(RADIATOR) TTLS and Alfa & Ariss Client
Sevcik Berndt
berndt.sevcik at tgm.ac.at
Mon Jan 5 06:03:03 CST 2004
I use Windows XP SP1 with the Alfa and Aris TTLS Client Version 1.0.8. I
tried to authenticate my Laptop with TTLS and it is not working. But the
Debug Output shows me an Access-Accept Message. Bevor I started using
TTLS I used PEAP with the Supplicant from Windows XP and had no problems
with the authentication process.
Her is my configuration:
Foreground
LogStdout
LogDir .
DbDir .
Trace 4
AuthPort 1645
AcctPort 1646
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
<ClientListSQL>
DBSource dbi:mysql:radius
DBUsername root
DBAuth letmein
</ClientListSQL>
<AuthBy SQL>
Identifier SQLAccounting
AuthSelect
DBSource dbi:mysql:radius
DBUsername root
DBAuth letmein
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
#AcctFailedLogFileName %D/missedaccounting
</AuthBy>
<AuthBy FILE>
Identifier OUTERAuthentication
Filename %D/users
EAPType PEAP,TTLS
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
#EAPTLS_DHFile %D/certificates/cert/dh
#EAPTLS_CRLCheck
#EAPTLS_CRLFile %D/certificates/crl.pem
#EAPTLS_CRLFile %D/certificates/revocations.pem
AutoMPPEKeys
SSLeayTrace 4
</AuthBy>
<Handler TunnelledByPEAP=1>
RewriteUsername s/(.*)\\(.*)/$2/
<AuthBy LDAP2>
Identifier LDAPPEAPAuthentication
RcryptKey whatever
Host 10.2.4.21
AuthDN cn=admin, dc=tgm, dc=ac, dc=at
AuthPassword sUpp.rT
BaseDN ou=People,ou=admin,dc=tgm,dc=ac,dc=at
UsernameAttr uid
PasswordAttr profilePath
AuthAttrDef radiusAuthType,GENERIC,check
# You can enable debugging of the Net::LDAP
# module with this:
# Debug 255
EAPType MSCHAP-V2
</AuthBy>
</Handler>
<Handler TunnelledByTTLS=1>
RewriteUsername s/(.*)\\(.*)/$2/
<AuthBy LDAP2>
Identifier LDAPTTLSAuthentication
RcryptKey whatever
Host 10.2.4.21
AuthDN cn=admin, dc=tgm, dc=ac, dc=at
AuthPassword sUpp.rT
BaseDN ou=People,ou=admin,dc=tgm,dc=ac,dc=at
UsernameAttr uid
PasswordAttr scriptPath
# AuthAttrDef radiusAuthType,GENERIC,check
# You can enable debugging of the Net::LDAP
# module with this:
# Debug 255
# EAPType MSCHAP-V2
</AuthBy>
</Handler>
<Handler Request-Type = Accounting-Request>
AuthBy SQLAccounting
</Handler>
<Handler>
# AuthByPolicy ContinueWhileReject
AuthBy OUTERAuthentication
# AuthBy PEAPAuthentication
</Handler>
And the Debug output:
Mon Jan 5 12:53:12 2004: DEBUG: Adding Clients from SQL database
Mon Jan 5 12:53:12 2004: DEBUG: Query is: 'select
NASIDENTIFIER,
SECRET,
IGNOREACCTSIGNATURE,
DUPINTERVAL,
DEFAULTREALM,
NASTYPE,
SNMPCOMMUNITY,
LIVINGSTONOFFS,
LIVINGSTONHOLE,
FRAMEDGROUPBASEADDRESS,
FRAMEDGROUPMAXPORTSPERCLASSC,
REWRITEUSERNAME,
NOIGNOREDUPLICATES,
PREHANDLERHOOK from RADCLIENTLIST':
Mon Jan 5 12:53:12 2004: DEBUG: Reading users file ./users
Mon Jan 5 12:53:16 2004: DEBUG: Finished reading configuration file
'custom.cfg'
This Radiator license will expire on 2004-02-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your evaluation period, contact admin at open.com.au
Mon Jan 5 12:53:16 2004: DEBUG: Reading dictionary file './dictionary'
Mon Jan 5 12:53:18 2004: DEBUG: Creating authentication port
0.0.0.0:1645
Mon Jan 5 12:53:18 2004: DEBUG: Creating accounting port 0.0.0.0:1646
Mon Jan 5 12:53:18 2004: NOTICE: Server started: Radiator 3.7.1 on
ITS-Test1 (EVALUATION)
Mon Jan 5 12:53:32 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1112 ....
Code: Accounting-Request
Identifier: 53
Authentic: A<7><9>yG<135><9><220><239><14>lcn<20>zc
Attributes:
Acct-Status-Type = Stop
Acct-Session-Id = "26000019"
User-Name = "anonymous"
Calling-Station-Id = "00-04-23-77-4b-a3"
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
Acct-Delay-Time = 0
Acct-Session-Time = 106
Acct-Authentic = RADIUS
Acct-Terminate-Cause = Lost-Carrier
Mon Jan 5 12:53:32 2004: DEBUG: Handling request with Handler
'Request-Type = Accounting-Request'
Mon Jan 5 12:53:32 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:32 2004: DEBUG: Handling with Radius::AuthSQL
Mon Jan 5 12:53:32 2004: DEBUG: Handling accounting with
Radius::AuthSQL
Mon Jan 5 12:53:32 2004: DEBUG: do query is: 'insert into ACCOUNTING
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,NASPORT,TIME_STAMP,USERNAME) values (0,'26000019',106,'Stop','Lost-Carrier',2,1073303612,'anonymous')':
Mon Jan 5 12:53:32 2004: DEBUG: Accounting accepted
Mon Jan 5 12:53:32 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1112 ....
Code: Accounting-Response
Identifier: 53
Authentic: A<7><9>yG<135><9><220><239><14>lcn<20>zc
Attributes:
Mon Jan 5 12:53:38 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1113 ....
Code: Access-Request
Identifier: 201
Authentic: <245>k<0><0><155><15><0><0>9'<0><0><195>^<0><0>
Attributes:
Message-Authenticator =
$<199><24><220><148><149><128>><195><182><172><195>|A<2>h
User-Name = "anonymous"
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00-04-23-77-4b-a3"
EAP-Message = <2><1><0><14><1>anonymous
Framed-MTU = 1000
Mon Jan 5 12:53:38 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:39 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:39 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:39 2004: DEBUG: Handling with EAP: code 2, 1, 14
Mon Jan 5 12:53:39 2004: DEBUG: Response type 1
Mon Jan 5 12:53:39 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Jan 5 12:53:39 2004: DEBUG: Access challenged for anonymous: EAP
PEAP Challenge
Mon Jan 5 12:53:39 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Challenge
Identifier: 201
Authentic: <245>k<0><0><155><15><0><0>9'<0><0><195>^<0><0>
Attributes:
EAP-Message = <1><2><0><6><25>!
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1113 ....
Code: Access-Request
Identifier: 202
Authentic: `p<0><0>TG<0><0><2>A<0><0><156><13><0><0>
Attributes:
Message-Authenticator =
<23><214><211>3<242>"<10>h<242><145>4{<30>r2<214>
User-Name = "anonymous"
State = ""
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00-04-23-77-4b-a3"
Framed-MTU = 1000
EAP-Message = <2><2><0><6><3><21>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 2, 6
Mon Jan 5 12:53:40 2004: DEBUG: Response type 3
Mon Jan 5 12:53:40 2004: INFO: EAP Nak desires type 21
Mon Jan 5 12:53:40 2004: DEBUG: Resuming session for
Radius::Context=HASH(0x89e2e4c)
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Challenge
Identifier: 202
Authentic: `p<0><0>TG<0><0><2>A<0><0><156><13><0><0>
Attributes:
EAP-Message = <1><3><0><6><21>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1113 ....
Code: Access-Request
Identifier: 203
Authentic: <214>q<0><0><30>M<0><0>c<28><0><0>$Z<0><0>
Attributes:
Message-Authenticator =
<25><23><241><194><23><233><30>e<171><210>1<132><221>KR?
User-Name = "anonymous"
State = ""
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00-04-23-77-4b-a3"
Framed-MTU = 1000
EAP-Message =
<2><3><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1><207><3><21><0><162>}m<240><179><127>,<193><18><22><240><155><212><128><160><31><229><226>tv<28>z.3<237><157><223><23><0><0><2><0><10><1><0>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 3, 60
Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
Mon Jan 5 12:53:40 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Challenge
Identifier: 203
Authentic: <214>q<0><0><30>M<0><0>c<28><0><0>$Z<0><0>
Attributes:
EAP-Message =
<1><4><3><242><21><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>?<249>PD<232>e<255>C<145><235>:<143>*>d<246>Uv<175><215><127>@K<4(<253><255><136>R<136><201> c<2><172><136><162>y<218><168>v[d<136><173><155><203><182><138><215>"<156><3>M<154><4><131>=<8><210><163>a<174>J<0><10><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1>
EAP-Message =
<1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><245><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9<193><13><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS<151><30><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171>5s<187><229><139>2<250><146><1><187><207><226><203>5<251><178><1><212><178><141><219>O<253><134><213>N|<172>:J<23><173><161><191><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215><186>x<141><197><212>s<145><235>\<164><8>!<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<24><136><172><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><183><230><148><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><4>r<239>?<1><16><203>
EAP-Message =
T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202>u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t<196><188><3><195>.%<19>mD<242><149><237>O<138><193><0><4>=0<130><4>90<130><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do no
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1113 ....
Code: Access-Request
Identifier: 204
Authentic: 6<12><0><0>9A<0><0>,4<0><0><254>&<0><0>
Attributes:
Message-Authenticator = <139>%F<20>7<187><138>W<152><208><206>2<139>bbH
User-Name = "anonymous"
State = ""
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00-04-23-77-4b-a3"
Framed-MTU = 1000
EAP-Message = <2><4><0><5><21>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 4, 5
Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Challenge
Identifier: 204
Authentic: 6<12><0><0>9A<0><0>,4<0><0><254>&<0><0>
Attributes:
EAP-Message = <1><5><3><238><21>@t use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
EAP-Message = roduction)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><193>@h<28><185>'<7><254><247>{9<233><245>3S<209>=<173>>c<144>Z<239>?b<150><224><171><219><170><170>i<226><251><234>\Jwi<210><141><249><141><148><224>|<188>V<24><209><8><223>f?<149><172><6><226><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<160>e<153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<16><221><6>Pn<9>7<141><197><160><197><245><155>6<3><172><154>p<230><210>Z<159><149><192>C<255><154><220><149><3>*<156>q<2><3><1><0><1><163><130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9\<249>s<196>0<129><247><6><3>U<29>#
EAP-Message =
<4><129><239>0<129><236><128><20><180><27><24>R'<27><169>)<152><148>o<139>c<198><6>9\<249>s<196><161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><1><0>0<12><6><3>U<29><19><4><5>0<3>
EAP-Message =
<1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>A<130>4<253><23>-<13><9><9><222>3<19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<233><144><146>&g<162><190><234><145>H<159><10>^6IQ<223><219><193>@><204>b<245><12><6><133><147><132><192>fU<165><197><180>k<136>:<8><198><152><165>*%<221><237><188><23><251><255><172>'n<142>H<25>q<173>t<215><212><221><239><20>FZyd<205><240>Wbd<143><139>q]h<236><127><16><143>tA<163>4I<236><230><147><218>><175>B^<130><0>*9<22><3><1><0><220><13><0><0><212><2><1><2><0><207><0><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certif
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1113 ....
Code: Access-Request
Identifier: 205
Authentic: s7<0><0>`.<0><0>\<14><0><0><13>u<0><0>
Attributes:
Message-Authenticator =
<206>P<231>&<160><178><233><185><136><149>">-X%<243>
User-Name = "anonymous"
State = ""
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00-04-23-77-4b-a3"
Framed-MTU = 1000
EAP-Message = <2><5><0><5><21>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 5, 5
Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Challenge
Identifier: 205
Authentic: s7<0><0>`.<0><0>\<14><0><0><13>u<0><0>
Attributes:
EAP-Message =
<1><6><0><134><21><0>icates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<14><0><0><0>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1113 ....
Code: Access-Request
Identifier: 206
Authentic: <255>U<0><0><198><21><0><0>q<30><0><0><211>e<0><0>
Attributes:
Message-Authenticator =
e<172><247>F<29><172>&<235>j<20><15><163>a<147>a<7>
User-Name = "anonymous"
State = ""
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00-04-23-77-4b-a3"
Framed-MTU = 1000
EAP-Message =
<2><6><0><212><21><128><0><0><0><202><22><3><1><0><7><11><0><0><3><0><0><0><22><3><1><0><134><16><0><0><130><0><128>:<145><15><149>J<23>|<160>2<147>JK<26><241><169><136><206>+u N<183><128><13>u<188>8<213><162><190><188><0>=<229>[?<9><209><215>\&2<187><26>:b<252><134><5><201><140>_:<135><130>X<130><239><10>!<195><239><205>&<18><247>.<172><127><134>j<130><150><16><176><160><165>a<211><199><136>3YD<136><209><156><247><155> <226>[<218><200><169><235><254><10><135>zyS<194><155><247>?<249><250><155><133>k46<24><194><177><187><218><234><184><239><133>f<135><197><211><211>y<20><3><1><0><1><1><22><3><1><0>(<149><216>gg<3><219><150><200><190><130><246><179>L<137><163><195>5C=<183>YG4<2>l<154><247><157><171><131><248><204><128><138>SX<227><231><157><210>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 6, 212
Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
Mon Jan 5 12:53:40 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Challenge
Identifier: 206
Authentic: <255>U<0><0><198><21><0><0>q<30><0><0><211>e<0><0>
Attributes:
EAP-Message =
<1><7><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<148>$Y<204><212>(<190>k<1><165><231>|<209>'<2><171><20><247>N<164><177><168><217><189>|<156><18><14>Ocb<185>3<174><22>_<213><238><254><238>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1113 ....
Code: Access-Request
Identifier: 207
Authentic: <246>=<0><0><209>><0><0>r<0><0><0><139><7><0><0>
Attributes:
Message-Authenticator =
<172>_<8><30><190><225><156><191><159><142><253>]S<229><253>G
User-Name = "anonymous"
State = ""
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00-04-23-77-4b-a3"
Framed-MTU = 1000
EAP-Message =
<2><7><0>W<21><128><0><0><0>M<23><3><1><0>H<228><249>@)<209>i<243><10><244><154><134>4<172>i}bB<29><127>&<27><162><217><26><215>PI<136><200>(<220>c<242>f]<137>><186><28><218>b<149><140><129>o<29><248><182><15>>\<238><186><127>N<155><6><241>t<136>I9<148><218>?<236>1<130><147>,<175><226>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 7, 87
Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
Mon Jan 5 12:53:40 2004: DEBUG: EAP TTLS inner authentication request
for berndt.sevcik
Mon Jan 5 12:53:40 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic:
<29><144><239><199><196><246><215><200><139><156><2><185><189><18><224><243>
Attributes:
User-Name = "berndt.sevcik"
User-Password = "Yalla1980"
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler
'TunnelledByTTLS=1'
Mon Jan 5 12:53:40 2004: DEBUG: Rewrote user name to berndt.sevcik
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for berndt.sevcik,
10.2.12.101,
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
LDAPTTLSAuthentication
Mon Jan 5 12:53:40 2004: INFO: Connecting to 10.2.4.21, port 389
Mon Jan 5 12:53:40 2004: INFO: Attempting to bind to LDAP server
10.2.4.21:389)
Mon Jan 5 12:53:40 2004: DEBUG: LDAP got result for
uid=berndt.sevcik,ou=People,ou=admin,dc=tgm,dc=ac,dc=at
Mon Jan 5 12:53:40 2004: DEBUG: LDAP got scriptPath: Yalla1980
Mon Jan 5 12:53:40 2004: DEBUG: Radius::AuthLDAP2 looks for match with
berndt.sevcik
Mon Jan 5 12:53:40 2004: DEBUG: Radius::AuthLDAP2 ACCEPT:
Mon Jan 5 12:53:40 2004: DEBUG: Access accepted for berndt.sevcik
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 0, EAP TTLS inner
authentication redespatched to a Handler
Mon Jan 5 12:53:40 2004: DEBUG: Access accepted for anonymous
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Accept
Identifier: 207
Authentic: <246>=<0><0><209>><0><0>r<0><0><0><139><7><0><0>
Attributes:
MS-MPPE-Send-Key =
"<180>u|9<155><7>CA<5>,<252><224>Wzf<172><132><241><236>/kU<6><170><159><199><128><232>PX<20><241><166><149>s<247>\<10><235><162><154><228><3>&<208>+'<157>a<151>"
MS-MPPE-Recv-Key = "<146><195><216><184>s<225><184>
<229>(e<239><200>+<133><176><130><243>lloh<234><148><9>PZ<206><235><242>G<148>5<213>O<236><2>z<24><219><134>H<195><171>jB<139><25>~P"
EAP-Message = <3><7><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1114 ....
Code: Accounting-Request
Identifier: 54
Authentic: <231><186><207><255><130><29><8><189><22>8<231><183>b<144>A5
Attributes:
Acct-Status-Type = Start
User-Name = "anonymous"
Calling-Station-Id = "00-04-23-77-4b-a3"
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
Acct-Delay-Time = 0
Acct-Session-Id = "2600001a"
Acct-Authentic = RADIUS
Mon Jan 5 12:53:40 2004: DEBUG: Handlin
Thanks for help
Berndt
--
Diese Message wurde erstellt mit freundlicher Unterstuetzung
eines freilaufenden Pinguins aus artgerechter Freilandhaltung.
Sie ist garantiert frei von Microsoftschen Viren.
-----------------------------------------
TGM - Die Schule der Technik
IT-Service
A-1200 Wien, Wexstr. 19-23
Tel. +43(1)33126/316 Fax: +43(1)33126/154
E-Mail: berndt.sevcik at tgm.ac.at
-----------------------------------------
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list