(RADIATOR) TTLS and Alfa & Ariss Client
Hugh Irvine
hugh at open.com.au
Mon Jan 5 15:40:35 CST 2004
Hello Berndt -
Thanks for sending the configuration and debug.
As far as I can see Radiator is operating correctly, with as you say an
Access-Accept being sent back to the Client. It even seems that the
session starts as there is an Accounting-Start received immediately
following.
It may be that you will need to send some additionaly reply attributes
in the Access-Accept to start the session? It is fairly usual to have
to specify a Service-Type and a Framed-Protocol with something like
this:
<AuthBy ...>
.....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
......
.....
</AuthBy>
You sould check with the vendor to find out what reply attributes are
required.
regards
Hugh
On 05/01/2004, at 11:03 PM, Sevcik Berndt wrote:
> I use Windows XP SP1 with the Alfa and Aris TTLS Client Version 1.0.8.
> I
> tried to authenticate my Laptop with TTLS and it is not working. But
> the
> Debug Output shows me an Access-Accept Message. Bevor I started using
> TTLS I used PEAP with the Supplicant from Windows XP and had no
> problems
> with the authentication process.
>
> Her is my configuration:
> Foreground
> LogStdout
> LogDir .
> DbDir .
>
> Trace 4
>
> AuthPort 1645
> AcctPort 1646
>
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <ClientListSQL>
> DBSource dbi:mysql:radius
> DBUsername root
> DBAuth letmein
> </ClientListSQL>
>
> <AuthBy SQL>
> Identifier SQLAccounting
> AuthSelect
> DBSource dbi:mysql:radius
> DBUsername root
> DBAuth letmein
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>
> #AcctFailedLogFileName %D/missedaccounting
> </AuthBy>
>
> <AuthBy FILE>
> Identifier OUTERAuthentication
> Filename %D/users
> EAPType PEAP,TTLS
> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> EAPTLS_PrivateKeyPassword whatever
> EAPTLS_MaxFragmentSize 1000
> #EAPTLS_DHFile %D/certificates/cert/dh
> #EAPTLS_CRLCheck
> #EAPTLS_CRLFile %D/certificates/crl.pem
> #EAPTLS_CRLFile %D/certificates/revocations.pem
> AutoMPPEKeys
> SSLeayTrace 4
> </AuthBy>
>
> <Handler TunnelledByPEAP=1>
> RewriteUsername s/(.*)\\(.*)/$2/
> <AuthBy LDAP2>
> Identifier LDAPPEAPAuthentication
> RcryptKey whatever
> Host 10.2.4.21
> AuthDN cn=admin, dc=tgm, dc=ac, dc=at
> AuthPassword sUpp.rT
> BaseDN ou=People,ou=admin,dc=tgm,dc=ac,dc=at
> UsernameAttr uid
> PasswordAttr profilePath
> AuthAttrDef radiusAuthType,GENERIC,check
>
> # You can enable debugging of the Net::LDAP
> # module with this:
> # Debug 255
>
> EAPType MSCHAP-V2
> </AuthBy>
> </Handler>
>
> <Handler TunnelledByTTLS=1>
> RewriteUsername s/(.*)\\(.*)/$2/
> <AuthBy LDAP2>
> Identifier LDAPTTLSAuthentication
> RcryptKey whatever
> Host 10.2.4.21
> AuthDN cn=admin, dc=tgm, dc=ac, dc=at
> AuthPassword sUpp.rT
> BaseDN ou=People,ou=admin,dc=tgm,dc=ac,dc=at
> UsernameAttr uid
> PasswordAttr scriptPath
> # AuthAttrDef radiusAuthType,GENERIC,check
>
> # You can enable debugging of the Net::LDAP
> # module with this:
> # Debug 255
>
> # EAPType MSCHAP-V2
> </AuthBy>
> </Handler>
>
> <Handler Request-Type = Accounting-Request>
> AuthBy SQLAccounting
> </Handler>
>
> <Handler>
> # AuthByPolicy ContinueWhileReject
> AuthBy OUTERAuthentication
> # AuthBy PEAPAuthentication
> </Handler>
>
> And the Debug output:
> Mon Jan 5 12:53:12 2004: DEBUG: Adding Clients from SQL database
> Mon Jan 5 12:53:12 2004: DEBUG: Query is: 'select
> NASIDENTIFIER,
> SECRET,
> IGNOREACCTSIGNATURE,
> DUPINTERVAL,
> DEFAULTREALM,
> NASTYPE,
> SNMPCOMMUNITY,
> LIVINGSTONOFFS,
> LIVINGSTONHOLE,
> FRAMEDGROUPBASEADDRESS,
> FRAMEDGROUPMAXPORTSPERCLASSC,
> REWRITEUSERNAME,
> NOIGNOREDUPLICATES,
> PREHANDLERHOOK from RADCLIENTLIST':
>
> Mon Jan 5 12:53:12 2004: DEBUG: Reading users file ./users
> Mon Jan 5 12:53:16 2004: DEBUG: Finished reading configuration file
> 'custom.cfg'
> This Radiator license will expire on 2004-02-01
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your evaluation period, contact admin at open.com.au
>
> Mon Jan 5 12:53:16 2004: DEBUG: Reading dictionary file './dictionary'
> Mon Jan 5 12:53:18 2004: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Mon Jan 5 12:53:18 2004: DEBUG: Creating accounting port 0.0.0.0:1646
> Mon Jan 5 12:53:18 2004: NOTICE: Server started: Radiator 3.7.1 on
> ITS-Test1 (EVALUATION)
> Mon Jan 5 12:53:32 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1112 ....
> Code: Accounting-Request
> Identifier: 53
> Authentic: A<7><9>yG<135><9><220><239><14>lcn<20>zc
> Attributes:
> Acct-Status-Type = Stop
> Acct-Session-Id = "26000019"
> User-Name = "anonymous"
> Calling-Station-Id = "00-04-23-77-4b-a3"
> NAS-IP-Address = 10.2.12.101
> NAS-Port = 2
> Acct-Delay-Time = 0
> Acct-Session-Time = 106
> Acct-Authentic = RADIUS
> Acct-Terminate-Cause = Lost-Carrier
>
> Mon Jan 5 12:53:32 2004: DEBUG: Handling request with Handler
> 'Request-Type = Accounting-Request'
> Mon Jan 5 12:53:32 2004: DEBUG: Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan 5 12:53:32 2004: DEBUG: Handling with Radius::AuthSQL
> Mon Jan 5 12:53:32 2004: DEBUG: Handling accounting with
> Radius::AuthSQL
> Mon Jan 5 12:53:32 2004: DEBUG: do query is: 'insert into ACCOUNTING
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINA
> TECAUSE,NASPORT,TIME_STAMP,USERNAME) values
> (0,'26000019',106,'Stop','Lost-Carrier',2,1073303612,'anonymous')':
>
> Mon Jan 5 12:53:32 2004: DEBUG: Accounting accepted
> Mon Jan 5 12:53:32 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1112 ....
> Code: Accounting-Response
> Identifier: 53
> Authentic: A<7><9>yG<135><9><220><239><14>lcn<20>zc
> Attributes:
>
> Mon Jan 5 12:53:38 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code: Access-Request
> Identifier: 201
> Authentic: <245>k<0><0><155><15><0><0>9'<0><0><195>^<0><0>
> Attributes:
> Message-Authenticator =
> $<199><24><220><148><149><128>><195><182><172><195>|A<2>h
> User-Name = "anonymous"
> NAS-IP-Address = 10.2.12.101
> NAS-Port = 2
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00-04-23-77-4b-a3"
> EAP-Message = <2><1><0><14><1>anonymous
> Framed-MTU = 1000
>
> Mon Jan 5 12:53:38 2004: DEBUG: Handling request with Handler ''
> Mon Jan 5 12:53:39 2004: DEBUG: Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan 5 12:53:39 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan 5 12:53:39 2004: DEBUG: Handling with EAP: code 2, 1, 14
> Mon Jan 5 12:53:39 2004: DEBUG: Response type 1
> Mon Jan 5 12:53:39 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Jan 5 12:53:39 2004: DEBUG: Access challenged for anonymous: EAP
> PEAP Challenge
> Mon Jan 5 12:53:39 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code: Access-Challenge
> Identifier: 201
> Authentic: <245>k<0><0><155><15><0><0>9'<0><0><195>^<0><0>
> Attributes:
> EAP-Message = <1><2><0><6><25>!
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code: Access-Request
> Identifier: 202
> Authentic: `p<0><0>TG<0><0><2>A<0><0><156><13><0><0>
> Attributes:
> Message-Authenticator =
> <23><214><211>3<242>"<10>h<242><145>4{<30>r2<214>
> User-Name = "anonymous"
> State = ""
> NAS-IP-Address = 10.2.12.101
> NAS-Port = 2
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00-04-23-77-4b-a3"
> Framed-MTU = 1000
> EAP-Message = <2><2><0><6><3><21>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 2, 6
> Mon Jan 5 12:53:40 2004: DEBUG: Response type 3
> Mon Jan 5 12:53:40 2004: INFO: EAP Nak desires type 21
> Mon Jan 5 12:53:40 2004: DEBUG: Resuming session for
> Radius::Context=HASH(0x89e2e4c)
>
> Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code: Access-Challenge
> Identifier: 202
> Authentic: `p<0><0>TG<0><0><2>A<0><0><156><13><0><0>
> Attributes:
> EAP-Message = <1><3><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code: Access-Request
> Identifier: 203
> Authentic: <214>q<0><0><30>M<0><0>c<28><0><0>$Z<0><0>
> Attributes:
> Message-Authenticator =
> <25><23><241><194><23><233><30>e<171><210>1<132><221>KR?
> User-Name = "anonymous"
> State = ""
> NAS-IP-Address = 10.2.12.101
> NAS-Port = 2
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00-04-23-77-4b-a3"
> Framed-MTU = 1000
> EAP-Message =
> <2><3><0><<21><128><0><0><0>2<22><3><1><0>-
> <1><0><0>)<3><1><207><3><21><0><162>}m<240><179><127>,<193><18><22><240
> ><155><212><128><160><31><229><226>tv<28>z.3<237><157><223><23><0><0><2
> ><0><10><1><0>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 3, 60
> Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
> Mon Jan 5 12:53:40 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code: Access-Challenge
> Identifier: 203
> Authentic: <214>q<0><0><30>M<0><0>c<28><0><0>$Z<0><0>
> Attributes:
> EAP-Message =
> <1><4><3><242><21><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>?
> <249>PD<232>e<255>C<145><235>:
> <143>*>d<246>Uv<175><215><127>@K<4(<253><255><136>R<136><201>
> c<2><172><136><162>y<218><168>v[d<136><173><155><203><182><138><215>"<1
> 56><3>M<154><4><131>=<8><210><163>a<174>J<0><10><0><22><3><1><7><27><11
> ><0><7><23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><
> 2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<
> 11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18
> >0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
> production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30>
> <23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6><19><
> 2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9
> >Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test
> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>
> 0<13><6><9>*<134>H<134><247><13><1><1>
> EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><24
> 5><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9<193>
> <13><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS<151>
> <30><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171>5s<1
> 87><229><139>2<250><146><1><187><207><226><203>5<251><178><1><212><178>
> <141><219>O<253><134><213>N|<172>:
> J<23><173><161><191><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215>
> <186>x<141><197><212>s<145><235>\<164><8>!
> <2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1>
> <5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><
> 129><0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<24><13
> 6><172><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><183><
> 230><148><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><4>r<2
> 39>?<1><16><203>
> EAP-Message =
> T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202
> >u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t<1
> 96><188><3><195>.%<19>mD<242><149><237>O<138><193><0><4>=0<130><4>90<13
> 0><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1>
> <1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U
> <4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><
> 6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do no
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code: Access-Request
> Identifier: 204
> Authentic: 6<12><0><0>9A<0><0>,4<0><0><254>&<0><0>
> Attributes:
> Message-Authenticator =
> <139>%F<20>7<187><138>W<152><208><206>2<139>bbH
> User-Name = "anonymous"
> State = ""
> NAS-IP-Address = 10.2.12.101
> NAS-Port = 2
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00-04-23-77-4b-a3"
> Framed-MTU = 1000
> EAP-Message = <2><4><0><5><21>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 4, 5
> Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
> Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code: Access-Challenge
> Identifier: 204
> Authentic: 6<12><0><0>9A<0><0>,4<0><0><254>&<0><0>
> Attributes:
> EAP-Message = <1><5><3><238><21>@t use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30>
> <23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0<9><6><3>U<4
> ><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4>
> <7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
> EAP-Message = roduction)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129
> ><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<
> 129><137><2><129><129><0><193>@h<28><185>'<7><254><247>{9<233><245>3S<2
> 09>=<173>>c<144>Z<239>?
> b<150><224><171><219><170><170>i<226><251><234>\Jwi<210><141><249><141>
> <148><224>|<188>V<24><209><8><223>f?
> <149><172><6><226><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<160>e<
> 153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<16><221>
> <6>Pn<9>7<141><197><160><197><245><155>6<3><172><154>p<230><210>Z<159><
> 149><192>C<255><154><220><149><3>*<156>q<2><3><1><0><1><163><130><1>+0<
> 130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><169>)<152
> ><148>o<139>c<198><6>9\<249>s<196>0<129><247><6><3>U<29>#
> EAP-Message =
> <4><129><239>0<129><236><128><20><180><27><24>R'<27><169>)<152><148>o<1
> 39>c<198><6>9\<249>s<196><161><129><208><164><129><205>0<129><202>1<11>
> 0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<
> 16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130>
> <1><0>0<12><6><3>U<29><19><4><5>0<3>
> EAP-Message =
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129>
> <0>A<130>4<253><23>-
> <13><9><9><222>3<19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<23
> 3><144><146>&g<162><190><234><145>H<159><10>^6IQ<223><219><193>@><204>b
> <245><12><6><133><147><132><192>fU<165><197><180>k<136>:
> <8><198><152><165>*%<221><237><188><23><251><255><172>'n<142>H<25>q<173
> >t<215><212><221><239><20>FZyd<205><240>Wbd<143><139>q]h<236><127><16><
> 143>tA<163>4I<236><230><147><218>><175>B^<130><0>*9<22><3><1><0><220><1
> 3><0><0><212><2><1><2><0><207><0><205>0<129><202>1<11>0<9><6><3>U<4><6>
> <19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><
> 19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certif
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code: Access-Request
> Identifier: 205
> Authentic: s7<0><0>`.<0><0>\<14><0><0><13>u<0><0>
> Attributes:
> Message-Authenticator =
> <206>P<231>&<160><178><233><185><136><149>">-X%<243>
> User-Name = "anonymous"
> State = ""
> NAS-IP-Address = 10.2.12.101
> NAS-Port = 2
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00-04-23-77-4b-a3"
> Framed-MTU = 1000
> EAP-Message = <2><5><0><5><21>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 5, 5
> Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
> Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code: Access-Challenge
> Identifier: 205
> Authentic: s7<0><0>`.<0><0>\<14><0><0><13>u<0><0>
> Attributes:
> EAP-Message =
> <1><6><0><134><21><0>icates1!0<31><6><3>U<4><11><19><24>Test
> Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<14><
> 0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code: Access-Request
> Identifier: 206
> Authentic: <255>U<0><0><198><21><0><0>q<30><0><0><211>e<0><0>
> Attributes:
> Message-Authenticator =
> e<172><247>F<29><172>&<235>j<20><15><163>a<147>a<7>
> User-Name = "anonymous"
> State = ""
> NAS-IP-Address = 10.2.12.101
> NAS-Port = 2
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00-04-23-77-4b-a3"
> Framed-MTU = 1000
> EAP-Message =
> <2><6><0><212><21><128><0><0><0><202><22><3><1><0><7><11><0><0><3><0><0
> ><0><22><3><1><0><134><16><0><0><130><0><128>:
> <145><15><149>J<23>|<160>2<147>JK<26><241><169><136><206>+u
> N<183><128><13>u<188>8<213><162><190><188><0>=<229>[?
> <9><209><215>\&2<187><26>:b<252><134><5><201><140>_:
> <135><130>X<130><239><10>!
> <195><239><205>&<18><247>.<172><127><134>j<130><150><16><176><160><165>
> a<211><199><136>3YD<136><209><156><247><155>
> <226>[<218><200><169><235><254><10><135>zyS<194><155><247>?
> <249><250><155><133>k46<24><194><177><187><218><234><184><239><133>f<13
> 5><197><211><211>y<20><3><1><0><1><1><22><3><1><0>(<149><216>gg<3><219>
> <150><200><190><130><246><179>L<137><163><195>5C=<183>YG4<2>l<154><247>
> <157><171><131><248><204><128><138>SX<227><231><157><210>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 6, 212
> Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
> Mon Jan 5 12:53:40 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code: Access-Challenge
> Identifier: 206
> Authentic: <255>U<0><0><198><21><0><0>q<30><0><0><211>e<0><0>
> Attributes:
> EAP-Message =
> <1><7><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<148>$Y<2
> 04><212>(<190>k<1><165><231>|<209>'<2><171><20><247>N<164><177><168><21
> 7><189>|<156><18><14>Ocb<185>3<174><22>_<213><238><254><238>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1113 ....
> Code: Access-Request
> Identifier: 207
> Authentic: <246>=<0><0><209>><0><0>r<0><0><0><139><7><0><0>
> Attributes:
> Message-Authenticator =
> <172>_<8><30><190><225><156><191><159><142><253>]S<229><253>G
> User-Name = "anonymous"
> State = ""
> NAS-IP-Address = 10.2.12.101
> NAS-Port = 2
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00-04-23-77-4b-a3"
> Framed-MTU = 1000
> EAP-Message =
> <2><7><0>W<21><128><0><0><0>M<23><3><1><0>H<228><249>@)<209>i<243><10><
> 244><154><134>4<172>i}bB<29><127>&<27><162><217><26><215>PI<136><200>(<
> 220>c<242>f]<137>><186><28><218>b<149><140><129>o<29><248><182><15>>\<2
> 38><186><127>N<155><6><241>t<136>I9<148><218>?
> <236>1<130><147>,<175><226>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
> Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
> 10.2.12.101, 2
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
> OUTERAuthentication
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 7, 87
> Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
> Mon Jan 5 12:53:40 2004: DEBUG: EAP TTLS inner authentication request
> for berndt.sevcik
> Mon Jan 5 12:53:40 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic:
> <29><144><239><199><196><246><215><200><139><156><2><185><189><18><224>
> <243>
> Attributes:
> User-Name = "berndt.sevcik"
> User-Password = "Yalla1980"
>
> Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1'
> Mon Jan 5 12:53:40 2004: DEBUG: Rewrote user name to berndt.sevcik
> Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for berndt.sevcik,
> 10.2.12.101,
> Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
> LDAPTTLSAuthentication
> Mon Jan 5 12:53:40 2004: INFO: Connecting to 10.2.4.21, port 389
> Mon Jan 5 12:53:40 2004: INFO: Attempting to bind to LDAP server
> 10.2.4.21:389)
> Mon Jan 5 12:53:40 2004: DEBUG: LDAP got result for
> uid=berndt.sevcik,ou=People,ou=admin,dc=tgm,dc=ac,dc=at
> Mon Jan 5 12:53:40 2004: DEBUG: LDAP got scriptPath: Yalla1980
> Mon Jan 5 12:53:40 2004: DEBUG: Radius::AuthLDAP2 looks for match with
> berndt.sevcik
> Mon Jan 5 12:53:40 2004: DEBUG: Radius::AuthLDAP2 ACCEPT:
> Mon Jan 5 12:53:40 2004: DEBUG: Access accepted for berndt.sevcik
> Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 0, EAP TTLS inner
> authentication redespatched to a Handler
> Mon Jan 5 12:53:40 2004: DEBUG: Access accepted for anonymous
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Sending to 10.2.12.101 port 1113 ....
> Code: Access-Accept
> Identifier: 207
> Authentic: <246>=<0><0><209>><0><0>r<0><0><0><139><7><0><0>
> Attributes:
> MS-MPPE-Send-Key =
> "<180>u|9<155><7>CA<5>,<252><224>Wzf<172><132><241><236>/
> kU<6><170><159><199><128><232>PX<20><241><166><149>s<247>\<10><235><162
> ><154><228><3>&<208>+'<157>a<151>"
> MS-MPPE-Recv-Key = "<146><195><216><184>s<225><184>
> <229>(e<239><200>+<133><176><130><243>lloh<234><148><9>PZ<206><235><242
> >G<148>5<213>O<236><2>z<24><219><134>H<195><171>jB<139><25>~P"
> EAP-Message = <3><7><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
> *** Received from 10.2.12.101 port 1114 ....
> Code: Accounting-Request
> Identifier: 54
> Authentic:
> <231><186><207><255><130><29><8><189><22>8<231><183>b<144>A5
> Attributes:
> Acct-Status-Type = Start
> User-Name = "anonymous"
> Calling-Station-Id = "00-04-23-77-4b-a3"
> NAS-IP-Address = 10.2.12.101
> NAS-Port = 2
> Acct-Delay-Time = 0
> Acct-Session-Id = "2600001a"
> Acct-Authentic = RADIUS
>
> Mon Jan 5 12:53:40 2004: DEBUG: Handlin
>
> Thanks for help
>
> Berndt
>
> --
> Diese Message wurde erstellt mit freundlicher Unterstuetzung
> eines freilaufenden Pinguins aus artgerechter Freilandhaltung.
> Sie ist garantiert frei von Microsoftschen Viren.
>
> -----------------------------------------
> TGM - Die Schule der Technik
> IT-Service
> A-1200 Wien, Wexstr. 19-23
> Tel. +43(1)33126/316 Fax: +43(1)33126/154
> E-Mail: berndt.sevcik at tgm.ac.at
> -----------------------------------------
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list