(RADIATOR) Should be EAP-TTLS working with inner authentication MSCHAPV2??
Terry Simons
galimore at mac.com
Thu Aug 5 18:43:00 CDT 2004
Ah yes... I remember that conversation now. :-)
- Terry
On Aug 5, 2004, at 4:44 PM, Hugh Irvine wrote:
>
> Hello Jan -
>
> The problem here is the RewriteUsername which cannot work with
> MS-CHAPv2.
>
> MS-CHAPv2 does the password checking using the complete username so
> you cannot rewrite it.
>
> See the comment block at the top of "Radius/MSCHAP.pm"
>
> regards
>
> Hugh
>
>
> On 5 Aug 2004, at 21:30, Jan Tomasek wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hello,
>> I'm testing what authentication mechanisms are working for our
>> combination of
>> Cisco AP 1230, Radiator and client software. At this moment I'm
>> playing with
>> XSupplicant v1.0 for Linux. I successfuly tested EAP-TTLS wit inner
>> authentication methods: PAP, CHAP, MSCHAP. But MSCHAPV2 isn't
>> working! For
>> some strange reason Radiator says that there is problem with
>> password. But
>> password is always same.
>>
>> I'm sort of confused, this combination is showed in XSupplicant
>> configuration
>> examples so it should be working.
>>
>> Thanks for any help.
>>
>> XSupplicant configuration is bellow, log from Radiator is attached,
>> it's
>> configuration too.
>>
>> XSupplicant configuration:
>>
>> network_list = all
>> default_netname = eduroam
>> startup_command = <BEGIN_COMMAND>echo "START"<END_COMMAND>
>> reauth_command = <BEGIN_COMMAND>echo "authenticated user
>> %i"<END_COMMAND>
>> #logfile = /var/log/xsupplicant.log
>> allow_interfaces = wlan0
>> #allow_interfaces = eth1
>> eduroam
>> {
>> type = wireless
>> # allow_types = eap-ttls
>> identity = <BEGIN_ID>semik at cesnet.cz<END_ID>
>> # eap-md5 {
>> # password = <BEGIN_PASS>heslo<END_PASS>
>> # }
>> # eap_tls {
>> # user_cert = /root/JanTomasek.crt.pem
>> # user_key = /root/JanTomasek.clear-key.pem
>> # #user_key_pass = <BEGIN_PASS>password for user-key.pem<END_PASS>
>> # root_cert = /etc/1x/cca.pem.crt
>> # #crl_dir = /home/user/certificates/revoked
>> # #cncheck = mynet.net
>> # #cnexact = no
>> # chunk_size = 1398
>> # random_file = /dev/urandom
>> # session_resume = no
>> # }
>> # eap-mschapv2 {
>> # password = <BEGIN_PASS>heslo<END_PASS>
>> # }
>> # eap-peap {
>> # root_cert = /etc/1x/cca.pem.crt
>> # chunk_size = 1398
>> # random_file = /dev/urandom
>> # #cncheck = radiusserver.mynet.net
>> # #cnexact = yes
>> # session_resume = no
>> #
>> # eap-mschapv2 {
>> # username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>> # password = <BEGIN_PASS>heslo<END_PASS>
>> # }
>> # }
>> eap-ttls {
>> root_cert = /etc/1x/cca.pem.crt
>> chunk_size = 1398
>> random_file = /dev/urandom
>> phase2_type = mschap
>> pap {
>> username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>> password = <BEGIN_PASS>heslo<END_PASS>
>> }
>> chap {
>> username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>> password = <BEGIN_PASS>heslo<END_PASS>
>> }
>> mschap {
>> username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>> password = <BEGIN_PASS>heslo<END_PASS>
>> }
>> mschapv2 {
>> username = <BEGIN_UNAME>semik at cesnet.cz<END_UNAME>
>> password = <BEGIN_PASS>heslo<END_PASS>
>> }
>> }
>> }
>>
>> - --
>> - --------------------------------------------------------------
>> Jan Tomasek aka Semik work: CESNET, z.s.p.o.
>> http://www.tomasek.cz/ Zikova 4, 160 00 Praha 6
>> Czech Republic
>> phone(work): +420 2 2435 5279 http://www.cesnet.cz/
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.5 (GNU/Linux)
>> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>>
>> iD8DBQFBEho279++DGvj6tMRAglXAJ0ViWfkcRE81wHlaexXEiX3Ok4FKgCfWm8i
>> wFV91eP9+aunuOrySKPwtBY=
>> =Pn6W
>> -----END PGP SIGNATURE-----
>> Thu Aug 5 12:46:30 2004: DEBUG: Reading users file /dev/null
>> Thu Aug 5 12:46:30 2004: DEBUG: Finished reading configuration file
>> '/etc/radiator/radius.cfg'
>> This Radiator license will expire on 2004-08-01
>> This Radiator license will stop operating after 1000 requests
>> To purchase an unlimited full source version of Radiator, see
>> http://www.open.com.au/ordering.html
>> To extend your evaluation period, contact admin at open.com.au
>>
>> Thu Aug 5 12:46:30 2004: DEBUG: Reading dictionary file
>> '/home/semik/iproj/Radiator-Demo-3.9/dictionary'
>> Thu Aug 5 12:46:30 2004: DEBUG: Creating authentication port
>> 0.0.0.0:1645
>> Thu Aug 5 12:46:30 2004: DEBUG: Creating authentication port
>> 0.0.0.0:1812
>> Thu Aug 5 12:46:30 2004: DEBUG: Creating accounting port 0.0.0.0:1646
>> Thu Aug 5 12:46:30 2004: DEBUG: Creating accounting port 0.0.0.0:1813
>> Thu Aug 5 12:46:30 2004: NOTICE: Server started: Radiator 3.9 on
>> ldap1 (EVALUATION)
>> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 134
>> Authentic: <231>+<7><219><10><185><166>w$<205>w:<27><219>&<236>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator = _-<6>y<20>B&<205><177><176><8>`_<17><221><14>
>> EAP-Message = <2><2><0><20><1>semik at cesnet.cz
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 438
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:40 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 2, 20
>> Thu Aug 5 12:46:40 2004: DEBUG: Response type 1
>> Thu Aug 5 12:46:40 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Aug 5 12:46:40 2004: DEBUG: Access challenged for semik: EAP
>> PEAP Challenge
>> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 134
>> Authentic: <231>+<7><219><10><185><166>w$<205>w:<27><219>&<236>
>> Attributes:
>> EAP-Message = <1><3><0><6><25>!
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 135
>> Authentic:
>> <248><145><8><142>7<199><228>E<173><21><171><127><139><139>M<193>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> <143><197><193>!<142><25>/<156><236><163><146>(<185>Fc<144>
>> EAP-Message = <2><3><0><6><3><21>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 438
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:40 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 3, 6
>> Thu Aug 5 12:46:40 2004: DEBUG: Response type 3
>> Thu Aug 5 12:46:40 2004: INFO: EAP Nak desires type 21
>> Thu Aug 5 12:46:40 2004: DEBUG: Resuming session for
>> Radius::Context=HASH(0x866da78)
>>
>> Thu Aug 5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:40 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 135
>> Authentic:
>> <248><145><8><142>7<199><228>E<173><21><171><127><139><139>M<193>
>> Attributes:
>> EAP-Message = <1><4><0><6><21>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 136
>> Authentic: <12><14>m`<162>~<30><131><191>p6<206><234><7><158><196>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> ,<198><162><235><186><132><220>Ng<134><139><21>P<135><229><234>
>> EAP-Message =
>> <2><4><0>n<21><128><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>A<19>}<164>
>> <173><253><5><30>r<20><168><240>c<202>Y<243><182>\
>> <209>q<154>8qE<16><182><3><240><200><136>|<0><0>4<0>9<0>8<0>5<0><22><0
>> ><19><0><10><0>3<0>2<0>/
>> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0>
>> <17><0><8><0><6><0><3><1><0>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 438
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:40 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 4, 110
>> Thu Aug 5 12:46:40 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:40 2004: DEBUG: EAP TLS SSL_accept result: -1, 2,
>> 8576
>> Thu Aug 5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:40 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 136
>> Authentic: <12><14>m`<162>~<30><131><191>p6<206><234><7><158><196>
>> Attributes:
>> EAP-Message =
>> <1><5><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<1
>> 8><16><16><251>]<238>gz<220><172><162><234>X6Z<20><131><189><150><229>
>> <157><176><147>)<5><156>sRB<21>6
>> q<205>f<156>C<211>OH3F<193><127>*nx<229><28><155>V<200>C<162>&<152>=<1
>> 71><168><230>;
>> <1><150>^<0>5<0><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<1
>> 30><3><0<130><2>$<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><24
>> 7><13><1><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>
>> U<4><10><19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET
>> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4
>> ><10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
>> EAP-Message =
>> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6>
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><
>> 129><129><0><212><204>S/*/
>> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><22
>> 9><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>-
>> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><1
>> 85><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><12
>> 9><150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l
>> <245><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><1
>> 29><211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175
>> ><165><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192>
>> 0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180>
>> <136>
>> EAP-Message = <132>U5/<170><6><243><215>
>> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/
>> crl/
>> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29
>> ><17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3
>> >U<29>
>> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>*
>> <134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7<
>> 21><15><224><137><210><186><250><155><246><129><10><204><160>F<255><20
>> 1>!
>> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226
>> ><173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<2
>> 54><31><228><198><232><20>~<25>bg<197>0O
>> EAP-Message =
>> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m
>> <160>,NU<197><30>-<164><242><17>V`g
>> <162><237><160>LL<195>/
>> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10><
>> 241><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW?
>> <27><13>Y<25>
>> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L:
>> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7>
>> @<168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133>
>> <239><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><13
>> 3><177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>?
>> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1
>> ><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10>
>> <19><6>CESNET1<18>0<16><6><3>U<4>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 137
>> Authentic: {yp<237><192><4><133><244>Q<254><228><215><231>b<154>p
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator = <134><138>=FD<'v&<159>Sb<9>Wv<18>
>> EAP-Message = <2><5><0><6><21><0>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 438
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:40 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:40 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:40 2004: DEBUG: Handling with EAP: code 2, 5, 6
>> Thu Aug 5 12:46:40 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:40 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:40 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 137
>> Authentic: {yp<237><192><4><133><244>Q<254><228><215><231>b<154>p
>> Attributes:
>> EAP-Message = <1><6><3><199><21><0><3><19><9>CESNET
>> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4>
>> <6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4><
>> 3><19><9>CESNET
>> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1>
>> <15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s<
>> 197>
>> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185><
>> 169><191><233>-
>> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><24
>> 0><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221
>> ><5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><2
>> 34><213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<1
>> 61>C
>> EAP-Message =
>> <129><144><152><144><204><219><144><8><15>-
>> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203><
>> 209><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248>
>> <145>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<2
>> 32><130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><15
>> 8>n<187>M<184><215>v<150><216>.<23><251>&W<174>!
>> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><1
>> 30>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6
>> ><3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U
>> 5/<170><6><243><215>
>> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180
>> ><136><132>U5/<170><6><243><215>
>> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><2
>> 55><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
>> EAP-Message =
>> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171
>> ><8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172>
>> <174><130><241><191><168><146><28><238><246><192><150><208><7>/
>> <222><140><3>c/
>> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c
>> <24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224
>> ><184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP
>> <156><12><161><154><0>r<14><155><233><218><242><244><196><206><232><23
>> 3><4>E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215
>> ><139><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><12
>> 9><254>1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23>
>> 7v<1><234><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><1
>> 71>aY<182>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185
>> ><241>0<19>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
>> EAP-Message =
>> <201><138>:
>> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1><
>> 2><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10
>> ><19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET
>> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14>
>> Czech
>> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><1
>> 9><11>Jan
>> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247
>> ><13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:41 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 138
>> Authentic: <168>Z<158>M6<239><24>S<196><167><9>t<242>C<220><141>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> <144><22><21>^<163>$<11><230><163><179><211>._B<27><210>
>> EAP-Message =
>> <2><6><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0><
>> 0><0><22><3><1><0><134><16><0><0><130><0><128><178>(qmc~<230><137>k<22
>> 6><226><255>4<172><246>Q<216><195><0>QN<138>1<160><176>$<143><179><197
>> >H<178><159><3><206><133><131><171><129>ZY{<237><173>jO<154><182><30><
>> 246><154><190><18><205>F4<230><196>6<152><248><24>`<136>{<186><230>v<2
>> 06><203><153><222><165><239><158><7><134>(<141><27><194><140><14><233>
>> 1@<150>Y<127><249><182><238><214><30><195><238><160><29>9&<142><181><1
>> 60><221><147><162>x<254><249><208><210><5>L<4>Y<10>,<229>=V<132><254>r
>> <22>oG<251><148>/
>> <20><3><1><0><1><1><22><3><1><0>0<185><234><147><128><28><163><175><17
>> 3><237><198><127>c<158><24>X<23><195><223><151><179><142>0<204><221>A<
>> 252>*<222><22><254>d<236>VYw<152><135><6><254><225><159><152>4<248><19
>> 8><209><208>x
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 438
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:41 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:41 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug 5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:41 2004: DEBUG: Handling with EAP: code 2, 6, 220
>> Thu Aug 5 12:46:41 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:41 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
>> Thu Aug 5 12:46:41 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:41 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:41 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 138
>> Authentic: <168>Z<158>M6<239><24>S<196><167><9>t<242>C<220><141>
>> Attributes:
>> EAP-Message =
>> <1><7><0>E<21><128><0><0><0>;
>> <20><3><1><0><1><1><22><3><1><0>0<231><184><153><157>m<206>q<127><224>
>> <134><167><130><204><208><142>s<199>s<185><129>6N<146>~<0>3<251><201><
>> 228><29><182><255>}<183><226><182><164><131>u<181><153><172><203>c<169
>> ><182><28><175>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:41 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 139
>> Authentic: 4J<128>U<18><5>^<194>c/<153>J<253>d<177>3
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> h<2>{<221><177>1<209><206><242><223><165>-.<134>n<183>
>> EAP-Message = <2><7><0><192><21><0><23><3><1><0>
>> <144><197>S<163><13><186><201>G<24><219><23>P<5>g:
>> <169>^<200><237>P<198>P<129><248>s<157>O<137><2><236>&<149><23><3><1><
>> 0><144><190><254><207>9<252><140>=Z<244><5>S<166><255><12><194>F,<130>
>> <166><184><132><210><161>3<19><239>vh<127>u<25><255><219>ds<227><14><1
>> 99><23><6>=<203><161>n[<10><244><138><3><176><131><159><175><151><150>
>> <254><245><206><166><127><3>Lb<0><129><159>VOx<129><173><239>k<217><13
>> 1><177>ic<178>+<6><211><169>9<148><248><185>(<22><22><188><138>'_<<231
>> >f<147><3><211><163>]<30><250><227><214><2>wP<140>&<178><137>_$<178><2
>> 46><160>+#,<3>NHQ<138><198>Z<253><242><139>=<172>0<30><250><193>\A<202
>> ><156><24>0<182>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 438
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:41 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:41 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 438
>> Thu Aug 5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:41 2004: DEBUG: Handling with EAP: code 2, 7, 192
>> Thu Aug 5 12:46:41 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:41 2004: DEBUG: EAP TTLS inner authentication
>> request for semik at cesnet.cz
>> Thu Aug 5 12:46:41 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
>> Code: Access-Request
>> Identifier: UNDEF
>> Authentic:
>> *<255><189><174><25><130><223><129><199><212><144>$<203><248>1Q
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> MS-CHAP-Challenge = <198><171><180>wQ<167><179>wo%<Zn<183>Q<135>
>> MS-CHAP2-Response =
>> <167><0><198><171><180>wQ<167><179>wo%<Zn<183>Q<135><0><0><0><0><0><0>
>> <0><0><182><202><164>n<182>N4~<147><205><206><226><145><14>c<215>*.J<2
>> 00><14><211>q/
>>
>> Thu Aug 5 12:46:41 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:41 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:41 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154,
>> Thu Aug 5 12:46:41 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:41 2004: INFO: Connecting to localhost, port 389
>> Thu Aug 5 12:46:41 2004: INFO: Attempting to bind to LDAP server
>> localhost:389)
>> Thu Aug 5 12:46:41 2004: DEBUG: LDAP got result for
>> uid=semik,ou=People,dc=cesnet,dc=cz
>> Thu Aug 5 12:46:41 2004: DEBUG: LDAP got radiusPassword: heslo
>> Thu Aug 5 12:46:41 2004: DEBUG: LDAP got roomnumber:
>> Tunnel-Private-Group-ID=1:600
>> Thu Aug 5 12:46:41 2004: DEBUG: Radius::AuthLDAP2 looks for match
>> with semik
>> Thu Aug 5 12:46:41 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad
>> Password
>> Thu Aug 5 12:46:41 2004: INFO: Connecting to localhost, port 389
>> Thu Aug 5 12:46:41 2004: INFO: Attempting to bind to LDAP server
>> localhost:389)
>> Thu Aug 5 12:46:41 2004: DEBUG: No entries for DEFAULT found in LDAP
>> database
>> Thu Aug 5 12:46:41 2004: INFO: Access rejected for semik: Bad
>> Password
>> Thu Aug 5 12:46:41 2004: DEBUG: EAP result: 1, EAP TTLS inner
>> authentication redespatched to a Handler
>> Thu Aug 5 12:46:41 2004: INFO: Access rejected for semik: EAP TTLS
>> inner authentication redespatched to a Handler
>> Thu Aug 5 12:46:41 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Reject
>> Identifier: 139
>> Authentic: 4J<128>U<18><5>^<194>c/<153>J<253>d<177>3
>> Attributes:
>> EAP-Message = <4><7><0><4>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Reply-Message = "Request Denied"
>>
>> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 140
>> Authentic: <137>&<26>~<202><2><177><206><201>r-W<13>F<162><222>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator = %s<208>
>> <165><202><140><176>[2<211><151><167><143>R<134>
>> EAP-Message = <2><1><0><20><1>semik at cesnet.cz
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 439
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:43 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 1, 20
>> Thu Aug 5 12:46:43 2004: DEBUG: Response type 1
>> Thu Aug 5 12:46:43 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Aug 5 12:46:43 2004: DEBUG: Access challenged for semik: EAP
>> PEAP Challenge
>> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 140
>> Authentic: <137>&<26>~<202><2><177><206><201>r-W<13>F<162><222>
>> Attributes:
>> EAP-Message = <1><2><0><6><25>!
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 141
>> Authentic:
>> 0<198>(<155><25><251><166><160>`<24><194><7><13><154>z<148>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> +<244><169><175>><148><198>N\<<181><132><154><200><178>d
>> EAP-Message = <2><2><0><6><3><21>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 439
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:43 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 2, 6
>> Thu Aug 5 12:46:43 2004: DEBUG: Response type 3
>> Thu Aug 5 12:46:43 2004: INFO: EAP Nak desires type 21
>> Thu Aug 5 12:46:43 2004: DEBUG: Resuming session for
>> Radius::Context=HASH(0x895bc28)
>>
>> Thu Aug 5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:43 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 141
>> Authentic:
>> 0<198>(<155><25><251><166><160>`<24><194><7><13><154>z<148>
>> Attributes:
>> EAP-Message = <1><3><0><6><21>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 142
>> Authentic: P<194><16>7G<30><203><161><153>zb<180><4><131><229>:
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> f<138><211>s<246><2><7><133>AK<191><166><10><7><158>y
>> EAP-Message =
>> <2><3><0><142><21><128><0><0><0><132><22><3><1><0><127><1><0><0>{<3><1
>> >A<19>}<168>d<19>QV4<135><158><176><234><152><201>C<154>naQ/
>> <255><244><146>"d{U<170><228>$<152>
>> q<205>f<156>C<211>OH3F<193><127>*nx<229><28><155>V<200>C<162>&<152>=<1
>> 71><168><230>;
>> <1><150>^<0>4<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/
>> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0>
>> <17><0><8><0><6><0><3><1><0>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 439
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:43 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 3, 142
>> Thu Aug 5 12:46:43 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:43 2004: DEBUG: EAP TLS SSL_accept result: -1, 2,
>> 8576
>> Thu Aug 5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:43 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 142
>> Authentic: P<194><16>7G<30><203><161><153>zb<180><4><131><229>:
>> Attributes:
>> EAP-Message =
>> <1><4><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<1
>> 8><16><19><198><133><23><181><130><213>z<131><194><163>}h<144><18>w<20
>> 4><198><238>e<12><16><185><218>{<247><151>K9
>> i|]S<14>p<153><30><182><137><215><134>-
>> %<27>'<27><16><226><209><{x<132><21><12><28><219>r<139><197><138><0>5<
>> 0><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<130><3><0<130><
>> 2>$<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><247><13><1><1><4
>> ><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6
>> >CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET
>> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4
>> ><10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
>> EAP-Message =
>> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6>
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><
>> 129><129><0><212><204>S/*/
>> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><22
>> 9><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>-
>> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><1
>> 85><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><12
>> 9><150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l
>> <245><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><1
>> 29><211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175
>> ><165><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192>
>> 0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180>
>> <136>
>> EAP-Message = <132>U5/<170><6><243><215>
>> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/
>> crl/
>> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29
>> ><17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3
>> >U<29>
>> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>*
>> <134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7<
>> 21><15><224><137><210><186><250><155><246><129><10><204><160>F<255><20
>> 1>!
>> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226
>> ><173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<2
>> 54><31><228><198><232><20>~<25>bg<197>0O
>> EAP-Message =
>> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m
>> <160>,NU<197><30>-<164><242><17>V`g
>> <162><237><160>LL<195>/
>> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10><
>> 241><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW?
>> <27><13>Y<25>
>> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L:
>> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7>
>> @<168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133>
>> <239><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><13
>> 3><177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>?
>> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1
>> ><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10>
>> <19><6>CESNET1<18>0<16><6><3>U<4>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 143
>> Authentic:
>> <20>u<250><136><145><131><230>V<219><149>UR<244><209>{<142>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> <2><222><175>}o<167><201>I<139><186><188>c<149><189><213><155>
>> EAP-Message = <2><4><0><6><21><0>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 439
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:43 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:43 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:43 2004: DEBUG: Handling with EAP: code 2, 4, 6
>> Thu Aug 5 12:46:43 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:43 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:43 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:43 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 143
>> Authentic:
>> <20>u<250><136><145><131><230>V<219><149>UR<244><209>{<142>
>> Attributes:
>> EAP-Message = <1><5><3><199><21><0><3><19><9>CESNET
>> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4>
>> <6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4><
>> 3><19><9>CESNET
>> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1>
>> <15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s<
>> 197>
>> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185><
>> 169><191><233>-
>> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><24
>> 0><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221
>> ><5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><2
>> 34><213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<1
>> 61>C
>> EAP-Message =
>> <129><144><152><144><204><219><144><8><15>-
>> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203><
>> 209><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248>
>> <145>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<2
>> 32><130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><15
>> 8>n<187>M<184><215>v<150><216>.<23><251>&W<174>!
>> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><1
>> 30>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6
>> ><3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U
>> 5/<170><6><243><215>
>> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180
>> ><136><132>U5/<170><6><243><215>
>> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><2
>> 55><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
>> EAP-Message =
>> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171
>> ><8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172>
>> <174><130><241><191><168><146><28><238><246><192><150><208><7>/
>> <222><140><3>c/
>> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c
>> <24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224
>> ><184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP
>> <156><12><161><154><0>r<14><155><233><218><242><244><196><206><232><23
>> 3><4>E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215
>> ><139><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><12
>> 9><254>1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23>
>> 7v<1><234><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><1
>> 71>aY<182>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185
>> ><241>0<19>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
>> EAP-Message =
>> <201><138>:
>> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1><
>> 2><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10
>> ><19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET
>> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14>
>> Czech
>> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><1
>> 9><11>Jan
>> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247
>> ><13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:44 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 144
>> Authentic:
>> <22><222><21><238>0<232><248><21><15><188><185>}\u<222><177>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> <252><21><140>o<243>{<151><230><184><150>DmCm<172>o
>> EAP-Message =
>> <2><5><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0><
>> 0><0><22><3><1><0><134><16><0><0><130><0><128>f<137><129><254><131><23
>> 6><18><29><157><231>L<182>K<169><213>6<217>f<3>[~<184>*r[<27><14><203>
>> }<154><190><201>L3<128>O<19><159><249><135>f<211><135><196><174><3>h<1
>> 91><131><227>]<159>p<2>p<128><162><163>}<169><243><210><26><151>+<1>~y
>> <244><188><215><199><224><250><152>,z<192><12>S)<142><26>r)<180><190>.
>> <172><246><213><3><27>&J<201>y<220><253><251>FQ<203><<138>\<5><186>l<1
>> 63>k<142>]<3>X<23>WG<155>{X<191><19><28><18>,<214><250><20><3><1><0><1
>> ><1><22><3><1><0>0<194><194><145>\*<192>i<8><139>Y<182><173><20>]:
>> <0><1>F<163>n<237>i<218>gE<24><242><223><2><243>I<21>=<137>t<239>S0a<1
>> 65><132>_+|<221><241>9<27>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 439
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:44 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:44 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug 5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:44 2004: DEBUG: Handling with EAP: code 2, 5, 220
>> Thu Aug 5 12:46:44 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:44 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
>> Thu Aug 5 12:46:44 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:44 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:44 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 144
>> Authentic:
>> <22><222><21><238>0<232><248><21><15><188><185>}\u<222><177>
>> Attributes:
>> EAP-Message =
>> <1><6><0>E<21><128><0><0><0>;
>> <20><3><1><0><1><1><22><3><1><0>0<243>S<186>u<19>Z<156>}V<189>a<30>5<1
>> 50><182><214><231><191><152><187>g6x<144><187><187><174><252>y<149>v<2
>> 07><172><228>H<218><174><206><186>5<13><251><2><231><204>_8M
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:44 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 145
>> Authentic: <206><163><222>\D<197><139><229>F<12>)c<150>+Z<17>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> <20><212>z3<130><128><155>-b<179><164><10>}<26><3><229>
>> EAP-Message = <2><6><0><192><21><0><23><3><1><0>
>> ,<4>c<179>:
>> <195><163><181><214>r<17><144><136><222><128><232><164>RI<157><168><18
>> ><212><222><160><251><243>b<213><165><224><30><23><3><1><0><144><145><
>> 229>Z<246>8<0><183>*<170><170>}|'<138><154>H<153><25>a<139>#<179>E<247
>> ><13>SE<13><159><218><156><251><190><214><220>j<191>-
>> <221>Rc6@<150><201><213><248><187><149><151>C<29><240><211><162>m<152>
>> <132>P~%e<239><226><11><25>tFU<144><10>e:]<223><233>n<153><188>'E<191>
>> H%<29>0<163><180>Mm<24><164><150><143><252>{<12><204>C4<228><22><244>r
>> <195><9><253>O<240>j<236>)<11><232><182><18>M<174><253>i<5><172><204>{
>> U9<183>s<28>e<194><228>|9<203><133>K<204>f<177><211><27><132><191>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 439
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:44 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:44 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 439
>> Thu Aug 5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:44 2004: DEBUG: Handling with EAP: code 2, 6, 192
>> Thu Aug 5 12:46:44 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:44 2004: DEBUG: EAP TTLS inner authentication
>> request for semik at cesnet.cz
>> Thu Aug 5 12:46:44 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
>> Code: Access-Request
>> Identifier: UNDEF
>> Authentic: 2C<184><220><28><192><27><141><188><190>I<233><177>#8%
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> MS-CHAP-Challenge = N<4>;t<229><140><251><23>@.<236>UJ<133>A8
>> MS-CHAP2-Response =
>> G<0>N<4>;
>> t<229><140><251><23>@.<236>UJ<133>A8<0><0><0><0><0><0><0><0>$<129>U<22
>> 4><184>w<2><158><198>T<19>b<188>KxX<132>Y<20>)<4><223>J<157>
>>
>> Thu Aug 5 12:46:44 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:44 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:44 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154,
>> Thu Aug 5 12:46:44 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:44 2004: INFO: Connecting to localhost, port 389
>> Thu Aug 5 12:46:44 2004: INFO: Attempting to bind to LDAP server
>> localhost:389)
>> Thu Aug 5 12:46:44 2004: DEBUG: LDAP got result for
>> uid=semik,ou=People,dc=cesnet,dc=cz
>> Thu Aug 5 12:46:44 2004: DEBUG: LDAP got radiusPassword: heslo
>> Thu Aug 5 12:46:44 2004: DEBUG: LDAP got roomnumber:
>> Tunnel-Private-Group-ID=1:600
>> Thu Aug 5 12:46:44 2004: DEBUG: Radius::AuthLDAP2 looks for match
>> with semik
>> Thu Aug 5 12:46:44 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad
>> Password
>> Thu Aug 5 12:46:44 2004: INFO: Connecting to localhost, port 389
>> Thu Aug 5 12:46:44 2004: INFO: Attempting to bind to LDAP server
>> localhost:389)
>> Thu Aug 5 12:46:44 2004: DEBUG: No entries for DEFAULT found in LDAP
>> database
>> Thu Aug 5 12:46:44 2004: INFO: Access rejected for semik: Bad
>> Password
>> Thu Aug 5 12:46:44 2004: DEBUG: EAP result: 1, EAP TTLS inner
>> authentication redespatched to a Handler
>> Thu Aug 5 12:46:44 2004: INFO: Access rejected for semik: EAP TTLS
>> inner authentication redespatched to a Handler
>> Thu Aug 5 12:46:44 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Reject
>> Identifier: 145
>> Authentic: <206><163><222>\D<197><139><229>F<12>)c<150>+Z<17>
>> Attributes:
>> EAP-Message = <4><6><0><4>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Reply-Message = "Request Denied"
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 146
>> Authentic: gw<233><219>u<27><209><21><16><143><223>##z<177><210>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> 2h<179><25><255><146>lM<227><139>R<167><11>aq<199>
>> EAP-Message = <2><1><0><20><1>semik at cesnet.cz
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 440
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 1, 20
>> Thu Aug 5 12:46:46 2004: DEBUG: Response type 1
>> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Aug 5 12:46:46 2004: DEBUG: Access challenged for semik: EAP
>> PEAP Challenge
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 146
>> Authentic: gw<233><219>u<27><209><21><16><143><223>##z<177><210>
>> Attributes:
>> EAP-Message = <1><2><0><6><25>!
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 147
>> Authentic: <139><248><0><241><30>UF$<228>V<192><16><22><223><179><2>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> <254><229><14>Bn<221><222><153><165>u\<1><236><4><190><223>
>> EAP-Message = <2><2><0><6><3><21>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 440
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 2, 6
>> Thu Aug 5 12:46:46 2004: DEBUG: Response type 3
>> Thu Aug 5 12:46:46 2004: INFO: EAP Nak desires type 21
>> Thu Aug 5 12:46:46 2004: DEBUG: Resuming session for
>> Radius::Context=HASH(0x891eae4)
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:46 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 147
>> Authentic: <139><248><0><241><30>UF$<228>V<192><16><22><223><179><2>
>> Attributes:
>> EAP-Message = <1><3><0><6><21>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 148
>> Authentic: <162><196><28>En<142><22><229>a<218><188><0>Cz<166><4>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator = D,m<132>j<170><223>)<209>%9<220>L<23><141>d
>> EAP-Message =
>> <2><3><0><142><21><128><0><0><0><132><22><3><1><0><127><1><0><0>{<3><1
>> >A<19>}<170>EOo<218>7<<157><3>!
>> <173>l<198><181><128><162><248><192><187><188><29><219><26><134>T<171>
>> <24>%<227>
>> i|]S<14>p<153><30><182><137><215><134>-
>> %<27>'<27><16><226><209><{x<132><21><12><28><219>r<139><197><138><0>4<
>> 0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/
>> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0>
>> <17><0><8><0><6><0><3><1><0>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 440
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 3, 142
>> Thu Aug 5 12:46:46 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:46 2004: DEBUG: EAP TLS SSL_accept result: -1, 2,
>> 8576
>> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:46 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 148
>> Authentic: <162><196><28>En<142><22><229>a<218><188><0>Cz<166><4>
>> Attributes:
>> EAP-Message =
>> <1><4><3><242><21><192><0><0><7><169><22><3><1><0>J<2><0><0>F<3><1>A<1
>> 8><16><22>s5<250><249>n<229><253><19><170><150><195><220><162><24>z<21
>> 2><141><165><136>9<140><22>'<139><181>C<249><212>
>> <245><188><252><167>U<0>C<237><161>|<3><236><224>:
>> <253>e7<184><196><190><190>h<194><207><25><191><209><246><20>$<18><163
>> ><0>5<0><22><3><1><6><144><11><0><6><140><0><6><137><0><3>@0<130><3><0
>> <130><2>$<160><3><2><1><2><2><2><1>z0<13><6><9>*<134>H<134><247><13><1
>> ><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10>
>> <19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET
>> CA0<30><23><13>040420134623Z<23><13>050420134623Z0>1<15>0<13><6><3>U<4
>> ><10><19><6>CESNET1<15>0<13><6><3>U<4><10><19><6>CES
>> EAP-Message =
>> NET1<26>0<24><6><3>U<4><3><19><17>radius1.cesnet.cz0<129><159>0<13><6>
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><
>> 129><129><0><212><204>S/*/
>> &W<147>#y<25>l<226><202><195><10><12>s<20>(qY<174>~<207><149>x<151><22
>> 9><174><171><245><138><194>z<237>p!i<sh<141>Z-<17><255>#M<195><148>-
>> <25><143><211><213>Nl<14><221>Q<247><7><239><179><228><233><24>V<28><1
>> 85><236><22><197><253>><160><18><4>Z<231><139>B<238><9>h<167>E<182><12
>> 9><150>PZfV1<234>]<225>VJ<23>{8<214><246>oP<132>[<196><237><246><167>l
>> <245><242><179><166>sja<210><234><163><190><247><2><3><1><0><1><163><1
>> 29><211>0<129><208>0<29><6><3>U<29><14><4><22><4><20><161><3><242><175
>> ><165><140><19><190><189>p<177><31><239><229>#<242><246><254><17><192>
>> 0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180>
>> <136>
>> EAP-Message = <132>U5/<170><6><243><215>
>> Z05<6><3>U<29><31><4>.0,0*<160>(<160>&<134>$http://www.cesnet.cz/pki/
>> crl/
>> cca.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><224>0,<6><3>U<29
>> ><17><4>%0#<129><14>jan at tomasek.cz<130><17>radius1.cesnet.cz0<25><6><3
>> >U<29>
>> <4><18>0<16>0<14><6><12>+<6><1><4><1><190>y<1><2><2><1><1>0<13><6><9>*
>> <134>H<134><247><13><1><1><4><5><0><3><130><1><1><0>%<186><176><248>7<
>> 21><15><224><137><210><186><250><155><246><129><10><204><160>F<255><20
>> 1>!
>> <141>K<29>k<174>1j<171>D<194><151><238><236>EL<18>C<233><180><201><226
>> ><173>lT<188><3>P+<234><250><217><2><180><131><157>gbS40<132>N<163>2<2
>> 54><31><228><198><232><20>~<25>bg<197>0O
>> EAP-Message =
>> 3<210><187><10><6>5<154>^r><182><223>L<167><6><183><220><141><14><12>m
>> <160>,NU<197><30>-<164><242><17>V`g
>> <162><237><160>LL<195>/
>> <194><234><26><222>V<198><207><7><212><141>&<230>7<207>'<26><157><10><
>> 241><134><170><158>+s~><180>{<12><235><226><147><134><148><21>AW?
>> <27><13>Y<25>
>> ^<145><181><163><157><146><138><169><188>.H]<230>?C3<163>L:
>> <249><213><250>}<135><129><221>BE<255><175>*M<224><244><151>M<151>4<7>
>> @<168>#XV{<3>y<18>^<17><17><177><234>p<194>w<226>0<143><130><16>`<133>
>> <239><152><194>U'<162><134><128>^<249><153>d<218><140><179><201><8><13
>> 3><177><20><197><134>g<0><174><8><142><28>A<0><3>C0<130><3>?
>> 0<130><2>'<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1
>> ><1><4><5><0>021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10>
>> <19><6>CESNET1<18>0<16><6><3>U<4>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 149
>> Authentic: <222>3a}<166><173><154>T%<255>W<148>A<194><145>/
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> <7>h<137>B<194>\<154>q<20><146>:H<188><127><244><214>
>> EAP-Message = <2><4><0><6><21><0>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 440
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 4, 6
>> Thu Aug 5 12:46:46 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:46 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 149
>> Authentic: <222>3a}<166><173><154>T%<255>W<148>A<194><145>/
>> Attributes:
>> EAP-Message = <1><5><3><199><21><0><3><19><9>CESNET
>> CA0<30><23><13>010628131512Z<23><13>060627131512Z021<11>0<9><6><3>U<4>
>> <6><19><2>CZ1<15>0<13><6><3>U<4><10><19><6>CESNET1<18>0<16><6><3>U<4><
>> 3><19><9>CESNET
>> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1>
>> <15><0>0<130><1><10><2><130><1><1><0><190><247><147>@<171><20>@<136>s<
>> 197>
>> <206><194>c<246><173><240><255><204><174>XZ<186>%<250><28><207>U<185><
>> 169><191><233>-
>> <184><201>h<161>gl<249>Z<150><182><237>8<194>n<138><215><222>u<247><24
>> 0><233><143>z<253><235>[<132>o|<235>q<237><19><185>y<22>WT{&<169>%<221
>> ><5><233>TL<179><187><222>YR<136><0>*C<235><17>x<149><235><173><217><2
>> 34><213><156><149>M<133><211><211><164>Z at z<2><141><194><160><189>utE<1
>> 61>C
>> EAP-Message =
>> <129><144><152><144><204><219><144><8><15>-
>> <150><195>W^<143>*<241><18>s<187>n<154><156>Q<252>$<213><164>r9T<203><
>> 209><28><129>C<162>Tt<156><236>+<237>+<30>f)<175><155>#<199><165><248>
>> <145>%<252><207><20><149><169><14><185><143><130>V^$<227><167><225>V<2
>> 32><130>3<251><194>P<177><138><238><231>Z<134><153><127>K<195><249><15
>> 8>n<187>M<184><215>v<150><216>.<23><251>&W<174>!
>> <191>YK4<12><246>z<238><132><164>Y]<211><167><144><9><168>Z<237><18><1
>> 30>&\<159>3<7><15><17><144>n<223><138>mo<2><3><1><0><1><163>`0^0<29><6
>> ><3>U<29><14><4><22><4><20><248>V<26><217><154>x<149>m<180><136><132>U
>> 5/<170><6><243><215>
>> Z0<31><6><3>U<29>#<4><24>0<22><128><20><248>V<26><217><154>x<149>m<180
>> ><136><132>U5/<170><6><243><215>
>> Z0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<14><6><3>U<29><15><1><1><2
>> 55><4><4><3><2><1><198>0<13><6><9>*<134>H<134><247><13><1><1>
>> EAP-Message =
>> <4><5><0><3><130><1><1><0><144><223><20><136><242><c<30><255><152><171
>> ><8>W<169><247><26>W^(<247><204><146><253>sX{<166><160><202><203><172>
>> <174><130><241><191><168><146><28><238><246><192><150><208><7>/
>> <222><140><3>c/
>> <235><209><13><206><193><214><253><213><183><137><199><249><178><134>c
>> <24><218><25><167><158>oH<168><252>q<21><129><193><195>z<196>8~D4A<224
>> ><184><241><22><163><177>Nm<199><223>S<244><227><215>}<29><139><197>pP
>> <156><12><161><154><0>r<14><155><233><218><242><244><196><206><232><23
>> 3><4>E%<13><139><150>d<10>,<181><216>~<143><219><142><0><243><212><215
>> ><139><8><222><216><187>2Ih<163><176><21><139><198><204>I<250><206><12
>> 9><254>1<200><206><203><144><16>x<203><27><21><226><138><9>(\<210><23>
>> 7v<1><234><30><152>X<193><140>jq9<26><212>bGKp@'<129><18><220>$<219><1
>> 71>aY<182>C`5<216>D<132><136>1<21>b<141><226><3><198>Y<168><165>#o<185
>> ><241>0<19>x<230>j<218><132>.0<168>s<148>;<225><130>P<2>7
>> EAP-Message =
>> <201><138>:
>> <151><201><237><2>f<231><246>X<22><3><1><0><192><13><0><0><184><2><1><
>> 2><0><179><0>4021<11>0<9><6><3>U<4><6><19><2>CZ1<15>0<13><6><3>U<4><10
>> ><19><6>CESNET1<18>0<16><6><3>U<4><3><19><9>CESNET
>> CA<0>{0y1<11>0<9><6><3>U<4><6><19><2>CZ1<23>0<21><6><3>U<4><8><19><14>
>> Czech
>> Republic1<15>0<13><6><3>U<4><7><19><6>Kladno1<20>0<18><6><3>U<4><10><1
>> 9><11>Jan
>> Tomasek1<11>0<9><6><3>U<4><3><19><2>CA1<29>0<27><6><9>*<134>H<134><247
>> ><13><1><9><1><22><14>jan at tomasek.cz<14><0><0><0>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 150
>> Authentic:
>> <255><176><226><25><0><155>P<164><3><220>v<242><176><<208>T
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator =
>> <241>u<197><225><213><211><162><166><17><213>f<215><248><2><11><172>
>> EAP-Message =
>> <2><5><0><220><21><128><0><0><0><210><22><3><1><0><7><11><0><0><3><0><
>> 0><0><22><3><1><0><134><16><0><0><130><0><128><7><16>`<209><133><157>h
>> U<217>3<192><3>L<249><253>&u<165>$bo<178><27><220><255><190>a#<18><166
>> >Px<12><190><243><159><138><172>"9q.Q<10><236><178>m<203>x<213><12>Ft<
>> 19><20>I!
>> a at J<14><150><217>=<28><185><255><127><179><141><140>f<169>|_?
>> <22><139><187><163><173><232><240><224>*I<255><5>d<234><182>s<131><178
>> ><186>ZQ<127><171><5><165>c<188><183><196>I(<134>@<223><196>>r<246><20
>> 7>Va<149><170><226><202><162><25><132><182><31><171><242><20><3><1><0>
>> <1><1><22><3><1><0>0<0><168>7<128><255><162>1A<208><251>c<139><146><24
>> 2>&<128>yz<217><141>,2<162><173><182>EN<247><12><178><8><16><175><237>
>> <154><167><197>s<239><201>t,<176>,u<136>*<134>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 440
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 5, 220
>> Thu Aug 5 12:46:46 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:46 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
>> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Aug 5 12:46:46 2004: DEBUG: Access challenged for semik: EAP
>> TTLS Challenge
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Challenge
>> Identifier: 150
>> Authentic:
>> <255><176><226><25><0><155>P<164><3><220>v<242><176><<208>T
>> Attributes:
>> EAP-Message =
>> <1><6><0>E<21><128><0><0><0>;
>> <20><3><1><0><1><1><22><3><1><0>0<253><<31><239>/
>> <177><27>4<154><236><153><148><20>$<6><3>_l$<203>|!
>> <159><208>8<251><251><232><205>(<137>*<215><171><17><143><215><129>{Q<
>> 147><151><252>T<238>0Y+
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Received from 195.113.205.154 port 21661 ....
>> Code: Access-Request
>> Identifier: 151
>> Authentic: <217>j<177><146>R<208>1<255><8><218><3>[<161>i<224>[
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> Framed-MTU = 1400
>> Called-Station-Id = "000e.383e.0a47"
>> Calling-Station-Id = "0060.b38a.dac1"
>> Message-Authenticator = PT<139>jj<164><9>rP<179>x<159>u8kz
>> EAP-Message = <2><6><0><192><21><0><23><3><1><0>
>> "<152>3<255><232>.<211><184>%<158>h<171><0>T<158><1><2>,<160>wO2<211>F
>> 9/<209>R<234>hia<23><3><1><0><144>|X<214>T9?
>> <183><245>"<162><14><9><159><223><211><180><164><216><216><151><140>'<
>> 12><19><144><19><234><182><162>!
>> <239><173><244>b<6>w<168><144><129><182><160>!<128>S&J0<145>?
>> {<207><144><226>3<246><195><27><230><204>~L1<248>g<139>s<159><10>_<152
>> ><127>\<149><220>.<178><134><245><5><181>q<250>N<2><184><180><8><218><
>> 244><251><207>K<213>b<145><235><207>M<18><12>_<189><150>u<27><164><220
>> ><234><201><9><149><159><1>`<217>1A\<14>{<150><143><228><24>_<31><165>
>> <209><156>!TU<24><226><231>K<202>za<1><210><199>B<207>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 440
>> Service-Type = Framed-User
>> NAS-IP-Address = 195.113.205.154
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154, 440
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with EAP: code 2, 6, 192
>> Thu Aug 5 12:46:46 2004: DEBUG: Response type 21
>> Thu Aug 5 12:46:46 2004: DEBUG: EAP TTLS inner authentication
>> request for semik at cesnet.cz
>> Thu Aug 5 12:46:46 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
>> Code: Access-Request
>> Identifier: UNDEF
>> Authentic:
>> D<166><215><218><144>ZO<221><214>j<254><157><145><160>o<174>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> MS-CHAP-Challenge =
>> <245><143><232>k<158><130><148><247><174>A<28><172><167>9<204>E
>> MS-CHAP2-Response =
>> 9<0><245><143><232>k<158><130><148><247><174>A<28><172><167>9<204>E<0>
>> <0><0><0><0><0><0><0><22><224><216>o<247><201>5<220><247><18><219>j<14
>> 1>Pt:<251><223><219><138><2><28><164><207>
>>
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 195.113.205.154,
>> Thu Aug 5 12:46:46 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:46:46 2004: INFO: Connecting to localhost, port 389
>> Thu Aug 5 12:46:46 2004: INFO: Attempting to bind to LDAP server
>> localhost:389)
>> Thu Aug 5 12:46:46 2004: DEBUG: LDAP got result for
>> uid=semik,ou=People,dc=cesnet,dc=cz
>> Thu Aug 5 12:46:46 2004: DEBUG: LDAP got radiusPassword: heslo
>> Thu Aug 5 12:46:46 2004: DEBUG: LDAP got roomnumber:
>> Tunnel-Private-Group-ID=1:600
>> Thu Aug 5 12:46:46 2004: DEBUG: Radius::AuthLDAP2 looks for match
>> with semik
>> Thu Aug 5 12:46:46 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad
>> Password
>> Thu Aug 5 12:46:46 2004: INFO: Connecting to localhost, port 389
>> Thu Aug 5 12:46:46 2004: INFO: Attempting to bind to LDAP server
>> localhost:389)
>> Thu Aug 5 12:46:46 2004: DEBUG: No entries for DEFAULT found in LDAP
>> database
>> Thu Aug 5 12:46:46 2004: INFO: Access rejected for semik: Bad
>> Password
>> Thu Aug 5 12:46:46 2004: DEBUG: EAP result: 1, EAP TTLS inner
>> authentication redespatched to a Handler
>> Thu Aug 5 12:46:46 2004: INFO: Access rejected for semik: EAP TTLS
>> inner authentication redespatched to a Handler
>> Thu Aug 5 12:46:46 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.205.154 port 21661 ....
>> Code: Access-Reject
>> Identifier: 151
>> Authentic: <217>j<177><146>R<208>1<255><8><218><3>[<161>i<224>[
>> Attributes:
>> EAP-Message = <4><6><0><4>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Reply-Message = "Request Denied"
>>
>> Thu Aug 5 12:47:11 2004: DEBUG: Packet dump:
>> *** Received from 195.113.187.22 port 32980 ....
>> Code: Access-Request
>> Identifier: 77
>> Authentic:
>> <230><156><228>?<18><153>o<225><25>5<21><195><24>L<224><16>
>> Attributes:
>> User-Name = "semik at cesnet.cz"
>> User-Password = "U/<233><h<146>^<158><190>X9<157><2><189>*<187>"
>> NAS-IP-Address = 255.255.255.255
>> NAS-Port = 0
>>
>> Thu Aug 5 12:47:11 2004: DEBUG: Handling request with Handler
>> 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
>> Thu Aug 5 12:47:11 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:47:11 2004: DEBUG: Rewrote user name to semik
>> Thu Aug 5 12:47:11 2004: DEBUG: Deleting session for
>> semik at cesnet.cz, 255.255.255.255, 0
>> Thu Aug 5 12:47:11 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Thu Aug 5 12:47:11 2004: INFO: Connecting to localhost, port 389
>> Thu Aug 5 12:47:11 2004: INFO: Attempting to bind to LDAP server
>> localhost:389)
>> Thu Aug 5 12:47:11 2004: DEBUG: LDAP got result for
>> uid=semik,ou=People,dc=cesnet,dc=cz
>> Thu Aug 5 12:47:11 2004: DEBUG: LDAP got radiusPassword: heslo
>> Thu Aug 5 12:47:11 2004: DEBUG: LDAP got roomnumber:
>> Tunnel-Private-Group-ID=1:600
>> Thu Aug 5 12:47:11 2004: DEBUG: Radius::AuthLDAP2 looks for match
>> with semik
>> Thu Aug 5 12:47:11 2004: DEBUG: Radius::AuthLDAP2 ACCEPT:
>> Thu Aug 5 12:47:11 2004: DEBUG: Access accepted for semik
>> Thu Aug 5 12:47:11 2004: DEBUG: Packet dump:
>> *** Sending to 195.113.187.22 port 32980 ....
>> Code: Access-Accept
>> Identifier: 77
>> Authentic:
>> <230><156><228>?<18><153>o<225><25>5<21><195><24>L<224><16>
>> Attributes:
>> Tunnel-Type = 1:VLAN
>> Tunnel-Medium-Type = 1:Ether_802
>> Tunnel-Private-Group-ID = 1:100
>>
>> Foreground
>> LogStdout
>> Trace 4
>> LogDir /var/log/radiator
>> DbDir /home/semik/iproj/Radiator-Demo-3.9
>>
>> <AuthLog SYSLOG>
>> Identifier authlogger
>> Facility local7
>> LogSuccess 1
>> LogFailure 1
>> SuccessFormat %U:%P:OK
>> FailureFormat %U:%P:FAIL
>> </AuthLog>
>> <Log SYSLOG>
>> Facility local7
>> LogIdent radiator
>> Trace 4
>> </Log>
>>
>> AuthPort 1645,1812
>> AcctPort 1646,1813
>>
>> <Client localhost>
>> Secret mysecret
>> DupInterval 0
>> </Client>
>>
>> <Client DEFAULT>
>> Secret xxx
>> </Client>
>>
>> # -- Definition of local authentication
>> ---------------------------------------
>> <AuthBy LDAP2>
>> Identifier CheckLDAP
>>
>> # Strip realm
>> RewriteUsername s/^(.*?)\@.*$/$1/
>> # Convert user name to lowercase
>> RewriteUsername tr/A-Z/a-z/
>>
>> Host localhost
>>
>> AuthDN uid=rad1,ou=Special Users,dc=cesnet,dc=cz
>> AuthPassword xxx
>>
>> BaseDN dc=cesnet,dc=cz
>> UsernameAttr uid
>> PasswordAttr radiusPassword
>>
>> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge,LEAP
>>
>> EAPTLS_CAFile /etc/ssl/certs/trusted-CA-list.crt
>> EAPTLS_CertificateFile /etc/ssl/certs/
>> radius_radius1.eduroam.cz.crt.pem
>> EAPTLS_CertificateType PEM
>> EAPTLS_PrivateKeyFile /etc/ssl/private/
>> radius_radius1.eduroam.cz.key.pem
>> #EAPTLS_PrivateKeyPassword whatever
>>
>> EAPTLS_MaxFragmentSize 1000
>>
>> EAPTLS_CRLCheck
>> EAPTLS_CRLFile /etc/ssl/ed99a497.r0
>>
>> EAPTLSRewriteCertificateCommonName s/Jan Tomasek/semik/
>> EAPTLSRewriteCertificateCommonName s/Jan Ruzicka/janru/
>>
>> AutoMPPEKeys
>>
>> SSLeayTrace 0
>>
>> AllowInReply
>> AuthAttrDef roomnumber
>> AddToReply Tunnel-Type=1:VLAN,\
>> Tunnel-Medium-Type=1:Ether_802,\
>> Tunnel-Private-Group-ID=1:100
>> </AuthBy>
>>
>> # -- Local realms
>> -------------------------------------------------------------
>> <Client saint.cesnet.cz>
>> Secret xxx
>> </Client>
>>
>> <Client radius1.eduroam.cz>
>> Secret xxx
>> </Client>
>>
>> <Client ldap3.cesnet.cz> # radius2.eduroam.cz
>> Secret xxx
>> </Client>
>>
>> <Handler Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/>
>> # Strip realm
>> RewriteUsername s/^(.*?)\@.*$/$1/
>> # Convert user name to lowercase
>> RewriteUsername tr/A-Z/a-z/
>>
>> AuthBy CheckLDAP
>> AuthLog authlogger
>> </Realm>
>>
>> <Handler TunnelledByTTLS=1>
>> AuthBy CheckLDAP
>> AuthLog authlogger
>> </Handler>
>>
>> <Handler TunnelledByPEAP=1>
>> AuthBy CheckLDAP
>> AuthLog authlogger
>> </Handler>
>> #
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> ^^^^^^^
>>
>> # -- NULL realmy nas nezajimaji takze taky zahazujeme
>> -------------------------
>> <Handler Realm=/^$/>
>> <AuthBy FILE>
>> Filename /dev/null
>> </AuthBy>
>> </Handler>
>> #
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> ^^^^^^^
>>
>> # -- A vechno co neni nase posilame na narodni radiusy
>> ------------------------
>> <Handler>
>> <AuthBy RADIUS>
>> <Host radius1.eduroam.cz>
>> AuthPort 1812
>> AcctPort 1813
>> Secret xxx
>> </Host>
>> <Host radius2.eduroam.cz>
>> AuthPort 1812
>> AcctPort 1813
>> Secret xxx
>> </Host>
>> </AuthBy>
>>
>> AllowInReply
>> AddToReply Tunnel-Type=1:VLAN,\
>> Tunnel-Medium-Type=1:Ether_802,\
>> Tunnel-Private-Group-ID=1:100
>> </Handler>
>> #
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> ^^^^^^^
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list