(RADIATOR) Help me with 802.1x on AlliedTelesyn switch please
Terry Simons
galimore at mac.com
Fri Feb 20 15:16:46 CST 2004
Umm... this is a bunch of crap. :-)
You're completely right...
The Authenticator shouldn't care what EAP type you are sending
through... it's completely transparent!
Unless they're doing something REALLY weird, it shouldn't matter...
I would ask them what the technical merit is behind only supporting
MD5, as the authenticator shouldn't care what EAP type is being used.
- Terry
On Feb 20, 2004, at 2:06 AM, Pavel Paprok wrote:
> Hi,
>
> FYI we got answer of Allied Telesyn tech support of this switch:
>
> ----
> After analyzing the debug logs of the open1x supplicant and of the
> radiator server you sent, it looks like you are either using EAP-PEAP
> or
> EAP-TLS. Our switches only support EAP-MD5, so the supplicant should
> be
> configured for EAP-MD5 as well as the radius server. Please replace
> this
> with with EAP-MD5.
> ----
>
> Does it mean that this switch is not eap type trasparent...? Is it
> possible?
> Anyway - in switch manual is no info about this "feature".
>
> P.
>
>
>
>
> Mike McCauley wrote:
>
>> Hello Pavel,
>>
>> On Tue, 3 Feb 2004 12:22 am, Pavel Paprok wrote:
>>
>>> yes, firmware is recent - AT-S39 v3.2.0 firmware update.
>>> as wrotten in software release notes there is 802.1x support
>>> since fw 3.1.0. (3.1.1 and 3.2.0 has no new features), there stay:
>>>
>>> "Two types of RADIUS servers have been verified as fully
>>> compatible with this feature: Funk Software Steel-Belted Radius
>>> and Free Radius. Two types of 802.1x clients have been
>>> verified to be fully-compatible: Microsoft WinXP client
>>> and Meeting House Aegis client."
>>>
>>> all info on product page:
>>> http://www.alliedtelesyn.com/allied/support/viewproductsupport.asp?
>>> id=637&t
>>> ype=&dosearch=1&sub=0&product=AT%2D8012M&back=true&country=2&lang=en
>>>
>>> i really need to get it work with radiator
>>>
>>
>> The logs show that the switch is not sending the first part of the
>> server certificate back to the client. This is incorrect.
>>
>> The only conclusions I can make are:
>>
>> 1. The switch firmware version you are running is broken. You may
>> need to downgrade to the version they claim works correctly.
>>
>> 2. There is a configuration problem in the switch.
>>
>> I dont think there is anything else we can do to help at this stage.
>>
>> Does anyone else have experience with the AT-S39 switch?
>>
>>
>>
>>
>>> pavel
>>>
>>> Mike McCauley wrote:
>>>
>>>> Hello Pabel,
>>>>
>>>> thanks for sending more complete logs.
>>>>
>>>>> From close examination of the log, I can see that Radiator sends
>>>>> the
>>>>
>>>>> first
>>>>>
>>>> part of the server certificate back to the client, but then,
>>>> instead of
>>>> sending an acknowledgement, the client again sends another EAP
>>>> identity.
>>>> This is incorrect behaviour.
>>>>
>>>> I seriously suspect that there is a problem with the AT-8012M
>>>> firmware.
>>>> Can you confirm the correct firmware version with Allied?
>>>>
>>>> Cheers.
>>>>
>>>> On Mon, 2 Feb 2004 06:31 pm, Hugh Irvine wrote:
>>>>
>>>>> Begin forwarded message:
>>>>>
>>>>>> From: Pavel Paprok <ppaprok at applet.cz>
>>>>>> Date: 31 January 2004 08:18:06 GMT+11:00
>>>>>> To: Mike McCauley <mikem at open.com.au>
>>>>>> Cc: radiator at open.com.au
>>>>>> Subject: Re: (RADIATOR) Help me with 802.1x on AlliedTelesyn
>>>>>> switch
>>>>>> please
>>>>>>
>>>>>> Mike McCauley wrote:
>>>>>>
>>>>>>> Hello Pavel,
>>>>>>>
>>>>>>> I cant tell exactly what the problem is at this stage. It would
>>>>>>> help
>>>>>>> if you sent more of the Radiator log file, since the part you
>>>>>>> sent
>>>>>>> only covers the beginning of the authentication process.
>>>>>>>
>>>>>> hallo,
>>>>>> in this message i replaced old logs by new created logs - a bit
>>>>>> longer....
>>>>>> my config was still exactly same except MaxFragmentSize reduced
>>>>>> to 800
>>>>>> but with no effect.
>>>>>>
>>>>>> also i add log from successfull 802.1x connection to other switch
>>>>>> -
>>>>>> HPProCurve
>>>>>> - for compare - from exactly same radiator server and xsupplicant
>>>>>> station, HP switch
>>>>>> only on different ip. these logs are on end of this message if you
>>>>>> want to see...
>>>>>>
>>>>>>
>>>>>>> Since your Radiator works with other APs and the same clients,
>>>>>>> and
>>>>>>> since this AP is supposed to work with FreeRadius, you might
>>>>>>> consider
>>>>>>> reducing the size of EAPTLS_MaxFragmentSize to less than 1024,
>>>>>>> try
>>>>>>> say 1000 or 800?
>>>>>>>
>>>>>> of course, i try all possible values of this parameter from 512
>>>>>> to 4k
>>>>>> but no advance...
>>>>>>
>>>>>> bye,
>>>>>> pavel
>>>>>>
>>>>>>
>>>>>>> Cheers.
>>>>>>>
>>>>>>> On Fri, 30 Jan 2004 04:38 am, Pavel Paprok wrote:
>>>>>>>
>>>>>>>> Hallo,
>>>>>>>>
>>>>>>>> I just trying to authorise ethernet ports on manageable switch
>>>>>>>> Allied Telesyn AT-8012M (latest software AT-S39, v3.2.0)
>>>>>>>> with enabled 802.1x by EAP/PEAP/MSCHAPv2.
>>>>>>>> radius is Radiator v3.8 one server licensed, system is RedHat9.
>>>>>>>> supplicant is latest xsupplicant (v0.8b) but with native
>>>>>>>> WinXP clients auth do not work too.
>>>>>>>> certificates are from test suite of radiator.
>>>>>>>>
>>>>>>>> there should be no general error in my radiator configuration
>>>>>>>> because
>>>>>>>> exactly same 802.1x eap configuration with ports of other
>>>>>>>> ethernet
>>>>>>>> switches we use, wired (HP Procurve 2412,...) or wireless AP
>>>>>>>> (DLink,..)
>>>>>>>> works good (with same xsupplicants and WinXP 802.1x system
>>>>>>>> clients).
>>>>>>>>
>>>>>>>> very basic radius configuration on Allied should be also ok
>>>>>>>> because
>>>>>>>> when authorising of serial console account (manage prompt) from
>>>>>>>> the
>>>>>>>> radius
>>>>>>>> it works properly, but not on its ethernet ports thru 802.1x
>>>>>>>> eap/peapmschapv2.
>>>>>>>> (auth of its serial console from config below removed for
>>>>>>>> simplicity)
>>>>>>>>
>>>>>>>> in manual of AlliedTelesyn switch wrotten that its 802.1x was
>>>>>>>> tested
>>>>>>>> with
>>>>>>>> WinXP clients and FreeRadius radius server - but Radiator should
>>>>>>>> be in 802.1x better, are so?
>>>>>>>>
>>>>>>>> Please help, what should I try next to get it run?
>>>>>>>>
>>>>>>>> thanks,
>>>>>>>> Pavel
>>>>>>>>
>>>>>>>> --------------------------------------------------------------
>>>>>>>> here is log from x supplicant:
>>>>>>>>
>>>>>> [root at pp2 root]# xsupplicant -i eth1 -d 5
>>>>>> Calling do_eapol, with device eth1
>>>>>> Setup on device eth1 complete
>>>>>> (EAPMD5) Initalized
>>>>>> (EAPMS-CHAP) Initalized
>>>>>> Done with init.
>>>>>> Sending EAPOL-Start #1
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ## eap_decode_packet ##: Type is Identity
>>>>>> Connection Established, authenticating...
>>>>>> ACQUIRED
>>>>>> ## eap_decode_packet ##: Got an EAP failure
>>>>>> Failed to Authenticate
>>>>>> CONNECTING
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ## eap_decode_packet ##: Type is Identity
>>>>>> Connection Established, authenticating...
>>>>>> ACQUIRED
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ## eap_decode_packet ##: Type is Identity
>>>>>> Connection Established, authenticating...
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ### Type is 25, length: 6
>>>>>> Loading certificate /etc/1x/certs/CAroot.pem . . .
>>>>>> (TLS)Loaded root certificate /etc/1x/certs/CAroot.pem and dirctory
>>>>>> (null)
>>>>>> --- SSL : before/connect initialization
>>>>>> --- SSL : before/connect initialization
>>>>>> --- SSL : SSLv3 write client hello A
>>>>>> --- SSL : SSLv3 read server hello A
>>>>>> Destination : 1:80:c2:0:0:3
>>>>>> AUTHENTICATING
>>>>>>
>>>>>>
>>>>>> ...here it stay ~ 20 .. 30 sec
>>>>>>
>>>>>>
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ## eap_decode_packet ##: Type is Identity
>>>>>> Connection Established, authenticating...
>>>>>> ACQUIRED
>>>>>>
>>>>>>
>>>>>> ... here it stay again ~ 20 sec
>>>>>>
>>>>>>
>>>>>> ## eap_decode_packet ##: Got an EAP failure
>>>>>> Failed to Authenticate
>>>>>> CONNECTING
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ## eap_decode_packet ##: Type is Identity
>>>>>> Connection Established, authenticating...
>>>>>> ACQUIRED
>>>>>> ## eap_decode_packet ##: Got an EAP failure
>>>>>> Failed to Authenticate
>>>>>> CONNECTING
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ## eap_decode_packet ##: Type is Identity
>>>>>> Connection Established, authenticating...
>>>>>> ACQUIRED
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ## eap_decode_packet ##: Type is Identity
>>>>>> Connection Established, authenticating...
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ## eap_decode_packet ##: Type is Identity
>>>>>> Connection Established, authenticating...
>>>>>> ## eap_decode_packet ##: Got an EAP failure
>>>>>> Failed to Authenticate
>>>>>> CONNECTING
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ## eap_decode_packet ##: Type is Identity
>>>>>> Connection Established, authenticating...
>>>>>> ACQUIRED
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ## eap_decode_packet ##: Type is Identity
>>>>>> Connection Established, authenticating...
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ### Type is 25, length: 6
>>>>>> --- SSL : SSLv3 read server hello A
>>>>>> Destination : 1:80:c2:0:0:3
>>>>>> AUTHENTICATING
>>>>>> (EAPMD5) Cleaning up.
>>>>>> (EAPMS-CHAP) Cleaning up.
>>>>>> [root at pp2 root]#
>>>>>>
>>>>>> ... end was because i stopped xsupplicant
>>>>>>
>>>>>>
>>>>>> LOG FROM RADIATOR:
>>>>>>
>>>>>>
>>>>>> Fri Jan 30 21:10:23 2004: DEBUG: Reading users file
>>>>>> /etc/radiator/outerEAPusers
>>>>>> Fri Jan 30 21:10:23 2004: DEBUG: Finished reading configuration
>>>>>> file
>>>>>> '/etc/radiator/radius.cfg'
>>>>>> Fri Jan 30 21:10:23 2004: DEBUG: Reading dictionary file
>>>>>> '/etc/radiator/dictionary'
>>>>>> Fri Jan 30 21:10:23 2004: DEBUG: Creating authentication port
>>>>>> 0.0.0.0:1812
>>>>>> Fri Jan 30 21:10:23 2004: DEBUG: Creating accounting port
>>>>>> 0.0.0.0:1813
>>>>>> Fri Jan 30 21:10:23 2004: NOTICE: Server started: Radiator 3.8 on
>>>>>> data.applet.cz
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
>>>>>> *** Received from a.b.c.d port 516 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 49
>>>>>> Authentic:
>>>>>> <136><150><30>Q<236><19><188>m<146><31><142>Jg<160><209>7
>>>>>> Attributes:
>>>>>> User-Name = "wifi"
>>>>>> NAS-IP-Address = a.b.c.d
>>>>>> NAS-Port = 3
>>>>>> Called-Station-Id = "00:0C:46:22:71:20"
>>>>>> Calling-Station-Id = "00:30:4F:20:F1:54"
>>>>>> Framed-MTU = 1400
>>>>>> NAS-Port-Type = Ethernet
>>>>>> Connect-Info = "100Mbps"
>>>>>> EAP-Message = <2><164><0><9><1>wifi
>>>>>> Message-Authenticator =
>>>>>> <199><156>a<169>2y'<242><187><201>@*'<187><10>r
>>>>>>
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Deleting session for wifi,
>>>>>> a.b.c.d, 3
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Handling with EAP: code 2, 164, 9
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Response type 1
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> Challenge
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
>>>>>> *** Sending to a.b.c.d port 516 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 49
>>>>>> Authentic:
>>>>>> <136><150><30>Q<236><19><188>m<146><31><142>Jg<160><209>7
>>>>>> Attributes:
>>>>>> EAP-Message = <1><165><0><6><25>!
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
>>>>>> *** Received from a.b.c.d port 516 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 51
>>>>>> Authentic:
>>>>>> X<28><138><228><24><18>jG<157><193><233><241><204><198>g7
>>>>>> Attributes:
>>>>>> User-Name = "wifi"
>>>>>> NAS-IP-Address = a.b.c.d
>>>>>> NAS-Port = 3
>>>>>> Called-Station-Id = "00:0C:46:22:71:20"
>>>>>> Calling-Station-Id = "00:30:4F:20:F1:54"
>>>>>> Framed-MTU = 1400
>>>>>> NAS-Port-Type = Ethernet
>>>>>> Connect-Info = "100Mbps"
>>>>>> EAP-Message =
>>>>>> <2><165><0>n<25><129><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>@<26>
>>>>>> <186>
>>>>>> 8F<6><177><135><208><190><148><254><[<248>j<10><17><201><139><8><1
>>>>>> 89><1
>>>>>> 61><227><22><145>u8<133>)<163><175><0><0>4<0>9<0>8<0>5<0><22><0><1
>>>>>> 9><0>
>>>>>> <10><0>3<0>2<0>/
>>>>>> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20
>>>>>> ><0><
>>>>>> 17><0><8><0><6><0><3><1><0>
>>>>>> Message-Authenticator =
>>>>>> ^<132><22><142>M<235>j<152><24><234><153><184>z<17><19><210>
>>>>>>
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Deleting session for wifi,
>>>>>> a.b.c.d, 3
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Handling with EAP: code 2, 165,
>>>>>> 110
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: EAP TLS SSL_accept result: -1,
>>>>>> 2, 8576
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> Challenge
>>>>>> Fri Jan 30 21:10:28 2004: DEBUG: Packet dump:
>>>>>> *** Sending to a.b.c.d port 516 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 51
>>>>>> Authentic:
>>>>>> X<28><138><228><24><18>jG<157><193><233><241><204><198>g7
>>>>>> Attributes:
>>>>>> EAP-Message =
>>>>>> <1><166><3>*<25><193><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@<26>
>>>>>> <186>
>>>>>> 4h|<243>I<135><247><152><140><127>\C\<207><201><240><247><128>N<20
>>>>>> 5><18
>>>>>> 6><136>t<204><214><204>pcX
>>>>>> <211>{i<254><0><146>GEIt<197>s<134><164>WE3I<229>E<128><231><15>f]
>>>>>> J<28>
>>>>>> <161><196><222><193>Y<0>5<0><22><3><1><7><27><11><0><7><23><0><7><
>>>>>> 20><0
>>>>>>
>>>>>>
>>>>>>> <2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6
>>>>>>> ><9>*
>>>>>>>
>>>>>> <134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><
>>>>>> 6><19
>>>>>>
>>>>>>
>>>>>>> <2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7
>>>>>>> ><19>
>>>>>>>
>>>>>> <9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>>>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>>>>>> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not
>>>>>> use
>>>>>> in production)1
>>>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au
>>>>>> 0<30>
>>>>>> <23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6>
>>>>>> <19><
>>>>>> 2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><
>>>>>> 19><9
>>>>>>
>>>>>>
>>>>>>> Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test
>>>>>>>
>>>>>> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129>
>>>>>> <159>
>>>>>> 0<13><6><9>*<134>H<134><247><13><1><1>
>>>>>> EAP-Message =
>>>>>> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<21
>>>>>> 7><24
>>>>>> 5><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9
>>>>>> <193>
>>>>>> <13><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS
>>>>>> <151>
>>>>>> <30><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171
>>>>>> >5s<1
>>>>>> 87><229><139>2<250><146><1><187><207><226><203>5<251><178><1><212>
>>>>>> <178>
>>>>>> <141><219>O<253><134><213>N|<172>:
>>>>>> J<23><173><161><191><141><25>&<198>Fi<17><181><137>Fy<0><177><210>
>>>>>> <215>
>>>>>> <186>x<141><197><212>s<145><235>\<164><8>!
>>>>>> <2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<
>>>>>> 6><1>
>>>>>> <5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><
>>>>>> 129><
>>>>>> 129><0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<2
>>>>>> 4><13
>>>>>> 6><172><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><
>>>>>> 183><
>>>>>> 230><148><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><
>>>>>> 4>r<2
>>>>>> 39>?<1><16><203>
>>>>>> EAP-Message =
>>>>>> T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes
>>>>>> ^<202
>>>>>>
>>>>>>
>>>>>>> u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><20
>>>>>>> 6>t
>>>>>>>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
>>>>>> *** Received from a.b.c.d port 516 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 55
>>>>>> Authentic:
>>>>>> <151><136><183><6><213>N<227><8><165><160><196>%<248><156><166><11
>>>>>> >
>>>>>> Attributes:
>>>>>> User-Name = "wifi"
>>>>>> NAS-IP-Address = a.b.c.d
>>>>>> NAS-Port = 3
>>>>>> Called-Station-Id = "00:0C:46:22:71:20"
>>>>>> Calling-Station-Id = "00:30:4F:20:F1:54"
>>>>>> Framed-MTU = 1400
>>>>>> NAS-Port-Type = Ethernet
>>>>>> Connect-Info = "100Mbps"
>>>>>> EAP-Message = <2><169><0><9><1>wifi
>>>>>> Message-Authenticator =
>>>>>> r<214>vt<240>y%<150>K^=-<241><191><<212>
>>>>>>
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Deleting session for wifi,
>>>>>> a.b.c.d, 3
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Handling with EAP: code 2, 169, 9
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Response type 1
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Resuming session for
>>>>>> Radius::Context=HASH(0x857b140)
>>>>>>
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> Challenge
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
>>>>>> *** Sending to a.b.c.d port 516 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 55
>>>>>> Authentic:
>>>>>> <151><136><183><6><213>N<227><8><165><160><196>%<248><156><166><11
>>>>>> >
>>>>>> Attributes:
>>>>>> EAP-Message = <1><170><0><6><25>!
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
>>>>>> *** Received from a.b.c.d port 516 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 57
>>>>>> Authentic: <6>x<9><127>$k<228>3P<<230><219>JH<183>v
>>>>>> Attributes:
>>>>>> User-Name = "wifi"
>>>>>> NAS-IP-Address = a.b.c.d
>>>>>> NAS-Port = 3
>>>>>> Called-Station-Id = "00:0C:46:22:71:20"
>>>>>> Calling-Station-Id = "00:30:4F:20:F1:54"
>>>>>> Framed-MTU = 1400
>>>>>> NAS-Port-Type = Ethernet
>>>>>> Connect-Info = "100Mbps"
>>>>>> EAP-Message = <2><170><0><6><25><1>
>>>>>> Message-Authenticator =
>>>>>> u<242>THJ<214><131>,<17><195>$<9>c<19>*<174>
>>>>>>
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Deleting session for wifi,
>>>>>> a.b.c.d, 3
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Handling with EAP: code 2, 170, 6
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: EAP result: 2, EAP PEAP Nothing
>>>>>> to
>>>>>> read or write
>>>>>> Fri Jan 30 21:11:57 2004: NOTICE: SIGTERM received: stopping
>>>>>> EAP-Message = <1><170><0><6><25>!
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Packet dump:
>>>>>> *** Received from a.b.c.d port 516 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 57
>>>>>> Authentic: <6>x<9><127>$k<228>3P<<230><219>JH<183>v
>>>>>> Attributes:
>>>>>> User-Name = "wifi"
>>>>>> NAS-IP-Address = a.b.c.d
>>>>>> NAS-Port = 3
>>>>>> Called-Station-Id = "00:0C:46:22:71:20"
>>>>>> Calling-Station-Id = "00:30:4F:20:F1:54"
>>>>>> Framed-MTU = 1400
>>>>>> NAS-Port-Type = Ethernet
>>>>>> Connect-Info = "100Mbps"
>>>>>> EAP-Message = <2><170><0><6><25><1>
>>>>>> Message-Authenticator =
>>>>>> u<242>THJ<214><131>,<17><195>$<9>c<19>*<174>
>>>>>>
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Deleting session for wifi,
>>>>>> a.b.c.d, 3
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Handling with EAP: code 2, 170, 6
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:11:29 2004: DEBUG: EAP result: 2, EAP PEAP Nothing
>>>>>> to
>>>>>> read or write
>>>>>> Fri Jan 30 21:11:57 2004: NOTICE: SIGTERM received: stopping
>>>>>>
>>>>>>
>>>>>>>> ----------------------------------------------------------------
>>>>>>>> -----
>>>>>>>> ------
>>>>>>>> ---------------------------------- fragment of radiator config:
>>>>>>>>
>>>>>>>> <Client a.b.c.d>
>>>>>>>> Secret xxxxxx
>>>>>>>> Identifier 8021xAllied
>>>>>>>> </Client>
>>>>>>>> <Handler Request-Type = Accounting-Request>
>>>>>>>> <AuthBy SQL>
>>>>>>>> DBSource dbi:mysql:radiator
>>>>>>>> DBUsername radiator
>>>>>>>> DBAuth xxxxx
>>>>>>>> # Just accounting, no auth
>>>>>>>> IgnoreAuthentication
>>>>>>>> AuthSelect
>>>>>>>> AccountingTable inetaccounting
>>>>>>>> AcctColumnDef username,User-Name
>>>>>>>> AcctColumnDef time_stamp,Timestamp,integer
>>>>>>>> AcctColumnDef acctstatustype,Acct-Status-Type
>>>>>>>> AcctColumnDef acctinputoctets,Acct-Input-Octets,integer
>>>>>>>> AcctColumnDef acctoutputoctets,Acct-Output-Octets,integer
>>>>>>>> AcctColumnDef acctsessiontime,Acct-Session-Time,integer
>>>>>>>> AcctColumnDef acctterminatecause,Acct-Terminate-Cause
>>>>>>>> AcctColumnDef nasidentifier,NAS-Identifier
>>>>>>>> AcctColumnDef framedipaddress,Framed-IP-Address
>>>>>>>> </AuthBy>
>>>>>>>> </Handler>
>>>>>>>> <Handler TunnelledByPEAP=1>
>>>>>>>> <AuthBy SQL>
>>>>>>>> DBSource dbi:mysql:radiator
>>>>>>>> DBUsername radiator
>>>>>>>> DBAuth xxxxx
>>>>>>>> AuthSelect select password from inetusers where \
>>>>>>>> username = %0 and locked = 0
>>>>>>>> EAPType MSCHAP-V2
>>>>>>>> </AuthBy>
>>>>>>>> </Handler>
>>>>>>>> <Handler>
>>>>>>>> <AuthBy FILE>
>>>>>>>> # outer auth file, only anonymous inside
>>>>>>>> Filename /etc/radiator/outerEAPusers
>>>>>>>> EAPType PEAP
>>>>>>>> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>>>>>>>> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>>>>>>>> EAPTLS_CertificateType PEM
>>>>>>>> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>>>>>>>> EAPTLS_PrivateKeyPassword whatever
>>>>>>>> EAPTLS_MaxFragmentSize 1024
>>>>>>>> SSLeayTrace 4 # 1=ciphers, 2=trace, 3=dump data
>>>>>>>> </AuthBy> # auth by file
>>>>>>>> </Handler>
>>>>>>>>
>>>>>>>>
>>>>>>>> ===
>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>>
>>>>>> ------------------------------------------------------------------
>>>>>> -----
>>>>>> ----------------------------------
>>>>>>
>>>>>> XSUPPLICANT LOG FROM SUCCESSFULL AUTH WITH HP:
>>>>>>
>>>>>> [root at pp2 root]# xsupplicant -i eth1 -d 5
>>>>>> Calling do_eapol, with device eth1
>>>>>> Setup on device eth1 complete
>>>>>> (EAPMD5) Initalized
>>>>>> (EAPMS-CHAP) Initalized
>>>>>> Done with init.
>>>>>> Sending EAPOL-Start #1
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ## eap_decode_packet ##: Type is Identity
>>>>>> Connection Established, authenticating...
>>>>>> ACQUIRED
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ### Type is 25, length: 6
>>>>>> Loading certificate /etc/1x/certs/CAroot.pem . . .
>>>>>> (TLS)Loaded root certificate /etc/1x/certs/CAroot.pem and dirctory
>>>>>> (null)
>>>>>> --- SSL : before/connect initialization
>>>>>> --- SSL : before/connect initialization
>>>>>> --- SSL : SSLv3 write client hello A
>>>>>> --- SSL : SSLv3 read server hello A
>>>>>> Destination : 1:80:c2:0:0:3
>>>>>> AUTHENTICATING
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ### Type is 25, length: 810
>>>>>> (EAPTTLS) Saved packet fragment.
>>>>>> Destination : 1:80:c2:0:0:3
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ### Type is 25, length: 806
>>>>>> (EAPTTLS) Saved packet fragment.
>>>>>> Destination : 1:80:c2:0:0:3
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ### Type is 25, length: 534
>>>>>> (TTLS) Saved final data fragment!
>>>>>> 16 3 1 0 4a 2 0 0 46 3 1 40 1a bc 11 b6
>>>>>> --- SSL : SSLv3 read server hello A
>>>>>> --- SSL : SSLv3 read server certificate A
>>>>>> --- SSL : SSLv3 read server certificate request A
>>>>>> --- SSL : SSLv3 read server done A
>>>>>> --- SSL : SSLv3 write client certificate A
>>>>>> --- SSL : SSLv3 write client key exchange A
>>>>>> --- SSL : SSLv3 write change cipher spec A
>>>>>> --- SSL : SSLv3 write finished A
>>>>>> --- SSL : SSLv3 flush data
>>>>>> --- SSL : SSLv3 read finished A
>>>>>>
>>>>>> Destination : 1:80:c2:0:0:3
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ### Type is 25, length: 69
>>>>>> (EAPTTLS) Saved packet fragment.
>>>>>> 14 3 1 0 1 1 16 3 1 0 30 cb 44 49 2a cb
>>>>>> --- SSL : SSLv3 read finished A
>>>>>> --- SSL : SSL negotiation finished successfully
>>>>>> --- SSL : SSL negotiation finished successfully
>>>>>> Destination : 1:80:c2:0:0:3
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ### Type is 25, length: 80
>>>>>> Destination : 1:80:c2:0:0:3
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ### Type is 25, length: 112
>>>>>> (EAPMS-CHAP) ID : 09
>>>>>> Username = wifi -- Password = hifi
>>>>>> Destination : 1:80:c2:0:0:3
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ### Type is 25, length: 144
>>>>>> (EAPMS-CHAP) ID : 0a
>>>>>> Username = wifi -- Password = hifi
>>>>>> Destination : 1:80:c2:0:0:3
>>>>>> ## eap_decode_packet ##: Got an EAP request
>>>>>> ### Type is 25, length: 80
>>>>>> Destination : 1:80:c2:0:0:3
>>>>>> ## eap_decode_packet ##: Got an EAP success
>>>>>> Authentication Succeeded
>>>>>> AUTHENTICATED
>>>>>> Bingo!
>>>>>> LOGOFF
>>>>>> (EAPMD5) Cleaning up.
>>>>>> (EAPMS-CHAP) Cleaning up.
>>>>>> [root at pp2 root]#
>>>>>>
>>>>>> ... all process is ok and take 2 - 3 sec
>>>>>>
>>>>>>
>>>>>>
>>>>>> RADIATOR LOG FROM SUCCESSFULL AUTH WITH HP:
>>>>>>
>>>>>>
>>>>>> Fri Jan 30 21:18:21 2004: DEBUG: Reading users file
>>>>>> /etc/radiator/outerEAPusers
>>>>>> Fri Jan 30 21:18:21 2004: DEBUG: Finished reading configuration
>>>>>> file
>>>>>> '/etc/radiator/radius.cfg'
>>>>>> Fri Jan 30 21:18:21 2004: DEBUG: Reading dictionary file
>>>>>> '/etc/radiator/dictionary'
>>>>>> Fri Jan 30 21:18:21 2004: DEBUG: Creating authentication port
>>>>>> 0.0.0.0:1812
>>>>>> Fri Jan 30 21:18:21 2004: DEBUG: Creating accounting port
>>>>>> 0.0.0.0:1813
>>>>>> Fri Jan 30 21:18:21 2004: NOTICE: Server started: Radiator 3.8 on
>>>>>> data.applet.cz
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>> *** Received from e.f.g.h port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 42
>>>>>> Authentic: vw<228>M<2><19>PINo|<5>Z<139>h<129>
>>>>>> Attributes:
>>>>>> Framed-MTU = 1480
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "APPLET FM2 pater"
>>>>>> User-Name = "wifi"
>>>>>> Service-Type = Framed-User
>>>>>> Framed-Protocol = PPP
>>>>>> NAS-Port = 13
>>>>>> NAS-Port-Type = Ethernet
>>>>>> NAS-Port-Id = "13"
>>>>>> Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>> Tunnel-Type = 0:VLAN
>>>>>> Tunnel-Medium-Type = 0:802
>>>>>> Tunnel-Private-Group-ID = 5
>>>>>> EAP-Message = <2><2><0><9><1>wifi
>>>>>> Message-Authenticator =
>>>>>> <3>C/<3><150>{<164>5m(<148>a<147>h<135>;
>>>>>>
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Deleting session for wifi,
>>>>>> e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Handling with EAP: code 2, 2, 9
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Response type 1
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> Challenge
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>> *** Sending to e.f.g.h port 1027 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 42
>>>>>> Authentic: vw<228>M<2><19>PINo|<5>Z<139>h<129>
>>>>>> Attributes:
>>>>>> EAP-Message = <1><3><0><6><25>!
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>> *** Received from e.f.g.h port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 43
>>>>>> Authentic:
>>>>>> &g<20><189><178><3><128><185><254>_<172>u<10>{<152><241>
>>>>>> Attributes:
>>>>>> Framed-MTU = 1480
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXX"
>>>>>> User-Name = "wifi"
>>>>>> Service-Type = Framed-User
>>>>>> Framed-Protocol = PPP
>>>>>> NAS-Port = 13
>>>>>> NAS-Port-Type = Ethernet
>>>>>> NAS-Port-Id = "13"
>>>>>> Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>> Tunnel-Type = 0:VLAN
>>>>>> Tunnel-Medium-Type = 0:802
>>>>>> Tunnel-Private-Group-ID = 5
>>>>>> EAP-Message =
>>>>>> <2><3><0>n<25><129><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>@<26><1
>>>>>> 88><2
>>>>>> 1><142><186>*<193>1<229><242><134><233><141><246>8<163><137><191><
>>>>>> 225><
>>>>>> 196>4<4>"<28>=<142><166><178><210><221>a<0><0>4<0>9<0>8<0>5<0><22>
>>>>>> <0><1
>>>>>> 9><0><10><0>3<0>2<0>/
>>>>>> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20
>>>>>> ><0><
>>>>>> 17><0><8><0><6><0><3><1><0>
>>>>>> Message-Authenticator = <4>w<244><30>
>>>>>> $<141>l<8><11><28><237>x"<248><197>
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Deleting session for wifi,
>>>>>> e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Handling with EAP: code 2, 3, 110
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: EAP TLS SSL_accept result: -1,
>>>>>> 2, 8576
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> Challenge
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>> *** Sending to e.f.g.h port 1027 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 43
>>>>>> Authentic:
>>>>>> &g<20><189><178><3><128><185><254>_<172>u<10>{<152><241>
>>>>>> Attributes:
>>>>>> EAP-Message =
>>>>>> <1><4><3>*<25><193><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@<26><1
>>>>>> 88><1
>>>>>> 7><182><162><0><144><231><19><135><30>p<21><243>dl<233>)"W<234>*q<
>>>>>> 255>:
>>>>>> mj<213><176>T<3>
>>>>>> @N<157><133>h<222><22><1>SSS<212><216>g<243>-
>>>>>> G,<30><137>E<179>SH~`<178><144><199>Sp/
>>>>>> <0>5<0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<130><
>>>>>> 2><20
>>>>>> 5>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247>
>>>>>> <13><
>>>>>> 1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15>
>>>>>> <6><3
>>>>>>
>>>>>>
>>>>>>> U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30
>>>>>>> >0<28
>>>>>>> <6><3>U<4><10><19><21>OSC Demo
>>>>>>>
>>>>>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>>>>>> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not
>>>>>> use
>>>>>> in production)1
>>>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au
>>>>>> 0<30>
>>>>>> <23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6>
>>>>>> <19><
>>>>>> 2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><
>>>>>> 19><9
>>>>>>
>>>>>>
>>>>>>> Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test
>>>>>>>
>>>>>> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129>
>>>>>> <159>
>>>>>> 0<13><6><9>*<134>H<134><247><13><1><1>
>>>>>> EAP-Message =
>>>>>> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<21
>>>>>> 7><24
>>>>>> 5><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9
>>>>>> <193>
>>>>>> <13><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS
>>>>>> <151>
>>>>>> <30><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171
>>>>>> >5s<1
>>>>>> 87><229><139>2<250><146><1><187><207><226><203>5<251><178><1><212>
>>>>>> <178>
>>>>>> <141><219>O<253><134><213>N|<172>:
>>>>>> J<23><173><161><191><141><25>&<198>Fi<17><181><137>Fy<0><177><210>
>>>>>> <215>
>>>>>> <186>x<141><197><212>s<145><235>\<164><8>!
>>>>>> <2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<
>>>>>> 6><1>
>>>>>> <5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><
>>>>>> 129><
>>>>>> 129><0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<2
>>>>>> 4><13
>>>>>> 6><172><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><
>>>>>> 183><
>>>>>> 230><148><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><
>>>>>> 4>r<2
>>>>>> 39>?<1><16><203>
>>>>>> EAP-Message =
>>>>>> T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes
>>>>>> ^<202
>>>>>>
>>>>>>
>>>>>>> u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><20
>>>>>>> 6>t
>>>>>>>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>> *** Received from e.f.g.h port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 44
>>>>>> Authentic: <214>WD-b<243><176>)<174>O<220><229><186>k<200>a
>>>>>> Attributes:
>>>>>> Framed-MTU = 1480
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXX"
>>>>>> User-Name = "wifi"
>>>>>> Service-Type = Framed-User
>>>>>> Framed-Protocol = PPP
>>>>>> NAS-Port = 13
>>>>>> NAS-Port-Type = Ethernet
>>>>>> NAS-Port-Id = "13"
>>>>>> Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>> Tunnel-Type = 0:VLAN
>>>>>> Tunnel-Medium-Type = 0:802
>>>>>> Tunnel-Private-Group-ID = 5
>>>>>> EAP-Message = <2><4><0><6><25><1>
>>>>>> Message-Authenticator =
>>>>>> <215>2d<182><212>yp'^<129><31>D.)<225><8>
>>>>>>
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Deleting session for wifi,
>>>>>> e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Handling with EAP: code 2, 4, 6
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> Challenge
>>>>>> Fri Jan 30 21:18:25 2004: DEBUG: Packet dump:
>>>>>> *** Sending to e.f.g.h port 1027 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 44
>>>>>> Authentic: <214>WD-b<243><176>)<174>O<220><229><186>k<200>a
>>>>>> Attributes:
>>>>>> EAP-Message =
>>>>>> <1><5><3>&<25>A<196><188><3><195>.%<19>mD<242><149><237>O<138><193
>>>>>> ><0><
>>>>>> 4>=0<130><4>90<130><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<
>>>>>> 134>H
>>>>>> <134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19>
>>>>>> <2>AU
>>>>>> 1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><
>>>>>> 9>Mel
>>>>>> bourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>>>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>>>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>>>>>> production)1
>>>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open
>>>>>> EAP-Message =
>>>>>> .com.au0<30><23><13>030227061411Z<23><13>050226061411Z0<129><202>1
>>>>>> <11>0
>>>>>> <9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<1
>>>>>> 8>0<1
>>>>>> 6><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>>>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>>>>>> production)1
>>>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au
>>>>>> 0<129
>>>>>>
>>>>>>
>>>>>>> <159>0<13><6><9>*<134>
>>>>>>>
>>>>>> EAP-Message =
>>>>>> H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><
>>>>>> 129><
>>>>>> 0><193>@h<28><185>'<7><254><247>{9<233><245>3S<209>=<173>>c<144>Z<
>>>>>> 239>?
>>>>>> b<150><224><171><219><170><170>i<226><251><234>\Jwi<210><141><249>
>>>>>> <141>
>>>>>> <148><224>|<188>V<24><209><8><223>f?
>>>>>> <149><172><6><226><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<1
>>>>>> 60>e<
>>>>>> 153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<16>
>>>>>> <221>
>>>>>> <6>Pn<9>7<141><197><160><197><245><155>6<3><172><154>p<230><210>Z<
>>>>>> 159><
>>>>>> 149><192>C<255><154><220><149><3>*<156>q<2><3><1><0><1><163><130><
>>>>>> 1>+0<
>>>>>> 130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><169>
>>>>>> )<152
>>>>>>
>>>>>>
>>>>>>> <148>o<139>c<198><6>9\<249>s<196>0<129><247><6><3>U<29>#<4><129><
>>>>>>> 239>0
>>>>>>>
>>>>>> <129><236><128><20><180><27><24>R'<27><169>)<152><148>o<139>c<198>
>>>>>> <6>9\
>>>>>> <249>s<196><161><129><208><164><129><205>0<129><202>1<11>0<9><6><3
>>>>>> >U<4>
>>>>>> <6><19><2>AU1<17>0
>>>>>> EAP-Message =
>>>>>> <15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melb
>>>>>> ourne
>>>>>> 1<30>0<28><6><3>U<4><10><19><21>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>> *** Received from e.f.g.h port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 45
>>>>>> Authentic: <134>Gt<157><18><227><224><153>^?<12>Uj[<248><209>
>>>>>> Attributes:
>>>>>> EAP-Message =
>>>>>> <1><5><3>&<25>A<196><188><3><195>.%<19>mD<242><149><237>O<138><193
>>>>>> ><0><
>>>>>> 4>=0<130><4>90<130><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<
>>>>>> 134>H
>>>>>> <134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19>
>>>>>> <2>AU
>>>>>> 1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><
>>>>>> 9>Mel
>>>>>> bourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>>>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>>>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>>>>>> production)1
>>>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open
>>>>>> EAP-Message =
>>>>>> .com.au0<30><23><13>030227061411Z<23><13>050226061411Z0<129><202>1
>>>>>> <11>0
>>>>>> <9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<1
>>>>>> 8>0<1
>>>>>> 6><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>>>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>>>>>> production)1
>>>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au
>>>>>> 0<129
>>>>>>
>>>>>>
>>>>>>> <159>0<13><6><9>*<134>
>>>>>>>
>>>>>> EAP-Message =
>>>>>> H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><
>>>>>> 129><
>>>>>> 0><193>@h<28><185>'<7><254><247>{9<233><245>3S<209>=<173>>c<144>Z<
>>>>>> 239>?
>>>>>> b<150><224><171><219><170><170>i<226><251><234>\Jwi<210><141><249>
>>>>>> <141>
>>>>>> <148><224>|<188>V<24><209><8><223>f?
>>>>>> <149><172><6><226><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<1
>>>>>> 60>e<
>>>>>> 153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<16>
>>>>>> <221>
>>>>>> <6>Pn<9>7<141><197><160><197><245><155>6<3><172><154>p<230><210>Z<
>>>>>> 159><
>>>>>> 149><192>C<255><154><220><149><3>*<156>q<2><3><1><0><1><163><130><
>>>>>> 1>+0<
>>>>>> 130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><169>
>>>>>> )<152
>>>>>>
>>>>>>
>>>>>>> <148>o<139>c<198><6>9\<249>s<196>0<129><247><6><3>U<29>#<4><129><
>>>>>>> 239>0
>>>>>>>
>>>>>> <129><236><128><20><180><27><24>R'<27><169>)<152><148>o<139>c<198>
>>>>>> <6>9\
>>>>>> <249>s<196><161><129><208><164><129><205>0<129><202>1<11>0<9><6><3
>>>>>> >U<4>
>>>>>> <6><19><2>AU1<17>0
>>>>>> EAP-Message =
>>>>>> <15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melb
>>>>>> ourne
>>>>>> 1<30>0<28><6><3>U<4><10><19><21>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>> *** Received from e.f.g.h port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 45
>>>>>> Authentic: <134>Gt<157><18><227><224><153>^?<12>Uj[<248><209>
>>>>>> Attributes:
>>>>>> Framed-MTU = 1480
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXX"
>>>>>> User-Name = "wifi"
>>>>>> Service-Type = Framed-User
>>>>>> Framed-Protocol = PPP
>>>>>> NAS-Port = 13
>>>>>> NAS-Port-Type = Ethernet
>>>>>> NAS-Port-Id = "13"
>>>>>> Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>> Tunnel-Type = 0:VLAN
>>>>>> Tunnel-Medium-Type = 0:802
>>>>>> Tunnel-Private-Group-ID = 5
>>>>>> EAP-Message = <2><5><0><6><25><1>
>>>>>> Message-Authenticator =
>>>>>> <18>/<218><214><230><213>sTf9<206><150><207>a<186><219>
>>>>>>
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Deleting session for wifi,
>>>>>> e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Handling with EAP: code 2, 5, 6
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> Challenge
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>> *** Sending to e.f.g.h port 1027 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 45
>>>>>> Authentic: <134>Gt<157><18><227><224><153>^?<12>Uj[<248><209>
>>>>>> Attributes:
>>>>>> EAP-Message = <1><6><2><22><25><1>OSC Demo
>>>>>> Certificates1!0<31><6><3>U<4><11><19><24>Test
>>>>>> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
>>>>>> in
>>>>>> production)1 0<30><6><9>*<1
>>>>>> 34>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><1><0>0<1
>>>>>> 2><6>
>>>>>> <3>U<29><19><4><5>0<3><1>
>>>>>> <1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><12
>>>>>> 9><0>
>>>>>> A<130>4<253><23>-<13><9><
>>>>>> 9><222>3<19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<233><
>>>>>> 144><
>>>>>> 146>&g<162><190><234><145
>>>>>>
>>>>>>
>>>>>>> H<159><10>^6IQ<223><219><193>@><204>b<245><12><6><133><147><132><
>>>>>>> 192>f
>>>>>>>
>>>>>> U<165><197><180>k<136>:<8
>>>>>>
>>>>>>
>>>>>>> <198><152><165>*
>>>>>>>
>>>>>> EAP-Message =
>>>>>> %<221><237><188><23><251><255><172>'n<142>H<25>q<173>t<215><212><2
>>>>>> 21><2
>>>>>> 39>
>>>>>> <20>FZyd<205><240>Wbd<143><139>q]h<236><127><16><143>tA<163>4I<236
>>>>>> ><230
>>>>>>
>>>>>>
>>>>>>> <147><218>><175>B^<130><
>>>>>>>
>>>>>> 0>*9<22><3><1><0><220><13><0><0><212><2><1><2><0><207><0><205>0<12
>>>>>> 9><20
>>>>>> 2>1<11>0<9><6><3>U<4><6><
>>>>>> 19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4>
>>>>>> <7><1
>>>>>> 9><9>Melbourne1<30>0<28><
>>>>>> 6><3>U<4><10><19><21>OSC Demo
>>>>>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1
>>>>>> /0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
>>>>>> 0<30><6><9>*<134>H<134>
>>>>>> EAP-Message =
>>>>>> <247><13><1><9><1><22><17>mikem at open.com.au<14><0><0><0>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>> *** Received from e.f.g.h port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 46
>>>>>> Authentic: 67<164><13><194><211><16><9><14>/<<197><26>K(A
>>>>>> Attributes:
>>>>>> Framed-MTU = 1480
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXX"
>>>>>> User-Name = "wifi"
>>>>>> Service-Type = Framed-User
>>>>>> Framed-Protocol = PPP
>>>>>> NAS-Port = 13
>>>>>> NAS-Port-Type = Ethernet
>>>>>> NAS-Port-Id = "13"
>>>>>> Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>> Tunnel-Type = 0:VLAN
>>>>>> Tunnel-Medium-Type = 0:802
>>>>>> Tunnel-Private-Group-ID = 5
>>>>>> EAP-Message =
>>>>>> <2><6><0><220><25><129><0><0><0><210><22><3><1><0><7><11><0><0><3>
>>>>>> <0><0
>>>>>>
>>>>>>
>>>>>>> <0><22><3><1><0><134><16><0><0><130><0><128>g<249><15>d<211><13>F
>>>>>>> X<251
>>>>>>> 0<22><150><185><204><183>aiIss`<180><208><152><236>s@
>>>>>>>
>>>>>> <213><196>:<139><28><7>
>>>>>> <148><157>'<136><183>l<242><21><183><182><237>O<168>#<203>"l<162><
>>>>>> 150>3
>>>>>> <168><199><13><254><157><28><148><150><211><172><199>><165><127><1
>>>>>> 74>X1
>>>>>> <18><172><9>{"<218>0<130><151><211><2><179><178>FR<182>a<234>w]<17
>>>>>> ><215
>>>>>>
>>>>>>
>>>>>>> <{T<206><155><137><144><25><196>T<209><189><149><198><167><187><1
>>>>>>> 73>U<
>>>>>>>
>>>>>> 186><245><163><162><2><18>u>/
>>>>>> <135><198>Y<227><227><201>M<20><3><1><0><1><1><22><3><1><0>0<151><
>>>>>> 252><
>>>>>> 10><204><172><19>Z`*E<31>N<172><14>.<163><226><225>wuD:
>>>>>> <188><31><237><238>S<144><13><145><148><248><214>{<223>H<16>(<184>
>>>>>> <4>J<
>>>>>> 132><163>Ua<184><1>l
>>>>>> Message-Authenticator =
>>>>>> ?I<19>O<235><<217><26><155>%<157>H<237><226>?<27>
>>>>>>
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Deleting session for wifi,
>>>>>> e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Handling with EAP: code 2, 6, 220
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: EAP TLS SSL_accept result: 1, 0,
>>>>>> 3
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> Challenge
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>> *** Sending to e.f.g.h port 1027 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 46
>>>>>> Authentic: 67<164><13><194><211><16><9><14>/<<197><26>K(A
>>>>>> Attributes:
>>>>>> EAP-Message =
>>>>>> <1><7><0>E<25><129><0><0><0>;
>>>>>> <20><3><1><0><1><1><22><3><1><0>0<203>DI*<203>g<245><240><213>P<23
>>>>>> 2>Y7<
>>>>>> 15><197><248><225><9>9_f<232><181>R<203><246>Ys<19><148><140><237>
>>>>>> ^~Y<2
>>>>>> 25><184>:WU<246><178>44U",<225>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>> *** Received from e.f.g.h port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 47
>>>>>> Authentic: <230>'<212>}r<195>@y<190><31>l5<202>;X<177>
>>>>>> Attributes:
>>>>>> Framed-MTU = 1480
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXXX"
>>>>>> User-Name = "wifi"
>>>>>> Service-Type = Framed-User
>>>>>> Framed-Protocol = PPP
>>>>>> NAS-Port = 13
>>>>>> NAS-Port-Type = Ethernet
>>>>>> NAS-Port-Id = "13"
>>>>>> Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>> Tunnel-Type = 0:VLAN
>>>>>> Tunnel-Medium-Type = 0:802
>>>>>> Tunnel-Private-Group-ID = 5
>>>>>> EAP-Message = <2><7><0><6><25><1>
>>>>>> Message-Authenticator =
>>>>>> <243><164><164>S<220><8>s<152><154>P<246><154><242><9><178><164>
>>>>>>
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Deleting session for wifi,
>>>>>> e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Handling with EAP: code 2, 7, 6
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> Challenge
>>>>>> Fri Jan 30 21:18:26 2004: DEBUG: Packet dump:
>>>>>> *** Sending to e.f.g.h port 1027 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 47
>>>>>> Authentic: <230>'<212>}r<195>@y<190><31>l5<202>;X<177>
>>>>>> Attributes:
>>>>>> EAP-Message = <1><8><0>P<25><1><23><3><1><0>
>>>>>> <189><169><159><137><190>Q+<208>f<4><136><224>u<167><239><130><3><
>>>>>> 128>j
>>>>>> c<31><9><234><221><7>jn="B<1><164><23><3><1><0>
>>>>>> <242>$<<214><238><215><192><20><210><141>c<197>2<0><207><139><147>
>>>>>> <206>
>>>>>> <231>Y<186><221><214>r<197>4<218>?<233>r^`
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>> *** Received from e.f.g.h port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 48
>>>>>> Authentic: <150><23><4><237>"<179>p<233>n<15><156><165>z+<136>!
>>>>>> Attributes:
>>>>>> Framed-MTU = 1480
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXXX"
>>>>>> User-Name = "wifi"
>>>>>> Service-Type = Framed-User
>>>>>> Framed-Protocol = PPP
>>>>>> NAS-Port = 13
>>>>>> NAS-Port-Type = Ethernet
>>>>>> NAS-Port-Id = "13"
>>>>>> Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>> Tunnel-Type = 0:VLAN
>>>>>> Tunnel-Medium-Type = 0:802
>>>>>> Tunnel-Private-Group-ID = 5
>>>>>> EAP-Message = <2><8><0>P<25><1><23><3><1><0>
>>>>>> <234><251><162><188>i<151><194><175>Y<17><135><147><0><231><246><1
>>>>>> 99><1
>>>>>> 65>9#<205>(> <203><246><136>`<206><252><239><226>I<23><3><1><0>
>>>>>> <147><200>v<238><199><163>"V2CEa<3><199><216><21><18><5><22><26><2
>>>>>> 46><2
>>>>>> 48>b<12>#CZ<0><243>Y<162><253>
>>>>>> Message-Authenticator =
>>>>>> <237>*<204><234><247><248><6>5N<221><229><140><12>N<208>b
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Deleting session for wifi,
>>>>>> e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 8, 80
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: EAP PEAP inner authentication
>>>>>> request
>>>>>> for anonymous
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: PEAP Tunnelled request Packet
>>>>>> dump:
>>>>>> Code: Access-Request
>>>>>> Identifier: UNDEF
>>>>>> Authentic: {<134><221><5><137>A<254><212><232>#_<240>&snr
>>>>>> Attributes:
>>>>>> EAP-Message = <2><0><0><9><1>wifi
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>> User-Name = "anonymous"
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXXX"
>>>>>> NAS-Port = 13
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler
>>>>>> 'TunnelledByPEAP=1'
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Deleting session for , e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL:
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 0, 9
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Response type 1
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP MSCHAP-V2
>>>>>> Challenge
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for anonymous:
>>>>>> EAP
>>>>>> MSCHAP-V2 Challenge
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP PEAP inner
>>>>>> authentication redespatched to a Handler
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> inner authentication redespatched to a Handler
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>> *** Sending to e.f.g.h port 1027 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 48
>>>>>> Authentic: <150><23><4><237>"<179>p<233>n<15><156><165>z+<136>!
>>>>>> Attributes:
>>>>>> EAP-Message = <1><9><0>p<25><1><23><3><1><0>
>>>>>> <245><208><201>=<245>><196><212><171><169><184><152>G<192><190>P<1
>>>>>> 50><2
>>>>>> 01>$<246><207><224>vY<7><146><238>K<191><191><9><164><23><3><1><0>
>>>>>> @<242
>>>>>>
>>>>>>
>>>>>>> v<194><182><191>"<189>&K<230>2e<29>r<222>f<193><211>r<238>B<133><
>>>>>>> 244>/
>>>>>>>
>>>>>> <214><210><130><23><218><246>H<12>3<246><130><169><159>R<171><14><
>>>>>> 6><23
>>>>>>
>>>>>>
>>>>>>> <199><201><20><209>>v<184><236>E<22>(<225><24>b<177>z<170><216><1
>>>>>>> 91><1
>>>>>>>
>>>>>> 76><216>"
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>> *** Received from e.f.g.h port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 49
>>>>>> Authentic:
>>>>>> F<7>4]<210><163><160>Y<30><255><204><21>*<27><184><145>
>>>>>> Attributes:
>>>>>> Framed-MTU = 1480
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXXX"
>>>>>> User-Name = "wifi"
>>>>>> Service-Type = Framed-User
>>>>>> Framed-Protocol = PPP
>>>>>> NAS-Port = 13
>>>>>> NAS-Port-Type = Ethernet
>>>>>> NAS-Port-Id = "13"
>>>>>> Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>> Tunnel-Type = 0:VLAN
>>>>>> Tunnel-Medium-Type = 0:802
>>>>>> Tunnel-Private-Group-ID = 5
>>>>>> EAP-Message = <2><9><0><144><25><1><23><3><1><0>
>>>>>> `<224>MO<0><31><237>q<132><226><19><146
>>>>>>
>>>>>>
>>>>>>> <173>~+
>>>>>>>
>>>>>> <201><128>UG<2>n<152><242><128><22><187><214>b0<242><23><23><3><1>
>>>>>> <0>`5
>>>>>> <152>r-<19>p!_<2
>>>>>> 31><235>MjIc<215><235><200>G\<230>~<211>h>d<137><165><166>o<139>`<
>>>>>> 187><
>>>>>> 212>{<223>J<165><13>Cc<15
>>>>>> 9><149>[-
>>>>>> <182><179><21><221><181>~Y<131><175><162><236><9><154><239>Q<190>+
>>>>>> <20><
>>>>>> 143><203><187>=<
>>>>>> 8>J<166>c<252><197>L<173>}<127>J<25>Jo<146><135><149><157><198>g<2
>>>>>> 37><1
>>>>>> 40><253>U;<190><150><Fh
>>>>>> Message-Authenticator =
>>>>>> <149>|<200>x<217>E<171><197>7<236><226><192>!s<140>U
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Deleting session for wifi,
>>>>>> e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 9, 144
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: EAP PEAP inner authentication
>>>>>> request
>>>>>> for anonymous
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: PEAP Tunnelled request Packet
>>>>>> dump:
>>>>>> Code: Access-Request
>>>>>> Identifier: UNDEF
>>>>>> Authentic: q2<232><250><210>y<142><240><10>HAI/<8><140>"
>>>>>> Attributes:
>>>>>> EAP-Message =
>>>>>> <2><1><0>@<26><2><1><0>11<29><216><225><23><243><0><229>*da<152>$0
>>>>>> <147>
>>>>>> <22
>>>>>> 1><141><0><0><0><0><0><0><0><0>c<241><219><189>LC<230><218><194><1
>>>>>> 34><2
>>>>>> 3><177><17><24><151>@]<15
>>>>>> 6><131>49<4>p<140><0>wifi
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>> User-Name = "anonymous"
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXXX"
>>>>>> NAS-Port = 13
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler
>>>>>> 'TunnelledByPEAP=1'
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Deleting session for , e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL:
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 1, 64
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Response type 26
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Query is: 'select password from
>>>>>> inetusers where username = 'wif
>>>>>> i' and locked = 0':
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Radius::AuthSQL looks for match
>>>>>> with
>>>>>> wifi
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Radius::AuthSQL ACCEPT:
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP MSCHAP V2
>>>>>> Challenge: Success
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for anonymous:
>>>>>> EAP
>>>>>> MSCHAP V2 Challenge: Success
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP PEAP inner
>>>>>> authentication redespatched to a Handler
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> inner authentication redespatched to a Handler
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>> *** Sending to e.f.g.h port 1027 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 49
>>>>>> Authentic:
>>>>>> F<7>4]<210><163><160>Y<30><255><204><21>*<27><184><145>
>>>>>> Attributes:
>>>>>> EAP-Message = <1><10><0><144><25><1><23><3><1><0>
>>>>>> <149>Q$<23><202><190><149><174>&<138><15>KE<6><240>\oJ'b<210><244>
>>>>>> <194>
>>>>>> H3dFs<188>7$<136><23><3><1><0>`<9><143><143>U<194>,<216><30>"<157>
>>>>>> <237>
>>>>>> <221><170>8<167>J{<199>B<134>^<129><141><165><219><230>2?
>>>>>> <173>V<231><164><144><134>b<204><152>yy<255>{6<226>'<212>\<184>U<1
>>>>>> 73><2
>>>>>> 19>6<245><136><252><23><208>qC<243>^"<178>+<185><28><10>&<131>.y<1
>>>>>> 98><2
>>>>>> 12><6>7<9><255>.<253><127>o<225><236>v<229>\<154><172><24>3<26>V<2
>>>>>> 01><1
>>>>>> 0><246><245><252>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>> *** Received from e.f.g.h port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 50
>>>>>> Authentic:
>>>>>> <246><247>d<205><130><147><208><201><206><239><252><133><218><11><
>>>>>> 232><
>>>>>> 1>
>>>>>> Attributes:
>>>>>> Framed-MTU = 1480
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXXX"
>>>>>> User-Name = "wifi"
>>>>>> Service-Type = Framed-User
>>>>>> Framed-Protocol = PPP
>>>>>> NAS-Port = 13
>>>>>> NAS-Port-Type = Ethernet
>>>>>> NAS-Port-Id = "13"
>>>>>> Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>> Tunnel-Type = 0:VLAN
>>>>>> Tunnel-Medium-Type = 0:802
>>>>>> Tunnel-Private-Group-ID = 5
>>>>>> EAP-Message = <2><10><0>P<25><1><23><3><1><0>
>>>>>> <231><0><246>p<148>L/
>>>>>> <240><129><3>k@<140>x<129><6><167><214><210>d$<9><238>O<175>w:
>>>>>> <150>^<3>!<147><23><3><1><0>
>>>>>> <217><244>&<237><<175>Q<149><216><199>Z=k<5>~<1><210><5><169><242>
>>>>>> <18><
>>>>>> 172><250><242><196><0><19><255><208>B<137><139>
>>>>>> Message-Authenticator =
>>>>>> p<235><220><220><219>E<150>l<236>8<238>'/<211>a<172>
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Deleting session for wifi,
>>>>>> e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 10, 80
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: EAP PEAP inner authentication
>>>>>> request
>>>>>> for anonymous
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: PEAP Tunnelled request Packet
>>>>>> dump:
>>>>>> Code: Access-Request
>>>>>> Identifier: UNDEF
>>>>>> Authentic:
>>>>>> U$<172><211><235><156><148><226><173><208><252><142><232><174><167
>>>>>> ><19>
>>>>>> Attributes:
>>>>>> EAP-Message = <2><2><0><7><26><3>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>> User-Name = "anonymous"
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXXX"
>>>>>> NAS-Port = 13
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler
>>>>>> 'TunnelledByPEAP=1'
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Deleting session for , e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthSQL:
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 2, 7
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Response type 26
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 0,
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Access accepted for anonymous
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 3, EAP PEAP inner
>>>>>> authentication redespatched to a Handler
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Access challenged for wifi: EAP
>>>>>> PEAP
>>>>>> inner authentication redespatched to a Handler
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>> *** Sending to e.f.g.h port 1027 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 50
>>>>>> Authentic:
>>>>>> <246><247>d<205><130><147><208><201><206><239><252><133><218><11><
>>>>>> 232><
>>>>>> 1>
>>>>>> Attributes:
>>>>>> EAP-Message = <1><11><0>P<25><1><23><3><1><0>
>>>>>> <31><221>H<162><173><149>]<234><17><249><10>0<238><194><229><186><
>>>>>> 197>g
>>>>>> <242><248><7>5<130>&<18><154><25><226><229>S<134><171><23><3><1><0
>>>>>> >
>>>>>> <224><188><15>5<30>'<205><7>p=5<230><194><238><206>N{<204>k<192>#<
>>>>>> 4><18
>>>>>> 7><202><Z<241><248><174><210><184><235>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>> *** Received from e.f.g.h port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 51
>>>>>> Authentic: <166><231><148>=2<131><0>9~<223>,<245><138><251><24>q
>>>>>> Attributes:
>>>>>> Framed-MTU = 1480
>>>>>> NAS-IP-Address = e.f.g.h
>>>>>> NAS-Identifier = "XXXXXXX"
>>>>>> User-Name = "wifi"
>>>>>> Service-Type = Framed-User
>>>>>> Framed-Protocol = PPP
>>>>>> NAS-Port = 13
>>>>>> NAS-Port-Type = Ethernet
>>>>>> NAS-Port-Id = "13"
>>>>>> Called-Station-Id = "00-08-83-95-fb-ed"
>>>>>> Calling-Station-Id = "00-30-4f-20-f1-54"
>>>>>> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>>>>>> Tunnel-Type = 0:VLAN
>>>>>> Tunnel-Medium-Type = 0:802
>>>>>> Tunnel-Private-Group-ID = 5
>>>>>> EAP-Message = <2><11><0>P<25><1><23><3><1><0>
>>>>>> j<168><19><206><4><176><143><128><128><245><212><138><22><224>I<22
>>>>>> 6><13
>>>>>> 8><17>h<183><178><236>&<217><<167>&<127>F<172>C<167><23><3><1><0>
>>>>>> *F<234>!
>>>>>> <14>Fmx<26><150><229><18><237><199><131>Tm<178><216><232><129><255
>>>>>> ><183
>>>>>>
>>>>>>
>>>>>>> <131><251>#<226>VawI<4>
>>>>>>>
>>>>>> Message-Authenticator =
>>>>>> <162>JO<192><22>p<198><194>C<238>G<158>|E<29>(
>>>>>>
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling request with Handler ''
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Deleting session for wifi,
>>>>>> e.f.g.h,
>>>>>> 13
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Handling with EAP: code 2, 11, 80
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Response type 25
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: EAP result: 0,
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Access accepted for wifi
>>>>>> Fri Jan 30 21:18:27 2004: DEBUG: Packet dump:
>>>>>> *** Sending to e.f.g.h port 1027 ....
>>>>>> Code: Access-Accept
>>>>>> Identifier: 51
>>>>>> Authentic: <166><231><148>=2<131><0>9~<223>,<245><138><251><24>q
>>>>>> Attributes:
>>>>>> EAP-Message = <3><11><0><4>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ===
>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>> Announcements on radiator-announce at open.com.au
>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>
>>>>> NB: have you included a copy of your configuration file (no
>>>>> secrets),
>>>>> together with a trace 4 debug showing what is happening?
>>>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>
>>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list