(RADIATOR) TTLS and Alfa & Ariss Client

Hugh Irvine hugh at open.com.au
Mon Jan 5 15:40:35 CST 2004


Hello Berndt -

Thanks for sending the configuration and debug.

As far as I can see Radiator is operating correctly, with as you say an  
Access-Accept being sent back to the Client. It even seems that the  
session starts as there is an Accounting-Start received immediately  
following.

It may be that you will need to send some additionaly reply attributes  
in the Access-Accept to start the session? It is fairly usual to have  
to specify a Service-Type and a Framed-Protocol with something like  
this:

	<AuthBy ...>
		.....
		AddToReply Service-Type = Framed-User, \
			Framed-Protocol = PPP, \
			......
		.....
	</AuthBy>

You sould check with the vendor to find out what reply attributes are  
required.

regards

Hugh



On 05/01/2004, at 11:03 PM, Sevcik Berndt wrote:

> I use Windows XP SP1 with the Alfa and Aris TTLS Client Version 1.0.8.  
> I
> tried to authenticate my Laptop with TTLS and it is not working. But  
> the
> Debug Output shows me an Access-Accept Message. Bevor I started using
> TTLS I used PEAP with the Supplicant from Windows XP and had no  
> problems
> with the authentication process.
>
> Her is my configuration:
> Foreground
> LogStdout
> LogDir          .
> DbDir           .
>
> Trace           4
>
> AuthPort 1645
> AcctPort 1646
>
> <Client DEFAULT>
>         Secret  mysecret
>         DupInterval 0
> </Client>
>
> <ClientListSQL>
>         DBSource        dbi:mysql:radius
>         DBUsername      root
>         DBAuth          letmein
> </ClientListSQL>
>
> <AuthBy SQL>
>     Identifier SQLAccounting
>     AuthSelect
>     DBSource    dbi:mysql:radius
>     DBUsername  root
>     DBAuth      letmein
>     AccountingTable     ACCOUNTING
>     AcctColumnDef       USERNAME,User-Name
>     AcctColumnDef       TIME_STAMP,Timestamp,integer
>     AcctColumnDef       ACCTSTATUSTYPE,Acct-Status-Type
>     AcctColumnDef       ACCTDELAYTIME,Acct-Delay-Time,integer
>     AcctColumnDef       ACCTINPUTOCTETS,Acct-Input-Octets,integer
>     AcctColumnDef       ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>     AcctColumnDef       ACCTSESSIONID,Acct-Session-Id
>     AcctColumnDef       ACCTSESSIONTIME,Acct-Session-Time,integer
>     AcctColumnDef       ACCTTERMINATECAUSE,Acct-Terminate-Cause
>     AcctColumnDef       NASIDENTIFIER,NAS-Identifier
>     AcctColumnDef       NASPORT,NAS-Port,integer
>     AcctColumnDef       FRAMEDIPADDRESS,Framed-IP-Address
>
>     #AcctFailedLogFileName %D/missedaccounting
> </AuthBy>
>
> <AuthBy FILE>
>     Identifier OUTERAuthentication
>     Filename %D/users
>     EAPType PEAP,TTLS
>     EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>     EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>     EAPTLS_CertificateType PEM
>     EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>     EAPTLS_PrivateKeyPassword whatever
>     EAPTLS_MaxFragmentSize 1000
>     #EAPTLS_DHFile %D/certificates/cert/dh
>     #EAPTLS_CRLCheck
>     #EAPTLS_CRLFile %D/certificates/crl.pem
>     #EAPTLS_CRLFile %D/certificates/revocations.pem
>     AutoMPPEKeys
>     SSLeayTrace 4
> </AuthBy>
>
> <Handler TunnelledByPEAP=1>
>     RewriteUsername s/(.*)\\(.*)/$2/
>     <AuthBy LDAP2>
>         Identifier      LDAPPEAPAuthentication
>         RcryptKey       whatever
>         Host            10.2.4.21
>         AuthDN          cn=admin, dc=tgm, dc=ac, dc=at
>         AuthPassword    sUpp.rT
>         BaseDN          ou=People,ou=admin,dc=tgm,dc=ac,dc=at
>         UsernameAttr    uid
>         PasswordAttr    profilePath
>         AuthAttrDef     radiusAuthType,GENERIC,check
>
>         # You can enable debugging of the Net::LDAP
>         # module with this:
>         # Debug 255
>
>         EAPType MSCHAP-V2
>     </AuthBy>
> </Handler>
>
> <Handler TunnelledByTTLS=1>
>     RewriteUsername s/(.*)\\(.*)/$2/
>     <AuthBy LDAP2>
>         Identifier      LDAPTTLSAuthentication
>         RcryptKey       whatever
>         Host            10.2.4.21
>         AuthDN          cn=admin, dc=tgm, dc=ac, dc=at
>         AuthPassword    sUpp.rT
>         BaseDN          ou=People,ou=admin,dc=tgm,dc=ac,dc=at
>         UsernameAttr    uid
>         PasswordAttr    scriptPath
>         # AuthAttrDef   radiusAuthType,GENERIC,check
>
>         # You can enable debugging of the Net::LDAP
>         # module with this:
>         # Debug 255
>
>         # EAPType MSCHAP-V2
>     </AuthBy>
> </Handler>
>
> <Handler Request-Type = Accounting-Request>
>     AuthBy SQLAccounting
> </Handler>
>
> <Handler>
>     # AuthByPolicy ContinueWhileReject
>     AuthBy OUTERAuthentication
>     # AuthBy PEAPAuthentication
> </Handler>
>
> And the Debug output:
> Mon Jan  5 12:53:12 2004: DEBUG: Adding Clients from SQL database
> Mon Jan  5 12:53:12 2004: DEBUG: Query is: 'select
> 	NASIDENTIFIER,
> 	SECRET,
> 	IGNOREACCTSIGNATURE,
> 	DUPINTERVAL,
> 	DEFAULTREALM,
> 	NASTYPE,
> 	SNMPCOMMUNITY,
> 	LIVINGSTONOFFS,
> 	LIVINGSTONHOLE,
> 	FRAMEDGROUPBASEADDRESS,
> 	FRAMEDGROUPMAXPORTSPERCLASSC,
> 	REWRITEUSERNAME,
> 	NOIGNOREDUPLICATES,
> 	PREHANDLERHOOK from RADCLIENTLIST':
>
> Mon Jan  5 12:53:12 2004: DEBUG: Reading users file ./users
> Mon Jan  5 12:53:16 2004: DEBUG: Finished reading configuration file
> 'custom.cfg'
> This Radiator license will expire on 2004-02-01
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your evaluation period, contact admin at open.com.au
>
> Mon Jan  5 12:53:16 2004: DEBUG: Reading dictionary file './dictionary'
> Mon Jan  5 12:53:18 2004: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Mon Jan  5 12:53:18 2004: DEBUG: Creating accounting port 0.0.0.0:1646
> Mon Jan  5 12:53:18 2004: NOTICE: Server started: Radiator 3.7.1 on
> ITS-Test1 (EVALUATION)
> Mon Jan  5 12:53:32 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1112 ....
> Code:       Accounting-Request
> Identifier: 53
> Authentic:  A<7><9>yG<135><9><220><239><14>lcn<20>zc
> Attributes:
> 	Acct-Status-Type = Stop
> 	Acct-Session-Id = "26000019"
> 	User-Name = "anonymous"
> 	Calling-Station-Id = "00-04-23-77-4b-a3"
> 	NAS-IP-Address = 10.2.12.101
> 	NAS-Port = 2
> 	Acct-Delay-Time = 0
> 	Acct-Session-Time = 106
> 	Acct-Authentic = RADIUS
> 	Acct-Terminate-Cause = Lost-Carrier
>
> Mon Jan  5 12:53:32 2004: DEBUG: Handling request with Handler
> 'Request-Type = Accounting-Request'
> Mon Jan  5 12:53:32 2004: DEBUG:  Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan  5 12:53:32 2004: DEBUG: Handling with Radius::AuthSQL
> Mon Jan  5 12:53:32 2004: DEBUG: Handling accounting with
> Radius::AuthSQL
> Mon Jan  5 12:53:32 2004: DEBUG: do query is: 'insert into ACCOUNTING
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINA 
> TECAUSE,NASPORT,TIME_STAMP,USERNAME) values  
> (0,'26000019',106,'Stop','Lost-Carrier',2,1073303612,'anonymous')':
>
> Mon Jan  5 12:53:32 2004: DEBUG: Accounting accepted
> Mon Jan  5 12:53:32 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1112 ....
> Code:       Accounting-Response
> Identifier: 53
> Authentic:  A<7><9>yG<135><9><220><239><14>lcn<20>zc
> Attributes:
>
> Mon Jan  5 12:53:38 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code:       Access-Request
> Identifier: 201
> Authentic:  <245>k<0><0><155><15><0><0>9'<0><0><195>^<0><0>
> Attributes:
> 	Message-Authenticator =
> $<199><24><220><148><149><128>><195><182><172><195>|A<2>h
> 	User-Name = "anonymous"
> 	NAS-IP-Address = 10.2.12.101
> 	NAS-Port = 2
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "00-04-23-77-4b-a3"
> 	EAP-Message = <2><1><0><14><1>anonymous
> 	Framed-MTU = 1000
>
> Mon Jan  5 12:53:38 2004: DEBUG: Handling request with Handler ''
> Mon Jan  5 12:53:39 2004: DEBUG:  Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan  5 12:53:39 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan  5 12:53:39 2004: DEBUG: Handling with EAP: code 2, 1, 14
> Mon Jan  5 12:53:39 2004: DEBUG: Response type 1
> Mon Jan  5 12:53:39 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Jan  5 12:53:39 2004: DEBUG: Access challenged for anonymous: EAP
> PEAP Challenge
> Mon Jan  5 12:53:39 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code:       Access-Challenge
> Identifier: 201
> Authentic:  <245>k<0><0><155><15><0><0>9'<0><0><195>^<0><0>
> Attributes:
> 	EAP-Message = <1><2><0><6><25>!
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code:       Access-Request
> Identifier: 202
> Authentic:  `p<0><0>TG<0><0><2>A<0><0><156><13><0><0>
> Attributes:
> 	Message-Authenticator =
> <23><214><211>3<242>"<10>h<242><145>4{<30>r2<214>
> 	User-Name = "anonymous"
> 	State = ""
> 	NAS-IP-Address = 10.2.12.101
> 	NAS-Port = 2
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "00-04-23-77-4b-a3"
> 	Framed-MTU = 1000
> 	EAP-Message = <2><2><0><6><3><21>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan  5 12:53:40 2004: DEBUG:  Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 2, 6
> Mon Jan  5 12:53:40 2004: DEBUG: Response type 3
> Mon Jan  5 12:53:40 2004: INFO: EAP Nak desires type 21
> Mon Jan  5 12:53:40 2004: DEBUG: Resuming session for
> Radius::Context=HASH(0x89e2e4c)
>
> Mon Jan  5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan  5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code:       Access-Challenge
> Identifier: 202
> Authentic:  `p<0><0>TG<0><0><2>A<0><0><156><13><0><0>
> Attributes:
> 	EAP-Message = <1><3><0><6><21>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code:       Access-Request
> Identifier: 203
> Authentic:  <214>q<0><0><30>M<0><0>c<28><0><0>$Z<0><0>
> Attributes:
> 	Message-Authenticator =
> <25><23><241><194><23><233><30>e<171><210>1<132><221>KR?
> 	User-Name = "anonymous"
> 	State = ""
> 	NAS-IP-Address = 10.2.12.101
> 	NAS-Port = 2
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "00-04-23-77-4b-a3"
> 	Framed-MTU = 1000
> 	EAP-Message =
> <2><3><0><<21><128><0><0><0>2<22><3><1><0>- 
> <1><0><0>)<3><1><207><3><21><0><162>}m<240><179><127>,<193><18><22><240 
> ><155><212><128><160><31><229><226>tv<28>z.3<237><157><223><23><0><0><2 
> ><0><10><1><0>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan  5 12:53:40 2004: DEBUG:  Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 3, 60
> Mon Jan  5 12:53:40 2004: DEBUG: Response type 21
> Mon Jan  5 12:53:40 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Mon Jan  5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan  5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code:       Access-Challenge
> Identifier: 203
> Authentic:  <214>q<0><0><30>M<0><0>c<28><0><0>$Z<0><0>
> Attributes:
> 	EAP-Message =
> <1><4><3><242><21><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>? 
> <249>PD<232>e<255>C<145><235>: 
> <143>*>d<246>Uv<175><215><127>@K<4(<253><255><136>R<136><201>  
> c<2><172><136><162>y<218><168>v[d<136><173><155><203><182><138><215>"<1 
> 56><3>M<154><4><131>=<8><210><163>a<174>J<0><10><0><22><3><1><7><27><11 
> ><0><7><23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1>< 
> 2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1< 
> 11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18 
> >0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC  
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
> 	EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
> production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30> 
> <23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6><19>< 
> 2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9 
> >Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test  
> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159> 
> 0<13><6><9>*<134>H<134><247><13><1><1>
> 	EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><24 
> 5><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9<193> 
> <13><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS<151> 
> <30><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171>5s<1 
> 87><229><139>2<250><146><1><187><207><226><203>5<251><178><1><212><178> 
> <141><219>O<253><134><213>N|<172>: 
> J<23><173><161><191><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215> 
> <186>x<141><197><212>s<145><235>\<164><8>! 
> <2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1> 
> <5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129>< 
> 129><0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<24><13 
> 6><172><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><183>< 
> 230><148><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><4>r<2 
> 39>?<1><16><203>
> 	EAP-Message =
> T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202 
> >u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t<1 
> 96><188><3><195>.%<19>mD<242><149><237>O<138><193><0><4>=0<130><4>90<13 
> 0><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1> 
> <1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U 
> <4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28>< 
> 6><3>U<4><10><19><21>OSC Demo  
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate  
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do no
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code:       Access-Request
> Identifier: 204
> Authentic:  6<12><0><0>9A<0><0>,4<0><0><254>&<0><0>
> Attributes:
> 	Message-Authenticator =  
> <139>%F<20>7<187><138>W<152><208><206>2<139>bbH
> 	User-Name = "anonymous"
> 	State = ""
> 	NAS-IP-Address = 10.2.12.101
> 	NAS-Port = 2
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "00-04-23-77-4b-a3"
> 	Framed-MTU = 1000
> 	EAP-Message = <2><4><0><5><21>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan  5 12:53:40 2004: DEBUG:  Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 4, 5
> Mon Jan  5 12:53:40 2004: DEBUG: Response type 21
> Mon Jan  5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan  5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code:       Access-Challenge
> Identifier: 204
> Authentic:  6<12><0><0>9A<0><0>,4<0><0><254>&<0><0>
> Attributes:
> 	EAP-Message = <1><5><3><238><21>@t use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30> 
> <23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0<9><6><3>U<4 
> ><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4> 
> <7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo  
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate  
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
> 	EAP-Message = roduction)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129 
> ><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0< 
> 129><137><2><129><129><0><193>@h<28><185>'<7><254><247>{9<233><245>3S<2 
> 09>=<173>>c<144>Z<239>? 
> b<150><224><171><219><170><170>i<226><251><234>\Jwi<210><141><249><141> 
> <148><224>|<188>V<24><209><8><223>f? 
> <149><172><6><226><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<160>e< 
> 153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<16><221> 
> <6>Pn<9>7<141><197><160><197><245><155>6<3><172><154>p<230><210>Z<159>< 
> 149><192>C<255><154><220><149><3>*<156>q<2><3><1><0><1><163><130><1>+0< 
> 130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><169>)<152 
> ><148>o<139>c<198><6>9\<249>s<196>0<129><247><6><3>U<29>#
> 	EAP-Message =
> <4><129><239>0<129><236><128><20><180><27><24>R'<27><169>)<152><148>o<1 
> 39>c<198><6>9\<249>s<196><161><129><208><164><129><205>0<129><202>1<11> 
> 0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0< 
> 16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC  
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate  
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1  
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130> 
> <1><0>0<12><6><3>U<29><19><4><5>0<3>
> 	EAP-Message =
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129> 
> <0>A<130>4<253><23>- 
> <13><9><9><222>3<19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<23 
> 3><144><146>&g<162><190><234><145>H<159><10>^6IQ<223><219><193>@><204>b 
> <245><12><6><133><147><132><192>fU<165><197><180>k<136>: 
> <8><198><152><165>*%<221><237><188><23><251><255><172>'n<142>H<25>q<173 
> >t<215><212><221><239><20>FZyd<205><240>Wbd<143><139>q]h<236><127><16>< 
> 143>tA<163>4I<236><230><147><218>><175>B^<130><0>*9<22><3><1><0><220><1 
> 3><0><0><212><2><1><2><0><207><0><205>0<129><202>1<11>0<9><6><3>U<4><6> 
> <19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7>< 
> 19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certif
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code:       Access-Request
> Identifier: 205
> Authentic:  s7<0><0>`.<0><0>\<14><0><0><13>u<0><0>
> Attributes:
> 	Message-Authenticator =
> <206>P<231>&<160><178><233><185><136><149>">-X%<243>
> 	User-Name = "anonymous"
> 	State = ""
> 	NAS-IP-Address = 10.2.12.101
> 	NAS-Port = 2
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "00-04-23-77-4b-a3"
> 	Framed-MTU = 1000
> 	EAP-Message = <2><5><0><5><21>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan  5 12:53:40 2004: DEBUG:  Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 5, 5
> Mon Jan  5 12:53:40 2004: DEBUG: Response type 21
> Mon Jan  5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan  5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code:       Access-Challenge
> Identifier: 205
> Authentic:  s7<0><0>`.<0><0>\<14><0><0><13>u<0><0>
> Attributes:
> 	EAP-Message =
> <1><6><0><134><21><0>icates1!0<31><6><3>U<4><11><19><24>Test  
> Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<14>< 
> 0><0><0>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code:       Access-Request
> Identifier: 206
> Authentic:  <255>U<0><0><198><21><0><0>q<30><0><0><211>e<0><0>
> Attributes:
> 	Message-Authenticator =
> e<172><247>F<29><172>&<235>j<20><15><163>a<147>a<7>
> 	User-Name = "anonymous"
> 	State = ""
> 	NAS-IP-Address = 10.2.12.101
> 	NAS-Port = 2
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "00-04-23-77-4b-a3"
> 	Framed-MTU = 1000
> 	EAP-Message =
> <2><6><0><212><21><128><0><0><0><202><22><3><1><0><7><11><0><0><3><0><0 
> ><0><22><3><1><0><134><16><0><0><130><0><128>: 
> <145><15><149>J<23>|<160>2<147>JK<26><241><169><136><206>+u  
> N<183><128><13>u<188>8<213><162><190><188><0>=<229>[? 
> <9><209><215>\&2<187><26>:b<252><134><5><201><140>_: 
> <135><130>X<130><239><10>! 
> <195><239><205>&<18><247>.<172><127><134>j<130><150><16><176><160><165> 
> a<211><199><136>3YD<136><209><156><247><155>  
> <226>[<218><200><169><235><254><10><135>zyS<194><155><247>? 
> <249><250><155><133>k46<24><194><177><187><218><234><184><239><133>f<13 
> 5><197><211><211>y<20><3><1><0><1><1><22><3><1><0>(<149><216>gg<3><219> 
> <150><200><190><130><246><179>L<137><163><195>5C=<183>YG4<2>l<154><247> 
> <157><171><131><248><204><128><138>SX<227><231><157><210>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan  5 12:53:40 2004: DEBUG:  Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 6, 212
> Mon Jan  5 12:53:40 2004: DEBUG: Response type 21
> Mon Jan  5 12:53:40 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Mon Jan  5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan  5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code:       Access-Challenge
> Identifier: 206
> Authentic:  <255>U<0><0><198><21><0><0>q<30><0><0><211>e<0><0>
> Attributes:
> 	EAP-Message =
> <1><7><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<148>$Y<2 
> 04><212>(<190>k<1><165><231>|<209>'<2><171><20><247>N<164><177><168><21 
> 7><189>|<156><18><14>Ocb<185>3<174><22>_<213><238><254><238>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code:       Access-Request
> Identifier: 207
> Authentic:  <246>=<0><0><209>><0><0>r<0><0><0><139><7><0><0>
> Attributes:
> 	Message-Authenticator =
> <172>_<8><30><190><225><156><191><159><142><253>]S<229><253>G
> 	User-Name = "anonymous"
> 	State = ""
> 	NAS-IP-Address = 10.2.12.101
> 	NAS-Port = 2
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "00-04-23-77-4b-a3"
> 	Framed-MTU = 1000
> 	EAP-Message =
> <2><7><0>W<21><128><0><0><0>M<23><3><1><0>H<228><249>@)<209>i<243><10>< 
> 244><154><134>4<172>i}bB<29><127>&<27><162><217><26><215>PI<136><200>(< 
> 220>c<242>f]<137>><186><28><218>b<149><140><129>o<29><248><182><15>>\<2 
> 38><186><127>N<155><6><241>t<136>I9<148><218>? 
> <236>1<130><147>,<175><226>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan  5 12:53:40 2004: DEBUG:  Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 7, 87
> Mon Jan  5 12:53:40 2004: DEBUG: Response type 21
> Mon Jan  5 12:53:40 2004: DEBUG: EAP TTLS inner authentication request
> for berndt.sevcik
> Mon Jan  5 12:53:40 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:
> <29><144><239><199><196><246><215><200><139><156><2><185><189><18><224> 
> <243>
> Attributes:
> 	User-Name = "berndt.sevcik"
> 	User-Password = "Yalla1980"
>
> Mon Jan  5 12:53:40 2004: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1'
> Mon Jan  5 12:53:40 2004: DEBUG: Rewrote user name to berndt.sevcik
> Mon Jan  5 12:53:40 2004: DEBUG:  Deleting session for berndt.sevcik,
> 10.2.12.101,
> Mon Jan  5 12:53:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
> LDAPTTLSAuthentication
> Mon Jan  5 12:53:40 2004: INFO: Connecting to 10.2.4.21, port 389
> Mon Jan  5 12:53:40 2004: INFO: Attempting to bind to LDAP server
> 10.2.4.21:389)
> Mon Jan  5 12:53:40 2004: DEBUG: LDAP got result for
> uid=berndt.sevcik,ou=People,ou=admin,dc=tgm,dc=ac,dc=at
> Mon Jan  5 12:53:40 2004: DEBUG: LDAP got scriptPath: Yalla1980
> Mon Jan  5 12:53:40 2004: DEBUG: Radius::AuthLDAP2 looks for match with
> berndt.sevcik
> Mon Jan  5 12:53:40 2004: DEBUG: Radius::AuthLDAP2 ACCEPT:
> Mon Jan  5 12:53:40 2004: DEBUG: Access accepted for berndt.sevcik
> Mon Jan  5 12:53:40 2004: DEBUG: EAP result: 0, EAP TTLS inner
> authentication redespatched to a Handler
> Mon Jan  5 12:53:40 2004: DEBUG: Access accepted for anonymous
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code:       Access-Accept
> Identifier: 207
> Authentic:  <246>=<0><0><209>><0><0>r<0><0><0><139><7><0><0>
> Attributes:
> 	MS-MPPE-Send-Key =
> "<180>u|9<155><7>CA<5>,<252><224>Wzf<172><132><241><236>/ 
> kU<6><170><159><199><128><232>PX<20><241><166><149>s<247>\<10><235><162 
> ><154><228><3>&<208>+'<157>a<151>"
> 	MS-MPPE-Recv-Key = "<146><195><216><184>s<225><184>
> <229>(e<239><200>+<133><176><130><243>lloh<234><148><9>PZ<206><235><242 
> >G<148>5<213>O<236><2>z<24><219><134>H<195><171>jB<139><25>~P"
> 	EAP-Message = <3><7><0><4>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan  5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1114 ....
> Code:       Accounting-Request
> Identifier: 54
> Authentic:   
> <231><186><207><255><130><29><8><189><22>8<231><183>b<144>A5
> Attributes:
> 	Acct-Status-Type = Start
> 	User-Name = "anonymous"
> 	Calling-Station-Id = "00-04-23-77-4b-a3"
> 	NAS-IP-Address = 10.2.12.101
> 	NAS-Port = 2
> 	Acct-Delay-Time = 0
> 	Acct-Session-Id = "2600001a"
> 	Acct-Authentic = RADIUS
>
> Mon Jan  5 12:53:40 2004: DEBUG: Handlin
>
> Thanks for help
>
> Berndt
>
> -- 
> Diese Message wurde erstellt mit freundlicher Unterstuetzung
> eines freilaufenden Pinguins aus artgerechter Freilandhaltung.
> Sie ist garantiert frei von Microsoftschen Viren.
>
> -----------------------------------------
> TGM - Die Schule der Technik
> IT-Service
> A-1200 Wien, Wexstr. 19-23
> Tel. +43(1)33126/316 Fax: +43(1)33126/154
> E-Mail: berndt.sevcik at tgm.ac.at
> -----------------------------------------
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list