> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><22 
>> 9><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>- 
>> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><1 
>> 85><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><12 
>> 9><150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l 
>> <245><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><1 
>> 29><211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175 
>> ><165><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192> 
>> 0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180> 
>> <136>
>> 	EAP-Message = <132>U5/<170><6><243><215>  
>> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/ 
>> crl/ 
>> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29 
>> ><17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3 
>> >U<29>  
>> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>* 
>> <134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7< 
>> 21><15><224><137><210><186><250><155><246><129><10><204><160>F<255><20 
>> 1>! 
>> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226 
>> ><173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<2 
>> 54><31><228><198><232><20>~<25>bg<197>0O
>> 	EAP-Message =  
>> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m 
>> <160>,NU<197><30>-<164><242><17>V`g  
>> <162><237><160>LL<195>/ 
>> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10>< 
>> 241><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW? 
>> <27><13>Y<25>  
>> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L: 
>> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7> 
>> @<168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133> 
>> <239><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><13 
>> 3><177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>? 
>> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1 
>> ><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10> 
>> <19><6>CESNET1<18>0<16><6><3>U<4>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 149
>> Authentic:  <222>3a}<166><173><154>T%<255>W<148>A<194><145>/
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> <7>h<137>B<194>\<154>q<20><146>:H<188><127><244><214>
>> 	EAP-Message = <2><4><0><6><21><0>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 440
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 4, 6
>> Thu Aug  5 12:46:46 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:46 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 149
>> Authentic:  <222>3a}<166><173><154>T%<255>W<148>A<194><145>/
>> Attributes:
>> 	EAP-Message = <1><5><3><199><21><0><3><19><9>CESNET  
>> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4> 
>> <6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4>< 
>> 3><19><9>CESNET  
>> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1> 
>> <15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s< 
>> 197>  
>> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185>< 
>> 169><191><233>- 
>> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><24 
>> 0><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221 
>> ><5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><2 
>> 34><213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<1 
>> 61>C
>> 	EAP-Message =  
>> <129><144><152><144><204><219><144><8><15>- 
>> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203>< 
>> 209><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248> 
>> <145>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<2 
>> 32><130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><15 
>> 8>n<187>M<184><215>v<150><216>.<23><251>&W<174>! 
>> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><1 
>> 30>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6 
>> ><3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U 
>> 5/<170><6><243><215>  
>> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180 
>> ><136><132>U5/<170><6><243><215>  
>> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><2 
>> 55><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
>> 	EAP-Message =  
>> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171 
>> ><8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172> 
>> <174><130><241><191><168><146><28><238><246><192><150><208><7>/ 
>> <222><140><3>c/ 
>> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c 
>> <24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224 
>> ><184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP 
>> <156><12><161><154><0>r<14><155><233><218><242><244><196><206><232><23 
>> 3><4>E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215 
>> ><139><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><12 
>> 9><254>1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23> 
>> 7v<1><234><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><1 
>> 71>aY<182>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185 
>> ><241>0<19>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
>> 	EAP-Message =  
>> <201><138>: 
>> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1>< 
>> 2><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10 
>> ><19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET  
>> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14> 
>> Czech  
>> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><1 
>> 9><11>Jan  
>> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247 
>> ><13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 150
>> Authentic:   
>> <255><176><226><25><0><155>P<164><3><220>v<242><176><<208>T
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator =  
>> <241>u<197><225><213><211><162><166><17><213>f<215><248><2><11><172>
>> 	EAP-Message =  
>> <2><5><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0>< 
>> 0><0><22><3><1><0><134><16><0><0><130><0><128><7><16>`<209><133><157>h 
>> U<217>3<192><3>L<249><253>&u<165>$bo<178><27><220><255><190>a#<18><166 
>> >Px<12><190><243><159><138><172>"9q.Q<10><236><178>m<203>x<213><12>Ft< 
>> 19><20>I! 
>> a at J<14><150><217>=<28><185><255><127><179><141><140>f<169>|_? 
>> <22><139><187><163><173><232><240><224>*I<255><5>d<234><182>s<131><178 
>> ><186>ZQ<127><171><5><165>c<188><183><196>I(<134>@<223><196>>r<246><20 
>> 7>Va<149><170><226><202><162><25><132><182><31><171><242><20><3><1><0> 
>> <1><1><22><3><1><0>0<0><168>7<128><255><162>1A<208><251>c<139><146><24 
>> 2>&<128>yz<217><141>,2<162><173><182>EN<247><12><178><8><16><175><237> 
>> <154><167><197>s<239><201>t,<176>,u<136>*<134>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 440
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 5, 220
>> Thu Aug  5 12:46:46 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:46 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
>> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug  5 12:46:46 2004: DEBUG: Access challenged for semik: EAP  
>> TTLS Challenge
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Challenge
>> Identifier: 150
>> Authentic:   
>> <255><176><226><25><0><155>P<164><3><220>v<242><176><<208>T
>> Attributes:
>> 	EAP-Message =  
>> <1><6><0>E<21><128><0><0><0>; 
>> <20><3><1><0><1><1><22><3><1><0>0<253><<31><239>/ 
>> <177><27>4<154><236><153><148><20>$<6><3>_l$<203>|! 
>> <159><208>8<251><251><232><205>(<137>*<215><171><17><143><215><129>{Q< 
>> 147><151><252>T<238>0Y+
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code:       Access-Request
>> Identifier: 151
>> Authentic:  <217>j<177><146>R<208>1<255><8><218><3>[<161>i<224>[
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	Framed-MTU = 1400
>> 	Called-Station-Id = "000e.383e.0a47"
>> 	Calling-Station-Id = "0060.b38a.dac1"
>> 	Message-Authenticator = PT<139>jj<164><9>rP<179>x<159>u8kz
>> 	EAP-Message = <2><6><0><192><21><0><23><3><1><0>  
>> "<152>3<255><232>.<211><184>%<158>h<171><0>T<158><1><2>,<160>wO2<211>F 
>> 9/<209>R<234>hia<23><3><1><0><144>|X<214>T9? 
>> <183><245>"<162><14><9><159><223><211><180><164><216><216><151><140>'< 
>> 12><19><144><19><234><182><162>! 
>> <239><173><244>b<6>w<168><144><129><182><160>!<128>S&J0<145>? 
>> {<207><144><226>3<246><195><27><230><204>~L1<248>g<139>s<159><10>_<152 
>> ><127>\<149><220>.<178><134><245><5><181>q<250>N<2><184><180><8><218>< 
>> 244><251><207>K<213>b<145><235><207>M<18><12>_<189><150>u<27><164><220 
>> ><234><201><9><149><159><1>`<217>1A\<14>{<150><143><228><24>_<31><165> 
>> <209><156>!TU<24><226><231>K<202>za<1><210><199>B<207>
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 440
>> 	Service-Type = Framed-User
>> 	NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 6, 192
>> Thu Aug  5 12:46:46 2004: DEBUG: Response type 21
>> Thu Aug  5 12:46:46 2004: DEBUG: EAP TTLS inner authentication  
>> request for semik at cesnet.cz
>> Thu Aug  5 12:46:46 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
>> Code:       Access-Request
>> Identifier: UNDEF
>> Authentic:   
>> D<166><215><218><144>ZO<221><214>j<254><157><145><160>o<174>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	MS-CHAP-Challenge =  
>> <245><143><232>k<158><130><148><247><174>A<28><172><167>9<204>E
>> 	MS-CHAP2-Response =  
>> 9<0><245><143><232>k<158><130><148><247><174>A<28><172><167>9<204>E<0> 
>> <0><0><0><0><0><0><0><22><224><216>o<247><201>5<220><247><18><219>j<14 
>> 1>Pt:<251><223><219><138><2><28><164><207>
>>
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:46:46 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 195.113.205.154,
>> Thu Aug  5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:46:46 2004: INFO: Connecting to localhost, port 389
>> Thu Aug  5 12:46:46 2004: INFO: Attempting to bind to LDAP server  
>> localhost:389)
>> Thu Aug  5 12:46:46 2004: DEBUG: LDAP got result for  
>> uid=semik,ou=People,dc=cesnet,dc=cz
>> Thu Aug  5 12:46:46 2004: DEBUG: LDAP got radiusPassword: heslo
>> Thu Aug  5 12:46:46 2004: DEBUG: LDAP got roomnumber:  
>> Tunnel-Private-Group-ID=1:600
>> Thu Aug  5 12:46:46 2004: DEBUG: Radius::AuthLDAP2 looks for match  
>> with semik
>> Thu Aug  5 12:46:46 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad  
>> Password
>> Thu Aug  5 12:46:46 2004: INFO: Connecting to localhost, port 389
>> Thu Aug  5 12:46:46 2004: INFO: Attempting to bind to LDAP server  
>> localhost:389)
>> Thu Aug  5 12:46:46 2004: DEBUG: No entries for DEFAULT found in LDAP  
>> database
>> Thu Aug  5 12:46:46 2004: INFO: Access rejected for semik: Bad  
>> Password
>> Thu Aug  5 12:46:46 2004: DEBUG: EAP result: 1, EAP TTLS inner  
>> authentication redespatched to a Handler
>> Thu Aug  5 12:46:46 2004: INFO: Access rejected for semik: EAP TTLS  
>> inner authentication redespatched to a Handler
>> Thu Aug  5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code:       Access-Reject
>> Identifier: 151
>> Authentic:  <217>j<177><146>R<208>1<255><8><218><3>[<161>i<224>[
>> Attributes:
>> 	EAP-Message = <4><6><0><4>
>> 	Message-Authenticator =  
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Reply-Message = "Request Denied"
>>
>> Thu Aug  5 12:47:11 2004: DEBUG: Packet dump:
>> *** Received from 195.113.187.22 port 32980 ....
>> Code:       Access-Request
>> Identifier: 77
>> Authentic:   
>> <230><156><228>?<18><153>o<225><25>5<21><195><24>L<224><16>
>> Attributes:
>> 	User-Name = "semik at cesnet.cz"
>> 	User-Password = "U/<233><h<146>^<158><190>X9<157><2><189>*<187>"
>> 	NAS-IP-Address = 255.255.255.255
>> 	NAS-Port = 0
>>
>> Thu Aug  5 12:47:11 2004: DEBUG: Handling request with Handler  
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug  5 12:47:11 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:47:11 2004: DEBUG: Rewrote user name to semik
>> Thu Aug  5 12:47:11 2004: DEBUG:  Deleting session for  
>> semik at cesnet.cz, 255.255.255.255, 0
>> Thu Aug  5 12:47:11 2004: DEBUG: Handling with Radius::AuthLDAP2:  
>> CheckLDAP
>> Thu Aug  5 12:47:11 2004: INFO: Connecting to localhost, port 389
>> Thu Aug  5 12:47:11 2004: INFO: Attempting to bind to LDAP server  
>> localhost:389)
>> Thu Aug  5 12:47:11 2004: DEBUG: LDAP got result for  
>> uid=semik,ou=People,dc=cesnet,dc=cz
>> Thu Aug  5 12:47:11 2004: DEBUG: LDAP got radiusPassword: heslo
>> Thu Aug  5 12:47:11 2004: DEBUG: LDAP got roomnumber:  
>> Tunnel-Private-Group-ID=1:600
>> Thu Aug  5 12:47:11 2004: DEBUG: Radius::AuthLDAP2 looks for match  
>> with semik
>> Thu Aug  5 12:47:11 2004: DEBUG: Radius::AuthLDAP2 ACCEPT:
>> Thu Aug  5 12:47:11 2004: DEBUG: Access accepted for semik
>> Thu Aug  5 12:47:11 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.187.22 port 32980 ....
>> Code:       Access-Accept
>> Identifier: 77
>> Authentic:   
>> <230><156><228>?<18><153>o<225><25>5<21><195><24>L<224><16>
>> Attributes:
>> 	Tunnel-Type = 1:VLAN
>> 	Tunnel-Medium-Type = 1:Ether_802
>> 	Tunnel-Private-Group-ID = 1:100
>>
>> Foreground
>> LogStdout
>> Trace		4
>> LogDir		/var/log/radiator
>> DbDir		/home/semik/iproj/Radiator-Demo-3.9
>>
>> <AuthLog SYSLOG>
>> 		Identifier authlogger
>> 		Facility	local7
>> 		LogSuccess	1
>> 		LogFailure	1
>> 		SuccessFormat	%U:%P:OK
>> 		FailureFormat	%U:%P:FAIL
>> </AuthLog>
>> <Log SYSLOG>
>> 		Facility	local7
>> 		LogIdent	radiator
>> 		Trace		4
>> </Log>
>>
>> AuthPort	1645,1812
>> AcctPort	1646,1813
>>
>> <Client localhost>
>> 	Secret		mysecret
>> 	DupInterval 	0
>> </Client>
>>
>> <Client DEFAULT>
>> 	Secret		xxx
>> </Client>
>>
>> # -- Definition of local authentication  
>> ---------------------------------------
>> <AuthBy LDAP2>
>> 	Identifier CheckLDAP
>>
>> 	# Strip realm
>> 	RewriteUsername		s/^(.*?)\@.*$/$1/
>> 	# Convert user name to lowercase
>> 	RewriteUsername		tr/A-Z/a-z/
>>
>> 	Host		localhost
>>
>> 	AuthDN		uid=rad1,ou=Special Users,dc=cesnet,dc=cz
>> 	AuthPassword	xxx
>>
>> 	BaseDN		dc=cesnet,dc=cz
>> 	UsernameAttr	uid
>> 	PasswordAttr    radiusPassword
>>
>> 	EAPType		PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge,LEAP
>>
>> 	EAPTLS_CAFile	/etc/ssl/certs/trusted-CA-list.crt
>> 	EAPTLS_CertificateFile	/etc/ssl/certs/ 
>> radius_radius1.eduroam.cz.crt.pem
>> 	EAPTLS_CertificateType	PEM
>> 	EAPTLS_PrivateKeyFile	/etc/ssl/private/ 
>> radius_radius1.eduroam.cz.key.pem
>> 	#EAPTLS_PrivateKeyPassword whatever
>>
>> 	EAPTLS_MaxFragmentSize	1000
>>
>> 	EAPTLS_CRLCheck
>> 	EAPTLS_CRLFile	/etc/ssl/ed99a497.r0
>>
>> 	EAPTLSRewriteCertificateCommonName s/Jan Tomasek/semik/
>> 	EAPTLSRewriteCertificateCommonName s/Jan Ruzicka/janru/
>> 	
>> 	AutoMPPEKeys
>>
>> 	SSLeayTrace 0
>>
>> 	AllowInReply
>> 	AuthAttrDef	roomnumber
>> 	AddToReply	Tunnel-Type=1:VLAN,\
>> 			Tunnel-Medium-Type=1:Ether_802,\
>> 			Tunnel-Private-Group-ID=1:100
>> </AuthBy>
>>
>> # -- Local realms  
>> -------------------------------------------------------------
>> <Client saint.cesnet.cz>
>>         Secret          xxx
>> </Client>
>>
>> <Client radius1.eduroam.cz>
>> 	Secret		xxx
>> </Client>
>>
>> <Client ldap3.cesnet.cz> # radius2.eduroam.cz
>> 	Secret		xxx	
>> </Client>
>>
>> <Handler Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/>
>> 	# Strip realm
>> 	RewriteUsername		s/^(.*?)\@.*$/$1/
>> 	# Convert user name to lowercase
>> 	RewriteUsername		tr/A-Z/a-z/
>>
>> 	AuthBy	CheckLDAP
>> 	AuthLog authlogger
>> </Realm>
>>
>> <Handler TunnelledByTTLS=1>
>> 	AuthBy	CheckLDAP
>> 	AuthLog authlogger
>> </Handler>
>>
>> <Handler TunnelledByPEAP=1>
>> 	AuthBy	CheckLDAP
>> 	AuthLog authlogger
>> </Handler>
>> #  
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
>> ^^^^^^^
>>
>> # -- NULL realmy nas nezajimaji takze taky zahazujeme  
>> -------------------------
>> <Handler Realm=/^$/>
>>         <AuthBy FILE>
>>                 Filename /dev/null
>>         </AuthBy>
>> </Handler>
>> #  
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
>> ^^^^^^^
>>
>> # -- A vechno co neni nase posilame na narodni radiusy  
>> ------------------------
>> <Handler>
>>         <AuthBy RADIUS>
>>                 <Host radius1.eduroam.cz>
>>                         AuthPort        1812
>>                         AcctPort        1813
>>                         Secret          xxx
>>                 </Host>
>>                 <Host radius2.eduroam.cz>
>>                         AuthPort        1812
>>                         AcctPort        1813
>>                         Secret          xxx
>>                 </Host>
>>         </AuthBy>
>>
>> 	AllowInReply
>> 	AddToReply	Tunnel-Type=1:VLAN,\
>> 			Tunnel-Medium-Type=1:Ether_802,\
>> 			Tunnel-Private-Group-ID=1:100
>> </Handler>
>> #  
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
>> ^^^^^^^
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list