Fwd: (RADIATOR) Help me with 802.1x on AlliedTelesyn switch please

Mike McCauley mikem at open.com.au
Mon Feb 2 17:49:46 CST 2004


Hello Pavel,

On Tue, 3 Feb 2004 12:22 am, Pavel Paprok wrote:
> yes, firmware is recent - AT-S39 v3.2.0 firmware update.
> as wrotten in software release notes there is 802.1x support
> since fw 3.1.0. (3.1.1 and 3.2.0 has no new features), there stay:
>
> "Two types of RADIUS servers have been verified as fully
> compatible with this feature: Funk Software Steel-Belted Radius
> and Free Radius. Two types of 802.1x clients have been
> verified to be fully-compatible: Microsoft WinXP client
> and Meeting House Aegis client."
>
> all info on product page:
> http://www.alliedtelesyn.com/allied/support/viewproductsupport.asp?id=637&t
>ype=&dosearch=1&sub=0&product=AT%2D8012M&back=true&country=2&lang=en
>
> i really need to get it work with radiator

The logs show that the switch is not sending the first part of the server 
certificate back to the client. This is incorrect.

The only conclusions I can make are:

1. The switch firmware version you are running is broken. You may need to 
downgrade to the version they claim works correctly.

2. There is a configuration problem in the switch.

I dont think there is anything else we can do to help at this stage.

Does anyone else have experience with the AT-S39 switch?



>
> pavel
>
> Mike McCauley wrote:
> >Hello Pabel,
> >
> >thanks for sending more complete logs.
> >
> >>From close examination of the log, I can see that Radiator sends the
> >> first
> >
> >part of the server certificate back to the client, but then, instead of
> >sending an acknowledgement, the client again sends another EAP identity.
> > This is incorrect behaviour.
> >
> >I seriously suspect that there is a problem with the AT-8012M firmware.
> > Can you confirm the correct firmware version with Allied?
> >
> >Cheers.
> >
> >On Mon, 2 Feb 2004 06:31 pm, Hugh Irvine wrote:
> >>Begin forwarded message:
> >>>From: Pavel Paprok <ppaprok at applet.cz>
> >>>Date: 31 January 2004 08:18:06 GMT+11:00
> >>>To: Mike McCauley <mikem at open.com.au>
> >>>Cc: radiator at open.com.au
> >>>Subject: Re: (RADIATOR) Help me with 802.1x on AlliedTelesyn switch
> >>>please
> >>>
> >>>Mike McCauley wrote:
> >>>>Hello Pavel,
> >>>>
> >>>>I cant tell exactly what the problem is at this stage. It would help
> >>>>if you sent more of the Radiator log file, since the part you sent
> >>>>only covers the beginning of the authentication process.
> >>>
> >>>hallo,
> >>>in this message i replaced old logs by new created logs - a bit
> >>>longer....
> >>>my config was still exactly same except MaxFragmentSize reduced to 800
> >>>but with no effect.
> >>>
> >>>also i add log from successfull 802.1x connection to other switch -
> >>>HPProCurve
> >>>- for compare - from exactly same radiator server and xsupplicant
> >>>station, HP switch
> >>>only on different ip. these logs are on end of this message if you
> >>>want to see...
> >>>
> >>>>Since your Radiator works with other APs and the same clients, and
> >>>>since this AP is supposed to work with FreeRadius, you might consider
> >>>>reducing the size of EAPTLS_MaxFragmentSize to less than 1024, try
> >>>>say 1000 or 800?
> >>>
> >>>of course, i try all possible values of this parameter from 512 to 4k
> >>>but no advance...
> >>>
> >>>bye,
> >>>pavel
> >>>
> >>>>Cheers.
> >>>>
> >>>>On Fri, 30 Jan 2004 04:38 am, Pavel Paprok wrote:
> >>>>>Hallo,
> >>>>>
> >>>>>I just trying to authorise ethernet ports on manageable switch
> >>>>>Allied Telesyn AT-8012M (latest software AT-S39, v3.2.0)
> >>>>>with enabled 802.1x by EAP/PEAP/MSCHAPv2.
> >>>>>radius is Radiator v3.8 one server licensed, system is RedHat9.
> >>>>>supplicant is latest xsupplicant (v0.8b) but with native
> >>>>>WinXP clients auth do not work too.
> >>>>>certificates are from test suite of radiator.
> >>>>>
> >>>>>there should be no general error in my radiator configuration because
> >>>>>exactly same 802.1x eap configuration with ports of other ethernet
> >>>>>switches we use, wired (HP Procurve 2412,...) or wireless AP
> >>>>>(DLink,..)
> >>>>>works good (with same xsupplicants and WinXP 802.1x system clients).
> >>>>>
> >>>>>very basic radius configuration on Allied should be also ok because
> >>>>>when authorising of serial console account (manage prompt) from the
> >>>>>radius
> >>>>>it works properly, but not on its ethernet ports thru 802.1x
> >>>>>eap/peapmschapv2.
> >>>>>(auth of its serial console from config below removed for simplicity)
> >>>>>
> >>>>>in manual of AlliedTelesyn switch wrotten that its 802.1x was tested
> >>>>>with
> >>>>>WinXP clients and FreeRadius radius server - but Radiator should
> >>>>>be in 802.1x better, are so?
> >>>>>
> >>>>>Please help, what should I try next to get it run?
> >>>>>
> >>>>>thanks,
> >>>>>Pavel
> >>>>>
> >>>>>--------------------------------------------------------------
> >>>>>here is log from x supplicant:
> >>>
> >>>[root at pp2 root]# xsupplicant -i eth1 -d 5
> >>>Calling do_eapol, with device eth1
> >>>Setup on device eth1 complete
> >>>(EAPMD5) Initalized
> >>>(EAPMS-CHAP) Initalized
> >>>Done with init.
> >>>Sending EAPOL-Start #1
> >>>## eap_decode_packet ##: Got an EAP request
> >>>## eap_decode_packet ##: Type is Identity
> >>>Connection Established, authenticating...
> >>>ACQUIRED
> >>>## eap_decode_packet ##: Got an EAP failure
> >>>Failed to Authenticate
> >>>CONNECTING
> >>>## eap_decode_packet ##: Got an EAP request
> >>>## eap_decode_packet ##: Type is Identity
> >>>Connection Established, authenticating...
> >>>ACQUIRED
> >>>## eap_decode_packet ##: Got an EAP request
> >>>## eap_decode_packet ##: Type is Identity
> >>>Connection Established, authenticating...
> >>>## eap_decode_packet ##: Got an EAP request
> >>>### Type is 25, length: 6
> >>>Loading certificate /etc/1x/certs/CAroot.pem . . .
> >>>(TLS)Loaded root certificate /etc/1x/certs/CAroot.pem and dirctory
> >>>(null)
> >>>    --- SSL : before/connect initialization
> >>>    --- SSL : before/connect initialization
> >>>    --- SSL : SSLv3 write client hello A
> >>>    --- SSL : SSLv3 read server hello A
> >>>Destination : 1:80:c2:0:0:3
> >>>AUTHENTICATING
> >>>
> >>>
> >>>...here it stay  ~ 20 .. 30 sec
> >>>
> >>>
> >>>## eap_decode_packet ##: Got an EAP request
> >>>## eap_decode_packet ##: Type is Identity
> >>>Connection Established, authenticating...
> >>>ACQUIRED
> >>>
> >>>
> >>>... here it stay again ~ 20 sec
> >>>
> >>>
> >>>## eap_decode_packet ##: Got an EAP failure
> >>>Failed to Authenticate
> >>>CONNECTING
> >>>## eap_decode_packet ##: Got an EAP request
> >>>## eap_decode_packet ##: Type is Identity
> >>>Connection Established, authenticating...
> >>>ACQUIRED
> >>>## eap_decode_packet ##: Got an EAP failure
> >>>Failed to Authenticate
> >>>CONNECTING
> >>>## eap_decode_packet ##: Got an EAP request
> >>>## eap_decode_packet ##: Type is Identity
> >>>Connection Established, authenticating...
> >>>ACQUIRED
> >>>## eap_decode_packet ##: Got an EAP request
> >>>## eap_decode_packet ##: Type is Identity
> >>>Connection Established, authenticating...
> >>>## eap_decode_packet ##: Got an EAP request
> >>>## eap_decode_packet ##: Type is Identity
> >>>Connection Established, authenticating...
> >>>## eap_decode_packet ##: Got an EAP failure
> >>>Failed to Authenticate
> >>>CONNECTING
> >>>## eap_decode_packet ##: Got an EAP request
> >>>## eap_decode_packet ##: Type is Identity
> >>>Connection Established, authenticating...
> >>>ACQUIRED
> >>>## eap_decode_packet ##: Got an EAP request
> >>>## eap_decode_packet ##: Type is Identity
> >>>Connection Established, authenticating...
> >>>## eap_decode_packet ##: Got an EAP request
> >>>### Type is 25, length: 6
> >>>    --- SSL : SSLv3 read server hello A
> >>>Destination : 1:80:c2:0:0:3
> >>>AUTHENTICATING
> >>>(EAPMD5) Cleaning up.
> >>>(EAPMS-CHAP) Cleaning up.
> >>>[root at pp2 root]#
> >>>
> >>>... end was because i stopped xsupplicant
> >>>
> >>>
> >>>LOG FROM RADIATOR:
> >>>
> >>>
> >>>Fri Jan 30 21:10:23 2004: DEBUG: Reading users file
> >>>/etc/radiator/outerEAPusers
> >>>Fri Jan 30 21:10:23 2004: DEBUG: Finished reading configuration file
> >>>'/etc/radiator/radius.cfg'
> >>>Fri Jan 30 21:10:23 2004: DEBUG: Reading dictionary file
> >>>'/etc/radiator/dictionary'
> >>>Fri Jan 30 21:10:23 2004: DEBUG: Creating authentication port
> >>>0.0.0.0:1812
> >>>Fri Jan 30 21:10:23 2004: DEBUG: Creating accounting port 0.0.0.0:1813
> >>>Fri Jan 30 21:10:23 2004: NOTICE: Server started: Radiator 3.8 on
> >>>data.applet.cz
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
> >>>*** Received from a.b.c.d port 516 ....
> >>>Code:       Access-Request
> >>>Identifier: 49
> >>>Authentic:  <136><150><30>Q<236><19><188>m<146><31><142>Jg<160><209>7
> >>>Attributes:
> >>>       User-Name = "wifi"
> >>>       NAS-IP-Address = a.b.c.d
> >>>       NAS-Port = 3
> >>>       Called-Station-Id = "00:0C:46:22:71:20"
> >>>       Calling-Station-Id = "00:30:4F:20:F1:54"
> >>>       Framed-MTU = 1400
> >>>       NAS-Port-Type = Ethernet
> >>>       Connect-Info = "100Mbps"
> >>>       EAP-Message = <2><164><0><9><1>wifi
> >>>       Message-Authenticator =
> >>><199><156>a<169>2y'<242><187><201>@*'<187><10>r
> >>>
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:10:28 2004: DEBUG:  Deleting session for wifi, a.b.c.d, 3
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Handling with EAP: code 2, 164, 9
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Response type 1
> >>>Fri Jan 30 21:10:28 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>Challenge
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
> >>>*** Sending to a.b.c.d port 516 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 49
> >>>Authentic:  <136><150><30>Q<236><19><188>m<146><31><142>Jg<160><209>7
> >>>Attributes:
> >>>       EAP-Message = <1><165><0><6><25>!
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>
> >>>
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
> >>>*** Received from a.b.c.d port 516 ....
> >>>Code:       Access-Request
> >>>Identifier: 51
> >>>Authentic:  X<28><138><228><24><18>jG<157><193><233><241><204><198>g7
> >>>Attributes:
> >>>       User-Name = "wifi"
> >>>       NAS-IP-Address = a.b.c.d
> >>>       NAS-Port = 3
> >>>       Called-Station-Id = "00:0C:46:22:71:20"
> >>>       Calling-Station-Id = "00:30:4F:20:F1:54"
> >>>       Framed-MTU = 1400
> >>>       NAS-Port-Type = Ethernet
> >>>       Connect-Info = "100Mbps"
> >>>       EAP-Message =
> >>><2><165><0>n<25><129><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>@<26><186>
> >>>8F<6><177><135><208><190><148><254><[<248>j<10><17><201><139><8><189><1
> >>>61><227><22><145>u8<133>)<163><175><0><0>4<0>9<0>8<0>5<0><22><0><19><0>
> >>><10><0>3<0>2<0>/
> >>><0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><
> >>>17><0><8><0><6><0><3><1><0>
> >>>       Message-Authenticator =
> >>>^<132><22><142>M<235>j<152><24><234><153><184>z<17><19><210>
> >>>
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:10:28 2004: DEBUG:  Deleting session for wifi, a.b.c.d, 3
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Handling with EAP: code 2, 165, 110
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:10:28 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> >>>Fri Jan 30 21:10:28 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>Challenge
> >>>Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
> >>>*** Sending to a.b.c.d port 516 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 51
> >>>Authentic:  X<28><138><228><24><18>jG<157><193><233><241><204><198>g7
> >>>Attributes:
> >>>       EAP-Message =
> >>><1><166><3>*<25><193><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@<26><186>
> >>>4h|<243>I<135><247><152><140><127>\C\<207><201><240><247><128>N<205><18
> >>>6><136>t<204><214><204>pcX
> >>><211>{i<254><0><146>GEIt<197>s<134><164>WE3I<229>E<128><231><15>f]J<28>
> >>><161><196><222><193>Y<0>5<0><22><3><1><7><27><11><0><7><23><0><7><20><0
> >>>
> >>>><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*
> >>>
> >>><134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19
> >>>
> >>>><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19>
> >>>
> >>><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> >>>Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
> >>>       EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
> >>>in production)1
> >>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30>
> >>><23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6><19><
> >>>2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9
> >>>
> >>>>Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test
> >>>
> >>>Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>
> >>>0<13><6><9>*<134>H<134><247><13><1><1>
> >>>       EAP-Message =
> >>><1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><24
> >>>5><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9<193>
> >>><13><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS<151>
> >>><30><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171>5s<1
> >>>87><229><139>2<250><146><1><187><207><226><203>5<251><178><1><212><178>
> >>><141><219>O<253><134><213>N|<172>:
> >>>J<23><173><161><191><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215>
> >>><186>x<141><197><212>s<145><235>\<164><8>!
> >>><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1>
> >>><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><
> >>>129><0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<24><13
> >>>6><172><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><183><
> >>>230><148><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><4>r<2
> >>>39>?<1><16><203>
> >>>       EAP-Message =
> >>>T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202
> >>>
> >>>>u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t
> >>>
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
> >>>*** Received from a.b.c.d port 516 ....
> >>>Code:       Access-Request
> >>>Identifier: 55
> >>>Authentic:
> >>><151><136><183><6><213>N<227><8><165><160><196>%<248><156><166><11>
> >>>Attributes:
> >>>       User-Name = "wifi"
> >>>       NAS-IP-Address = a.b.c.d
> >>>       NAS-Port = 3
> >>>       Called-Station-Id = "00:0C:46:22:71:20"
> >>>       Calling-Station-Id = "00:30:4F:20:F1:54"
> >>>       Framed-MTU = 1400
> >>>       NAS-Port-Type = Ethernet
> >>>       Connect-Info = "100Mbps"
> >>>       EAP-Message = <2><169><0><9><1>wifi
> >>>       Message-Authenticator = r<214>vt<240>y%<150>K^=-<241><191><<212>
> >>>
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:11:29 2004: DEBUG:  Deleting session for wifi, a.b.c.d, 3
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with EAP: code 2, 169, 9
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Response type 1
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Resuming session for
> >>>Radius::Context=HASH(0x857b140)
> >>>
> >>>Fri Jan 30 21:11:29 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>Challenge
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
> >>>*** Sending to a.b.c.d port 516 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 55
> >>>Authentic:
> >>><151><136><183><6><213>N<227><8><165><160><196>%<248><156><166><11>
> >>>Attributes:
> >>>       EAP-Message = <1><170><0><6><25>!
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
> >>>*** Received from a.b.c.d port 516 ....
> >>>Code:       Access-Request
> >>>Identifier: 57
> >>>Authentic:  <6>x<9><127>$k<228>3P<<230><219>JH<183>v
> >>>Attributes:
> >>>       User-Name = "wifi"
> >>>       NAS-IP-Address = a.b.c.d
> >>>       NAS-Port = 3
> >>>       Called-Station-Id = "00:0C:46:22:71:20"
> >>>       Calling-Station-Id = "00:30:4F:20:F1:54"
> >>>       Framed-MTU = 1400
> >>>       NAS-Port-Type = Ethernet
> >>>       Connect-Info = "100Mbps"
> >>>       EAP-Message = <2><170><0><6><25><1>
> >>>       Message-Authenticator =
> >>>u<242>THJ<214><131>,<17><195>$<9>c<19>*<174>
> >>>
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:11:29 2004: DEBUG:  Deleting session for wifi, a.b.c.d, 3
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with EAP: code 2, 170, 6
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:11:29 2004: DEBUG: EAP result: 2, EAP PEAP Nothing to
> >>>read or write
> >>>Fri Jan 30 21:11:57 2004: NOTICE: SIGTERM received: stopping
> >>>       EAP-Message = <1><170><0><6><25>!
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
> >>>*** Received from a.b.c.d port 516 ....
> >>>Code:       Access-Request
> >>>Identifier: 57
> >>>Authentic:  <6>x<9><127>$k<228>3P<<230><219>JH<183>v
> >>>Attributes:
> >>>       User-Name = "wifi"
> >>>       NAS-IP-Address = a.b.c.d
> >>>       NAS-Port = 3
> >>>       Called-Station-Id = "00:0C:46:22:71:20"
> >>>       Calling-Station-Id = "00:30:4F:20:F1:54"
> >>>       Framed-MTU = 1400
> >>>       NAS-Port-Type = Ethernet
> >>>       Connect-Info = "100Mbps"
> >>>       EAP-Message = <2><170><0><6><25><1>
> >>>       Message-Authenticator =
> >>>u<242>THJ<214><131>,<17><195>$<9>c<19>*<174>
> >>>
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:11:29 2004: DEBUG:  Deleting session for wifi, a.b.c.d, 3
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with EAP: code 2, 170, 6
> >>>Fri Jan 30 21:11:29 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:11:29 2004: DEBUG: EAP result: 2, EAP PEAP Nothing to
> >>>read or write
> >>>Fri Jan 30 21:11:57 2004: NOTICE: SIGTERM received: stopping
> >>>
> >>>>>---------------------------------------------------------------------
> >>>>>------
> >>>>>---------------------------------- fragment of radiator config:
> >>>>>
> >>>>><Client a.b.c.d>
> >>>>>       Secret xxxxxx
> >>>>>       Identifier      8021xAllied
> >>>>></Client>
> >>>>><Handler Request-Type = Accounting-Request>
> >>>>> <AuthBy SQL>
> >>>>>       DBSource        dbi:mysql:radiator
> >>>>>       DBUsername      radiator
> >>>>>       DBAuth          xxxxx
> >>>>>       # Just accounting, no auth
> >>>>>       IgnoreAuthentication
> >>>>>       AuthSelect
> >>>>>       AccountingTable inetaccounting
> >>>>>       AcctColumnDef   username,User-Name
> >>>>>       AcctColumnDef   time_stamp,Timestamp,integer
> >>>>>       AcctColumnDef   acctstatustype,Acct-Status-Type
> >>>>>       AcctColumnDef   acctinputoctets,Acct-Input-Octets,integer
> >>>>>       AcctColumnDef   acctoutputoctets,Acct-Output-Octets,integer
> >>>>>       AcctColumnDef   acctsessiontime,Acct-Session-Time,integer
> >>>>>       AcctColumnDef   acctterminatecause,Acct-Terminate-Cause
> >>>>>       AcctColumnDef   nasidentifier,NAS-Identifier
> >>>>>        AcctColumnDef   framedipaddress,Framed-IP-Address
> >>>>>   </AuthBy>
> >>>>></Handler>
> >>>>><Handler TunnelledByPEAP=1>
> >>>>>   <AuthBy SQL>
> >>>>>       DBSource        dbi:mysql:radiator
> >>>>>       DBUsername      radiator
> >>>>>       DBAuth          xxxxx
> >>>>>       AuthSelect select password from inetusers where \
> >>>>>            username = %0 and locked = 0
> >>>>>       EAPType MSCHAP-V2
> >>>>>  </AuthBy>
> >>>>></Handler>
> >>>>><Handler>
> >>>>>  <AuthBy FILE>
> >>>>>       # outer auth file, only anonymous inside
> >>>>>       Filename /etc/radiator/outerEAPusers
> >>>>>       EAPType PEAP
> >>>>>       EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> >>>>>       EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> >>>>>       EAPTLS_CertificateType PEM
> >>>>>       EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> >>>>>       EAPTLS_PrivateKeyPassword whatever
> >>>>>       EAPTLS_MaxFragmentSize 1024
> >>>>>       SSLeayTrace 4    # 1=ciphers, 2=trace, 3=dump data
> >>>>>    </AuthBy>   # auth by file
> >>>>></Handler>
> >>>>>
> >>>>>
> >>>>>===
> >>>>>Archive at http://www.open.com.au/archives/radiator/
> >>>>>Announcements on radiator-announce at open.com.au
> >>>>>To unsubscribe, email 'majordomo at open.com.au' with
> >>>>>'unsubscribe radiator' in the body of the message.
> >>>
> >>>-----------------------------------------------------------------------
> >>>----------------------------------
> >>>
> >>>XSUPPLICANT LOG FROM SUCCESSFULL AUTH WITH HP:
> >>>
> >>>[root at pp2 root]# xsupplicant -i eth1 -d 5
> >>>Calling do_eapol, with device eth1
> >>>Setup on device eth1 complete
> >>>(EAPMD5) Initalized
> >>>(EAPMS-CHAP) Initalized
> >>>Done with init.
> >>>Sending EAPOL-Start #1
> >>>## eap_decode_packet ##: Got an EAP request
> >>>## eap_decode_packet ##: Type is Identity
> >>>Connection Established, authenticating...
> >>>ACQUIRED
> >>>## eap_decode_packet ##: Got an EAP request
> >>>### Type is 25, length: 6
> >>>Loading certificate /etc/1x/certs/CAroot.pem . . .
> >>>(TLS)Loaded root certificate /etc/1x/certs/CAroot.pem and dirctory
> >>>(null)
> >>>    --- SSL : before/connect initialization
> >>>    --- SSL : before/connect initialization
> >>>    --- SSL : SSLv3 write client hello A
> >>>    --- SSL : SSLv3 read server hello A
> >>>Destination : 1:80:c2:0:0:3
> >>>AUTHENTICATING
> >>>## eap_decode_packet ##: Got an EAP request
> >>>### Type is 25, length: 810
> >>>(EAPTTLS) Saved packet fragment.
> >>>Destination : 1:80:c2:0:0:3
> >>>## eap_decode_packet ##: Got an EAP request
> >>>### Type is 25, length: 806
> >>>(EAPTTLS) Saved packet fragment.
> >>>Destination : 1:80:c2:0:0:3
> >>>## eap_decode_packet ##: Got an EAP request
> >>>### Type is 25, length: 534
> >>>(TTLS) Saved final data fragment!
> >>>16 3 1 0 4a 2 0 0 46 3 1 40 1a bc 11 b6
> >>>    --- SSL : SSLv3 read server hello A
> >>>    --- SSL : SSLv3 read server certificate A
> >>>    --- SSL : SSLv3 read server certificate request A
> >>>    --- SSL : SSLv3 read server done A
> >>>    --- SSL : SSLv3 write client certificate A
> >>>    --- SSL : SSLv3 write client key exchange A
> >>>    --- SSL : SSLv3 write change cipher spec A
> >>>    --- SSL : SSLv3 write finished A
> >>>    --- SSL : SSLv3 flush data
> >>>    --- SSL : SSLv3 read finished A
> >>>
> >>>Destination : 1:80:c2:0:0:3
> >>>## eap_decode_packet ##: Got an EAP request
> >>>### Type is 25, length: 69
> >>>(EAPTTLS) Saved packet fragment.
> >>>14 3 1 0 1 1 16 3 1 0 30 cb 44 49 2a cb
> >>>    --- SSL : SSLv3 read finished A
> >>>    --- SSL : SSL negotiation finished successfully
> >>>    --- SSL : SSL negotiation finished successfully
> >>>Destination : 1:80:c2:0:0:3
> >>>## eap_decode_packet ##: Got an EAP request
> >>>### Type is 25, length: 80
> >>>Destination : 1:80:c2:0:0:3
> >>>## eap_decode_packet ##: Got an EAP request
> >>>### Type is 25, length: 112
> >>>(EAPMS-CHAP) ID : 09
> >>>Username = wifi   --   Password = hifi
> >>>Destination : 1:80:c2:0:0:3
> >>>## eap_decode_packet ##: Got an EAP request
> >>>### Type is 25, length: 144
> >>>(EAPMS-CHAP) ID : 0a
> >>>Username = wifi   --   Password = hifi
> >>>Destination : 1:80:c2:0:0:3
> >>>## eap_decode_packet ##: Got an EAP request
> >>>### Type is 25, length: 80
> >>>Destination : 1:80:c2:0:0:3
> >>>## eap_decode_packet ##: Got an EAP success
> >>>Authentication Succeeded
> >>>AUTHENTICATED
> >>>Bingo!
> >>>LOGOFF
> >>>(EAPMD5) Cleaning up.
> >>>(EAPMS-CHAP) Cleaning up.
> >>>[root at pp2 root]#
> >>>
> >>>... all process is ok and take 2 - 3 sec
> >>>
> >>>
> >>>
> >>>RADIATOR LOG FROM SUCCESSFULL AUTH WITH HP:
> >>>
> >>>
> >>>Fri Jan 30 21:18:21 2004: DEBUG: Reading users file
> >>>/etc/radiator/outerEAPusers
> >>>Fri Jan 30 21:18:21 2004: DEBUG: Finished reading configuration file
> >>>'/etc/radiator/radius.cfg'
> >>>Fri Jan 30 21:18:21 2004: DEBUG: Reading dictionary file
> >>>'/etc/radiator/dictionary'
> >>>Fri Jan 30 21:18:21 2004: DEBUG: Creating authentication port
> >>>0.0.0.0:1812
> >>>Fri Jan 30 21:18:21 2004: DEBUG: Creating accounting port 0.0.0.0:1813
> >>>Fri Jan 30 21:18:21 2004: NOTICE: Server started: Radiator 3.8 on
> >>>data.applet.cz
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
> >>>*** Received from e.f.g.h port 1027 ....
> >>>Code:       Access-Request
> >>>Identifier: 42
> >>>Authentic:  vw<228>M<2><19>PINo|<5>Z<139>h<129>
> >>>Attributes:
> >>>       Framed-MTU = 1480
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "APPLET FM2 pater"
> >>>       User-Name = "wifi"
> >>>       Service-Type = Framed-User
> >>>       Framed-Protocol = PPP
> >>>       NAS-Port = 13
> >>>       NAS-Port-Type = Ethernet
> >>>       NAS-Port-Id = "13"
> >>>       Called-Station-Id = "00-08-83-95-fb-ed"
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >>>       Tunnel-Type = 0:VLAN
> >>>       Tunnel-Medium-Type = 0:802
> >>>       Tunnel-Private-Group-ID = 5
> >>>       EAP-Message = <2><2><0><9><1>wifi
> >>>       Message-Authenticator = <3>C/<3><150>{<164>5m(<148>a<147>h<135>;
> >>>
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:18:25 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
> >>>13
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with EAP: code 2, 2, 9
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Response type 1
> >>>Fri Jan 30 21:18:25 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>Challenge
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
> >>>*** Sending to e.f.g.h port 1027 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 42
> >>>Authentic:  vw<228>M<2><19>PINo|<5>Z<139>h<129>
> >>>Attributes:
> >>>       EAP-Message = <1><3><0><6><25>!
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
> >>>*** Received from e.f.g.h port 1027 ....
> >>>Code:       Access-Request
> >>>Identifier: 43
> >>>Authentic:  &g<20><189><178><3><128><185><254>_<172>u<10>{<152><241>
> >>>Attributes:
> >>>       Framed-MTU = 1480
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXX"
> >>>       User-Name = "wifi"
> >>>       Service-Type = Framed-User
> >>>       Framed-Protocol = PPP
> >>>       NAS-Port = 13
> >>>       NAS-Port-Type = Ethernet
> >>>       NAS-Port-Id = "13"
> >>>       Called-Station-Id = "00-08-83-95-fb-ed"
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >>>       Tunnel-Type = 0:VLAN
> >>>       Tunnel-Medium-Type = 0:802
> >>>       Tunnel-Private-Group-ID = 5
> >>>       EAP-Message =
> >>><2><3><0>n<25><129><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>@<26><188><2
> >>>1><142><186>*<193>1<229><242><134><233><141><246>8<163><137><191><225><
> >>>196>4<4>"<28>=<142><166><178><210><221>a<0><0>4<0>9<0>8<0>5<0><22><0><1
> >>>9><0><10><0>3<0>2<0>/
> >>><0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><
> >>>17><0><8><0><6><0><3><1><0>
> >>>       Message-Authenticator = <4>w<244><30>
> >>>$<141>l<8><11><28><237>x"<248><197>
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:18:25 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
> >>>13
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with EAP: code 2, 3, 110
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:18:25 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> >>>Fri Jan 30 21:18:25 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>Challenge
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
> >>>*** Sending to e.f.g.h port 1027 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 43
> >>>Authentic:  &g<20><189><178><3><128><185><254>_<172>u<10>{<152><241>
> >>>Attributes:
> >>>       EAP-Message =
> >>><1><4><3>*<25><193><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@<26><188><1
> >>>7><182><162><0><144><231><19><135><30>p<21><243>dl<233>)"W<234>*q<255>:
> >>>mj<213><176>T<3>
> >>>@N<157><133>h<222><22><1>SSS<212><216>g<243>-
> >>>G,<30><137>E<179>SH~`<178><144><199>Sp/
> >>><0>5<0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<130><2><20
> >>>5>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><
> >>>1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3
> >>>
> >>>>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28
> >>>><6><3>U<4><10><19><21>OSC Demo
> >>>
> >>>Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
> >>>       EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
> >>>in production)1
> >>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30>
> >>><23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6><19><
> >>>2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9
> >>>
> >>>>Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test
> >>>
> >>>Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>
> >>>0<13><6><9>*<134>H<134><247><13><1><1>
> >>>       EAP-Message =
> >>><1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><24
> >>>5><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9<193>
> >>><13><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS<151>
> >>><30><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171>5s<1
> >>>87><229><139>2<250><146><1><187><207><226><203>5<251><178><1><212><178>
> >>><141><219>O<253><134><213>N|<172>:
> >>>J<23><173><161><191><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215>
> >>><186>x<141><197><212>s<145><235>\<164><8>!
> >>><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1>
> >>><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><
> >>>129><0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<24><13
> >>>6><172><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><183><
> >>>230><148><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><4>r<2
> >>>39>?<1><16><203>
> >>>       EAP-Message =
> >>>T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202
> >>>
> >>>>u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t
> >>>
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
> >>>*** Received from e.f.g.h port 1027 ....
> >>>Code:       Access-Request
> >>>Identifier: 44
> >>>Authentic:  <214>WD-b<243><176>)<174>O<220><229><186>k<200>a
> >>>Attributes:
> >>>       Framed-MTU = 1480
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXX"
> >>>       User-Name = "wifi"
> >>>       Service-Type = Framed-User
> >>>       Framed-Protocol = PPP
> >>>       NAS-Port = 13
> >>>       NAS-Port-Type = Ethernet
> >>>       NAS-Port-Id = "13"
> >>>       Called-Station-Id = "00-08-83-95-fb-ed"
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >>>       Tunnel-Type = 0:VLAN
> >>>       Tunnel-Medium-Type = 0:802
> >>>       Tunnel-Private-Group-ID = 5
> >>>       EAP-Message = <2><4><0><6><25><1>
> >>>       Message-Authenticator =
> >>><215>2d<182><212>yp'^<129><31>D.)<225><8>
> >>>
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:18:25 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
> >>>13
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with EAP: code 2, 4, 6
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:18:25 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>Challenge
> >>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
> >>>*** Sending to e.f.g.h port 1027 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 44
> >>>Authentic:  <214>WD-b<243><176>)<174>O<220><229><186>k<200>a
> >>>Attributes:
> >>>       EAP-Message =
> >>><1><5><3>&<25>A<196><188><3><195>.%<19>mD<242><149><237>O<138><193><0><
> >>>4>=0<130><4>90<130><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H
> >>><134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU
> >>>1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Mel
> >>>bourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> >>>Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> >>>Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
> >>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open
> >>>       EAP-Message =
> >>>.com.au0<30><23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0
> >>><9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<1
> >>>6><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> >>>Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> >>>Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
> >>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129
> >>>
> >>>><159>0<13><6><9>*<134>
> >>>
> >>>       EAP-Message =
> >>>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><
> >>>0><193>@h<28><185>'<7><254><247>{9<233><245>3S<209>=<173>>c<144>Z<239>?
> >>>b<150><224><171><219><170><170>i<226><251><234>\Jwi<210><141><249><141>
> >>><148><224>|<188>V<24><209><8><223>f?
> >>><149><172><6><226><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<160>e<
> >>>153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<16><221>
> >>><6>Pn<9>7<141><197><160><197><245><155>6<3><172><154>p<230><210>Z<159><
> >>>149><192>C<255><154><220><149><3>*<156>q<2><3><1><0><1><163><130><1>+0<
> >>>130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><169>)<152
> >>>
> >>>><148>o<139>c<198><6>9\<249>s<196>0<129><247><6><3>U<29>#<4><129><239>0
> >>>
> >>><129><236><128><20><180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9\
> >>><249>s<196><161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4>
> >>><6><19><2>AU1<17>0
> >>>       EAP-Message =
> >>><15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne
> >>>1<30>0<28><6><3>U<4><10><19><21>
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
> >>>*** Received from e.f.g.h port 1027 ....
> >>>Code:       Access-Request
> >>>Identifier: 45
> >>>Authentic:  <134>Gt<157><18><227><224><153>^?<12>Uj[<248><209>
> >>>Attributes:
> >>>         EAP-Message =
> >>><1><5><3>&<25>A<196><188><3><195>.%<19>mD<242><149><237>O<138><193><0><
> >>>4>=0<130><4>90<130><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H
> >>><134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU
> >>>1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Mel
> >>>bourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> >>>Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> >>>Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
> >>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open
> >>>       EAP-Message =
> >>>.com.au0<30><23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0
> >>><9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<1
> >>>6><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> >>>Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> >>>Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
> >>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129
> >>>
> >>>><159>0<13><6><9>*<134>
> >>>
> >>>       EAP-Message =
> >>>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><
> >>>0><193>@h<28><185>'<7><254><247>{9<233><245>3S<209>=<173>>c<144>Z<239>?
> >>>b<150><224><171><219><170><170>i<226><251><234>\Jwi<210><141><249><141>
> >>><148><224>|<188>V<24><209><8><223>f?
> >>><149><172><6><226><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<160>e<
> >>>153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<16><221>
> >>><6>Pn<9>7<141><197><160><197><245><155>6<3><172><154>p<230><210>Z<159><
> >>>149><192>C<255><154><220><149><3>*<156>q<2><3><1><0><1><163><130><1>+0<
> >>>130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><169>)<152
> >>>
> >>>><148>o<139>c<198><6>9\<249>s<196>0<129><247><6><3>U<29>#<4><129><239>0
> >>>
> >>><129><236><128><20><180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9\
> >>><249>s<196><161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4>
> >>><6><19><2>AU1<17>0
> >>>       EAP-Message =
> >>><15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne
> >>>1<30>0<28><6><3>U<4><10><19><21>
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
> >>>*** Received from e.f.g.h port 1027 ....
> >>>Code:       Access-Request
> >>>Identifier: 45
> >>>Authentic:  <134>Gt<157><18><227><224><153>^?<12>Uj[<248><209>
> >>>Attributes:
> >>>       Framed-MTU = 1480
> >>>        NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXX"
> >>>       User-Name = "wifi"
> >>>       Service-Type = Framed-User
> >>>       Framed-Protocol = PPP
> >>>       NAS-Port = 13
> >>>       NAS-Port-Type = Ethernet
> >>>       NAS-Port-Id = "13"
> >>>       Called-Station-Id = "00-08-83-95-fb-ed"
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >>>       Tunnel-Type = 0:VLAN
> >>>       Tunnel-Medium-Type = 0:802
> >>>       Tunnel-Private-Group-ID = 5
> >>>       EAP-Message = <2><5><0><6><25><1>
> >>>       Message-Authenticator =
> >>><18>/<218><214><230><213>sTf9<206><150><207>a<186><219>
> >>>
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:18:26 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
> >>>13
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with EAP: code 2, 5, 6
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:18:26 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>Challenge
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
> >>>*** Sending to e.f.g.h port 1027 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 45
> >>>Authentic:  <134>Gt<157><18><227><224><153>^?<12>Uj[<248><209>
> >>>Attributes:
> >>>       EAP-Message = <1><6><2><22><25><1>OSC Demo
> >>>Certificates1!0<31><6><3>U<4><11><19><24>Test
> >>>Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
> >>>production)1 0<30><6><9>*<1
> >>>34>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><1><0>0<12><6>
> >>><3>U<29><19><4><5>0<3><1>
> >>><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>
> >>>A<130>4<253><23>-<13><9><
> >>>9><222>3<19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<233><144><
> >>>146>&g<162><190><234><145
> >>>
> >>>>H<159><10>^6IQ<223><219><193>@><204>b<245><12><6><133><147><132><192>f
> >>>
> >>>U<165><197><180>k<136>:<8
> >>>
> >>>><198><152><165>*
> >>>
> >>>       EAP-Message =
> >>>%<221><237><188><23><251><255><172>'n<142>H<25>q<173>t<215><212><221><2
> >>>39>
> >>><20>FZyd<205><240>Wbd<143><139>q]h<236><127><16><143>tA<163>4I<236><230
> >>>
> >>>><147><218>><175>B^<130><
> >>>
> >>>0>*9<22><3><1><0><220><13><0><0><212><2><1><2><0><207><0><205>0<129><20
> >>>2>1<11>0<9><6><3>U<4><6><
> >>>19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><1
> >>>9><9>Melbourne1<30>0<28><
> >>>6><3>U<4><10><19><21>OSC Demo
> >>>Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1
> >>>/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
> >>>0<30><6><9>*<134>H<134>
> >>>       EAP-Message =
> >>><247><13><1><9><1><22><17>mikem at open.com.au<14><0><0><0>
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
> >>>*** Received from e.f.g.h port 1027 ....
> >>>Code:       Access-Request
> >>>Identifier: 46
> >>>Authentic:  67<164><13><194><211><16><9><14>/<<197><26>K(A
> >>>Attributes:
> >>>       Framed-MTU = 1480
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXX"
> >>>       User-Name = "wifi"
> >>>       Service-Type = Framed-User
> >>>       Framed-Protocol = PPP
> >>>       NAS-Port = 13
> >>>       NAS-Port-Type = Ethernet
> >>>       NAS-Port-Id = "13"
> >>>       Called-Station-Id = "00-08-83-95-fb-ed"
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >>>       Tunnel-Type = 0:VLAN
> >>>       Tunnel-Medium-Type = 0:802
> >>>       Tunnel-Private-Group-ID = 5
> >>>       EAP-Message =
> >>><2><6><0><220><25><129><0><0><0><210><22><3><1><0><7><11><0><0><3><0><0
> >>>
> >>>><0><22><3><1><0><134><16><0><0><130><0><128>g<249><15>d<211><13>FX<251
> >>>>0<22><150><185><204><183>aiIss`<180><208><152><236>s@
> >>>
> >>><213><196>:<139><28><7>
> >>><148><157>'<136><183>l<242><21><183><182><237>O<168>#<203>"l<162><150>3
> >>><168><199><13><254><157><28><148><150><211><172><199>><165><127><174>X1
> >>><18><172><9>{"<218>0<130><151><211><2><179><178>FR<182>a<234>w]<17><215
> >>>
> >>>><{T<206><155><137><144><25><196>T<209><189><149><198><167><187><173>U<
> >>>
> >>>186><245><163><162><2><18>u>/
> >>><135><198>Y<227><227><201>M<20><3><1><0><1><1><22><3><1><0>0<151><252><
> >>>10><204><172><19>Z`*E<31>N<172><14>.<163><226><225>wuD:
> >>><188><31><237><238>S<144><13><145><148><248><214>{<223>H<16>(<184><4>J<
> >>>132><163>Ua<184><1>l
> >>>       Message-Authenticator =
> >>>?I<19>O<235><<217><26><155>%<157>H<237><226>?<27>
> >>>
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:18:26 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
> >>>13
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with EAP: code 2, 6, 220
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:18:26 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> >>>Fri Jan 30 21:18:26 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>Challenge
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
> >>>*** Sending to e.f.g.h port 1027 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 46
> >>>Authentic:  67<164><13><194><211><16><9><14>/<<197><26>K(A
> >>>Attributes:
> >>>       EAP-Message =
> >>><1><7><0>E<25><129><0><0><0>;
> >>><20><3><1><0><1><1><22><3><1><0>0<203>DI*<203>g<245><240><213>P<232>Y7<
> >>>15><197><248><225><9>9_f<232><181>R<203><246>Ys<19><148><140><237>^~Y<2
> >>>25><184>:WU<246><178>44U",<225>
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
> >>>*** Received from e.f.g.h port 1027 ....
> >>>Code:       Access-Request
> >>>Identifier: 47
> >>>Authentic:  <230>'<212>}r<195>@y<190><31>l5<202>;X<177>
> >>>Attributes:
> >>>       Framed-MTU = 1480
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXXX"
> >>>       User-Name = "wifi"
> >>>       Service-Type = Framed-User
> >>>       Framed-Protocol = PPP
> >>>       NAS-Port = 13
> >>>       NAS-Port-Type = Ethernet
> >>>       NAS-Port-Id = "13"
> >>>       Called-Station-Id = "00-08-83-95-fb-ed"
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >>>       Tunnel-Type = 0:VLAN
> >>>       Tunnel-Medium-Type = 0:802
> >>>       Tunnel-Private-Group-ID = 5
> >>>       EAP-Message = <2><7><0><6><25><1>
> >>>       Message-Authenticator =
> >>><243><164><164>S<220><8>s<152><154>P<246><154><242><9><178><164>
> >>>
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:18:26 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
> >>>13
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with EAP: code 2, 7, 6
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:18:26 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>Challenge
> >>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
> >>>*** Sending to e.f.g.h port 1027 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 47
> >>>Authentic:  <230>'<212>}r<195>@y<190><31>l5<202>;X<177>
> >>>Attributes:
> >>>       EAP-Message = <1><8><0>P<25><1><23><3><1><0>
> >>><189><169><159><137><190>Q+<208>f<4><136><224>u<167><239><130><3><128>j
> >>>c<31><9><234><221><7>jn="B<1><164><23><3><1><0>
> >>><242>$<<214><238><215><192><20><210><141>c<197>2<0><207><139><147><206>
> >>><231>Y<186><221><214>r<197>4<218>?<233>r^`
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
> >>>*** Received from e.f.g.h port 1027 ....
> >>>Code:       Access-Request
> >>>Identifier: 48
> >>>Authentic:  <150><23><4><237>"<179>p<233>n<15><156><165>z+<136>!
> >>>Attributes:
> >>>       Framed-MTU = 1480
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXXX"
> >>>       User-Name = "wifi"
> >>>       Service-Type = Framed-User
> >>>       Framed-Protocol = PPP
> >>>       NAS-Port = 13
> >>>       NAS-Port-Type = Ethernet
> >>>       NAS-Port-Id = "13"
> >>>       Called-Station-Id = "00-08-83-95-fb-ed"
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >>>       Tunnel-Type = 0:VLAN
> >>>       Tunnel-Medium-Type = 0:802
> >>>       Tunnel-Private-Group-ID = 5
> >>>       EAP-Message = <2><8><0>P<25><1><23><3><1><0>
> >>><234><251><162><188>i<151><194><175>Y<17><135><147><0><231><246><199><1
> >>>65>9#<205>(> <203><246><136>`<206><252><239><226>I<23><3><1><0>
> >>><147><200>v<238><199><163>"V2CEa<3><199><216><21><18><5><22><26><246><2
> >>>48>b<12>#CZ<0><243>Y<162><253>
> >>>       Message-Authenticator =
> >>><237>*<204><234><247><248><6>5N<221><229><140><12>N<208>b
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
> >>>13
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 8, 80
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:18:27 2004: DEBUG: EAP PEAP inner authentication request
> >>>for anonymous
> >>>Fri Jan 30 21:18:27 2004: DEBUG: PEAP Tunnelled request Packet dump:
> >>>Code:       Access-Request
> >>>Identifier: UNDEF
> >>>Authentic:  {<134><221><5><137>A<254><212><232>#_<240>&snr
> >>>Attributes:
> >>>       EAP-Message = <2><0><0><9><1>wifi
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>       User-Name = "anonymous"
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXXX"
> >>>       NAS-Port = 13
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler
> >>>'TunnelledByPEAP=1'
> >>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for , e.f.g.h, 13
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL:
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 0, 9
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 1
> >>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for anonymous: EAP
> >>>MSCHAP-V2 Challenge
> >>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP PEAP inner
> >>>authentication redespatched to a Handler
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>inner authentication redespatched to a Handler
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
> >>>*** Sending to e.f.g.h port 1027 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 48
> >>>Authentic:  <150><23><4><237>"<179>p<233>n<15><156><165>z+<136>!
> >>>Attributes:
> >>>       EAP-Message = <1><9><0>p<25><1><23><3><1><0>
> >>><245><208><201>=<245>><196><212><171><169><184><152>G<192><190>P<150><2
> >>>01>$<246><207><224>vY<7><146><238>K<191><191><9><164><23><3><1><0>@<242
> >>>
> >>>>v<194><182><191>"<189>&K<230>2e<29>r<222>f<193><211>r<238>B<133><244>/
> >>>
> >>><214><210><130><23><218><246>H<12>3<246><130><169><159>R<171><14><6><23
> >>>
> >>>><199><201><20><209>>v<184><236>E<22>(<225><24>b<177>z<170><216><191><1
> >>>
> >>>76><216>"
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
> >>>*** Received from e.f.g.h port 1027 ....
> >>>Code:       Access-Request
> >>>Identifier: 49
> >>>Authentic:  F<7>4]<210><163><160>Y<30><255><204><21>*<27><184><145>
> >>>Attributes:
> >>>       Framed-MTU = 1480
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXXX"
> >>>       User-Name = "wifi"
> >>>       Service-Type = Framed-User
> >>>       Framed-Protocol = PPP
> >>>       NAS-Port = 13
> >>>       NAS-Port-Type = Ethernet
> >>>       NAS-Port-Id = "13"
> >>>       Called-Station-Id = "00-08-83-95-fb-ed"
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >>>       Tunnel-Type = 0:VLAN
> >>>       Tunnel-Medium-Type = 0:802
> >>>       Tunnel-Private-Group-ID = 5
> >>>       EAP-Message = <2><9><0><144><25><1><23><3><1><0>
> >>>`<224>MO<0><31><237>q<132><226><19><146
> >>>
> >>>><173>~+
> >>>
> >>><201><128>UG<2>n<152><242><128><22><187><214>b0<242><23><23><3><1><0>`5
> >>><152>r-<19>p!_<2
> >>>31><235>MjIc<215><235><200>G\<230>~<211>h>d<137><165><166>o<139>`<187><
> >>>212>{<223>J<165><13>Cc<15
> >>>9><149>[-
> >>><182><179><21><221><181>~Y<131><175><162><236><9><154><239>Q<190>+<20><
> >>>143><203><187>=<
> >>>8>J<166>c<252><197>L<173>}<127>J<25>Jo<146><135><149><157><198>g<237><1
> >>>40><253>U;<190><150><Fh
> >>>       Message-Authenticator =
> >>><149>|<200>x<217>E<171><197>7<236><226><192>!s<140>U
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
> >>>13
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 9, 144
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:18:27 2004: DEBUG: EAP PEAP inner authentication request
> >>>for anonymous
> >>>Fri Jan 30 21:18:27 2004: DEBUG: PEAP Tunnelled request Packet dump:
> >>>Code:       Access-Request
> >>>Identifier: UNDEF
> >>>Authentic:  q2<232><250><210>y<142><240><10>HAI/<8><140>"
> >>>Attributes:
> >>>       EAP-Message =
> >>><2><1><0>@<26><2><1><0>11<29><216><225><23><243><0><229>*da<152>$0<147>
> >>><22
> >>>1><141><0><0><0><0><0><0><0><0>c<241><219><189>LC<230><218><194><134><2
> >>>3><177><17><24><151>@]<15
> >>>6><131>49<4>p<140><0>wifi
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>       User-Name = "anonymous"
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXXX"
> >>>       NAS-Port = 13
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler
> >>>'TunnelledByPEAP=1'
> >>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for , e.f.g.h, 13
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL:
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 1, 64
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 26
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Query is: 'select password from
> >>>inetusers where username = 'wif
> >>>i' and locked = 0':
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Radius::AuthSQL looks for match with
> >>>wifi
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Radius::AuthSQL ACCEPT:
> >>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP MSCHAP V2
> >>>Challenge: Success
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for anonymous: EAP
> >>>MSCHAP V2 Challenge: Success
> >>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP PEAP inner
> >>>authentication redespatched to a Handler
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>inner authentication redespatched to a Handler
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
> >>>*** Sending to e.f.g.h port 1027 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 49
> >>>Authentic:  F<7>4]<210><163><160>Y<30><255><204><21>*<27><184><145>
> >>>Attributes:
> >>>       EAP-Message = <1><10><0><144><25><1><23><3><1><0>
> >>><149>Q$<23><202><190><149><174>&<138><15>KE<6><240>\oJ'b<210><244><194>
> >>>H3dFs<188>7$<136><23><3><1><0>`<9><143><143>U<194>,<216><30>"<157><237>
> >>><221><170>8<167>J{<199>B<134>^<129><141><165><219><230>2?
> >>><173>V<231><164><144><134>b<204><152>yy<255>{6<226>'<212>\<184>U<173><2
> >>>19>6<245><136><252><23><208>qC<243>^"<178>+<185><28><10>&<131>.y<198><2
> >>>12><6>7<9><255>.<253><127>o<225><236>v<229>\<154><172><24>3<26>V<201><1
> >>>0><246><245><252>
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
> >>>*** Received from e.f.g.h port 1027 ....
> >>>Code:       Access-Request
> >>>Identifier: 50
> >>>Authentic:
> >>><246><247>d<205><130><147><208><201><206><239><252><133><218><11><232><
> >>>1>
> >>>Attributes:
> >>>       Framed-MTU = 1480
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXXX"
> >>>       User-Name = "wifi"
> >>>       Service-Type = Framed-User
> >>>       Framed-Protocol = PPP
> >>>       NAS-Port = 13
> >>>       NAS-Port-Type = Ethernet
> >>>       NAS-Port-Id = "13"
> >>>       Called-Station-Id = "00-08-83-95-fb-ed"
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >>>       Tunnel-Type = 0:VLAN
> >>>       Tunnel-Medium-Type = 0:802
> >>>       Tunnel-Private-Group-ID = 5
> >>>       EAP-Message = <2><10><0>P<25><1><23><3><1><0>
> >>><231><0><246>p<148>L/
> >>><240><129><3>k@<140>x<129><6><167><214><210>d$<9><238>O<175>w:
> >>><150>^<3>!<147><23><3><1><0>
> >>><217><244>&<237><<175>Q<149><216><199>Z=k<5>~<1><210><5><169><242><18><
> >>>172><250><242><196><0><19><255><208>B<137><139>
> >>>       Message-Authenticator =
> >>>p<235><220><220><219>E<150>l<236>8<238>'/<211>a<172>
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
> >>>13
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 10, 80
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:18:27 2004: DEBUG: EAP PEAP inner authentication request
> >>>for anonymous
> >>>Fri Jan 30 21:18:27 2004: DEBUG: PEAP Tunnelled request Packet dump:
> >>>Code:       Access-Request
> >>>Identifier: UNDEF
> >>>Authentic:
> >>>U$<172><211><235><156><148><226><173><208><252><142><232><174><167><19>
> >>>Attributes:
> >>>       EAP-Message = <2><2><0><7><26><3>
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>       User-Name = "anonymous"
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXXX"
> >>>       NAS-Port = 13
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler
> >>>'TunnelledByPEAP=1'
> >>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for , e.f.g.h, 13
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL:
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 2, 7
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 26
> >>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 0,
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Access accepted for anonymous
> >>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP PEAP inner
> >>>authentication redespatched to a Handler
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for wifi: EAP PEAP
> >>>inner authentication redespatched to a Handler
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
> >>>*** Sending to e.f.g.h port 1027 ....
> >>>Code:       Access-Challenge
> >>>Identifier: 50
> >>>Authentic:
> >>><246><247>d<205><130><147><208><201><206><239><252><133><218><11><232><
> >>>1>
> >>>Attributes:
> >>>       EAP-Message = <1><11><0>P<25><1><23><3><1><0>
> >>><31><221>H<162><173><149>]<234><17><249><10>0<238><194><229><186><197>g
> >>><242><248><7>5<130>&<18><154><25><226><229>S<134><171><23><3><1><0>
> >>><224><188><15>5<30>'<205><7>p=5<230><194><238><206>N{<204>k<192>#<4><18
> >>>7><202><Z<241><248><174><210><184><235>
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
> >>>*** Received from e.f.g.h port 1027 ....
> >>>Code:       Access-Request
> >>>Identifier: 51
> >>>Authentic:  <166><231><148>=2<131><0>9~<223>,<245><138><251><24>q
> >>>Attributes:
> >>>       Framed-MTU = 1480
> >>>       NAS-IP-Address = e.f.g.h
> >>>       NAS-Identifier = "XXXXXXX"
> >>>       User-Name = "wifi"
> >>>       Service-Type = Framed-User
> >>>       Framed-Protocol = PPP
> >>>       NAS-Port = 13
> >>>       NAS-Port-Type = Ethernet
> >>>       NAS-Port-Id = "13"
> >>>       Called-Station-Id = "00-08-83-95-fb-ed"
> >>>       Calling-Station-Id = "00-30-4f-20-f1-54"
> >>>       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >>>       Tunnel-Type = 0:VLAN
> >>>       Tunnel-Medium-Type = 0:802
> >>>       Tunnel-Private-Group-ID = 5
> >>>       EAP-Message = <2><11><0>P<25><1><23><3><1><0>
> >>>j<168><19><206><4><176><143><128><128><245><212><138><22><224>I<226><13
> >>>8><17>h<183><178><236>&<217><<167>&<127>F<172>C<167><23><3><1><0>
> >>>*F<234>!
> >>><14>Fmx<26><150><229><18><237><199><131>Tm<178><216><232><129><255><183
> >>>
> >>>><131><251>#<226>VawI<4>
> >>>
> >>>       Message-Authenticator =
> >>><162>JO<192><22>p<198><194>C<238>G<158>|E<29>(
> >>>
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
> >>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
> >>>13
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 11, 80
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
> >>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 0,
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Access accepted for wifi
> >>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
> >>>*** Sending to e.f.g.h port 1027 ....
> >>>Code:       Access-Accept
> >>>Identifier: 51
> >>>Authentic:  <166><231><148>=2<131><0>9~<223>,<245><138><251><24>q
> >>>Attributes:
> >>>       EAP-Message = <3><11><0><4>
> >>>       Message-Authenticator =
> >>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >>>
> >>>
> >>>
> >>>===
> >>>Archive at http://www.open.com.au/archives/radiator/
> >>>Announcements on radiator-announce at open.com.au
> >>>To unsubscribe, email 'majordomo at open.com.au' with
> >>>'unsubscribe radiator' in the body of the message.
> >>
> >>NB: have you included a copy of your configuration file (no secrets),
> >>together with a trace 4 debug showing what is happening?
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list