(RADIATOR) Xsupplicant Radiator EAP_TLS problems

Mike McCauley mikem at open.com.au
Mon Jan 12 05:42:34 CST 2004


Hello Alex,


On Mon, 12 Jan 2004 09:12 pm, Lopez, A. wrote:
> Hi Mike,
> I installed and configured FreeRadius in order to find out what's going on
> with Xsupplicant. FreeRadius (EAP-TLS) works also fine with Windows 802.1x
> client, therefore I assume it is well configured. Below there is the output
> generated by both Xsupplicant and FreeRadius. It is strange because
> Xsupplicant says that authentication was performed properly but, after
> that, it seems to try to authenticate again without succeeding. Perhaps
> this information is more useful.
> Thanks again for your collaboration.

I have seen similar problems with XSupplicant and some wireless cards (Cisco 
340, for example) with unpatches kernels. Apparently, some cards issue a 
reset after the WEP key is set, causing a new authenticaiotn to start and you 
need a kernel patch to fix this. Refer to the XSupplicant mailing list for 
more details.

Cheers.

> Alex
>
>
> ====================================
> Xsupplicant log:
>
> Omni:/home/alex# xsupplicant -i eth1 -d 8
> Calling do_eapol, with device eth1
> Setup on device eth1 complete
> (EAPMD5) Initalized
> (EAPMS-CHAP) Initalized
> Done with init.
> Loading profile for test from /etc/1x/1x.conf.
> Sending EAPOL-Start #1
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
> Please Enter Your Password :
> ACQUIRED
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 6
> Loading certificate /etc/1x/certs/certs_amuse/root.pem . . .
> (TLS)Loaded root certificate /etc/1x/certs/certs_amuse/root.pem and
> dirctory (null) --- SSL : before/connect initialization
>      --- SSL : before/connect initialization
>      --- SSL : SSLv3 write client hello A
>      --- SSL : SSLv3 read server hello A
> Destination : 0:40:96:31:d:73
> AUTHENTICATING
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 1034
> (EAPTTLS) Saved packet fragment.
> Destination : 0:40:96:31:d:73
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 1034
> (EAPTTLS) Saved packet fragment.
> Destination : 0:40:96:31:d:73
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 12
> (EAPTTLS) Saved packet fragment.
> 16 3 1 0 4a 2 0 0 46 3 1 40 2 6c 6a 15
>      --- SSL : SSLv3 read server hello A
>      --- SSL : SSLv3 read server certificate A
>      --- SSL : SSLv3 read server certificate request A
>      --- SSL : SSLv3 read server done A
>      --- SSL : SSLv3 write client certificate A
>      --- SSL : SSLv3 write client key exchange A
>      --- SSL : SSLv3 write certificate verify A
>      --- SSL : SSLv3 write change cipher spec A
>      --- SSL : SSLv3 write finished A
>      --- SSL : SSLv3 flush data
>      --- SSL : SSLv3 read finished A
> Destination : 0:40:96:31:d:73
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 6
> Destination : 0:40:96:31:d:73
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 69
> (EAPTTLS) Saved packet fragment.
> 14 3 1 0 1 1 16 3 1 0 30 90 ed b1 cc 91
>      --- SSL : SSLv3 read finished A
>      --- SSL : SSL negotiation finished successfully
>      --- SSL : SSL negotiation finished successfully
> Destination : 0:40:96:31:d:73
> ## eap_decode_packet ##: Got an EAP success
> Authentication Succeeded
> AUTHENTICATED
> After iv:
> EAPOL Key processed: broadcast [1] (5 bytes)
> After check signature...
> Successfully set WEP key  [1]
> After iv:
> EAPOL Key processed: unicast [4] (5 bytes)
> After check signature...
> Internet Software Consortium DHCP Client 2.0pl5
> Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
> All rights reserved.
>
> Please contribute if you find this software useful.
> For info, please visit http://www.isc.org/dhcp-contrib.html
>
> Successfully set WEP key  [4]
> Successfully set the WEP transmit key  [4]
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
> ACQUIRED
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 6
>      --- SSL : before/connect initialization
>      --- SSL : before/connect initialization
>      --- SSL : SSLv3 write client hello A
>      --- SSL : SSLv3 read server hello A
> Destination : 0:40:96:31:d:73
> AUTHENTICATING
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 1034
> (EAPTTLS) Saved packet fragment.
> Destination : 0:40:96:31:d:73
> Listening on LPF/eth1/00:02:2d:02:92:be
> Sending on   LPF/eth1/00:02:2d:02:92:be
> Sending on   Socket/fallback/fallback-net
> You do not appear to be associated to a wireless network!
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 1034
> (EAPTTLS) Saved packet fragment.
> Destination : 44:44:44:44:44:44
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
> ACQUIRED
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 6
>      --- SSL : SSLv3 read server hello A
> Destination : 0:40:96:31:d:73
> AUTHENTICATING
> DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8
> receive_packet failed on eth1: Network is down
> ## eap_decode_packet ##: Got an EAP failure
> Failed to Authenticate
> CONNECTING
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
> ACQUIRED
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 6
>      --- SSL : SSLv3 read server hello A
> Destination : 0:40:96:31:d:73
> AUTHENTICATING
> ## eap_decode_packet ##: Got an EAP failure
> Failed to Authenticate
> CONNECTING
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
> ACQUIRED
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 6
>      --- SSL : SSLv3 read server hello A
> Destination : 0:40:96:31:d:73
> AUTHENTICATING
> ## eap_decode_packet ##: Got an EAP failure
> Failed to Authenticate
> CONNECTING
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
> ACQUIRED
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 6
>      --- SSL : SSLv3 read server hello A
> Destination : 0:40:96:31:d:73
> AUTHENTICATING
> DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19
> ## eap_decode_packet ##: Got an EAP failure
> Failed to Authenticate
> CONNECTING
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
> ACQUIRED
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 6
>      --- SSL : SSLv3 read server hello A
> Destination : 0:40:96:31:d:73
> AUTHENTICATING
> ## eap_decode_packet ##: Got an EAP failure
> Failed to Authenticate
> CONNECTING
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
> ACQUIRED
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 6
>      --- SSL : SSLv3 read server hello A
> Destination : 0:40:96:31:d:73
> AUTHENTICATING
> ## eap_decode_packet ##: Got an EAP failure
> Failed to Authenticate
> CONNECTING
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
> ACQUIRED
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 6
>      --- SSL : SSLv3 read server hello A
> Destination : 0:40:96:31:d:73
> AUTHENTICATING
> ## eap_decode_packet ##: Got an EAP failure
> Failed to Authenticate
> CONNECTING
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
> ACQUIRED
> ## eap_decode_packet ##: Got an EAP request
> ### Type is 13, length: 6
>      --- SSL : SSLv3 read server hello A
> Destination : 0:40:96:31:d:73
> AUTHENTICATING
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
> ACQUIRED
> ## eap_decode_packet ##: Got an EAP request
> ## eap_decode_packet ##: Type is Identity
> Connection Established, authenticating...
>
>
> ===================================
> FreeRADIUS log:
>
> Starting - reading configuration files ...
> reread_config:  reading radiusd.conf
> Config:   including file: /etc/raddb/proxy.conf
> Config:   including file: /etc/raddb/clients.conf
> Config:   including file: /etc/raddb/snmp.conf
> Config:   including file: /etc/raddb/sql.conf
>  main: prefix = "/usr/local"
>  main: localstatedir = "/usr/local/var"
>  main: logdir = "/usr/local/var/log/radius"
>  main: libdir = "/usr/local/lib"
>  main: radacctdir = "/usr/local/var/log/radius/radacct"
>  main: hostname_lookups = no
>  main: max_request_time = 30
>  main: cleanup_delay = 5
>  main: max_requests = 1024
>  main: delete_blocked_requests = 0
>  main: port = 0
>  main: allow_core_dumps = no
>  main: log_stripped_names = no
>  main: log_file = "/usr/local/var/log/radius/radius.log"
>  main: log_auth = no
>  main: log_auth_badpass = no
>  main: log_auth_goodpass = no
>  main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
>  main: user = "(null)"
>  main: group = "(null)"
>  main: usercollide = no
>  main: lower_user = "no"
>  main: lower_pass = "no"
>  main: nospace_user = "no"
>  main: nospace_pass = "no"
>  main: checkrad = "/usr/local/sbin/checkrad"
>  main: proxy_requests = yes
>  proxy: retry_delay = 5
>  proxy: retry_count = 3
>  proxy: synchronous = no
>  proxy: default_fallback = yes
> proxy: dead_time = 120
>  proxy: post_proxy_authorize = yes
>  proxy: wake_all_if_all_dead = no
>  security: max_attributes = 200
>  security: reject_delay = 1
>  security: status_server = no
>  main: debug_level = 0
> read_config_files:  reading dictionary
> read_config_files:  reading naslist
> Using deprecated naslist file.  Support for this will go away soon.
> read_config_files:  reading clients
> Using deprecated clients file.  Support for this will go away soon.
> read_config_files:  reading realms
> Using deprecated realms file.  Support for this will go away soon.
> radiusd:  entering modules setup
> Module: Library search path is /usr/local/lib
> Module: Loaded expr
> Module: Instantiated expr (expr)
> Module: Loaded PAP
>  pap: encryption_scheme = "crypt"
> Module: Instantiated pap (pap)
> Module: Loaded CHAP
> Module: Instantiated chap (chap)
> Module: Loaded MS-CHAP
>  mschap: use_mppe = yes
>  mschap: require_encryption = no
>  mschap: require_strong = no
>  mschap: passwd = "(null)"
>  mschap: authtype = "MS-CHAP"
> Module: Instantiated mschap (mschap)
> Module: Loaded System
>  unix: cache = no
>  unix: passwd = "(null)"
>  unix: shadow = "(null)"
>  unix: group = "(null)"
>  unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
>  unix: usegroup = no
>
>  unix: cache_reload = 600
> Module: Instantiated unix (unix)
> Module: Loaded eap
>  eap: default_eap_type = "tls"
>  eap: timer_expire = 60
> rlm_eap: Loaded and initialized the type md5
> rlm_eap: Loaded and initialized the type leap
>  tls: rsa_key_exchange = no
>  tls: dh_key_exchange = yes
>  tls: rsa_key_length = 512
>  tls: dh_key_length = 512
>  tls: verify_depth = 0
>  tls: CA_path = "(null)"
>  tls: pem_file_type = yes
>  tls: private_key_file = "/etc/1x/server_silmarillion.pem"
>  tls: certificate_file = "/etc/1x/server_silmarillion.pem"
>  tls: CA_file = "/etc/1x/root.pem"
>  tls: private_key_password = "serverpwd"
>  tls: dh_file = "/etc/1x/DH"
>  tls: random_file = "/etc/1x/random"
>  tls: fragment_size = 1024
>  tls: include_length = yes
> rlm_eap_tls: conf N ctx stored
> rlm_eap: Loaded and initialized the type tls
> Module: Instantiated eap (eap)
> Module: Loaded preprocess
>  preprocess: huntgroups = "/etc/raddb/huntgroups"
>  preprocess: hints = "/etc/raddb/hints"
>  preprocess: with_ascend_hack = no
>  preprocess: ascend_channels_per_line = 23
>  preprocess: with_ntdomain_hack = no
>  preprocess: with_specialix_jetstream_hack = no
>  preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded realm
>  realm: format = "suffix"
>  realm: delimiter = "@"
> Module: Instantiated realm (suffix)
> Module: Loaded files
>  files: usersfile = "/etc/raddb/users"
>  files: acctusersfile = "/etc/raddb/acct_users"
>  files: preproxy_usersfile = "/etc/raddb/preproxy_users"
>  files: compat = "no"
> Module: Instantiated files (files)
> Module: Loaded Acct-Unique-Session-Id
>  acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port-Id" Module: Instantiated acct_unique
> (acct_unique)
> Module: Loaded detail
>  detail: detailfile =
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> detail: detailperm = 384
>  detail: dirperm = 493
>  detail: locking = no
> Module: Instantiated detail (detail)
> Module: Loaded radutmp
>  radutmp: filename = "/usr/local/var/log/radius/radutmp"
>  radutmp: username = "%{User-Name}"
>  radutmp: case_sensitive = yes
>  radutmp: check_with_nas = yes
>  radutmp: perm = 384
>  radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
> 1814/udp. Ready to process requests.
> rad_recv: Access-Request packet from host 131.155.193.92:1533,
> id=230, length=148
>         User-Name = "a.lopez at amuse_tls.nl"
>         NAS-IP-Address = 131.155.193.92
>         Called-Station-Id = "004096310d73"
>         Calling-Station-Id = "00022d0292be"
>         NAS-Identifier = "ap340-2"
>         NAS-Port = 29
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         EAP-Message = 0x0201001901612e6c6f70657a40616d7573655f746c732e6e6c
>         Message-Authenticator = 0x43e9e7cd71e564d81273e308c317d3e3
> modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for reques
> t 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   rlm_eap: EAP packet type notification id 1 length 25
>   rlm_eap: EAP Start not found
>   modcall[authorize]: module "eap" returns updated for request
> 0
>     rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
> "a.lopez at amuse_tls.nl"
>     rlm_realm: No such realm "amuse_tls.nl"
>   modcall[authorize]: module "suffix" returns noop for request
> 0
>     users: Matched a.lopez at amuse_tls.nl at 65
>   modcall[authorize]: module "files" returns ok for request 0
>   modcall[authorize]: module "mschap" returns noop for request
> 0
> modcall: group authorize returns updated for request 0
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate for request 0
>   rlm_eap: EAP packet type notification id 1 length 25
>   rlm_eap: EAP Start not found
>   rlm_eap: EAP Identity
>   rlm_eap: processing type tls
>   rlm_eap_tls: Initiate
>   rlm_eap_tls: Start returned 1
>   modcall[authenticate]: module "eap" returns ok for request 0
> modcall: group authenticate returns ok for request 0
> Sending Access-Challenge of id 230 to 131.155.193.92:1533
>         EAP-Message = 0x010200060d20
>         Message-Authenticator = 0x00000000000000000000000000000
> 000
>         State = 0x1d3b6d2d6a4580c6352fc87686fb166226700240d4f32
> e47cd6c323b23f3c5be0b24d922
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 131.155.193.92:1534,
> id=231, length=271
>         User-Name = "a.lopez at amuse_tls.nl"
>         NAS-IP-Address = 131.155.193.92
>         Called-Station-Id = "004096310d73"
>         Calling-Station-Id = "00022d0292be"
>         NAS-Identifier = "ap340-2"
>         NAS-Port = 29
>         Framed-MTU = 1400
>         State =
> 0x1d3b6d2d6a4580c6352fc87686fb166226700240d4f32e47cd6c323b23f3c5be0b24d922
> NAS-Port-Type = Wireless-802.11
>         EAP-Message =
> 0x0202006e0d8000000064160301005f0100005b030140027105b95826853a0614abd1ef3b0
>dbe172d028897dc4f2a0510034d31d3da00003400390038003500160013000a00330032002f0
>06600050004006300620061001500120009006500640060001400110008000600030100
> Message-Authenticator = 0xe542746891bba76a9eefd91485c69e73 modcall:
> entering group authorize for request 1
>   modcall[authorize]: module "preprocess" returns ok for request 1
>   modcall[authorize]: module "chap" returns noop for request 1
>   rlm_eap: EAP packet type notification id 2 length 110
>   rlm_eap: EAP Start not found
>   modcall[authorize]: module "eap" returns updated for request 1
>     rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>   modcall[authorize]: module "suffix" returns noop for request 1
>     users: Matched a.lopez at amuse_tls.nl at 65
>   modcall[authorize]: module "files" returns ok for request 1
>   modcall[authorize]: module "mschap" returns noop for request 1
> modcall: group authorize returns updated for request 1
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate for request 1
>   rlm_eap: EAP packet type notification id 2 length 110
>   rlm_eap: EAP Start not found
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP_TYPE - tls
>   rlm_eap: processing type tls
>   rlm_eap_tls: Authenticate
> rlm_eap_tls:  Length Included
> undefined: before/accept initialization
> TLS_accept: before/accept initialization
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello
> TLS_accept: SSLv3 read client hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
> TLS_accept: SSLv3 write server hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 06e9], Certificate
> TLS_accept: SSLv3 write certificate A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 00c0], CertificateRequest
> TLS_accept: SSLv3 write certificate request A
> TLS_accept: SSLv3 flush data
> TLS_accept:error in SSLv3 read client certificate A
> rlm_eap_tls: SSL_read Error
>  Error code is ..... 2
>  SSL Error ..... 2
>   modcall[authenticate]: module "eap" returns ok for request 1
> modcall: group authenticate returns ok for request 1
> Sending Access-Challenge of id 231 to 131.155.193.92:1534
>         EAP-Message =
> 0x0103040a0dc000000802160301004a020000460301400270269ad1120efb18793812685ce
>fb95c5dd12fb80ce61d67d6f711fbe7cb20648d38f6fc3d3e3846bdf405a1b3be926b9c6527f
>bd26e6cc75b0e8464b0280e00350016030106e90b0006e50006e20002f3308202ef30820258a
>003020102020101300d06092a864886f70d01010405003081ae310b3009060355040613024e4
>c311430120603550408130b4e65746865726c616e6473311230100603550407130945696e646
>86f76656e312a3028060355040a1321546563686e697363686520556e6976657273697465697
>42045696e64686f76656e3110300e060355040b13075454452d45 EAP-Message =
> 0x434f311830160603550403140f73696c6d6172696c6c696f6e5f6361311d301b06092a864
>886f70d010901160e612e6c6f70657a407475652e6e6c301e170d30333132313931333036303
>15a170d3034313231383133303630315a3081b2310b3009060355040613024e4c31143012060
>3550408130b4e65746865726c616e6473311230100603550407130945696e64686f76656e312
>a3028060355040a1321546563686e697363686520556e697665727369746569742045696e646
>86f76656e3110300e060355040b13075454452d45434f311c301a06035504031413736572766
>5725f73696c6d6172696c6c696f6e311d301b06092a864886f70d EAP-Message =
> 0x010901160e612e6c6f70657a407475652e6e6c30819f300d06092a864886f70d010101050
>003818d0030818902818100c1d96b5184619337233d264facee95bc1cac85452abb8fac4b502
>1c254fde659de720b141628d66f3ca6abadba27b9595713ff0e7a53e727429c55ef1b54579f3
>ba086ff5ca498739b90fa1c6e0b7d2d8108c5bfd6ac7bf18e0ca39f744667c52c74511478905
>fd35e1fd8c87dc83e8145d2871de801c026928cf74b2537eca70203010001a31730153013060
>3551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100a17
>9cef2b6b29a0f10b545b58e2ebdf9dfa13baed3942e5f074df0de EAP-Message =
> 0xc1589094ac85ece28d0e845a3e93a4153f6a3a345c4506eb438df5cb701fa4ae349c37871
>3e2285d80231dc743f59a388d5f851fb6906d1344c76cff9faa382af0f922fd0b1994f8af4b2
>1f790fdf15763ba4b5cec1ef2b9ee45804b2b749a40fe2e6fee0003e9308203e53082034ea00
> 0603550408130b4e65746865726c616e6473311230100603550407130945696e64686f76656
>e312a3028060355040a1321546563686e697363686520556e697665727369746569742045696
>e64686f76656e3110300e060355040b13075454452d4543 EAP-Message =
> 0x4f311830160603550403140f73696c6d6172696c6c69 Message-Authenticator =
> 0x00000000000000000000000000000000 State =
> 0x1fa069f3ca50064925b41f71cffb0ad72670024004c686da1bf1c43440752c5eda79cfff
> Finished request 1
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 131.155.193.92:1535, id=232,
> length=167 User-Name = "a.lopez at amuse_tls.nl"
>         NAS-IP-Address = 131.155.193.92
>         Called-Station-Id = "004096310d73"
>         Calling-Station-Id = "00022d0292be"
>         NAS-Identifier = "ap340-2"
>         NAS-Port = 29
>         Framed-MTU = 1400
>         State =
> 0x1fa069f3ca50064925b41f71cffb0ad72670024004c686da1bf1c43440752c5eda79cfff
> NAS-Port-Type = Wireless-802.11
>         EAP-Message = 0x020300060d00
>         Message-Authenticator = 0x98438802272f7a4f17f7c611d7b06e0e
> modcall: entering group authorize for request 2
>   modcall[authorize]: module "preprocess" returns ok for request 2
>   modcall[authorize]: module "chap" returns noop for request 2
>   rlm_eap: EAP packet type notification id 3 length 6
>   rlm_eap: EAP Start not found
>   modcall[authorize]: module "eap" returns updated for request 2
>     rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>   modcall[authorize]: module "suffix" returns noop for request 2
>     users: Matched a.lopez at amuse_tls.nl at 65
>   modcall[authorize]: module "files" returns ok for request 2
>   modcall[authorize]: module "mschap" returns noop for request 2
> modcall: group authorize returns updated for request 2
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate for request 2
>  rlm_eap: EAP packet type notification id 3 length 6
>   rlm_eap: EAP Start not found
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP_TYPE - tls
>   rlm_eap: processing type tls
>   rlm_eap_tls: Authenticate
> rlm_eap_tls: Received EAP-TLS ACK message
>   modcall[authenticate]: module "eap" returns ok for request 2
> modcall: group authenticate returns ok for request 2
> Sending Access-Challenge of id 232 to 131.155.193.92:1535
>         EAP-Message =
> 0x0104040a0dc0000008026f6e5f6361311d301b06092a864886f70d010901160e612e6c6f7
>0657a407475652e6e6c301e170d3033313231393133303532385a170d3034303131383133303
>532385a3081ae310b3009060355040613024e4c311430120603550408130b4e65746865726c6
>16e6473311230100603550407130945696e64686f76656e312a3028060355040a13215465636
>86e697363686520556e697665727369746569742045696e64686f76656e3110300e060355040
>b13075454452d45434f311830160603550403140f73696c6d6172696c6c696f6e5f6361311d3
>01b06092a864886f70d010901160e612e6c6f70657a407475652e EAP-Message =
> 0x6e6c30819f300d06092a864886f70d010101050003818d0030818902818100c42a87d3ead
>296375da5d1f2811d76a30c70d7688bacea6fb3e3cd9f5e3ecfa5b60137996377f7ecf87cc2a
>322dc3e4b26a7018955440815409d004cffaed7cd4161254b016ec131f97b2898c760cd85597
>c58497d01e146a713db7109548cb00a0e22401184b80e2b31e75017f14def9708b29ae4b5aa9
>6e464eb91484cbab50203010001a382010f3082010b301d0603551d0e041604145c2d88dadaf
>44eb20aa5e174aa96324cb25414753081db0603551d230481d33081d080145c2d88dadaf44eb
>20aa5e174aa96324cb2541475a181b4a481b13081ae310b300906 EAP-Message =
> 0x0355040613024e4c311430120603550408130b4e65746865726c616e64733112301006035
>50407130945696e64686f76656e312a3028060355040a1321546563686e697363686520556e6
>97665727369746569742045696e64686f76656e3110300e060355040b13075454452d45434f3
>11830160603550403140f73696c6d6172696c6c696f6e5f6361311d301b06092a864886f70d0
>10901160e612e6c6f70657a407475652e6e6c820100300c0603551d13040530030101ff300d0
>6092a864886f70d0101040500038181006962a093c7c6b4baa538d7a1a0cb68e4ffcca6f78fe
>72c66792b19c1e57ab046a8c407836e8a8a524a544419539cacf1 EAP-Message =
> 0x3fb6bf9ebf050b746c7bed7774634d4c792948906bc035717eb2e1d4113799989a1d94038
>9379e5aaf22e8c0d5e9be1401ccd714a0ffd1d5197ef2374e85b43872d746e20d83a5c07cd28
>993f797b5f816030100c00d0000b802010200b300b13081ae310b3009060355040613024e4c3
>11430120603550408130b4e65746865726c616e6473311230100603550407130945696e64686
>f76656e312a3028060355040a1321546563686e697363686520556e697665727369746569742
>045696e64686f76656e3110300e060355040b13075454452d45434f311830160603550403140
>f73696c6d6172696c6c696f6e5f6361311d301b06092a864886f7 EAP-Message =
> 0x0d010901160e612e6c6f70657a407475652e6e6c0e00 Message-Authenticator =
> 0x00000000000000000000000000000000 State =
> 0x4fb309b16cf20a5d1bf8c0027c0a268f26700240da0c27a50b0a519828b00dc8764df73d
> Finished request 2
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 131.155.193.92:1536, id=233,
> length=167 User-Name = "a.lopez at amuse_tls.nl"
>         NAS-IP-Address = 131.155.193.92
>         Called-Station-Id = "004096310d73"
>         Calling-Station-Id = "00022d0292be"
>         NAS-Identifier = "ap340-2"
>         NAS-Port = 29
>         Framed-MTU = 1400
>         State =
> 0x4fb309b16cf20a5d1bf8c0027c0a268f26700240da0c27a50b0a519828b00dc8764df73d
> NAS-Port-Type = Wireless-802.11
>         EAP-Message = 0x020400060d00
>         Message-Authenticator = 0x019d9f32d77d3a546ccebaa3740e1be9
> modcall: entering group authorize for request 3
>   modcall[authorize]: module "preprocess" returns ok for request 3
>   modcall[authorize]: module "chap" returns noop for request 3
>   rlm_eap: EAP packet type notification id 4 length 6
>   rlm_eap: EAP Start not found
>   modcall[authorize]: module "eap" returns updated for request 3
>     rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>   modcall[authorize]: module "suffix" returns noop for request 3
>     users: Matched a.lopez at amuse_tls.nl at 65
>   modcall[authorize]: module "files" returns ok for request 3
>   modcall[authorize]: module "mschap" returns noop for request 3
> modcall: group authorize returns updated for request 3
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate for request 3
>   rlm_eap: EAP packet type notification id 4 length 6
>   rlm_eap: EAP Start not found
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP_TYPE - tls
>   rlm_eap: processing type tls
>  rlm_eap_tls: Authenticate
> rlm_eap_tls: Received EAP-TLS ACK message
>   modcall[authenticate]: module "eap" returns ok for request 3
> modcall: group authenticate returns ok for request 3
> Sending Access-Challenge of id 233 to 131.155.193.92:1536
>         EAP-Message = 0x0105000c0d80000008020000
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State =
> 0x350847686fb667ce2198af7943ec81662670024006ed1311db3c022de2b6c7bdf6adebf4
> Finished request 3
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 131.155.193.92:1537, id=234,
> length=1579 User-Name = "a.lopez at amuse_tls.nl"
>         NAS-IP-Address = 131.155.193.92
>         Called-Station-Id = "004096310d73"
>         Calling-Station-Id = "00022d0292be"
>         NAS-Identifier = "ap340-2"
>         NAS-Port = 29
>         Framed-MTU = 1400
>         State =
> 0x350847686fb667ce2198af7943ec81662670024006ed1311db3c022de2b6c7bdf6adebf4
> NAS-Port-Type = Wireless-802.11
>         EAP-Message =
> 0x020505800dc00000084016030106ea0b0006e60006e30002f4308202f030820259a003020
>102020102300d06092a864886f70d01010405003081ae310b3009060355040613024e4c31143
>0120603550408130b4e65746865726c616e6473311230100603550407130945696e64686f766
>56e312a3028060355040a1321546563686e697363686520556e6976657273697465697420456
>96e64686f76656e3110300e060355040b13075454452d45434f311830160603550403140f736
>96c6d6172696c6c696f6e5f6361311d301b06092a864886f70d010901160e612e6c6f70657a4
>07475652e6e6c301e170d3033313231393133303730305a170d30 EAP-Message =
> 0x34313231383133303730305a3081b3310b3009060355040613024e4c31143012060355040
>8130b4e65746865726c616e6473311230100603550407130945696e64686f76656e312a30280
>60355040a1321546563686e697363686520556e697665727369746569742045696e64686f766
>56e3110300e060355040b13075454452d45434f311d301b06035504031414612e6c6f70657a4
>0616d7573655f746c732e6e6c311d301b06092a864886f70d010901160e612e6c6f70657a407
>475652e6e6c30819f300d06092a864886f70d010101050003818d0030818902818100b9295cd
>b943ac362e1e2649bdb672f17914501f1f40c1e2e3212138a93c7 EAP-Message =
> 0x9bb0bba9afd3301c1cd38da340b571dd993c7e98298234dbc4aadadbf4e8fc869f7061434
>8ac52b28b62bc8b49df9d9f416b4ab8653a94af632eb27dfc2bd4b9310732220055f971e2c08
>41b8064d1158a3fceb90536b840a504e22fea364d51f8390203010001a317301530130603551
> d25040c300a06082b06010505070302300d06092a864886f70d010104050003818100b4eb3b
>7f9be656c829537f6666cda18cf5908c587413d5de3a0c5530f9dc5ef2fb87596b0e61433c4d
>b1b60d65b8b58daf227b3921bc32d5c9c6762deeeb173de30175e10c5f5de6bdc2931089026a
>4e59e3731004bc8a747eb51cb4221be9a52d6c115488daaccca628 EAP-Message =
> 0xb0001b56ecf90509847d92a25d3048f9a77b96298e4d0003e9308203e53082034ea003020
>102020100300d06092a864886f70d01010405003081ae310b3009060355040613024e4c31143
>0120603550408130b4e65746865726c616e6473311230100603550407130945696e64686f766
>56e312a3028060355040a1321546563686e697363686520556e6976657273697465697420456
>96e64686f76656e3110300e060355040b13075454452d45434f311830160603550403140f736
>96c6d6172696c6c696f6e5f6361311d301b06092a864886f70d010901160e612e6c6f70657a4
>07475652e6e6c301e170d3033313231393133303532385a170d30 EAP-Message =
> 0x34303131383133303532385a3081ae310b3009060355040613024e4c31143012060355040
>8130b4e65746865726c616e6473311230100603550407130945696e64686f76656e312a30280
>60355040a1321546563686e697363686520556e697665727369746569742045696e64686f766
>56e3110300e060355040b13075454452d45434f311830160603550403140f73696c6d6172696
>c6c696f6e5f6361311d301b06092a864886f70d010901160e612e6c6f70657a407475652e6e6
>c30819f300d06092a864886f70d010101050003818d0030818902818100c42a87d3ead296375
>da5d1f2811d76a30c70d7688bacea6fb3e3cd9f5e3ecfa5b60137 EAP-Message =
> 0x996377f7ecf87cc2a322dc3e4b26a7018955440815409d004cffaed7cd4161254b016ec13
>1f97b2898c760cd85597c58497d01e146a713db7109548cb00a0e22401184b80e2b31e75017f
>14def9708b29ae4b5aa96e464eb91484cbab50203010001a382010f3082010b301d0603551d0
>e041604145c2d88dadaf44eb20aa5e174aa96324cb25414753081db060355
> Message-Authenticator = 0x6fe2b702e0e5573af3195474b7bd242c modcall:
> entering group authorize for request 4
>   modcall[authorize]: module "preprocess" returns ok for request 4
>   modcall[authorize]: module "chap" returns noop for request 4
>   rlm_eap: EAP packet type notification id 5 length 1408
>   rlm_eap: EAP Start not found
>   modcall[authorize]: module "eap" returns updated for request 4
>     rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>   modcall[authorize]: module "suffix" returns noop for request 4
>     users: Matched a.lopez at amuse_tls.nl at 65
>   modcall[authorize]: module "files" returns ok for request 4
>   modcall[authorize]: module "mschap" returns noop for request 4
> modcall: group authorize returns updated for request 4
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate for request 4
> rlm_eap: EAP packet type notification id 5 length 1408
>   rlm_eap: EAP Start not found
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP_TYPE - tls
>   rlm_eap: processing type tls
>   rlm_eap_tls: Authenticate
> rlm_eap_tls:  Received EAP-TLS First Fragment of the message
> Total Length Included
>   modcall[authenticate]: module "eap" returns ok for request 4
> modcall: group authenticate returns ok for request 4
> Sending Access-Challenge of id 234 to 131.155.193.92:1537
>         EAP-Message = 0x010600060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State =
> 0xdc3383c5273370c314162946cd362466277002401bc5aea1ea50a1f01d75109d980830bb
> Finished request 4
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 5 seconds...
> rad_recv: Access-Request packet from host 131.155.193.92:1538, id=235,
> length=885 User-Name = "a.lopez at amuse_tls.nl"
>         NAS-IP-Address = 131.155.193.92
>         Called-Station-Id = "004096310d73"
>         Calling-Station-Id = "00022d0292be"
>         NAS-Identifier = "ap340-2"
>         NAS-Port = 29
>         Framed-MTU = 1400
>         State =
> 0xdc3383c5273370c314162946cd362466277002401bc5aea1ea50a1f01d75109d980830bb
> NAS-Port-Type = Wireless-802.11
>         EAP-Message =
> 0x020602d00d001d230481d33081d080145c2d88dadaf44eb20aa5e174aa96324cb2541475a
>181b4a481b13081ae310b3009060355040613024e4c311430120603550408130b4e657468657
>26c616e6473311230100603550407130945696e64686f76656e312a3028060355040a1321546
>563686e697363686520556e697665727369746569742045696e64686f76656e3110300e06035
>5040b13075454452d45434f311830160603550403140f73696c6d6172696c6c696f6e5f63613
>11d301b06092a864886f70d010901160e612e6c6f70657a407475652e6e6c820100300c06035
>51d13040530030101ff300d06092a864886f70d01010405000381 EAP-Message =
> 0x81006962a093c7c6b4baa538d7a1a0cb68e4ffcca6f78fe72c66792b19c1e57ab046a8c40
>7836e8a8a524a544419539cacf13fb6bf9ebf050b746c7bed7774634d4c792948906bc035717
>eb2e1d4113799989a1d940389379e5aaf22e8c0d5e9be1401ccd714a0ffd1d5197ef2374e85b
>--More--(19%)
> 43872d746e20d83a5c07cd28993f797b5f816030100861000008200807a9cf8e349c5825ff9
>a2c96de09aec269557ea13948256fc268dabfa2898cffe919615b8d3be0725d18af518fce9a1
>33763fba3469cb986ed214de97f87e5ed545279746914776240609fa5de3c810d75ecc5bea0b
>12f4e45a9cc8a0f3097087eec3a5908a34537ce84b4d1d0a0bb7df EAP-Message =
> 0x04ff52a777baeb9b88eba5c7c365e36716030100860f000082008093e6fd67bcd34b06354
>73dc6cddc63a06e25a21ce55f058a35f1eff1056c42e2f6aaea9265b52e134bef239b8ef4846
>18376299228e7c8c7499b36d3bf91964fb483772319dfa28399a83a9ac26d0d8a7cf6621207d
>b0d2aacae80d8fa6f5a5caee4fbfb70d3cce6713920ed46789678fe617fbd1bf7bdd19ef6fa2
>a5c3b1a92140301000101160301003024f05d323035cac274f1b0089f8a1aa12ee28ad978a1a
>5b5d1d2d90500f4f7413e431501bb0ef2cee83159eaa126956c Message-Authenticator =
> 0xa9e9c18561ac003f6e40f74d037e0c9b modcall: entering group authorize for
> request 5
>   modcall[authorize]: module "preprocess" returns ok for request 5
>   modcall[authorize]: module "chap" returns noop for request 5
>   rlm_eap: EAP packet type notification id 6 length 720
>   rlm_eap: EAP Start not found
>   modcall[authorize]: module "eap" returns updated for request 5
>     rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>   modcall[authorize]: module "suffix" returns noop for request 5
>     users: Matched a.lopez at amuse_tls.nl at 65
>   modcall[authorize]: module "files" returns ok for request 5
>   modcall[authorize]: module "mschap" returns noop for request 5
> modcall: group authorize returns updated for request 5
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate for request 5
>   rlm_eap: EAP packet type notification id 6 length 720
>   rlm_eap: EAP Start not found
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP_TYPE - tls
>   rlm_eap: processing type tls
>   rlm_eap_tls: Authenticate
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 06ea], Certificate
> chain-depth=1,
> error=0
> --> User-Name = a.lopez at amuse_tls.nl
> --> BUF-Name = silmarillion_ca
> --> subject = /C=NL/ST=Netherlands/L=Eindhoven/O=Technische Universiteit
> Eindhoven/ OU=TTE-ECO/CN=silmarillion_ca/emailAddress=a.lopez at tue.nl
> --> issuer  = /C=NL/ST=Netherlands/L=Eindhoven/O=Technische Universiteit
> Eindhoven/OU=TTE-ECO/CN=silmarillion_ca/emailAddress=a.lopez at tue.nl -->
> verify return:1
> chain-depth=0,
> error=0
> --> User-Name = a.lopez at amuse_tls.nl
> --> BUF-Name = a.lopez at amuse_tls.nl
> --> subject = /C=NL/ST=Netherlands/L=Eindhoven/O=Technische Universiteit
> Eindhoven/OU=TTE-ECO/CN=a.lopez at amuse_tls.nl/emailAddress=a.lopez at tue.nl
> --> issuer  = /C=NL/ST=Netherlands/L=Eindhoven/O=Technische Universiteit
> Eindhoven/OU=TTE-ECO/CN=silmarillion_ca/emailAddress=a.lopez at tue.nl -->
> verify return:1
> TLS_accept: SSLv3 read client certificate A
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
> TLS_accept: SSLv3 read client key exchange A
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
> TLS_accept: SSLv3 read certificate verify A
> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
> TLS_accept: SSLv3 read finished A
> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
> TLS_accept: SSLv3 write change cipher spec A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
> TLS_accept: SSLv3 write finished A
> TLS_accept: SSLv3 flush data
> undefined: SSL negotiation finished successfully
> rlm_eap_tls: SSL_read Error
>  Error code is ..... 2
>  SSL Error ..... 2
>   modcall[authenticate]: module "eap" returns ok for request 5
> modcall: group authenticate returns ok for request 5
> Sending Access-Challenge of id 235 to 131.155.193.92:1538
>         EAP-Message =
> 0x010700450d800000003b1403010001011603010030ccfadfbd2a755b049f71ab1dac25abd
>8b23ac2016e99c566271f28b0a5a66f8e0bf6155336c47101203a3e5f95a2d5bb
> Message-Authenticator = 0x00000000000000000000000000000000 State =
> 0x91c5ec40e0bf7ca91f82199fa5328fdd277002407e7d0785bf060b6d03bb5caa9535c15b
> Finished request 5
> Going to the next request
> Waking up in 5 seconds...
> rad_recv: Access-Request packet from host 131.155.193.92:1539, id=236,
> length=167 User-Name = "a.lopez at amuse_tls.nl"
>         NAS-IP-Address = 131.155.193.92
>         Called-Station-Id = "004096310d73"
>         Calling-Station-Id = "00022d0292be"
>         NAS-Identifier = "ap340-2"
>         NAS-Port = 29
>         Framed-MTU = 1400
>         State =
> 0x91c5ec40e0bf7ca91f82199fa5328fdd277002407e7d0785bf060b6d03bb5caa9535c15b
> NAS-Port-Type = Wireless-802.11
>         EAP-Message = 0x020700060d00
>         Message-Authenticator = 0x0a6689de38c6a05079c1b41d111459a1
> modcall: entering group authorize for request 6
>   modcall[authorize]: module "preprocess" returns ok for request 6
>   modcall[authorize]: module "chap" returns noop for request 6
>   rlm_eap: EAP packet type notification id 7 length 6
>   rlm_eap: EAP Start not found
>   modcall[authorize]: module "eap" returns updated for request 6
>     rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>   modcall[authorize]: module "suffix" returns noop for request 6
>     users: Matched a.lopez at amuse_tls.nl at 65
>   modcall[authorize]: module "files" returns ok for request 6
>   modcall[authorize]: module "mschap" returns noop for request 6
> modcall: group authorize returns updated for request 6
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate for request 6
>   rlm_eap: EAP packet type notification id 7 length 6
>   rlm_eap: EAP Start not found
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP_TYPE - tls
>   rlm_eap: processing type tls
>   rlm_eap_tls: Authenticate
> rlm_eap_tls: Received EAP-TLS ACK message
>   rlm_eap: Freeing handler
>   modcall[authenticate]: module "eap" returns ok for request 6
> modcall: group authenticate returns ok for request 6
> Sending Access-Accept of id 236 to 131.155.193.92:1539
>         MS-MPPE-Recv-Key =
> 0xb59f45a79823ccaa4df121444c9070051343528d9ece4621c76992629186600e
> MS-MPPE-Send-Key =
> 0x91c9c85b0ca44a087207c5a1dc1506186e7900378397059042d4356413d58773
> EAP-Message = 0x03070004
>         Message-Authenticator = 0x00000000000000000000000000000000
> Finished request 6
> Going to the next request
> Waking up in 5 seconds...
> rad_recv: Access-Request packet from host 131.155.193.92:1540, id=237,
> length=148 User-Name = "a.lopez at amuse_tls.nl"
>         NAS-IP-Address = 131.155.193.92
>         Called-Station-Id = "004096310d73"
>         Calling-Station-Id = "00022d0292be"
>         NAS-Identifier = "ap340-2"
>         NAS-Port = 29
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         EAP-Message = 0x0200001901612e6c6f70657a40616d7573655f746c732e6e6c
>         Message-Authenticator = 0xd7685ba98debe806ead7a32da463dc15
> modcall: entering group authorize for request 7
>   modcall[authorize]: module "preprocess" returns ok for request 7
>   modcall[authorize]: module "chap" returns noop for request 7
>   rlm_eap: EAP packet type notification id 0 length 25
>   rlm_eap: EAP Start not found
>   modcall[authorize]: module "eap" returns updated for request 7
>     rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>   modcall[authorize]: module "suffix" returns noop for request 7
>     users: Matched a.lopez at amuse_tls.nl at 65
>   modcall[authorize]: module "files" returns ok for request 7
>   modcall[authorize]: module "mschap" returns noop for request 7
> modcall: group authorize returns updated for request 7
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate for request 7
>   rlm_eap: EAP packet type notification id 0 length 25
>  rlm_eap: EAP Start not found
>   rlm_eap: EAP Identity
>   rlm_eap: processing type tls
>   rlm_eap_tls: Initiate
>   rlm_eap_tls: Start returned 1
>   modcall[authenticate]: module "eap" returns ok for request 7
> modcall: group authenticate returns ok for request 7
> Sending Access-Challenge of id 237 to 131.155.193.92:1540
>         EAP-Message = 0x010100060d20
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State =
> 0xd1d5ae30de056ab3d41d71431d5358a728700240e8807ad76343a59291a27a027438c321
> Finished request 7
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 4 seconds...
> rad_recv: Access-Request packet from host 131.155.193.92:1541, id=238,
> length=271 User-Name = "a.lopez at amuse_tls.nl"
>         NAS-IP-Address = 131.155.193.92
>         Called-Station-Id = "004096310d73"
>         Calling-Station-Id = "00022d0292be"
>         NAS-Identifier = "ap340-2"
>         NAS-Port = 29
>         Framed-MTU = 1400
>         State =
> 0xd1d5ae30de056ab3d41d71431d5358a728700240e8807ad76343a59291a27a027438c321
> NAS-Port-Type = Wireless-802.11
>         EAP-Message =
> 0x0201006e0d8000000064160301005f0100005b0301400271071da94672bad0f8f4cca7b43
>e922998c135c90403c50bc5c67ae75f6f00003400390038003500160013000a00330032002f0
>06600050004006300620061001500120009006500640060001400110008000600030100
> Message-Authenticator = 0x82618b8001d9e3e2befa8c65d26f5ac2 modcall:
> entering group authorize for request 8
>   modcall[authorize]: module "preprocess" returns ok for request 8
>   modcall[authorize]: module "chap" returns noop for request 8
>   rlm_eap: EAP packet type notification id 1 length 110
>   rlm_eap: EAP Start not found
>   modcall[authorize]: module "eap" returns updated for request 8
>     rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>   modcall[authorize]: module "suffix" returns noop for request 8
>     users: Matched a.lopez at amuse_tls.nl at 65
>   modcall[authorize]: module "files" returns ok for request 8
>   modcall[authorize]: module "mschap" returns noop for request 8
> modcall: group authorize returns updated for request 8
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate for request 8
>   rlm_eap: EAP packet type notification id 1 length 110
>   rlm_eap: EAP Start not found
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP_TYPE - tls
>   rlm_eap: processing type tls
>   rlm_eap_tls: Authenticate
> rlm_eap_tls:  Length Included
> undefined: before/accept initialization
> TLS_accept: before/accept initialization
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello
> TLS_accept: SSLv3 read client hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
> TLS_accept: SSLv3 write server hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 06e9], Certificate
> TLS_accept: SSLv3 write certificate A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 00c0], CertificateRequest
> TLS_accept: SSLv3 write certificate request A
> TLS_accept: SSLv3 flush data
> TLS_accept:error in SSLv3 read client certificate A
> rlm_eap_tls: SSL_read Error
>  Error code is ..... 2
>  SSL Error ..... 2
>   modcall[authenticate]: module "eap" returns ok for request 8
> modcall: group authenticate returns ok for request 8
> Sending Access-Challenge of id 238 to 131.155.193.92:1541
>         EAP-Message =
> 0x0102040a0dc000000802160301004a02000046030140027028ebc51af87d64e51c4d8162f
>cde5c55a3614794796268ad48b8b59ef020d349b0e3abb0e1894acf52811348defa7b1203612
>bc41df97def0d23c39415d300350016030106e90b0006e50006e20002f3308202ef30820258a
>003020102020101300d06092a864886f70d01010405003081ae310b3009060355040613024e4
>c311430120603550408130b4e65746865726c616e6473311230100603550407130945696e646
>86f76656e312a3028060355040a1321546563686e697363686520556e6976657273697465697
>42045696e64686f76656e3110300e060355040b13075454452d45 EAP-Message =
> 0x434f311830160603550403140f73696c6d6172696c6c696f6e5f6361311d301b06092a864
>886f70d010901160e612e6c6f70657a407475652e6e6c301e170d30333132313931333036303
>15a170d3034313231383133303630315a3081b2310b3009060355040613024e4c31143012060
>3550408130b4e65746865726c616e6473311230100603550407130945696e64686f76656e312
>a3028060355040a1321546563686e697363686520556e697665727369746569742045696e646
>86f76656e3110300e060355040b13075454452d45434f311c301a06035504031413736572766
>5725f73696c6d6172696c6c696f6e311d301b06092a864886f70d EAP-Message =
> 0x010901160e612e6c6f70657a407475652e6e6c30819f300d06092a864886f70d010101050
>003818d0030818902818100c1d96b5184619337233d264facee95bc1cac85452abb8fac4b502
>1c254fde659de720b141628d66f3ca6abadba27b9595713ff0e7a53e727429c55ef1b54579f3
>ba086ff5ca498739b90fa1c6e0b7d2d8108c5bfd6ac7bf18e0ca39f744667c52c74511478905
>fd35e1fd8c87dc83e8145d2871de801c026928cf74b2537eca70203010001a31730153013060
>3551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100a17
>9cef2b6b29a0f10b545b58e2ebdf9dfa13baed3942e5f074df0de EAP-Message =
> 0xc1589094ac85ece28d0e845a3e93a4153f6a3a345c4506eb438df5cb701fa4ae349c37871
>3e2285d80231dc743f59a388d5f851fb6906d1344c76cff9faa382af0f922fd0b1994f8af4b2
>1f790fdf15763ba4b5cec1ef2b9ee45804b2b749a40fe2e6fee0003e9308203e53082034ea00
>3020102020100300d06092a864886f70d01010405003081ae310b3009060355040613024e4c3
>11430120603550408130b4e65746865726c616e6473311230100603550407130945696e64686
>f76656e312a3028060355040a1321546563686e697363686520556e697665727369746569742
>045696e64686f76656e3110300e060355040b13075454452d4543 EAP-Message =
> 0x4f311830160603550403140f73696c6d6172696c6c69 Message-Authenticator =
> 0x00000000000000000000000000000000 State =
> 0xc5468798369d26e7469cc34357c144ef28700240359a5564b9530e26e05be66f22ec23b2
> Finished request 8
> Going to the next request
> Waking up in 4 seconds...
> rad_recv: Access-Request packet from host 131.155.193.92:1542, id=239,
> length=167 User-Name = "a.lopez at amuse_tls.nl"
>         NAS-IP-Address = 131.155.193.92
>         Called-Station-Id = "004096310d73"
>         Calling-Station-Id = "00022d0292be"
>         NAS-Identifier = "ap340-2"
>         NAS-Port = 29
>         Framed-MTU = 1400
>         State =
> 0xc5468798369d26e7469cc34357c144ef28700240359a5564b9530e26e05be66f22ec23b2
> NAS-Port-Type = Wireless-802.11
>         EAP-Message = 0x020200060d00
>
>
>
>
>
>
>
> -----Original Message-----
> From: Mike McCauley
> To: Lopez, A.; radiator at open.com.au
> Sent: 1/11/2004 11:16 AM
> Subject: Re: (RADIATOR) Xsupplicant Radiator EAP_TLS problems
>
> Hello Alex,
>
> Im not sure what is going on here.
> Looks like Radiator is send back its certificate fine, but then the
> client
> does not send its certificate.
>
> I suspect that there is a problem innthe clinet: either it does not like
> the
> servers certificate, or else it cant access or decode it own
> certificate.
>
> Suggest you have a close look at the XSupplicant log.
>
> We have tested Radiator against XSupplicant and TLS successfully here.
>
> Cheers.
>
> On Sat, 10 Jan 2004 01:21 am, Lopez, A. wrote:
> > Dear all,
> > I am trying to make EAP-TLS work between Xsupplicant and Radiator. But
>
> I
>
> > am having some problems.
> > I generated the certidficates using Openssl and authentication works
> > perfectly when authenticating against Radiator from a windows
> > supplicant. The problem only appears when using Xsupplicant (under
> > GNU/Debian).
> > In my notebook I installed:
> > Xsupplicant 0.8b
> > Openssl 0.9.7b
> > Libpcap 0.7.2
> > Lindnet 1.7
> > Below there is the 1.conf I used for Xsupplicant and the output
> > generated by Radiator during the authentication process.
> > I would appreciate any idea.
> > Thanks in advance
> > Alex
> >
> > /etc/1x/1x.conf
> > --------------------------
> > default : id = a.lopez at amuse_tls.nl
> > default : cert = /etc/1x/certs/certs_amuse/a.lopez at amuse_tls.nl.der
> > default : key = /etc/1x/certs/certs_amuse/a.lopez at amuse_tls.nl.pem
> > default : root = /etc/1x/certs/certs_amuse/root.pem
> > default :auth = EAP
> > default : pref = tls
> > default : random_file = /dev/random
> > default : after_auth = "/bin/echo I authenticated"
> >
> > =================================
> >
> > RADIATOR OUTPUT:
> > ------------------------
> > Fri Jan  9 14:12:25 2004: DEBUG: Reading users file
> > /etc/radiator/users_tls
> > Fri Jan  9 14:12:25 2004: DEBUG: Reading users file
>
> /etc/radiator/users
>
> > Fri Jan  9 14:12:25 2004: DEBUG: Reading users file
>
> /etc/radiator/users
>
> > Fri Jan  9 14:12:25 2004: DEBUG: Finished reading configuration file
> > '/etc/radiator/radius.cfg'
> > This Radiator license will expire on 2004-02-01
> > This Radiator license will stop operating after 1000 requests
> > To purchase an unlimited full source version of Radiator, see
> > http://www.open.com.au/ordering.html
> > To extend your evaluation period, contact admin at open.com.au
> >
> > Fri Jan  9 14:12:25 2004: DEBUG: Reading dictionary file
> > '/etc/radiator/dictionary'
> > Fri Jan  9 14:12:26 2004: DEBUG: Creating authentication port
> > 0.0.0.0:1812
> > Fri Jan  9 14:12:26 2004: DEBUG: Creating accounting port 0.0.0.0:1813
> > Fri Jan  9 14:12:26 2004: NOTICE: Server started: Radiator 3.7.1 on
> > phoenix (EVALUATION)
> > Fri Jan  9 14:13:54 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1035 ....
> > Code:       Access-Request
> > Identifier: 5
> > Authentic:
> > <233>,<246><157>.<209><178><150><24>8<255><25><185><151><30><161>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><0><0><25><1>a.lopez at amuse_tls.nl
> >         Message-Authenticator =
> > <200><181><130><228>DP<195><234><152><140>T<229><24><24><201>`
> >
> > Fri Jan  9 14:13:54 2004: DEBUG: Handling request with Handler
> > 'Realm=amuse_tls.nl'
> > Fri Jan  9 14:13:54 2004: DEBUG:  Deleting session for
> > a.lopez at amuse_tls.nl, 131.155.193.92, 29
> > Fri Jan  9 14:13:54 2004: DEBUG: Handling with Radius::AuthFILE:
> > Fri Jan  9 14:13:54 2004: DEBUG: Handling with EAP: code 2, 0, 25
> > Fri Jan  9 14:13:54 2004: DEBUG: Response type 1
> > Fri Jan  9 14:13:55 2004: DEBUG: EAP result: 3, EAP TLS Challenge
> > Fri Jan  9 14:13:55 2004: DEBUG: Access challenged for
> > a.lopez at amuse_tls.nl: EAP TLS Challenge
> > Fri Jan  9 14:13:55 2004: DEBUG: Packet dump:
> > *** Sending to 131.155.193.92 port 1035 ....
> > Code:       Access-Challenge
> > Identifier: 5
> > Authentic:
> > <233>,<246><157>.<209><178><150><24>8<255><25><185><151><30><161>
> > Attributes:
> >         EAP-Message = <1><1><0><6><13>
> >         Message-Authenticator =
> > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan  9 14:13:55 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1036 ....
> > Code:       Access-Request
> > Identifier: 6
> > Authentic:
> > <247><214><254><245><146>p<189><133><221><24><183><178><177>:<11><192>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message =
>
> <2><1><0>n<13><128><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>?<254><169><2
>
> > 37>k<233><229>|<206>I<248><166>
>
> U<25><208><130>M<237><229><188><218><152><210><187>Y<9><219><172><139><2
>
> > 28><141><22><0><0>4<0>9<0>8<0>5<0><22><0><19><0><10><
>
> 0>3<0>2<0>/<0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<
>
> > 0><20><0><17><0><8><0><6><0><3><1><0>
> >
> >         Message-Authenticator =
> > <15><180><202><136><208>;<153>Q<224><29>}Z<243>K<7><21>
> >
> > Fri Jan  9 14:13:55 2004: DEBUG: Handling request with Handler
> > 'Realm=amuse_tls.nl'
> > Fri Jan  9 14:13:55 2004: DEBUG:  Deleting session for
> > a.lopez at amuse_tls.nl, 131.155.193.92, 29
> > Fri Jan  9 14:13:55 2004: DEBUG: Handling with Radius::AuthFILE:
> > Fri Jan  9 14:13:55 2004: DEBUG: Handling with EAP: code 2, 1, 110
> > Fri Jan  9 14:13:55 2004: DEBUG: Response type 13
> > Fri Jan  9 14:13:55 2004: DEBUG: EAP result: 3, EAP TLS Challenge
> > Fri Jan  9 14:13:55 2004: DEBUG: Access challenged for
> > a.lopez at amuse_tls.nl: EAP TLS Challenge
> > Fri Jan  9 14:13:55 2004: DEBUG: Packet dump:
> > *** Sending to 131.155.193.92 port 1036 ....
> > Code:       Access-Challenge
> > Identifier: 6
> > Authentic:
> > <247><214><254><245><146>p<189><133><221><24><183><178><177>:<11><192>
> > Attributes:
> >         EAP-Message =
>
> <1><2><4><10><13><192><0><0><8><2><22><3><1><0>J<2><0><0>F<3><1>?<254><1
>
> > 69><19><213><19>s<234><181><128
> >
> > ><253>3~<204><146><134>{y<237>Za<171>y.<252>Z<135>j<138><212>I<199>
> >
> > <159><17>)5<217><156><183><213>Z<136><193><137><175>DTMHa
>
> <129><166><242>!y<146><229>VQ<189>+<183><153><30><0>5<0><22><3><1><6><23
>
> > 3><11><0><6><229><0><6><226><0><2><243>0<130><2><239>
>
> 0<130><2>X<160><3><2><1><2><2><1><1>0<13><6><9>*<134>H<134><247><13><1><
>
> > 1><4><5><0>0<129><174>1<11>0<9><6><3>U<4><6><19><2>NL
>
> 1<20>0<18><6><3>U<4><8><19><11>Netherlands1<18>0<16><6><3>U<4><7><19><9>
>
> > Eindhoven1*0(<6><3>U<4><10><19>!Technische Universite it
> > Eindhoven1<16>0<14><6><3>U<4><11><19><7>TTE-E
> >
> >         EAP-Message =
>
> CO1<24>0<22><6><3>U<4><3><20><15>silmarillion_ca1<29>0<27><6><9>*<134>H<
>
> > 134><247><13><1><9><1><22><14>a
>
> .lopez at tue.nl0<30><23><13>031219130601Z<23><13>041218130601Z0<129><178>1
>
> > <11>0<9><6><3>U<4><6><19><2>NL1<20>0<18><6><3>U<4><8>
>
> <19><11>Netherlands1<18>0<16><6><3>U<4><7><19><9>Eindhoven1*0(<6><3>U<4>
>
> > <10><19>!Technische Universiteit Eindhoven1<16>0<14><
>
> 6><3>U<4><11><19><7>TTE-ECO1<28>0<26><6><3>U<4><3><20><19>server_silmari
>
> > llion1<29>0<27><6><9>*<134>H<134><247><13>
> >
> >         EAP-Message =
>
> <1><9><1><22><14>a.lopez at tue.nl0<129><159>0<13><6><9>*<134>H<134><247><1
>
> > 3><1><1><1><5><0><3><129><141><
>
> 0>0<129><137><2><129><129><0><193><217>kQ<132>a<147>7#=&O<172><238><149>
>
> > <188><28><172><133>E*<187><143><172>KP!<194>T<253><23
>
> 0>Y<222>r<11><20><22>(<214>o<<166><171><173><186>'<185>YW<19><255><14>zS
>
> > <231>'B<156>U<239><27>TW<159>;<160><134><255>\<164><1
>
> 52>s<155><144><250><28>n<11>}-<129><8><197><191><214><172>{<241><142><12
>
> > ><163><159>tFg<197>,tQ<20>x<144>_<211>^<31><216><200>
>
> }<200>><129>E<210><135><29><232><1><192>&<146><140><247>K%7<236><167><2>
>
> > <3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<1
>
> 0><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><
>
> > 5><0><3><129><129><0><161>y<206><242><182><178><154><
>
> 15><16><181>E<181><142>.<189><249><223><161>;<174><211><148>._<7>M<240><
>
> > 222>
> >
> >         EAP-Message =
>
> <193>X<144><148><172><133><236><226><141><14><132>Z><147><164><21>?j:4\E
>
> > <6><235>C<141><245><203>p<31><1
>
> 64><174>4<156>7<135><19><226>(]<128>#<29><199>C<245><154>8<141>_<133><31
>
> > ><182><144>m<19>D<199>l<255><159><170>8*<240><249>"<2
>
> 53><11><25><148><248><175>K!<247><144><253><241>Wc<186>K\<236><30><242><
>
> > 185><238>E<128>K+t<154>@<254>.o<238><0><3><233>0<130>
>
> <3><229>0<130><3>N<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247>
>
> > <13><1><1><4><5><0>0<129><174>1<11>0<9><6><3>U<4><6><
>
> 19><2>NL1<20>0<18><6><3>U<4><8><19><11>Netherlands1<18>0<16><6><3>U<4><7
>
> > ><19><9>Eindhoven1*0(<6><3>U<4><10><19>!Technische Un iversiteit
> >
> > Eindhoven1<16>0<14><6><3>U<4><11><19><7>TTE-EC
> >
> >         EAP-Message = O1<24>0<22><6><3>U<4><3><20><15>silmarilli
> >         Message-Authenticator =
> > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan  9 14:13:55 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1037 ....
> > Code:       Access-Request
> > Identifier: 7
> > Authentic:  <9><24>`J<194><160>r<201><144><137><175>K<151>#<166><171>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><2><0><6><13><0>
> >         Message-Authenticator =
> > <161><189><171><156><137><205><200><159><215>:Y<142>U<23><140>z
> >
> > Fri Jan  9 14:13:55 2004: DEBUG: Handling request with Handler
> > 'Realm=amuse_tls.nl'
> > Fri Jan  9 14:13:55 2004: DEBUG:  Deleting session for
> > a.lopez at amuse_tls.nl, 131.155.193.92, 29
> > Fri Jan  9 14:13:55 2004: DEBUG: Handling with Radius::AuthFILE:
> > Fri Jan  9 14:13:55 2004: DEBUG: Handling with EAP: code 2, 2, 6
> > Fri Jan  9 14:13:55 2004: DEBUG: Response type 13
> > Fri Jan  9 14:13:55 2004: DEBUG: EAP result: 3, EAP TLS Challenge
> > Fri Jan  9 14:13:55 2004: DEBUG: Access challenged for
> > a.lopez at amuse_tls.nl: EAP TLS Challenge
> > Fri Jan  9 14:13:55 2004: DEBUG: Packet dump:
> > *** Sending to 131.155.193.92 port 1037 ....
> > Code:       Access-Challenge
> > Identifier: 7
> > Authentic:  <9><24>`J<194><160>r<201><144><137><175>K<151>#<166><171>
> > Attributes:
> >         EAP-Message =
>
> <1><3><4><6><13>@on_ca1<29>0<27><6><9>*<134>H<134><247><13><1><9><1><22>
>
> > <14>a.lopez at tue.nl0<30><23><13>
>
> 031219130528Z<23><13>040118130528Z0<129><174>1<11>0<9><6><3>U<4><6><19><
>
> > 2>NL1<20>0<18><6><3>U<4><8><19><11>Netherlands1<18>0<
> > 16><6><3>U<4><7><19><9>Eindhoven1*0(<6><3>U<4><10><19>!Technische
> > Universiteit Eindhoven1<16>0<14><6><3>U<4><11><19><7>TTE-EC
>
> O1<24>0<22><6><3>U<4><3><20><15>silmarillion_ca1<29>0<27><6><9>*<134>H<1
>
> > 34><247><13><1><9><1><22><14>a.lopez at tue.nl0<129>
> >
> >         EAP-Message =
>
> <159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<12
>
> > 9><137><2><129><129><0><196>*<1
>
> 35><211><234><210><150>7]<165><209><242><129><29>v<163><12>p<215>h<139><
>
> > 172><234>o<179><227><205><159>^><207><165><182><1>7<1
>
> 53>cw<247><236><248>|<194><163>"<220>>K&<167><1><137>UD<8><21>@<157><0>L
>
> > <255><174><215><205>Aa%K<1>n<193>1<249>{(<152><199>`<
>
> 205><133>Y|XI}<1><225>F<167><19><219>q<9>T<140><176><10><14>"@<17><132><
>
> > 184><14>+1<231>P<23><241>M<239><151><8><178><154><228
> >
> >
> ><181><170><150><228>d<235><145>HL<186><181><2><3><1><0><1><163><130><1>
> >
> > <15>0<130><1><11>0<29><6><3>U<29><14><4><22><4><20>\-
>
> <136><218><218><244>N<178><10><165><225>t<170><150>2L<178>T<20>u0<129><2
>
> > 19><6><3>U<29>#<4><129><211>0<129><208><128><20>\-<13
>
> 6><218><218><244>N<178><10><165><225>t<170><150>2L<178>T<20>u<161><129><
>
> > 180><164><129><177>0<129><174>1<11>0<9><6><3>U<4><6>
> >
> >         EAP-Message =
>
> <19><2>NL1<20>0<18><6><3>U<4><8><19><11>Netherlands1<18>0<16><6><3>U<4><
>
> > 7><19><9>Eindhoven1*0(<6><3>U<4 ><10><19>!Technische Universiteit
>
> Eindhoven1<16>0<14><6><3>U<4><11><19><7>TTE-ECO1<24>0<22><6><3>U<4><3><2
>
> > 0><15>silmarillion_
>
> ca1<29>0<27><6><9>*<134>H<134><247><13><1><9><1><22><14>a.lopez at tue.nl<1
>
> > 30><1><0>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<1
>
> 3><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>ib<160><147>
>
> > <199><198><180><186><165>8<215><161><160><203>h<228><
>
> 255><204><166><247><143><231>,fy+<25><193><229>z<176>F<168><196><7><131>
>
> > n<138><138>RJTD<25>S<156><172><241>?<182><191><158>
> >
> >         EAP-Message =
>
> <191><5><11>tl{<237>wtcMLy)H<144>k<192>5q~<178><225><212><17>7<153><152>
>
> > <154><29><148><3><137>7<158>Z<1
>
> 75>"<232><192><213><233><190><20><1><204><215><20><160><255><209><213><2
>
> > 5>~<242>7N<133><180>8r<215>F<226><13><131><165><192>|
>
> <210><137><147><247><151><181><248><22><3><1><0><192><13><0><0><184><2><
>
> > 1><2><0><179><0><177>0<129><174>1<11>0<9><6><3>U<4><6
> >
> >
> ><19><2>NL1<20>0<18><6><3>U<4><8><19><11>Netherlands1<18>0<16><6><3>U<4>
> >
> > <7><19><9>Eindhoven1*0(<6><3>U<4><10><19>!Technische Universiteit
>
> Eindhoven1<16>0<14><6><3>U<4><11><19><7>TTE-ECO1<24>0<22><6><3>U<4><3><2
>
> > 0><15>silmarillion_ca1<29>0<27><6><9>*<1 34>H<134><247><13><1><9><1>
> >
> >         EAP-Message = <22><14>a.lopez at tue.nl<14><0>
> >         Message-Authenticator =
> > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan  9 14:13:56 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1038 ....
> > Code:       Access-Request
> > Identifier: 8
> > Authentic:
> > <142><21><200><145><176><24><188>RO<193><246>~<188><15><<172>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><3><0><6><13><0>
> >         Message-Authenticator =
> > W<223>2<136>><153><160>a<172><173>H<15><226><148><237>I
> >
> > Fri Jan  9 14:13:56 2004: DEBUG: Handling request with Handler
> > 'Realm=amuse_tls.nl'
> > Fri Jan  9 14:13:56 2004: DEBUG:  Deleting session for
> > a.lopez at amuse_tls.nl, 131.155.193.92, 29
> > Fri Jan  9 14:13:56 2004: DEBUG: Handling with Radius::AuthFILE:
> > Fri Jan  9 14:13:56 2004: DEBUG: Handling with EAP: code 2, 3, 6
> > Fri Jan  9 14:13:56 2004: DEBUG: Response type 13
> > Fri Jan  9 14:13:56 2004: DEBUG: EAP result: 3, EAP TLS Challenge
> > Fri Jan  9 14:13:56 2004: DEBUG: Access challenged for
> > a.lopez at amuse_tls.nl: EAP TLS Challenge
> > Fri Jan  9 14:13:56 2004: DEBUG: Packet dump:
> > *** Sending to 131.155.193.92 port 1038 ....
> > Code:       Access-Challenge
> > Identifier: 8
> > Authentic:
> > <142><21><200><145><176><24><188>RO<193><246>~<188><15><<172>
> > Attributes:
> >         EAP-Message = <1><4><0><8><13><0><0><0>
> >         Message-Authenticator =
> > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan  9 14:13:56 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1039 ....
> > Code:       Access-Request
> > Identifier: 9
> > Authentic:  f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><4><0><6><13><0>
> >         Message-Authenticator =
> > <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
> >
> > Fri Jan  9 14:13:56 2004: DEBUG: Handling request with Handler
> > 'Realm=amuse_tls.nl'
> > Fri Jan  9 14:13:56 2004: DEBUG:  Deleting session for
> > a.lopez at amuse_tls.nl, 131.155.193.92, 29
> > Fri Jan  9 14:13:56 2004: DEBUG: Handling with Radius::AuthFILE:
> > Fri Jan  9 14:13:56 2004: DEBUG: Handling with EAP: code 2, 4, 6
> > Fri Jan  9 14:13:56 2004: DEBUG: Response type 13
> > Fri Jan  9 14:13:56 2004: DEBUG: EAP result: 2, EAP TLS Nothing to
>
> read
>
> > or write
> > Fri Jan  9 14:13:57 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1039 ....
> > Code:       Access-Request
> > Identifier: 9
> > Authentic:  f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><4><0><6><13><0>
> >         Message-Authenticator =
> > <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
> >
> > Fri Jan  9 14:13:57 2004: INFO: Duplicate request id 9 received from
> > 131.155.193.92(1039): ignored
> > Fri Jan  9 14:13:58 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1039 ....
> > Code:       Access-Request
> > Identifier: 9
> > Authentic:  f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><4><0><6><13><0>
> >         Message-Authenticator =
> > <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
> >
> > Fri Jan  9 14:13:58 2004: DEBUG: Handling request with Handler
> > 'Realm=amuse_tls.nl'
> > Fri Jan  9 14:13:58 2004: DEBUG:  Deleting session for
> > a.lopez at amuse_tls.nl, 131.155.193.92, 29
> > Fri Jan  9 14:13:58 2004: DEBUG: Handling with Radius::AuthFILE:
> > Fri Jan  9 14:13:58 2004: DEBUG: Handling with EAP: code 2, 4, 6
> > Fri Jan  9 14:13:58 2004: DEBUG: Response type 13
> > Fri Jan  9 14:13:58 2004: DEBUG: EAP result: 2, EAP TLS Nothing to
>
> read
>
> > or write
> > Fri Jan  9 14:13:59 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1039 ....
> > Code:       Access-Request
> > Identifier: 9
> > Authentic:  f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><4><0><6><13><0>
> >         Message-Authenticator =
> > <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
> >
> > Fri Jan  9 14:13:59 2004: INFO: Duplicate request id 9 received from
> > 131.155.193.92(1039): ignored
> > Fri Jan  9 14:14:00 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1039 ....
> > Code:       Access-Request
> > Identifier: 9
> > Authentic:  f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><4><0><6><13><0>
> >         Message-Authenticator =
> > <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
> >
> > Fri Jan  9 14:14:00 2004: DEBUG: Handling request with Handler
> > 'Realm=amuse_tls.nl'
> > Fri Jan  9 14:14:00 2004: DEBUG:  Deleting session for
> > a.lopez at amuse_tls.nl, 131.155.193.92, 29
> > Fri Jan  9 14:14:00 2004: DEBUG: Handling with Radius::AuthFILE:
> > Fri Jan  9 14:14:00 2004: DEBUG: Handling with EAP: code 2, 4, 6
> > Fri Jan  9 14:14:00 2004: DEBUG: Response type 13
> > Fri Jan  9 14:14:00 2004: DEBUG: EAP result: 2, EAP TLS Nothing to
>
> read
>
> > or write
> > Fri Jan  9 14:14:01 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1039 ....
> > Code:       Access-Request
> > Identifier: 9
> > Authentic:  f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><4><0><6><13><0>
> >         Message-Authenticator =
> > <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
> >
> > Fri Jan  9 14:14:01 2004: INFO: Duplicate request id 9 received from
> > 131.155.193.92(1039): ignored
> > Fri Jan  9 14:14:02 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1039 ....
> > Code:       Access-Request
> > Identifier: 9
> > Authentic:  f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><4><0><6><13><0>
> >         Message-Authenticator =
> > <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
> >
> > Fri Jan  9 14:14:02 2004: DEBUG: Handling request with Handler
> > 'Realm=amuse_tls.nl'
> > Fri Jan  9 14:14:02 2004: DEBUG:  Deleting session for
> > a.lopez at amuse_tls.nl, 131.155.193.92, 29
> > Fri Jan  9 14:14:02 2004: DEBUG: Handling with Radius::AuthFILE:
> > Fri Jan  9 14:14:02 2004: DEBUG: Handling with EAP: code 2, 4, 6
> > Fri Jan  9 14:14:02 2004: DEBUG: Response type 13
> > Fri Jan  9 14:14:02 2004: DEBUG: EAP result: 2, EAP TLS Nothing to
>
> read
>
> > or write
> > Fri Jan  9 14:14:03 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1039 ....
> > Code:       Access-Request
> > Identifier: 9
> > Authentic:  f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><4><0><6><13><0>
> >         Message-Authenticator =
> > <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
> >
> > Fri Jan  9 14:14:03 2004: INFO: Duplicate request id 9 received from
> > 131.155.193.92(1039): ignored
> > Fri Jan  9 14:14:04 2004: DEBUG: Packet dump:
> > *** Received from 131.155.193.92 port 1039 ....
> > Code:       Access-Request
> > Identifier: 9
> > Authentic:  f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
> > Attributes:
> >         User-Name = "a.lopez at amuse_tls.nl"
> >         NAS-IP-Address = 131.155.193.92
> >         Called-Station-Id = "004096310d73"
> >         Calling-Station-Id = "00022d0292be"
> >         NAS-Identifier = "ap340-2"
> >         NAS-Port = 29
> >         Framed-MTU = 1400
> >         NAS-Port-Type = Wireless-IEEE-802-11
> >         EAP-Message = <2><4><0><6><13><0>
> >         Message-Authenticator =
> > <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
> >
> > Fri Jan  9 14:14:04 2004: DEBUG: Handling request with Handler
> > 'Realm=amuse_tls.nl'
> > Fri Jan  9 14:14:04 2004: DEBUG:  Deleting session for
> > a.lopez at amuse_tls.nl, 131.155.193.92, 29
> > Fri Jan  9 14:14:04 2004: DEBUG: Handling with Radius::AuthFILE:
> > Fri Jan  9 14:14:04 2004: DEBUG: Handling with EAP: code 2, 4, 6
> > Fri Jan  9 14:14:04 2004: DEBUG: Response type 13
> > Fri Jan  9 14:14:04 2004: DEBUG: EAP result: 2, EAP TLS Nothing to
>
> read
>
> > or write
> >
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list