Fwd: (RADIATOR) Help me with 802.1x on AlliedTelesyn switch please

Pavel Paprok ppaprok at applet.cz
Fri Feb 20 03:06:55 CST 2004


Hi,

FYI we got answer of Allied Telesyn tech support of this switch:

----
After analyzing the debug logs of the open1x supplicant and of the
radiator server you sent, it looks like you are either using EAP-PEAP or
EAP-TLS.  Our switches only support EAP-MD5, so the supplicant should be
configured for EAP-MD5 as well as the radius server. Please replace this
with with EAP-MD5.
----

Does it mean that this switch is not eap type trasparent...? Is it possible?
Anyway - in switch manual is no info about this "feature".

P.




Mike McCauley wrote:

>Hello Pavel,
>
>On Tue, 3 Feb 2004 12:22 am, Pavel Paprok wrote:
>  
>
>>yes, firmware is recent - AT-S39 v3.2.0 firmware update.
>>as wrotten in software release notes there is 802.1x support
>>since fw 3.1.0. (3.1.1 and 3.2.0 has no new features), there stay:
>>
>>"Two types of RADIUS servers have been verified as fully
>>compatible with this feature: Funk Software Steel-Belted Radius
>>and Free Radius. Two types of 802.1x clients have been
>>verified to be fully-compatible: Microsoft WinXP client
>>and Meeting House Aegis client."
>>
>>all info on product page:
>>http://www.alliedtelesyn.com/allied/support/viewproductsupport.asp?id=637&t
>>ype=&dosearch=1&sub=0&product=AT%2D8012M&back=true&country=2&lang=en
>>
>>i really need to get it work with radiator
>>    
>>
>
>The logs show that the switch is not sending the first part of the server 
>certificate back to the client. This is incorrect.
>
>The only conclusions I can make are:
>
>1. The switch firmware version you are running is broken. You may need to 
>downgrade to the version they claim works correctly.
>
>2. There is a configuration problem in the switch.
>
>I dont think there is anything else we can do to help at this stage.
>
>Does anyone else have experience with the AT-S39 switch?
>
>
>
>  
>
>>pavel
>>
>>Mike McCauley wrote:
>>    
>>
>>>Hello Pabel,
>>>
>>>thanks for sending more complete logs.
>>>
>>>>From close examination of the log, I can see that Radiator sends the
>>>      
>>>
>>>>first
>>>>        
>>>>
>>>part of the server certificate back to the client, but then, instead of
>>>sending an acknowledgement, the client again sends another EAP identity.
>>>This is incorrect behaviour.
>>>
>>>I seriously suspect that there is a problem with the AT-8012M firmware.
>>>Can you confirm the correct firmware version with Allied?
>>>
>>>Cheers.
>>>
>>>On Mon, 2 Feb 2004 06:31 pm, Hugh Irvine wrote:
>>>      
>>>
>>>>Begin forwarded message:
>>>>        
>>>>
>>>>>From: Pavel Paprok <ppaprok at applet.cz>
>>>>>Date: 31 January 2004 08:18:06 GMT+11:00
>>>>>To: Mike McCauley <mikem at open.com.au>
>>>>>Cc: radiator at open.com.au
>>>>>Subject: Re: (RADIATOR) Help me with 802.1x on AlliedTelesyn switch
>>>>>please
>>>>>
>>>>>Mike McCauley wrote:
>>>>>          
>>>>>
>>>>>>Hello Pavel,
>>>>>>
>>>>>>I cant tell exactly what the problem is at this stage. It would help
>>>>>>if you sent more of the Radiator log file, since the part you sent
>>>>>>only covers the beginning of the authentication process.
>>>>>>            
>>>>>>
>>>>>hallo,
>>>>>in this message i replaced old logs by new created logs - a bit
>>>>>longer....
>>>>>my config was still exactly same except MaxFragmentSize reduced to 800
>>>>>but with no effect.
>>>>>
>>>>>also i add log from successfull 802.1x connection to other switch -
>>>>>HPProCurve
>>>>>- for compare - from exactly same radiator server and xsupplicant
>>>>>station, HP switch
>>>>>only on different ip. these logs are on end of this message if you
>>>>>want to see...
>>>>>
>>>>>          
>>>>>
>>>>>>Since your Radiator works with other APs and the same clients, and
>>>>>>since this AP is supposed to work with FreeRadius, you might consider
>>>>>>reducing the size of EAPTLS_MaxFragmentSize to less than 1024, try
>>>>>>say 1000 or 800?
>>>>>>            
>>>>>>
>>>>>of course, i try all possible values of this parameter from 512 to 4k
>>>>>but no advance...
>>>>>
>>>>>bye,
>>>>>pavel
>>>>>
>>>>>          
>>>>>
>>>>>>Cheers.
>>>>>>
>>>>>>On Fri, 30 Jan 2004 04:38 am, Pavel Paprok wrote:
>>>>>>            
>>>>>>
>>>>>>>Hallo,
>>>>>>>
>>>>>>>I just trying to authorise ethernet ports on manageable switch
>>>>>>>Allied Telesyn AT-8012M (latest software AT-S39, v3.2.0)
>>>>>>>with enabled 802.1x by EAP/PEAP/MSCHAPv2.
>>>>>>>radius is Radiator v3.8 one server licensed, system is RedHat9.
>>>>>>>supplicant is latest xsupplicant (v0.8b) but with native
>>>>>>>WinXP clients auth do not work too.
>>>>>>>certificates are from test suite of radiator.
>>>>>>>
>>>>>>>there should be no general error in my radiator configuration because
>>>>>>>exactly same 802.1x eap configuration with ports of other ethernet
>>>>>>>switches we use, wired (HP Procurve 2412,...) or wireless AP
>>>>>>>(DLink,..)
>>>>>>>works good (with same xsupplicants and WinXP 802.1x system clients).
>>>>>>>
>>>>>>>very basic radius configuration on Allied should be also ok because
>>>>>>>when authorising of serial console account (manage prompt) from the
>>>>>>>radius
>>>>>>>it works properly, but not on its ethernet ports thru 802.1x
>>>>>>>eap/peapmschapv2.
>>>>>>>(auth of its serial console from config below removed for simplicity)
>>>>>>>
>>>>>>>in manual of AlliedTelesyn switch wrotten that its 802.1x was tested
>>>>>>>with
>>>>>>>WinXP clients and FreeRadius radius server - but Radiator should
>>>>>>>be in 802.1x better, are so?
>>>>>>>
>>>>>>>Please help, what should I try next to get it run?
>>>>>>>
>>>>>>>thanks,
>>>>>>>Pavel
>>>>>>>
>>>>>>>--------------------------------------------------------------
>>>>>>>here is log from x supplicant:
>>>>>>>              
>>>>>>>
>>>>>[root at pp2 root]# xsupplicant -i eth1 -d 5
>>>>>Calling do_eapol, with device eth1
>>>>>Setup on device eth1 complete
>>>>>(EAPMD5) Initalized
>>>>>(EAPMS-CHAP) Initalized
>>>>>Done with init.
>>>>>Sending EAPOL-Start #1
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>## eap_decode_packet ##: Type is Identity
>>>>>Connection Established, authenticating...
>>>>>ACQUIRED
>>>>>## eap_decode_packet ##: Got an EAP failure
>>>>>Failed to Authenticate
>>>>>CONNECTING
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>## eap_decode_packet ##: Type is Identity
>>>>>Connection Established, authenticating...
>>>>>ACQUIRED
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>## eap_decode_packet ##: Type is Identity
>>>>>Connection Established, authenticating...
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>### Type is 25, length: 6
>>>>>Loading certificate /etc/1x/certs/CAroot.pem . . .
>>>>>(TLS)Loaded root certificate /etc/1x/certs/CAroot.pem and dirctory
>>>>>(null)
>>>>>   --- SSL : before/connect initialization
>>>>>   --- SSL : before/connect initialization
>>>>>   --- SSL : SSLv3 write client hello A
>>>>>   --- SSL : SSLv3 read server hello A
>>>>>Destination : 1:80:c2:0:0:3
>>>>>AUTHENTICATING
>>>>>
>>>>>
>>>>>...here it stay  ~ 20 .. 30 sec
>>>>>
>>>>>
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>## eap_decode_packet ##: Type is Identity
>>>>>Connection Established, authenticating...
>>>>>ACQUIRED
>>>>>
>>>>>
>>>>>... here it stay again ~ 20 sec
>>>>>
>>>>>
>>>>>## eap_decode_packet ##: Got an EAP failure
>>>>>Failed to Authenticate
>>>>>CONNECTING
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>## eap_decode_packet ##: Type is Identity
>>>>>Connection Established, authenticating...
>>>>>ACQUIRED
>>>>>## eap_decode_packet ##: Got an EAP failure
>>>>>Failed to Authenticate
>>>>>CONNECTING
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>## eap_decode_packet ##: Type is Identity
>>>>>Connection Established, authenticating...
>>>>>ACQUIRED
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>## eap_decode_packet ##: Type is Identity
>>>>>Connection Established, authenticating...
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>## eap_decode_packet ##: Type is Identity
>>>>>Connection Established, authenticating...
>>>>>## eap_decode_packet ##: Got an EAP failure
>>>>>Failed to Authenticate
>>>>>CONNECTING
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>## eap_decode_packet ##: Type is Identity
>>>>>Connection Established, authenticating...
>>>>>ACQUIRED
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>## eap_decode_packet ##: Type is Identity
>>>>>Connection Established, authenticating...
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>### Type is 25, length: 6
>>>>>   --- SSL : SSLv3 read server hello A
>>>>>Destination : 1:80:c2:0:0:3
>>>>>AUTHENTICATING
>>>>>(EAPMD5) Cleaning up.
>>>>>(EAPMS-CHAP) Cleaning up.
>>>>>[root at pp2 root]#
>>>>>
>>>>>... end was because i stopped xsupplicant
>>>>>
>>>>>
>>>>>LOG FROM RADIATOR:
>>>>>
>>>>>
>>>>>Fri Jan 30 21:10:23 2004: DEBUG: Reading users file
>>>>>/etc/radiator/outerEAPusers
>>>>>Fri Jan 30 21:10:23 2004: DEBUG: Finished reading configuration file
>>>>>'/etc/radiator/radius.cfg'
>>>>>Fri Jan 30 21:10:23 2004: DEBUG: Reading dictionary file
>>>>>'/etc/radiator/dictionary'
>>>>>Fri Jan 30 21:10:23 2004: DEBUG: Creating authentication port
>>>>>0.0.0.0:1812
>>>>>Fri Jan 30 21:10:23 2004: DEBUG: Creating accounting port 0.0.0.0:1813
>>>>>Fri Jan 30 21:10:23 2004: NOTICE: Server started: Radiator 3.8 on
>>>>>data.applet.cz
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
>>>>>*** Received from a.b.c.d port 516 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 49
>>>>>Authentic:  <136><150><30>Q<236><19><188>m<146><31><142>Jg<160><209>7
>>>>>Attributes:
>>>>>      User-Name = "wifi"
>>>>>      NAS-IP-Address = a.b.c.d
>>>>>      NAS-Port = 3
>>>>>      Called-Station-Id = "00:0C:46:22:71:20"
>>>>>      Calling-Station-Id = "00:30:4F:20:F1:54"
>>>>>      Framed-MTU = 1400
>>>>>      NAS-Port-Type = Ethernet
>>>>>      Connect-Info = "100Mbps"
>>>>>      EAP-Message = <2><164><0><9><1>wifi
>>>>>      Message-Authenticator =
>>>>><199><156>a<169>2y'<242><187><201>@*'<187><10>r
>>>>>
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:10:28 2004: DEBUG:  Deleting session for wifi, a.b.c.d, 3
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Handling with EAP: code 2, 164, 9
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Response type 1
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>Challenge
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
>>>>>*** Sending to a.b.c.d port 516 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 49
>>>>>Authentic:  <136><150><30>Q<236><19><188>m<146><31><142>Jg<160><209>7
>>>>>Attributes:
>>>>>      EAP-Message = <1><165><0><6><25>!
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>
>>>>>
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
>>>>>*** Received from a.b.c.d port 516 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 51
>>>>>Authentic:  X<28><138><228><24><18>jG<157><193><233><241><204><198>g7
>>>>>Attributes:
>>>>>      User-Name = "wifi"
>>>>>      NAS-IP-Address = a.b.c.d
>>>>>      NAS-Port = 3
>>>>>      Called-Station-Id = "00:0C:46:22:71:20"
>>>>>      Calling-Station-Id = "00:30:4F:20:F1:54"
>>>>>      Framed-MTU = 1400
>>>>>      NAS-Port-Type = Ethernet
>>>>>      Connect-Info = "100Mbps"
>>>>>      EAP-Message =
>>>>><2><165><0>n<25><129><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>@<26><186>
>>>>>8F<6><177><135><208><190><148><254><[<248>j<10><17><201><139><8><189><1
>>>>>61><227><22><145>u8<133>)<163><175><0><0>4<0>9<0>8<0>5<0><22><0><19><0>
>>>>><10><0>3<0>2<0>/
>>>>><0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><
>>>>>17><0><8><0><6><0><3><1><0>
>>>>>      Message-Authenticator =
>>>>>^<132><22><142>M<235>j<152><24><234><153><184>z<17><19><210>
>>>>>
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:10:28 2004: DEBUG:  Deleting session for wifi, a.b.c.d, 3
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Handling with EAP: code 2, 165, 110
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>Challenge
>>>>>Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
>>>>>*** Sending to a.b.c.d port 516 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 51
>>>>>Authentic:  X<28><138><228><24><18>jG<157><193><233><241><204><198>g7
>>>>>Attributes:
>>>>>      EAP-Message =
>>>>><1><166><3>*<25><193><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@<26><186>
>>>>>4h|<243>I<135><247><152><140><127>\C\<207><201><240><247><128>N<205><18
>>>>>6><136>t<204><214><204>pcX
>>>>><211>{i<254><0><146>GEIt<197>s<134><164>WE3I<229>E<128><231><15>f]J<28>
>>>>><161><196><222><193>Y<0>5<0><22><3><1><7><27><11><0><7><23><0><7><20><0
>>>>>
>>>>>          
>>>>>
>>>>>><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*
>>>>>>            
>>>>>>
>>>>><134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19
>>>>>
>>>>>          
>>>>>
>>>>>><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19>
>>>>>>            
>>>>>>
>>>>><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>>>Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>>>>>      EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
>>>>>in production)1
>>>>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30>
>>>>><23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6><19><
>>>>>2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9
>>>>>
>>>>>          
>>>>>
>>>>>>Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test
>>>>>>            
>>>>>>
>>>>>Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>
>>>>>0<13><6><9>*<134>H<134><247><13><1><1>
>>>>>      EAP-Message =
>>>>><1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><24
>>>>>5><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9<193>
>>>>><13><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS<151>
>>>>><30><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171>5s<1
>>>>>87><229><139>2<250><146><1><187><207><226><203>5<251><178><1><212><178>
>>>>><141><219>O<253><134><213>N|<172>:
>>>>>J<23><173><161><191><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215>
>>>>><186>x<141><197><212>s<145><235>\<164><8>!
>>>>><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1>
>>>>><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><
>>>>>129><0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<24><13
>>>>>6><172><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><183><
>>>>>230><148><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><4>r<2
>>>>>39>?<1><16><203>
>>>>>      EAP-Message =
>>>>>T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202
>>>>>
>>>>>          
>>>>>
>>>>>>u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t
>>>>>>            
>>>>>>
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
>>>>>*** Received from a.b.c.d port 516 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 55
>>>>>Authentic:
>>>>><151><136><183><6><213>N<227><8><165><160><196>%<248><156><166><11>
>>>>>Attributes:
>>>>>      User-Name = "wifi"
>>>>>      NAS-IP-Address = a.b.c.d
>>>>>      NAS-Port = 3
>>>>>      Called-Station-Id = "00:0C:46:22:71:20"
>>>>>      Calling-Station-Id = "00:30:4F:20:F1:54"
>>>>>      Framed-MTU = 1400
>>>>>      NAS-Port-Type = Ethernet
>>>>>      Connect-Info = "100Mbps"
>>>>>      EAP-Message = <2><169><0><9><1>wifi
>>>>>      Message-Authenticator = r<214>vt<240>y%<150>K^=-<241><191><<212>
>>>>>
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:11:29 2004: DEBUG:  Deleting session for wifi, a.b.c.d, 3
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with EAP: code 2, 169, 9
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Response type 1
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Resuming session for
>>>>>Radius::Context=HASH(0x857b140)
>>>>>
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>Challenge
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
>>>>>*** Sending to a.b.c.d port 516 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 55
>>>>>Authentic:
>>>>><151><136><183><6><213>N<227><8><165><160><196>%<248><156><166><11>
>>>>>Attributes:
>>>>>      EAP-Message = <1><170><0><6><25>!
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
>>>>>*** Received from a.b.c.d port 516 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 57
>>>>>Authentic:  <6>x<9><127>$k<228>3P<<230><219>JH<183>v
>>>>>Attributes:
>>>>>      User-Name = "wifi"
>>>>>      NAS-IP-Address = a.b.c.d
>>>>>      NAS-Port = 3
>>>>>      Called-Station-Id = "00:0C:46:22:71:20"
>>>>>      Calling-Station-Id = "00:30:4F:20:F1:54"
>>>>>      Framed-MTU = 1400
>>>>>      NAS-Port-Type = Ethernet
>>>>>      Connect-Info = "100Mbps"
>>>>>      EAP-Message = <2><170><0><6><25><1>
>>>>>      Message-Authenticator =
>>>>>u<242>THJ<214><131>,<17><195>$<9>c<19>*<174>
>>>>>
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:11:29 2004: DEBUG:  Deleting session for wifi, a.b.c.d, 3
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with EAP: code 2, 170, 6
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: EAP result: 2, EAP PEAP Nothing to
>>>>>read or write
>>>>>Fri Jan 30 21:11:57 2004: NOTICE: SIGTERM received: stopping
>>>>>      EAP-Message = <1><170><0><6><25>!
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
>>>>>*** Received from a.b.c.d port 516 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 57
>>>>>Authentic:  <6>x<9><127>$k<228>3P<<230><219>JH<183>v
>>>>>Attributes:
>>>>>      User-Name = "wifi"
>>>>>      NAS-IP-Address = a.b.c.d
>>>>>      NAS-Port = 3
>>>>>      Called-Station-Id = "00:0C:46:22:71:20"
>>>>>      Calling-Station-Id = "00:30:4F:20:F1:54"
>>>>>      Framed-MTU = 1400
>>>>>      NAS-Port-Type = Ethernet
>>>>>      Connect-Info = "100Mbps"
>>>>>      EAP-Message = <2><170><0><6><25><1>
>>>>>      Message-Authenticator =
>>>>>u<242>THJ<214><131>,<17><195>$<9>c<19>*<174>
>>>>>
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:11:29 2004: DEBUG:  Deleting session for wifi, a.b.c.d, 3
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Handling with EAP: code 2, 170, 6
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:11:29 2004: DEBUG: EAP result: 2, EAP PEAP Nothing to
>>>>>read or write
>>>>>Fri Jan 30 21:11:57 2004: NOTICE: SIGTERM received: stopping
>>>>>
>>>>>          
>>>>>
>>>>>>>---------------------------------------------------------------------
>>>>>>>------
>>>>>>>---------------------------------- fragment of radiator config:
>>>>>>>
>>>>>>><Client a.b.c.d>
>>>>>>>      Secret xxxxxx
>>>>>>>      Identifier      8021xAllied
>>>>>>></Client>
>>>>>>><Handler Request-Type = Accounting-Request>
>>>>>>><AuthBy SQL>
>>>>>>>      DBSource        dbi:mysql:radiator
>>>>>>>      DBUsername      radiator
>>>>>>>      DBAuth          xxxxx
>>>>>>>      # Just accounting, no auth
>>>>>>>      IgnoreAuthentication
>>>>>>>      AuthSelect
>>>>>>>      AccountingTable inetaccounting
>>>>>>>      AcctColumnDef   username,User-Name
>>>>>>>      AcctColumnDef   time_stamp,Timestamp,integer
>>>>>>>      AcctColumnDef   acctstatustype,Acct-Status-Type
>>>>>>>      AcctColumnDef   acctinputoctets,Acct-Input-Octets,integer
>>>>>>>      AcctColumnDef   acctoutputoctets,Acct-Output-Octets,integer
>>>>>>>      AcctColumnDef   acctsessiontime,Acct-Session-Time,integer
>>>>>>>      AcctColumnDef   acctterminatecause,Acct-Terminate-Cause
>>>>>>>      AcctColumnDef   nasidentifier,NAS-Identifier
>>>>>>>       AcctColumnDef   framedipaddress,Framed-IP-Address
>>>>>>>  </AuthBy>
>>>>>>></Handler>
>>>>>>><Handler TunnelledByPEAP=1>
>>>>>>>  <AuthBy SQL>
>>>>>>>      DBSource        dbi:mysql:radiator
>>>>>>>      DBUsername      radiator
>>>>>>>      DBAuth          xxxxx
>>>>>>>      AuthSelect select password from inetusers where \
>>>>>>>           username = %0 and locked = 0
>>>>>>>      EAPType MSCHAP-V2
>>>>>>> </AuthBy>
>>>>>>></Handler>
>>>>>>><Handler>
>>>>>>> <AuthBy FILE>
>>>>>>>      # outer auth file, only anonymous inside
>>>>>>>      Filename /etc/radiator/outerEAPusers
>>>>>>>      EAPType PEAP
>>>>>>>      EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>>>>>>>      EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>>>>>>>      EAPTLS_CertificateType PEM
>>>>>>>      EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>>>>>>>      EAPTLS_PrivateKeyPassword whatever
>>>>>>>      EAPTLS_MaxFragmentSize 1024
>>>>>>>      SSLeayTrace 4    # 1=ciphers, 2=trace, 3=dump data
>>>>>>>   </AuthBy>   # auth by file
>>>>>>></Handler>
>>>>>>>
>>>>>>>
>>>>>>>===
>>>>>>>Archive at http://www.open.com.au/archives/radiator/
>>>>>>>Announcements on radiator-announce at open.com.au
>>>>>>>To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>>'unsubscribe radiator' in the body of the message.
>>>>>>>              
>>>>>>>
>>>>>-----------------------------------------------------------------------
>>>>>----------------------------------
>>>>>
>>>>>XSUPPLICANT LOG FROM SUCCESSFULL AUTH WITH HP:
>>>>>
>>>>>[root at pp2 root]# xsupplicant -i eth1 -d 5
>>>>>Calling do_eapol, with device eth1
>>>>>Setup on device eth1 complete
>>>>>(EAPMD5) Initalized
>>>>>(EAPMS-CHAP) Initalized
>>>>>Done with init.
>>>>>Sending EAPOL-Start #1
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>## eap_decode_packet ##: Type is Identity
>>>>>Connection Established, authenticating...
>>>>>ACQUIRED
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>### Type is 25, length: 6
>>>>>Loading certificate /etc/1x/certs/CAroot.pem . . .
>>>>>(TLS)Loaded root certificate /etc/1x/certs/CAroot.pem and dirctory
>>>>>(null)
>>>>>   --- SSL : before/connect initialization
>>>>>   --- SSL : before/connect initialization
>>>>>   --- SSL : SSLv3 write client hello A
>>>>>   --- SSL : SSLv3 read server hello A
>>>>>Destination : 1:80:c2:0:0:3
>>>>>AUTHENTICATING
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>### Type is 25, length: 810
>>>>>(EAPTTLS) Saved packet fragment.
>>>>>Destination : 1:80:c2:0:0:3
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>### Type is 25, length: 806
>>>>>(EAPTTLS) Saved packet fragment.
>>>>>Destination : 1:80:c2:0:0:3
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>### Type is 25, length: 534
>>>>>(TTLS) Saved final data fragment!
>>>>>16 3 1 0 4a 2 0 0 46 3 1 40 1a bc 11 b6
>>>>>   --- SSL : SSLv3 read server hello A
>>>>>   --- SSL : SSLv3 read server certificate A
>>>>>   --- SSL : SSLv3 read server certificate request A
>>>>>   --- SSL : SSLv3 read server done A
>>>>>   --- SSL : SSLv3 write client certificate A
>>>>>   --- SSL : SSLv3 write client key exchange A
>>>>>   --- SSL : SSLv3 write change cipher spec A
>>>>>   --- SSL : SSLv3 write finished A
>>>>>   --- SSL : SSLv3 flush data
>>>>>   --- SSL : SSLv3 read finished A
>>>>>
>>>>>Destination : 1:80:c2:0:0:3
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>### Type is 25, length: 69
>>>>>(EAPTTLS) Saved packet fragment.
>>>>>14 3 1 0 1 1 16 3 1 0 30 cb 44 49 2a cb
>>>>>   --- SSL : SSLv3 read finished A
>>>>>   --- SSL : SSL negotiation finished successfully
>>>>>   --- SSL : SSL negotiation finished successfully
>>>>>Destination : 1:80:c2:0:0:3
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>### Type is 25, length: 80
>>>>>Destination : 1:80:c2:0:0:3
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>### Type is 25, length: 112
>>>>>(EAPMS-CHAP) ID : 09
>>>>>Username = wifi   --   Password = hifi
>>>>>Destination : 1:80:c2:0:0:3
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>### Type is 25, length: 144
>>>>>(EAPMS-CHAP) ID : 0a
>>>>>Username = wifi   --   Password = hifi
>>>>>Destination : 1:80:c2:0:0:3
>>>>>## eap_decode_packet ##: Got an EAP request
>>>>>### Type is 25, length: 80
>>>>>Destination : 1:80:c2:0:0:3
>>>>>## eap_decode_packet ##: Got an EAP success
>>>>>Authentication Succeeded
>>>>>AUTHENTICATED
>>>>>Bingo!
>>>>>LOGOFF
>>>>>(EAPMD5) Cleaning up.
>>>>>(EAPMS-CHAP) Cleaning up.
>>>>>[root at pp2 root]#
>>>>>
>>>>>... all process is ok and take 2 - 3 sec
>>>>>
>>>>>
>>>>>
>>>>>RADIATOR LOG FROM SUCCESSFULL AUTH WITH HP:
>>>>>
>>>>>
>>>>>Fri Jan 30 21:18:21 2004: DEBUG: Reading users file
>>>>>/etc/radiator/outerEAPusers
>>>>>Fri Jan 30 21:18:21 2004: DEBUG: Finished reading configuration file
>>>>>'/etc/radiator/radius.cfg'
>>>>>Fri Jan 30 21:18:21 2004: DEBUG: Reading dictionary file
>>>>>'/etc/radiator/dictionary'
>>>>>Fri Jan 30 21:18:21 2004: DEBUG: Creating authentication port
>>>>>0.0.0.0:1812
>>>>>Fri Jan 30 21:18:21 2004: DEBUG: Creating accounting port 0.0.0.0:1813
>>>>>Fri Jan 30 21:18:21 2004: NOTICE: Server started: Radiator 3.8 on
>>>>>data.applet.cz
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>*** Received from e.f.g.h port 1027 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 42
>>>>>Authentic:  vw<228>M<2><19>PINo|<5>Z<139>h<129>
>>>>>Attributes:
>>>>>      Framed-MTU = 1480
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "APPLET FM2 pater"
>>>>>      User-Name = "wifi"
>>>>>      Service-Type = Framed-User
>>>>>      Framed-Protocol = PPP
>>>>>      NAS-Port = 13
>>>>>      NAS-Port-Type = Ethernet
>>>>>      NAS-Port-Id = "13"
>>>>>      Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>      Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>      Tunnel-Type = 0:VLAN
>>>>>      Tunnel-Medium-Type = 0:802
>>>>>      Tunnel-Private-Group-ID = 5
>>>>>      EAP-Message = <2><2><0><9><1>wifi
>>>>>      Message-Authenticator = <3>C/<3><150>{<164>5m(<148>a<147>h<135>;
>>>>>
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:18:25 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
>>>>>13
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with EAP: code 2, 2, 9
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Response type 1
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>Challenge
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>*** Sending to e.f.g.h port 1027 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 42
>>>>>Authentic:  vw<228>M<2><19>PINo|<5>Z<139>h<129>
>>>>>Attributes:
>>>>>      EAP-Message = <1><3><0><6><25>!
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>*** Received from e.f.g.h port 1027 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 43
>>>>>Authentic:  &g<20><189><178><3><128><185><254>_<172>u<10>{<152><241>
>>>>>Attributes:
>>>>>      Framed-MTU = 1480
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXX"
>>>>>      User-Name = "wifi"
>>>>>      Service-Type = Framed-User
>>>>>      Framed-Protocol = PPP
>>>>>      NAS-Port = 13
>>>>>      NAS-Port-Type = Ethernet
>>>>>      NAS-Port-Id = "13"
>>>>>      Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>      Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>      Tunnel-Type = 0:VLAN
>>>>>      Tunnel-Medium-Type = 0:802
>>>>>      Tunnel-Private-Group-ID = 5
>>>>>      EAP-Message =
>>>>><2><3><0>n<25><129><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>@<26><188><2
>>>>>1><142><186>*<193>1<229><242><134><233><141><246>8<163><137><191><225><
>>>>>196>4<4>"<28>=<142><166><178><210><221>a<0><0>4<0>9<0>8<0>5<0><22><0><1
>>>>>9><0><10><0>3<0>2<0>/
>>>>><0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><
>>>>>17><0><8><0><6><0><3><1><0>
>>>>>      Message-Authenticator = <4>w<244><30>
>>>>>$<141>l<8><11><28><237>x"<248><197>
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:18:25 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
>>>>>13
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with EAP: code 2, 3, 110
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>Challenge
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>*** Sending to e.f.g.h port 1027 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 43
>>>>>Authentic:  &g<20><189><178><3><128><185><254>_<172>u<10>{<152><241>
>>>>>Attributes:
>>>>>      EAP-Message =
>>>>><1><4><3>*<25><193><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@<26><188><1
>>>>>7><182><162><0><144><231><19><135><30>p<21><243>dl<233>)"W<234>*q<255>:
>>>>>mj<213><176>T<3>
>>>>>@N<157><133>h<222><22><1>SSS<212><216>g<243>-
>>>>>G,<30><137>E<179>SH~`<178><144><199>Sp/
>>>>><0>5<0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<130><2><20
>>>>>5>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><
>>>>>1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3
>>>>>
>>>>>          
>>>>>
>>>>>>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28
>>>>>><6><3>U<4><10><19><21>OSC Demo
>>>>>>            
>>>>>>
>>>>>Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>>>>>      EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
>>>>>in production)1
>>>>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30>
>>>>><23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6><19><
>>>>>2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9
>>>>>
>>>>>          
>>>>>
>>>>>>Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test
>>>>>>            
>>>>>>
>>>>>Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>
>>>>>0<13><6><9>*<134>H<134><247><13><1><1>
>>>>>      EAP-Message =
>>>>><1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><24
>>>>>5><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9<193>
>>>>><13><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS<151>
>>>>><30><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171>5s<1
>>>>>87><229><139>2<250><146><1><187><207><226><203>5<251><178><1><212><178>
>>>>><141><219>O<253><134><213>N|<172>:
>>>>>J<23><173><161><191><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215>
>>>>><186>x<141><197><212>s<145><235>\<164><8>!
>>>>><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1>
>>>>><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><
>>>>>129><0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<24><13
>>>>>6><172><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><183><
>>>>>230><148><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><4>r<2
>>>>>39>?<1><16><203>
>>>>>      EAP-Message =
>>>>>T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202
>>>>>
>>>>>          
>>>>>
>>>>>>u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t
>>>>>>            
>>>>>>
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>*** Received from e.f.g.h port 1027 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 44
>>>>>Authentic:  <214>WD-b<243><176>)<174>O<220><229><186>k<200>a
>>>>>Attributes:
>>>>>      Framed-MTU = 1480
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXX"
>>>>>      User-Name = "wifi"
>>>>>      Service-Type = Framed-User
>>>>>      Framed-Protocol = PPP
>>>>>      NAS-Port = 13
>>>>>      NAS-Port-Type = Ethernet
>>>>>      NAS-Port-Id = "13"
>>>>>      Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>      Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>      Tunnel-Type = 0:VLAN
>>>>>      Tunnel-Medium-Type = 0:802
>>>>>      Tunnel-Private-Group-ID = 5
>>>>>      EAP-Message = <2><4><0><6><25><1>
>>>>>      Message-Authenticator =
>>>>><215>2d<182><212>yp'^<129><31>D.)<225><8>
>>>>>
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:18:25 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
>>>>>13
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Handling with EAP: code 2, 4, 6
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>Challenge
>>>>>Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>*** Sending to e.f.g.h port 1027 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 44
>>>>>Authentic:  <214>WD-b<243><176>)<174>O<220><229><186>k<200>a
>>>>>Attributes:
>>>>>      EAP-Message =
>>>>><1><5><3>&<25>A<196><188><3><195>.%<19>mD<242><149><237>O<138><193><0><
>>>>>4>=0<130><4>90<130><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H
>>>>><134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU
>>>>>1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Mel
>>>>>bourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>>>Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>>>>Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
>>>>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open
>>>>>      EAP-Message =
>>>>>.com.au0<30><23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0
>>>>><9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<1
>>>>>6><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>>>Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>>>>Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
>>>>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129
>>>>>
>>>>>          
>>>>>
>>>>>><159>0<13><6><9>*<134>
>>>>>>            
>>>>>>
>>>>>      EAP-Message =
>>>>>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><
>>>>>0><193>@h<28><185>'<7><254><247>{9<233><245>3S<209>=<173>>c<144>Z<239>?
>>>>>b<150><224><171><219><170><170>i<226><251><234>\Jwi<210><141><249><141>
>>>>><148><224>|<188>V<24><209><8><223>f?
>>>>><149><172><6><226><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<160>e<
>>>>>153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<16><221>
>>>>><6>Pn<9>7<141><197><160><197><245><155>6<3><172><154>p<230><210>Z<159><
>>>>>149><192>C<255><154><220><149><3>*<156>q<2><3><1><0><1><163><130><1>+0<
>>>>>130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><169>)<152
>>>>>
>>>>>          
>>>>>
>>>>>><148>o<139>c<198><6>9\<249>s<196>0<129><247><6><3>U<29>#<4><129><239>0
>>>>>>            
>>>>>>
>>>>><129><236><128><20><180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9\
>>>>><249>s<196><161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4>
>>>>><6><19><2>AU1<17>0
>>>>>      EAP-Message =
>>>>><15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne
>>>>>1<30>0<28><6><3>U<4><10><19><21>
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>*** Received from e.f.g.h port 1027 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 45
>>>>>Authentic:  <134>Gt<157><18><227><224><153>^?<12>Uj[<248><209>
>>>>>Attributes:
>>>>>        EAP-Message =
>>>>><1><5><3>&<25>A<196><188><3><195>.%<19>mD<242><149><237>O<138><193><0><
>>>>>4>=0<130><4>90<130><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H
>>>>><134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU
>>>>>1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Mel
>>>>>bourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>>>Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>>>>Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
>>>>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open
>>>>>      EAP-Message =
>>>>>.com.au0<30><23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0
>>>>><9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<1
>>>>>6><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>>>Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>>>>Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
>>>>>0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129
>>>>>
>>>>>          
>>>>>
>>>>>><159>0<13><6><9>*<134>
>>>>>>            
>>>>>>
>>>>>      EAP-Message =
>>>>>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><
>>>>>0><193>@h<28><185>'<7><254><247>{9<233><245>3S<209>=<173>>c<144>Z<239>?
>>>>>b<150><224><171><219><170><170>i<226><251><234>\Jwi<210><141><249><141>
>>>>><148><224>|<188>V<24><209><8><223>f?
>>>>><149><172><6><226><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<160>e<
>>>>>153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<16><221>
>>>>><6>Pn<9>7<141><197><160><197><245><155>6<3><172><154>p<230><210>Z<159><
>>>>>149><192>C<255><154><220><149><3>*<156>q<2><3><1><0><1><163><130><1>+0<
>>>>>130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><169>)<152
>>>>>
>>>>>          
>>>>>
>>>>>><148>o<139>c<198><6>9\<249>s<196>0<129><247><6><3>U<29>#<4><129><239>0
>>>>>>            
>>>>>>
>>>>><129><236><128><20><180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9\
>>>>><249>s<196><161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4>
>>>>><6><19><2>AU1<17>0
>>>>>      EAP-Message =
>>>>><15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne
>>>>>1<30>0<28><6><3>U<4><10><19><21>
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>*** Received from e.f.g.h port 1027 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 45
>>>>>Authentic:  <134>Gt<157><18><227><224><153>^?<12>Uj[<248><209>
>>>>>Attributes:
>>>>>      Framed-MTU = 1480
>>>>>       NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXX"
>>>>>      User-Name = "wifi"
>>>>>      Service-Type = Framed-User
>>>>>      Framed-Protocol = PPP
>>>>>      NAS-Port = 13
>>>>>      NAS-Port-Type = Ethernet
>>>>>      NAS-Port-Id = "13"
>>>>>      Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>      Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>      Tunnel-Type = 0:VLAN
>>>>>      Tunnel-Medium-Type = 0:802
>>>>>      Tunnel-Private-Group-ID = 5
>>>>>      EAP-Message = <2><5><0><6><25><1>
>>>>>      Message-Authenticator =
>>>>><18>/<218><214><230><213>sTf9<206><150><207>a<186><219>
>>>>>
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:18:26 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
>>>>>13
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with EAP: code 2, 5, 6
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>Challenge
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>*** Sending to e.f.g.h port 1027 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 45
>>>>>Authentic:  <134>Gt<157><18><227><224><153>^?<12>Uj[<248><209>
>>>>>Attributes:
>>>>>      EAP-Message = <1><6><2><22><25><1>OSC Demo
>>>>>Certificates1!0<31><6><3>U<4><11><19><24>Test
>>>>>Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>>>>>production)1 0<30><6><9>*<1
>>>>>34>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><1><0>0<12><6>
>>>>><3>U<29><19><4><5>0<3><1>
>>>>><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>
>>>>>A<130>4<253><23>-<13><9><
>>>>>9><222>3<19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<233><144><
>>>>>146>&g<162><190><234><145
>>>>>
>>>>>          
>>>>>
>>>>>>H<159><10>^6IQ<223><219><193>@><204>b<245><12><6><133><147><132><192>f
>>>>>>            
>>>>>>
>>>>>U<165><197><180>k<136>:<8
>>>>>
>>>>>          
>>>>>
>>>>>><198><152><165>*
>>>>>>            
>>>>>>
>>>>>      EAP-Message =
>>>>>%<221><237><188><23><251><255><172>'n<142>H<25>q<173>t<215><212><221><2
>>>>>39>
>>>>><20>FZyd<205><240>Wbd<143><139>q]h<236><127><16><143>tA<163>4I<236><230
>>>>>
>>>>>          
>>>>>
>>>>>><147><218>><175>B^<130><
>>>>>>            
>>>>>>
>>>>>0>*9<22><3><1><0><220><13><0><0><212><2><1><2><0><207><0><205>0<129><20
>>>>>2>1<11>0<9><6><3>U<4><6><
>>>>>19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><1
>>>>>9><9>Melbourne1<30>0<28><
>>>>>6><3>U<4><10><19><21>OSC Demo
>>>>>Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1
>>>>>/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
>>>>>0<30><6><9>*<134>H<134>
>>>>>      EAP-Message =
>>>>><247><13><1><9><1><22><17>mikem at open.com.au<14><0><0><0>
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>*** Received from e.f.g.h port 1027 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 46
>>>>>Authentic:  67<164><13><194><211><16><9><14>/<<197><26>K(A
>>>>>Attributes:
>>>>>      Framed-MTU = 1480
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXX"
>>>>>      User-Name = "wifi"
>>>>>      Service-Type = Framed-User
>>>>>      Framed-Protocol = PPP
>>>>>      NAS-Port = 13
>>>>>      NAS-Port-Type = Ethernet
>>>>>      NAS-Port-Id = "13"
>>>>>      Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>      Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>      Tunnel-Type = 0:VLAN
>>>>>      Tunnel-Medium-Type = 0:802
>>>>>      Tunnel-Private-Group-ID = 5
>>>>>      EAP-Message =
>>>>><2><6><0><220><25><129><0><0><0><210><22><3><1><0><7><11><0><0><3><0><0
>>>>>
>>>>>          
>>>>>
>>>>>><0><22><3><1><0><134><16><0><0><130><0><128>g<249><15>d<211><13>FX<251
>>>>>>0<22><150><185><204><183>aiIss`<180><208><152><236>s@
>>>>>>            
>>>>>>
>>>>><213><196>:<139><28><7>
>>>>><148><157>'<136><183>l<242><21><183><182><237>O<168>#<203>"l<162><150>3
>>>>><168><199><13><254><157><28><148><150><211><172><199>><165><127><174>X1
>>>>><18><172><9>{"<218>0<130><151><211><2><179><178>FR<182>a<234>w]<17><215
>>>>>
>>>>>          
>>>>>
>>>>>><{T<206><155><137><144><25><196>T<209><189><149><198><167><187><173>U<
>>>>>>            
>>>>>>
>>>>>186><245><163><162><2><18>u>/
>>>>><135><198>Y<227><227><201>M<20><3><1><0><1><1><22><3><1><0>0<151><252><
>>>>>10><204><172><19>Z`*E<31>N<172><14>.<163><226><225>wuD:
>>>>><188><31><237><238>S<144><13><145><148><248><214>{<223>H<16>(<184><4>J<
>>>>>132><163>Ua<184><1>l
>>>>>      Message-Authenticator =
>>>>>?I<19>O<235><<217><26><155>%<157>H<237><226>?<27>
>>>>>
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:18:26 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
>>>>>13
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with EAP: code 2, 6, 220
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>Challenge
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>*** Sending to e.f.g.h port 1027 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 46
>>>>>Authentic:  67<164><13><194><211><16><9><14>/<<197><26>K(A
>>>>>Attributes:
>>>>>      EAP-Message =
>>>>><1><7><0>E<25><129><0><0><0>;
>>>>><20><3><1><0><1><1><22><3><1><0>0<203>DI*<203>g<245><240><213>P<232>Y7<
>>>>>15><197><248><225><9>9_f<232><181>R<203><246>Ys<19><148><140><237>^~Y<2
>>>>>25><184>:WU<246><178>44U",<225>
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>*** Received from e.f.g.h port 1027 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 47
>>>>>Authentic:  <230>'<212>}r<195>@y<190><31>l5<202>;X<177>
>>>>>Attributes:
>>>>>      Framed-MTU = 1480
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXXX"
>>>>>      User-Name = "wifi"
>>>>>      Service-Type = Framed-User
>>>>>      Framed-Protocol = PPP
>>>>>      NAS-Port = 13
>>>>>      NAS-Port-Type = Ethernet
>>>>>      NAS-Port-Id = "13"
>>>>>      Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>      Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>      Tunnel-Type = 0:VLAN
>>>>>      Tunnel-Medium-Type = 0:802
>>>>>      Tunnel-Private-Group-ID = 5
>>>>>      EAP-Message = <2><7><0><6><25><1>
>>>>>      Message-Authenticator =
>>>>><243><164><164>S<220><8>s<152><154>P<246><154><242><9><178><164>
>>>>>
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:18:26 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
>>>>>13
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Handling with EAP: code 2, 7, 6
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>Challenge
>>>>>Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>*** Sending to e.f.g.h port 1027 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 47
>>>>>Authentic:  <230>'<212>}r<195>@y<190><31>l5<202>;X<177>
>>>>>Attributes:
>>>>>      EAP-Message = <1><8><0>P<25><1><23><3><1><0>
>>>>><189><169><159><137><190>Q+<208>f<4><136><224>u<167><239><130><3><128>j
>>>>>c<31><9><234><221><7>jn="B<1><164><23><3><1><0>
>>>>><242>$<<214><238><215><192><20><210><141>c<197>2<0><207><139><147><206>
>>>>><231>Y<186><221><214>r<197>4<218>?<233>r^`
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>*** Received from e.f.g.h port 1027 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 48
>>>>>Authentic:  <150><23><4><237>"<179>p<233>n<15><156><165>z+<136>!
>>>>>Attributes:
>>>>>      Framed-MTU = 1480
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXXX"
>>>>>      User-Name = "wifi"
>>>>>      Service-Type = Framed-User
>>>>>      Framed-Protocol = PPP
>>>>>      NAS-Port = 13
>>>>>      NAS-Port-Type = Ethernet
>>>>>      NAS-Port-Id = "13"
>>>>>      Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>      Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>      Tunnel-Type = 0:VLAN
>>>>>      Tunnel-Medium-Type = 0:802
>>>>>      Tunnel-Private-Group-ID = 5
>>>>>      EAP-Message = <2><8><0>P<25><1><23><3><1><0>
>>>>><234><251><162><188>i<151><194><175>Y<17><135><147><0><231><246><199><1
>>>>>65>9#<205>(> <203><246><136>`<206><252><239><226>I<23><3><1><0>
>>>>><147><200>v<238><199><163>"V2CEa<3><199><216><21><18><5><22><26><246><2
>>>>>48>b<12>#CZ<0><243>Y<162><253>
>>>>>      Message-Authenticator =
>>>>><237>*<204><234><247><248><6>5N<221><229><140><12>N<208>b
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
>>>>>13
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 8, 80
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: EAP PEAP inner authentication request
>>>>>for anonymous
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: PEAP Tunnelled request Packet dump:
>>>>>Code:       Access-Request
>>>>>Identifier: UNDEF
>>>>>Authentic:  {<134><221><5><137>A<254><212><232>#_<240>&snr
>>>>>Attributes:
>>>>>      EAP-Message = <2><0><0><9><1>wifi
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>      User-Name = "anonymous"
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXXX"
>>>>>      NAS-Port = 13
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler
>>>>>'TunnelledByPEAP=1'
>>>>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for , e.f.g.h, 13
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL:
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 0, 9
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 1
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for anonymous: EAP
>>>>>MSCHAP-V2 Challenge
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP PEAP inner
>>>>>authentication redespatched to a Handler
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>inner authentication redespatched to a Handler
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>*** Sending to e.f.g.h port 1027 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 48
>>>>>Authentic:  <150><23><4><237>"<179>p<233>n<15><156><165>z+<136>!
>>>>>Attributes:
>>>>>      EAP-Message = <1><9><0>p<25><1><23><3><1><0>
>>>>><245><208><201>=<245>><196><212><171><169><184><152>G<192><190>P<150><2
>>>>>01>$<246><207><224>vY<7><146><238>K<191><191><9><164><23><3><1><0>@<242
>>>>>
>>>>>          
>>>>>
>>>>>>v<194><182><191>"<189>&K<230>2e<29>r<222>f<193><211>r<238>B<133><244>/
>>>>>>            
>>>>>>
>>>>><214><210><130><23><218><246>H<12>3<246><130><169><159>R<171><14><6><23
>>>>>
>>>>>          
>>>>>
>>>>>><199><201><20><209>>v<184><236>E<22>(<225><24>b<177>z<170><216><191><1
>>>>>>            
>>>>>>
>>>>>76><216>"
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>*** Received from e.f.g.h port 1027 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 49
>>>>>Authentic:  F<7>4]<210><163><160>Y<30><255><204><21>*<27><184><145>
>>>>>Attributes:
>>>>>      Framed-MTU = 1480
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXXX"
>>>>>      User-Name = "wifi"
>>>>>      Service-Type = Framed-User
>>>>>      Framed-Protocol = PPP
>>>>>      NAS-Port = 13
>>>>>      NAS-Port-Type = Ethernet
>>>>>      NAS-Port-Id = "13"
>>>>>      Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>      Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>      Tunnel-Type = 0:VLAN
>>>>>      Tunnel-Medium-Type = 0:802
>>>>>      Tunnel-Private-Group-ID = 5
>>>>>      EAP-Message = <2><9><0><144><25><1><23><3><1><0>
>>>>>`<224>MO<0><31><237>q<132><226><19><146
>>>>>
>>>>>          
>>>>>
>>>>>><173>~+
>>>>>>            
>>>>>>
>>>>><201><128>UG<2>n<152><242><128><22><187><214>b0<242><23><23><3><1><0>`5
>>>>><152>r-<19>p!_<2
>>>>>31><235>MjIc<215><235><200>G\<230>~<211>h>d<137><165><166>o<139>`<187><
>>>>>212>{<223>J<165><13>Cc<15
>>>>>9><149>[-
>>>>><182><179><21><221><181>~Y<131><175><162><236><9><154><239>Q<190>+<20><
>>>>>143><203><187>=<
>>>>>8>J<166>c<252><197>L<173>}<127>J<25>Jo<146><135><149><157><198>g<237><1
>>>>>40><253>U;<190><150><Fh
>>>>>      Message-Authenticator =
>>>>><149>|<200>x<217>E<171><197>7<236><226><192>!s<140>U
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
>>>>>13
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 9, 144
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: EAP PEAP inner authentication request
>>>>>for anonymous
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: PEAP Tunnelled request Packet dump:
>>>>>Code:       Access-Request
>>>>>Identifier: UNDEF
>>>>>Authentic:  q2<232><250><210>y<142><240><10>HAI/<8><140>"
>>>>>Attributes:
>>>>>      EAP-Message =
>>>>><2><1><0>@<26><2><1><0>11<29><216><225><23><243><0><229>*da<152>$0<147>
>>>>><22
>>>>>1><141><0><0><0><0><0><0><0><0>c<241><219><189>LC<230><218><194><134><2
>>>>>3><177><17><24><151>@]<15
>>>>>6><131>49<4>p<140><0>wifi
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>      User-Name = "anonymous"
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXXX"
>>>>>      NAS-Port = 13
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler
>>>>>'TunnelledByPEAP=1'
>>>>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for , e.f.g.h, 13
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL:
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 1, 64
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 26
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Query is: 'select password from
>>>>>inetusers where username = 'wif
>>>>>i' and locked = 0':
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Radius::AuthSQL looks for match with
>>>>>wifi
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Radius::AuthSQL ACCEPT:
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP MSCHAP V2
>>>>>Challenge: Success
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for anonymous: EAP
>>>>>MSCHAP V2 Challenge: Success
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP PEAP inner
>>>>>authentication redespatched to a Handler
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>inner authentication redespatched to a Handler
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>*** Sending to e.f.g.h port 1027 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 49
>>>>>Authentic:  F<7>4]<210><163><160>Y<30><255><204><21>*<27><184><145>
>>>>>Attributes:
>>>>>      EAP-Message = <1><10><0><144><25><1><23><3><1><0>
>>>>><149>Q$<23><202><190><149><174>&<138><15>KE<6><240>\oJ'b<210><244><194>
>>>>>H3dFs<188>7$<136><23><3><1><0>`<9><143><143>U<194>,<216><30>"<157><237>
>>>>><221><170>8<167>J{<199>B<134>^<129><141><165><219><230>2?
>>>>><173>V<231><164><144><134>b<204><152>yy<255>{6<226>'<212>\<184>U<173><2
>>>>>19>6<245><136><252><23><208>qC<243>^"<178>+<185><28><10>&<131>.y<198><2
>>>>>12><6>7<9><255>.<253><127>o<225><236>v<229>\<154><172><24>3<26>V<201><1
>>>>>0><246><245><252>
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>*** Received from e.f.g.h port 1027 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 50
>>>>>Authentic:
>>>>><246><247>d<205><130><147><208><201><206><239><252><133><218><11><232><
>>>>>1>
>>>>>Attributes:
>>>>>      Framed-MTU = 1480
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXXX"
>>>>>      User-Name = "wifi"
>>>>>      Service-Type = Framed-User
>>>>>      Framed-Protocol = PPP
>>>>>      NAS-Port = 13
>>>>>      NAS-Port-Type = Ethernet
>>>>>      NAS-Port-Id = "13"
>>>>>      Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>      Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>      Tunnel-Type = 0:VLAN
>>>>>      Tunnel-Medium-Type = 0:802
>>>>>      Tunnel-Private-Group-ID = 5
>>>>>      EAP-Message = <2><10><0>P<25><1><23><3><1><0>
>>>>><231><0><246>p<148>L/
>>>>><240><129><3>k@<140>x<129><6><167><214><210>d$<9><238>O<175>w:
>>>>><150>^<3>!<147><23><3><1><0>
>>>>><217><244>&<237><<175>Q<149><216><199>Z=k<5>~<1><210><5><169><242><18><
>>>>>172><250><242><196><0><19><255><208>B<137><139>
>>>>>      Message-Authenticator =
>>>>>p<235><220><220><219>E<150>l<236>8<238>'/<211>a<172>
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
>>>>>13
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 10, 80
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: EAP PEAP inner authentication request
>>>>>for anonymous
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: PEAP Tunnelled request Packet dump:
>>>>>Code:       Access-Request
>>>>>Identifier: UNDEF
>>>>>Authentic:
>>>>>U$<172><211><235><156><148><226><173><208><252><142><232><174><167><19>
>>>>>Attributes:
>>>>>      EAP-Message = <2><2><0><7><26><3>
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>      User-Name = "anonymous"
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXXX"
>>>>>      NAS-Port = 13
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler
>>>>>'TunnelledByPEAP=1'
>>>>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for , e.f.g.h, 13
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL:
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 2, 7
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 26
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 0,
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Access accepted for anonymous
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP PEAP inner
>>>>>authentication redespatched to a Handler
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for wifi: EAP PEAP
>>>>>inner authentication redespatched to a Handler
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>*** Sending to e.f.g.h port 1027 ....
>>>>>Code:       Access-Challenge
>>>>>Identifier: 50
>>>>>Authentic:
>>>>><246><247>d<205><130><147><208><201><206><239><252><133><218><11><232><
>>>>>1>
>>>>>Attributes:
>>>>>      EAP-Message = <1><11><0>P<25><1><23><3><1><0>
>>>>><31><221>H<162><173><149>]<234><17><249><10>0<238><194><229><186><197>g
>>>>><242><248><7>5<130>&<18><154><25><226><229>S<134><171><23><3><1><0>
>>>>><224><188><15>5<30>'<205><7>p=5<230><194><238><206>N{<204>k<192>#<4><18
>>>>>7><202><Z<241><248><174><210><184><235>
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>*** Received from e.f.g.h port 1027 ....
>>>>>Code:       Access-Request
>>>>>Identifier: 51
>>>>>Authentic:  <166><231><148>=2<131><0>9~<223>,<245><138><251><24>q
>>>>>Attributes:
>>>>>      Framed-MTU = 1480
>>>>>      NAS-IP-Address = e.f.g.h
>>>>>      NAS-Identifier = "XXXXXXX"
>>>>>      User-Name = "wifi"
>>>>>      Service-Type = Framed-User
>>>>>      Framed-Protocol = PPP
>>>>>      NAS-Port = 13
>>>>>      NAS-Port-Type = Ethernet
>>>>>      NAS-Port-Id = "13"
>>>>>      Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>      Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>      Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>      Tunnel-Type = 0:VLAN
>>>>>      Tunnel-Medium-Type = 0:802
>>>>>      Tunnel-Private-Group-ID = 5
>>>>>      EAP-Message = <2><11><0>P<25><1><23><3><1><0>
>>>>>j<168><19><206><4><176><143><128><128><245><212><138><22><224>I<226><13
>>>>>8><17>h<183><178><236>&<217><<167>&<127>F<172>C<167><23><3><1><0>
>>>>>*F<234>!
>>>>><14>Fmx<26><150><229><18><237><199><131>Tm<178><216><232><129><255><183
>>>>>
>>>>>          
>>>>>
>>>>>><131><251>#<226>VawI<4>
>>>>>>            
>>>>>>
>>>>>      Message-Authenticator =
>>>>><162>JO<192><22>p<198><194>C<238>G<158>|E<29>(
>>>>>
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
>>>>>Fri Jan 30 21:18:27 2004: DEBUG:  Deleting session for wifi, e.f.g.h,
>>>>>13
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 11, 80
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 0,
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Access accepted for wifi
>>>>>Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>*** Sending to e.f.g.h port 1027 ....
>>>>>Code:       Access-Accept
>>>>>Identifier: 51
>>>>>Authentic:  <166><231><148>=2<131><0>9~<223>,<245><138><251><24>q
>>>>>Attributes:
>>>>>      EAP-Message = <3><11><0><4>
>>>>>      Message-Authenticator =
>>>>><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>
>>>>>
>>>>>
>>>>>===
>>>>>Archive at http://www.open.com.au/archives/radiator/
>>>>>Announcements on radiator-announce at open.com.au
>>>>>To unsubscribe, email 'majordomo at open.com.au' with
>>>>>'unsubscribe radiator' in the body of the message.
>>>>>          
>>>>>
>>>>NB: have you included a copy of your configuration file (no secrets),
>>>>together with a trace 4 debug showing what is happening?
>>>>        
>>>>
>>===
>>Archive at http://www.open.com.au/archives/radiator/
>>Announcements on radiator-announce at open.com.au
>>To unsubscribe, email 'majordomo at open.com.au' with
>>'unsubscribe radiator' in the body of the message.
>>    
>>
>
>  
>


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list