(RADIATOR) Xsupplicant Radiator EAP_TLS problems
Terry Simons
galimore at mac.com
Mon Jan 12 08:50:15 CST 2004
Alex,
I'm one of the XSupplicant developers.
I agree with Mike's answer.
If your card is resetting after authentication and reauthenticating
again, then it is most likely a bug in your wireless driver, and is not
a problem with the supplicant. Basically what is happening is that the
WEP keys are being set by the supplicant, but the driver resets the
card once keys are set, which causes your card to reassociate to the AP
(with the new WEP key), which then causes you to reauthenticate again.
This is due to the way 802.1x authentications happen. 802.1x
authentications are link-based, which means if you drop and reassociate
to a wireless network, or if your link bounces on a wired network, you
will end up reauthenticating.
This is something that many of the wireless drivers in Linux have a
problem with, including the Lucent-derived cards that use the Orinoco
driver. The last time I used this driver was 0.13e, which we had a
patch for in the XSupplicant tree. I have heard that newer Orinoco
drivers do not exhibit this problem, though I have not verified this
myself. The MADWifi drivers also exhibit this problem as well, and
have not been patched yet.
Since this really isn't a Radiator specific question it should probably
be moved to the open1x xsupplicant list.
One thing I can say is that we do test Xsupplicant extensively on
Radiator, since Radiator is the server we use for deployment at the
University of Utah and as far as I know all of the Xsupplicant EAP
types work with Radiator. (Most of them were actually developed
against the Radiator code base, so Xsupplicant is more likely to work
with Radiator than not.) =)
- Terry
On Jan 12, 2004, at 4:42 AM, Mike McCauley wrote:
> Hello Alex,
>
>
> On Mon, 12 Jan 2004 09:12 pm, Lopez, A. wrote:
>> Hi Mike,
>> I installed and configured FreeRadius in order to find out what's
>> going on
>> with Xsupplicant. FreeRadius (EAP-TLS) works also fine with Windows
>> 802.1x
>> client, therefore I assume it is well configured. Below there is the
>> output
>> generated by both Xsupplicant and FreeRadius. It is strange because
>> Xsupplicant says that authentication was performed properly but, after
>> that, it seems to try to authenticate again without succeeding.
>> Perhaps
>> this information is more useful.
>> Thanks again for your collaboration.
>
> I have seen similar problems with XSupplicant and some wireless cards
> (Cisco
> 340, for example) with unpatches kernels. Apparently, some cards issue
> a
> reset after the WEP key is set, causing a new authenticaiotn to start
> and you
> need a kernel patch to fix this. Refer to the XSupplicant mailing list
> for
> more details.
>
> Cheers.
>
>> Alex
>>
>>
>> ====================================
>> Xsupplicant log:
>>
>> Omni:/home/alex# xsupplicant -i eth1 -d 8
>> Calling do_eapol, with device eth1
>> Setup on device eth1 complete
>> (EAPMD5) Initalized
>> (EAPMS-CHAP) Initalized
>> Done with init.
>> Loading profile for test from /etc/1x/1x.conf.
>> Sending EAPOL-Start #1
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>> Please Enter Your Password :
>> ACQUIRED
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 6
>> Loading certificate /etc/1x/certs/certs_amuse/root.pem . . .
>> (TLS)Loaded root certificate /etc/1x/certs/certs_amuse/root.pem and
>> dirctory (null) --- SSL : before/connect initialization
>> --- SSL : before/connect initialization
>> --- SSL : SSLv3 write client hello A
>> --- SSL : SSLv3 read server hello A
>> Destination : 0:40:96:31:d:73
>> AUTHENTICATING
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 1034
>> (EAPTTLS) Saved packet fragment.
>> Destination : 0:40:96:31:d:73
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 1034
>> (EAPTTLS) Saved packet fragment.
>> Destination : 0:40:96:31:d:73
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 12
>> (EAPTTLS) Saved packet fragment.
>> 16 3 1 0 4a 2 0 0 46 3 1 40 2 6c 6a 15
>> --- SSL : SSLv3 read server hello A
>> --- SSL : SSLv3 read server certificate A
>> --- SSL : SSLv3 read server certificate request A
>> --- SSL : SSLv3 read server done A
>> --- SSL : SSLv3 write client certificate A
>> --- SSL : SSLv3 write client key exchange A
>> --- SSL : SSLv3 write certificate verify A
>> --- SSL : SSLv3 write change cipher spec A
>> --- SSL : SSLv3 write finished A
>> --- SSL : SSLv3 flush data
>> --- SSL : SSLv3 read finished A
>> Destination : 0:40:96:31:d:73
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 6
>> Destination : 0:40:96:31:d:73
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 69
>> (EAPTTLS) Saved packet fragment.
>> 14 3 1 0 1 1 16 3 1 0 30 90 ed b1 cc 91
>> --- SSL : SSLv3 read finished A
>> --- SSL : SSL negotiation finished successfully
>> --- SSL : SSL negotiation finished successfully
>> Destination : 0:40:96:31:d:73
>> ## eap_decode_packet ##: Got an EAP success
>> Authentication Succeeded
>> AUTHENTICATED
>> After iv:
>> EAPOL Key processed: broadcast [1] (5 bytes)
>> After check signature...
>> Successfully set WEP key [1]
>> After iv:
>> EAPOL Key processed: unicast [4] (5 bytes)
>> After check signature...
>> Internet Software Consortium DHCP Client 2.0pl5
>> Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software
>> Consortium.
>> All rights reserved.
>>
>> Please contribute if you find this software useful.
>> For info, please visit http://www.isc.org/dhcp-contrib.html
>>
>> Successfully set WEP key [4]
>> Successfully set the WEP transmit key [4]
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>> ACQUIRED
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 6
>> --- SSL : before/connect initialization
>> --- SSL : before/connect initialization
>> --- SSL : SSLv3 write client hello A
>> --- SSL : SSLv3 read server hello A
>> Destination : 0:40:96:31:d:73
>> AUTHENTICATING
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 1034
>> (EAPTTLS) Saved packet fragment.
>> Destination : 0:40:96:31:d:73
>> Listening on LPF/eth1/00:02:2d:02:92:be
>> Sending on LPF/eth1/00:02:2d:02:92:be
>> Sending on Socket/fallback/fallback-net
>> You do not appear to be associated to a wireless network!
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 1034
>> (EAPTTLS) Saved packet fragment.
>> Destination : 44:44:44:44:44:44
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>> ACQUIRED
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 6
>> --- SSL : SSLv3 read server hello A
>> Destination : 0:40:96:31:d:73
>> AUTHENTICATING
>> DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8
>> receive_packet failed on eth1: Network is down
>> ## eap_decode_packet ##: Got an EAP failure
>> Failed to Authenticate
>> CONNECTING
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>> ACQUIRED
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 6
>> --- SSL : SSLv3 read server hello A
>> Destination : 0:40:96:31:d:73
>> AUTHENTICATING
>> ## eap_decode_packet ##: Got an EAP failure
>> Failed to Authenticate
>> CONNECTING
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>> ACQUIRED
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 6
>> --- SSL : SSLv3 read server hello A
>> Destination : 0:40:96:31:d:73
>> AUTHENTICATING
>> ## eap_decode_packet ##: Got an EAP failure
>> Failed to Authenticate
>> CONNECTING
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>> ACQUIRED
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 6
>> --- SSL : SSLv3 read server hello A
>> Destination : 0:40:96:31:d:73
>> AUTHENTICATING
>> DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19
>> ## eap_decode_packet ##: Got an EAP failure
>> Failed to Authenticate
>> CONNECTING
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>> ACQUIRED
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 6
>> --- SSL : SSLv3 read server hello A
>> Destination : 0:40:96:31:d:73
>> AUTHENTICATING
>> ## eap_decode_packet ##: Got an EAP failure
>> Failed to Authenticate
>> CONNECTING
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>> ACQUIRED
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 6
>> --- SSL : SSLv3 read server hello A
>> Destination : 0:40:96:31:d:73
>> AUTHENTICATING
>> ## eap_decode_packet ##: Got an EAP failure
>> Failed to Authenticate
>> CONNECTING
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>> ACQUIRED
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 6
>> --- SSL : SSLv3 read server hello A
>> Destination : 0:40:96:31:d:73
>> AUTHENTICATING
>> ## eap_decode_packet ##: Got an EAP failure
>> Failed to Authenticate
>> CONNECTING
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>> ACQUIRED
>> ## eap_decode_packet ##: Got an EAP request
>> ### Type is 13, length: 6
>> --- SSL : SSLv3 read server hello A
>> Destination : 0:40:96:31:d:73
>> AUTHENTICATING
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>> ACQUIRED
>> ## eap_decode_packet ##: Got an EAP request
>> ## eap_decode_packet ##: Type is Identity
>> Connection Established, authenticating...
>>
>>
>> ===================================
>> FreeRADIUS log:
>>
>> Starting - reading configuration files ...
>> reread_config: reading radiusd.conf
>> Config: including file: /etc/raddb/proxy.conf
>> Config: including file: /etc/raddb/clients.conf
>> Config: including file: /etc/raddb/snmp.conf
>> Config: including file: /etc/raddb/sql.conf
>> main: prefix = "/usr/local"
>> main: localstatedir = "/usr/local/var"
>> main: logdir = "/usr/local/var/log/radius"
>> main: libdir = "/usr/local/lib"
>> main: radacctdir = "/usr/local/var/log/radius/radacct"
>> main: hostname_lookups = no
>> main: max_request_time = 30
>> main: cleanup_delay = 5
>> main: max_requests = 1024
>> main: delete_blocked_requests = 0
>> main: port = 0
>> main: allow_core_dumps = no
>> main: log_stripped_names = no
>> main: log_file = "/usr/local/var/log/radius/radius.log"
>> main: log_auth = no
>> main: log_auth_badpass = no
>> main: log_auth_goodpass = no
>> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
>> main: user = "(null)"
>> main: group = "(null)"
>> main: usercollide = no
>> main: lower_user = "no"
>> main: lower_pass = "no"
>> main: nospace_user = "no"
>> main: nospace_pass = "no"
>> main: checkrad = "/usr/local/sbin/checkrad"
>> main: proxy_requests = yes
>> proxy: retry_delay = 5
>> proxy: retry_count = 3
>> proxy: synchronous = no
>> proxy: default_fallback = yes
>> proxy: dead_time = 120
>> proxy: post_proxy_authorize = yes
>> proxy: wake_all_if_all_dead = no
>> security: max_attributes = 200
>> security: reject_delay = 1
>> security: status_server = no
>> main: debug_level = 0
>> read_config_files: reading dictionary
>> read_config_files: reading naslist
>> Using deprecated naslist file. Support for this will go away soon.
>> read_config_files: reading clients
>> Using deprecated clients file. Support for this will go away soon.
>> read_config_files: reading realms
>> Using deprecated realms file. Support for this will go away soon.
>> radiusd: entering modules setup
>> Module: Library search path is /usr/local/lib
>> Module: Loaded expr
>> Module: Instantiated expr (expr)
>> Module: Loaded PAP
>> pap: encryption_scheme = "crypt"
>> Module: Instantiated pap (pap)
>> Module: Loaded CHAP
>> Module: Instantiated chap (chap)
>> Module: Loaded MS-CHAP
>> mschap: use_mppe = yes
>> mschap: require_encryption = no
>> mschap: require_strong = no
>> mschap: passwd = "(null)"
>> mschap: authtype = "MS-CHAP"
>> Module: Instantiated mschap (mschap)
>> Module: Loaded System
>> unix: cache = no
>> unix: passwd = "(null)"
>> unix: shadow = "(null)"
>> unix: group = "(null)"
>> unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
>> unix: usegroup = no
>>
>> unix: cache_reload = 600
>> Module: Instantiated unix (unix)
>> Module: Loaded eap
>> eap: default_eap_type = "tls"
>> eap: timer_expire = 60
>> rlm_eap: Loaded and initialized the type md5
>> rlm_eap: Loaded and initialized the type leap
>> tls: rsa_key_exchange = no
>> tls: dh_key_exchange = yes
>> tls: rsa_key_length = 512
>> tls: dh_key_length = 512
>> tls: verify_depth = 0
>> tls: CA_path = "(null)"
>> tls: pem_file_type = yes
>> tls: private_key_file = "/etc/1x/server_silmarillion.pem"
>> tls: certificate_file = "/etc/1x/server_silmarillion.pem"
>> tls: CA_file = "/etc/1x/root.pem"
>> tls: private_key_password = "serverpwd"
>> tls: dh_file = "/etc/1x/DH"
>> tls: random_file = "/etc/1x/random"
>> tls: fragment_size = 1024
>> tls: include_length = yes
>> rlm_eap_tls: conf N ctx stored
>> rlm_eap: Loaded and initialized the type tls
>> Module: Instantiated eap (eap)
>> Module: Loaded preprocess
>> preprocess: huntgroups = "/etc/raddb/huntgroups"
>> preprocess: hints = "/etc/raddb/hints"
>> preprocess: with_ascend_hack = no
>> preprocess: ascend_channels_per_line = 23
>> preprocess: with_ntdomain_hack = no
>> preprocess: with_specialix_jetstream_hack = no
>> preprocess: with_cisco_vsa_hack = no
>> Module: Instantiated preprocess (preprocess)
>> Module: Loaded realm
>> realm: format = "suffix"
>> realm: delimiter = "@"
>> Module: Instantiated realm (suffix)
>> Module: Loaded files
>> files: usersfile = "/etc/raddb/users"
>> files: acctusersfile = "/etc/raddb/acct_users"
>> files: preproxy_usersfile = "/etc/raddb/preproxy_users"
>> files: compat = "no"
>> Module: Instantiated files (files)
>> Module: Loaded Acct-Unique-Session-Id
>> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>> Client-IP-Address, NAS-Port-Id" Module: Instantiated acct_unique
>> (acct_unique)
>> Module: Loaded detail
>> detail: detailfile =
>> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
>> detail: detailperm = 384
>> detail: dirperm = 493
>> detail: locking = no
>> Module: Instantiated detail (detail)
>> Module: Loaded radutmp
>> radutmp: filename = "/usr/local/var/log/radius/radutmp"
>> radutmp: username = "%{User-Name}"
>> radutmp: case_sensitive = yes
>> radutmp: check_with_nas = yes
>> radutmp: perm = 384
>> radutmp: callerid = yes
>> Module: Instantiated radutmp (radutmp)
>> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
>> 1814/udp. Ready to process requests.
>> rad_recv: Access-Request packet from host 131.155.193.92:1533,
>> id=230, length=148
>> User-Name = "a.lopez at amuse_tls.nl"
>> NAS-IP-Address = 131.155.193.92
>> Called-Station-Id = "004096310d73"
>> Calling-Station-Id = "00022d0292be"
>> NAS-Identifier = "ap340-2"
>> NAS-Port = 29
>> Framed-MTU = 1400
>> NAS-Port-Type = Wireless-802.11
>> EAP-Message =
>> 0x0201001901612e6c6f70657a40616d7573655f746c732e6e6c
>> Message-Authenticator = 0x43e9e7cd71e564d81273e308c317d3e3
>> modcall: entering group authorize for request 0
>> modcall[authorize]: module "preprocess" returns ok for reques
>> t 0
>> modcall[authorize]: module "chap" returns noop for request 0
>> rlm_eap: EAP packet type notification id 1 length 25
>> rlm_eap: EAP Start not found
>> modcall[authorize]: module "eap" returns updated for request
>> 0
>> rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
>> "a.lopez at amuse_tls.nl"
>> rlm_realm: No such realm "amuse_tls.nl"
>> modcall[authorize]: module "suffix" returns noop for request
>> 0
>> users: Matched a.lopez at amuse_tls.nl at 65
>> modcall[authorize]: module "files" returns ok for request 0
>> modcall[authorize]: module "mschap" returns noop for request
>> 0
>> modcall: group authorize returns updated for request 0
>> rad_check_password: Found Auth-Type EAP
>> auth: type "EAP"
>> modcall: entering group authenticate for request 0
>> rlm_eap: EAP packet type notification id 1 length 25
>> rlm_eap: EAP Start not found
>> rlm_eap: EAP Identity
>> rlm_eap: processing type tls
>> rlm_eap_tls: Initiate
>> rlm_eap_tls: Start returned 1
>> modcall[authenticate]: module "eap" returns ok for request 0
>> modcall: group authenticate returns ok for request 0
>> Sending Access-Challenge of id 230 to 131.155.193.92:1533
>> EAP-Message = 0x010200060d20
>> Message-Authenticator = 0x00000000000000000000000000000
>> 000
>> State = 0x1d3b6d2d6a4580c6352fc87686fb166226700240d4f32
>> e47cd6c323b23f3c5be0b24d922
>> Finished request 0
>> Going to the next request
>> --- Walking the entire request list ---
>> Waking up in 6 seconds...
>> rad_recv: Access-Request packet from host 131.155.193.92:1534,
>> id=231, length=271
>> User-Name = "a.lopez at amuse_tls.nl"
>> NAS-IP-Address = 131.155.193.92
>> Called-Station-Id = "004096310d73"
>> Calling-Station-Id = "00022d0292be"
>> NAS-Identifier = "ap340-2"
>> NAS-Port = 29
>> Framed-MTU = 1400
>> State =
>> 0x1d3b6d2d6a4580c6352fc87686fb166226700240d4f32e47cd6c323b23f3c5be0b24
>> d922
>> NAS-Port-Type = Wireless-802.11
>> EAP-Message =
>> 0x0202006e0d8000000064160301005f0100005b030140027105b95826853a0614abd1
>> ef3b0
>> dbe172d028897dc4f2a0510034d31d3da00003400390038003500160013000a0033003
>> 2002f0
>> 0660005000400630062006100150012000900650064006000140011000800060003010
>> 0
>> Message-Authenticator = 0xe542746891bba76a9eefd91485c69e73 modcall:
>> entering group authorize for request 1
>> modcall[authorize]: module "preprocess" returns ok for request 1
>> modcall[authorize]: module "chap" returns noop for request 1
>> rlm_eap: EAP packet type notification id 2 length 110
>> rlm_eap: EAP Start not found
>> modcall[authorize]: module "eap" returns updated for request 1
>> rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
>> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>> modcall[authorize]: module "suffix" returns noop for request 1
>> users: Matched a.lopez at amuse_tls.nl at 65
>> modcall[authorize]: module "files" returns ok for request 1
>> modcall[authorize]: module "mschap" returns noop for request 1
>> modcall: group authorize returns updated for request 1
>> rad_check_password: Found Auth-Type EAP
>> auth: type "EAP"
>> modcall: entering group authenticate for request 1
>> rlm_eap: EAP packet type notification id 2 length 110
>> rlm_eap: EAP Start not found
>> rlm_eap: Request found, released from the list
>> rlm_eap: EAP_TYPE - tls
>> rlm_eap: processing type tls
>> rlm_eap_tls: Authenticate
>> rlm_eap_tls: Length Included
>> undefined: before/accept initialization
>> TLS_accept: before/accept initialization
>> rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello
>> TLS_accept: SSLv3 read client hello A
>> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
>> TLS_accept: SSLv3 write server hello A
>> rlm_eap_tls: >>> TLS 1.0 Handshake [length 06e9], Certificate
>> TLS_accept: SSLv3 write certificate A
>> rlm_eap_tls: >>> TLS 1.0 Handshake [length 00c0], CertificateRequest
>> TLS_accept: SSLv3 write certificate request A
>> TLS_accept: SSLv3 flush data
>> TLS_accept:error in SSLv3 read client certificate A
>> rlm_eap_tls: SSL_read Error
>> Error code is ..... 2
>> SSL Error ..... 2
>> modcall[authenticate]: module "eap" returns ok for request 1
>> modcall: group authenticate returns ok for request 1
>> Sending Access-Challenge of id 231 to 131.155.193.92:1534
>> EAP-Message =
>> 0x0103040a0dc000000802160301004a020000460301400270269ad1120efb18793812
>> 685ce
>> fb95c5dd12fb80ce61d67d6f711fbe7cb20648d38f6fc3d3e3846bdf405a1b3be926b9
>> c6527f
>> bd26e6cc75b0e8464b0280e00350016030106e90b0006e50006e20002f3308202ef308
>> 20258a
>> 003020102020101300d06092a864886f70d01010405003081ae310b300906035504061
>> 3024e4
>> c311430120603550408130b4e65746865726c616e64733112301006035504071309456
>> 96e646
>> 86f76656e312a3028060355040a1321546563686e697363686520556e6976657273697
>> 465697
>> 42045696e64686f76656e3110300e060355040b13075454452d45 EAP-Message =
>> 0x434f311830160603550403140f73696c6d6172696c6c696f6e5f6361311d301b0609
>> 2a864
>> 886f70d010901160e612e6c6f70657a407475652e6e6c301e170d30333132313931333
>> 036303
>> 15a170d3034313231383133303630315a3081b2310b3009060355040613024e4c31143
>> 012060
>> 3550408130b4e65746865726c616e6473311230100603550407130945696e64686f766
>> 56e312
>> a3028060355040a1321546563686e697363686520556e6976657273697465697420456
>> 96e646
>> 86f76656e3110300e060355040b13075454452d45434f311c301a06035504031413736
>> 572766
>> 5725f73696c6d6172696c6c696f6e311d301b06092a864886f70d EAP-Message =
>> 0x010901160e612e6c6f70657a407475652e6e6c30819f300d06092a864886f70d0101
>> 01050
>> 003818d0030818902818100c1d96b5184619337233d264facee95bc1cac85452abb8fa
>> c4b502
>> 1c254fde659de720b141628d66f3ca6abadba27b9595713ff0e7a53e727429c55ef1b5
>> 4579f3
>> ba086ff5ca498739b90fa1c6e0b7d2d8108c5bfd6ac7bf18e0ca39f744667c52c74511
>> 478905
>> fd35e1fd8c87dc83e8145d2871de801c026928cf74b2537eca70203010001a31730153
>> 013060
>> 3551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818
>> 100a17
>> 9cef2b6b29a0f10b545b58e2ebdf9dfa13baed3942e5f074df0de EAP-Message =
>> 0xc1589094ac85ece28d0e845a3e93a4153f6a3a345c4506eb438df5cb701fa4ae349c
>> 37871
>> 3e2285d80231dc743f59a388d5f851fb6906d1344c76cff9faa382af0f922fd0b1994f
>> 8af4b2
>> 1f790fdf15763ba4b5cec1ef2b9ee45804b2b749a40fe2e6fee0003e9308203e530820
>> 34ea00
>> 0603550408130b4e65746865726c616e6473311230100603550407130945696e64686f
>> 76656
>> e312a3028060355040a1321546563686e697363686520556e697665727369746569742
>> 045696
>> e64686f76656e3110300e060355040b13075454452d4543 EAP-Message =
>> 0x4f311830160603550403140f73696c6d6172696c6c69 Message-Authenticator =
>> 0x00000000000000000000000000000000 State =
>> 0x1fa069f3ca50064925b41f71cffb0ad72670024004c686da1bf1c43440752c5eda79
>> cfff
>> Finished request 1
>> Going to the next request
>> Waking up in 6 seconds...
>> rad_recv: Access-Request packet from host 131.155.193.92:1535, id=232,
>> length=167 User-Name = "a.lopez at amuse_tls.nl"
>> NAS-IP-Address = 131.155.193.92
>> Called-Station-Id = "004096310d73"
>> Calling-Station-Id = "00022d0292be"
>> NAS-Identifier = "ap340-2"
>> NAS-Port = 29
>> Framed-MTU = 1400
>> State =
>> 0x1fa069f3ca50064925b41f71cffb0ad72670024004c686da1bf1c43440752c5eda79
>> cfff
>> NAS-Port-Type = Wireless-802.11
>> EAP-Message = 0x020300060d00
>> Message-Authenticator = 0x98438802272f7a4f17f7c611d7b06e0e
>> modcall: entering group authorize for request 2
>> modcall[authorize]: module "preprocess" returns ok for request 2
>> modcall[authorize]: module "chap" returns noop for request 2
>> rlm_eap: EAP packet type notification id 3 length 6
>> rlm_eap: EAP Start not found
>> modcall[authorize]: module "eap" returns updated for request 2
>> rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
>> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>> modcall[authorize]: module "suffix" returns noop for request 2
>> users: Matched a.lopez at amuse_tls.nl at 65
>> modcall[authorize]: module "files" returns ok for request 2
>> modcall[authorize]: module "mschap" returns noop for request 2
>> modcall: group authorize returns updated for request 2
>> rad_check_password: Found Auth-Type EAP
>> auth: type "EAP"
>> modcall: entering group authenticate for request 2
>> rlm_eap: EAP packet type notification id 3 length 6
>> rlm_eap: EAP Start not found
>> rlm_eap: Request found, released from the list
>> rlm_eap: EAP_TYPE - tls
>> rlm_eap: processing type tls
>> rlm_eap_tls: Authenticate
>> rlm_eap_tls: Received EAP-TLS ACK message
>> modcall[authenticate]: module "eap" returns ok for request 2
>> modcall: group authenticate returns ok for request 2
>> Sending Access-Challenge of id 232 to 131.155.193.92:1535
>> EAP-Message =
>> 0x0104040a0dc0000008026f6e5f6361311d301b06092a864886f70d010901160e612e
>> 6c6f7
>> 0657a407475652e6e6c301e170d3033313231393133303532385a170d3034303131383
>> 133303
>> 532385a3081ae310b3009060355040613024e4c311430120603550408130b4e6574686
>> 5726c6
>> 16e6473311230100603550407130945696e64686f76656e312a3028060355040a13215
>> 465636
>> 86e697363686520556e697665727369746569742045696e64686f76656e3110300e060
>> 355040
>> b13075454452d45434f311830160603550403140f73696c6d6172696c6c696f6e5f636
>> 1311d3
>> 01b06092a864886f70d010901160e612e6c6f70657a407475652e EAP-Message =
>> 0x6e6c30819f300d06092a864886f70d010101050003818d0030818902818100c42a87
>> d3ead
>> 296375da5d1f2811d76a30c70d7688bacea6fb3e3cd9f5e3ecfa5b60137996377f7ecf
>> 87cc2a
>> 322dc3e4b26a7018955440815409d004cffaed7cd4161254b016ec131f97b2898c760c
>> d85597
>> c58497d01e146a713db7109548cb00a0e22401184b80e2b31e75017f14def9708b29ae
>> 4b5aa9
>> 6e464eb91484cbab50203010001a382010f3082010b301d0603551d0e041604145c2d8
>> 8dadaf
>> 44eb20aa5e174aa96324cb25414753081db0603551d230481d33081d080145c2d88dad
>> af44eb
>> 20aa5e174aa96324cb2541475a181b4a481b13081ae310b300906 EAP-Message =
>> 0x0355040613024e4c311430120603550408130b4e65746865726c616e647331123010
>> 06035
>> 50407130945696e64686f76656e312a3028060355040a1321546563686e69736368652
>> 0556e6
>> 97665727369746569742045696e64686f76656e3110300e060355040b13075454452d4
>> 5434f3
>> 11830160603550403140f73696c6d6172696c6c696f6e5f6361311d301b06092a86488
>> 6f70d0
>> 10901160e612e6c6f70657a407475652e6e6c820100300c0603551d13040530030101f
>> f300d0
>> 6092a864886f70d0101040500038181006962a093c7c6b4baa538d7a1a0cb68e4ffcca
>> 6f78fe
>> 72c66792b19c1e57ab046a8c407836e8a8a524a544419539cacf1 EAP-Message =
>> 0x3fb6bf9ebf050b746c7bed7774634d4c792948906bc035717eb2e1d4113799989a1d
>> 94038
>> 9379e5aaf22e8c0d5e9be1401ccd714a0ffd1d5197ef2374e85b43872d746e20d83a5c
>> 07cd28
>> 993f797b5f816030100c00d0000b802010200b300b13081ae310b30090603550406130
>> 24e4c3
>> 11430120603550408130b4e65746865726c616e6473311230100603550407130945696
>> e64686
>> f76656e312a3028060355040a1321546563686e697363686520556e697665727369746
>> 569742
>> 045696e64686f76656e3110300e060355040b13075454452d45434f311830160603550
>> 403140
>> f73696c6d6172696c6c696f6e5f6361311d301b06092a864886f7 EAP-Message =
>> 0x0d010901160e612e6c6f70657a407475652e6e6c0e00 Message-Authenticator =
>> 0x00000000000000000000000000000000 State =
>> 0x4fb309b16cf20a5d1bf8c0027c0a268f26700240da0c27a50b0a519828b00dc8764d
>> f73d
>> Finished request 2
>> Going to the next request
>> Waking up in 6 seconds...
>> rad_recv: Access-Request packet from host 131.155.193.92:1536, id=233,
>> length=167 User-Name = "a.lopez at amuse_tls.nl"
>> NAS-IP-Address = 131.155.193.92
>> Called-Station-Id = "004096310d73"
>> Calling-Station-Id = "00022d0292be"
>> NAS-Identifier = "ap340-2"
>> NAS-Port = 29
>> Framed-MTU = 1400
>> State =
>> 0x4fb309b16cf20a5d1bf8c0027c0a268f26700240da0c27a50b0a519828b00dc8764d
>> f73d
>> NAS-Port-Type = Wireless-802.11
>> EAP-Message = 0x020400060d00
>> Message-Authenticator = 0x019d9f32d77d3a546ccebaa3740e1be9
>> modcall: entering group authorize for request 3
>> modcall[authorize]: module "preprocess" returns ok for request 3
>> modcall[authorize]: module "chap" returns noop for request 3
>> rlm_eap: EAP packet type notification id 4 length 6
>> rlm_eap: EAP Start not found
>> modcall[authorize]: module "eap" returns updated for request 3
>> rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
>> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>> modcall[authorize]: module "suffix" returns noop for request 3
>> users: Matched a.lopez at amuse_tls.nl at 65
>> modcall[authorize]: module "files" returns ok for request 3
>> modcall[authorize]: module "mschap" returns noop for request 3
>> modcall: group authorize returns updated for request 3
>> rad_check_password: Found Auth-Type EAP
>> auth: type "EAP"
>> modcall: entering group authenticate for request 3
>> rlm_eap: EAP packet type notification id 4 length 6
>> rlm_eap: EAP Start not found
>> rlm_eap: Request found, released from the list
>> rlm_eap: EAP_TYPE - tls
>> rlm_eap: processing type tls
>> rlm_eap_tls: Authenticate
>> rlm_eap_tls: Received EAP-TLS ACK message
>> modcall[authenticate]: module "eap" returns ok for request 3
>> modcall: group authenticate returns ok for request 3
>> Sending Access-Challenge of id 233 to 131.155.193.92:1536
>> EAP-Message = 0x0105000c0d80000008020000
>> Message-Authenticator = 0x00000000000000000000000000000000
>> State =
>> 0x350847686fb667ce2198af7943ec81662670024006ed1311db3c022de2b6c7bdf6ad
>> ebf4
>> Finished request 3
>> Going to the next request
>> Waking up in 6 seconds...
>> rad_recv: Access-Request packet from host 131.155.193.92:1537, id=234,
>> length=1579 User-Name = "a.lopez at amuse_tls.nl"
>> NAS-IP-Address = 131.155.193.92
>> Called-Station-Id = "004096310d73"
>> Calling-Station-Id = "00022d0292be"
>> NAS-Identifier = "ap340-2"
>> NAS-Port = 29
>> Framed-MTU = 1400
>> State =
>> 0x350847686fb667ce2198af7943ec81662670024006ed1311db3c022de2b6c7bdf6ad
>> ebf4
>> NAS-Port-Type = Wireless-802.11
>> EAP-Message =
>> 0x020505800dc00000084016030106ea0b0006e60006e30002f4308202f030820259a0
>> 03020
>> 102020102300d06092a864886f70d01010405003081ae310b3009060355040613024e4
>> c31143
>> 0120603550408130b4e65746865726c616e6473311230100603550407130945696e646
>> 86f766
>> 56e312a3028060355040a1321546563686e697363686520556e6976657273697465697
>> 420456
>> 96e64686f76656e3110300e060355040b13075454452d45434f3118301606035504031
>> 40f736
>> 96c6d6172696c6c696f6e5f6361311d301b06092a864886f70d010901160e612e6c6f7
>> 0657a4
>> 07475652e6e6c301e170d3033313231393133303730305a170d30 EAP-Message =
>> 0x34313231383133303730305a3081b3310b3009060355040613024e4c311430120603
>> 55040
>> 8130b4e65746865726c616e6473311230100603550407130945696e64686f76656e312
>> a30280
>> 60355040a1321546563686e697363686520556e697665727369746569742045696e646
>> 86f766
>> 56e3110300e060355040b13075454452d45434f311d301b06035504031414612e6c6f7
>> 0657a4
>> 0616d7573655f746c732e6e6c311d301b06092a864886f70d010901160e612e6c6f706
>> 57a407
>> 475652e6e6c30819f300d06092a864886f70d010101050003818d0030818902818100b
>> 9295cd
>> b943ac362e1e2649bdb672f17914501f1f40c1e2e3212138a93c7 EAP-Message =
>> 0x9bb0bba9afd3301c1cd38da340b571dd993c7e98298234dbc4aadadbf4e8fc869f70
>> 61434
>> 8ac52b28b62bc8b49df9d9f416b4ab8653a94af632eb27dfc2bd4b9310732220055f97
>> 1e2c08
>> 41b8064d1158a3fceb90536b840a504e22fea364d51f8390203010001a317301530130
>> 603551
>> d25040c300a06082b06010505070302300d06092a864886f70d010104050003818100b
>> 4eb3b
>> 7f9be656c829537f6666cda18cf5908c587413d5de3a0c5530f9dc5ef2fb87596b0e61
>> 433c4d
>> b1b60d65b8b58daf227b3921bc32d5c9c6762deeeb173de30175e10c5f5de6bdc29310
>> 89026a
>> 4e59e3731004bc8a747eb51cb4221be9a52d6c115488daaccca628 EAP-Message =
>> 0xb0001b56ecf90509847d92a25d3048f9a77b96298e4d0003e9308203e53082034ea0
>> 03020
>> 102020100300d06092a864886f70d01010405003081ae310b3009060355040613024e4
>> c31143
>> 0120603550408130b4e65746865726c616e6473311230100603550407130945696e646
>> 86f766
>> 56e312a3028060355040a1321546563686e697363686520556e6976657273697465697
>> 420456
>> 96e64686f76656e3110300e060355040b13075454452d45434f3118301606035504031
>> 40f736
>> 96c6d6172696c6c696f6e5f6361311d301b06092a864886f70d010901160e612e6c6f7
>> 0657a4
>> 07475652e6e6c301e170d3033313231393133303532385a170d30 EAP-Message =
>> 0x34303131383133303532385a3081ae310b3009060355040613024e4c311430120603
>> 55040
>> 8130b4e65746865726c616e6473311230100603550407130945696e64686f76656e312
>> a30280
>> 60355040a1321546563686e697363686520556e697665727369746569742045696e646
>> 86f766
>> 56e3110300e060355040b13075454452d45434f311830160603550403140f73696c6d6
>> 172696
>> c6c696f6e5f6361311d301b06092a864886f70d010901160e612e6c6f70657a4074756
>> 52e6e6
>> c30819f300d06092a864886f70d010101050003818d0030818902818100c42a87d3ead
>> 296375
>> da5d1f2811d76a30c70d7688bacea6fb3e3cd9f5e3ecfa5b60137 EAP-Message =
>> 0x996377f7ecf87cc2a322dc3e4b26a7018955440815409d004cffaed7cd4161254b01
>> 6ec13
>> 1f97b2898c760cd85597c58497d01e146a713db7109548cb00a0e22401184b80e2b31e
>> 75017f
>> 14def9708b29ae4b5aa96e464eb91484cbab50203010001a382010f3082010b301d060
>> 3551d0
>> e041604145c2d88dadaf44eb20aa5e174aa96324cb25414753081db060355
>> Message-Authenticator = 0x6fe2b702e0e5573af3195474b7bd242c modcall:
>> entering group authorize for request 4
>> modcall[authorize]: module "preprocess" returns ok for request 4
>> modcall[authorize]: module "chap" returns noop for request 4
>> rlm_eap: EAP packet type notification id 5 length 1408
>> rlm_eap: EAP Start not found
>> modcall[authorize]: module "eap" returns updated for request 4
>> rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
>> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>> modcall[authorize]: module "suffix" returns noop for request 4
>> users: Matched a.lopez at amuse_tls.nl at 65
>> modcall[authorize]: module "files" returns ok for request 4
>> modcall[authorize]: module "mschap" returns noop for request 4
>> modcall: group authorize returns updated for request 4
>> rad_check_password: Found Auth-Type EAP
>> auth: type "EAP"
>> modcall: entering group authenticate for request 4
>> rlm_eap: EAP packet type notification id 5 length 1408
>> rlm_eap: EAP Start not found
>> rlm_eap: Request found, released from the list
>> rlm_eap: EAP_TYPE - tls
>> rlm_eap: processing type tls
>> rlm_eap_tls: Authenticate
>> rlm_eap_tls: Received EAP-TLS First Fragment of the message
>> Total Length Included
>> modcall[authenticate]: module "eap" returns ok for request 4
>> modcall: group authenticate returns ok for request 4
>> Sending Access-Challenge of id 234 to 131.155.193.92:1537
>> EAP-Message = 0x010600060d00
>> Message-Authenticator = 0x00000000000000000000000000000000
>> State =
>> 0xdc3383c5273370c314162946cd362466277002401bc5aea1ea50a1f01d75109d9808
>> 30bb
>> Finished request 4
>> Going to the next request
>> --- Walking the entire request list ---
>> Waking up in 5 seconds...
>> rad_recv: Access-Request packet from host 131.155.193.92:1538, id=235,
>> length=885 User-Name = "a.lopez at amuse_tls.nl"
>> NAS-IP-Address = 131.155.193.92
>> Called-Station-Id = "004096310d73"
>> Calling-Station-Id = "00022d0292be"
>> NAS-Identifier = "ap340-2"
>> NAS-Port = 29
>> Framed-MTU = 1400
>> State =
>> 0xdc3383c5273370c314162946cd362466277002401bc5aea1ea50a1f01d75109d9808
>> 30bb
>> NAS-Port-Type = Wireless-802.11
>> EAP-Message =
>> 0x020602d00d001d230481d33081d080145c2d88dadaf44eb20aa5e174aa96324cb254
>> 1475a
>> 181b4a481b13081ae310b3009060355040613024e4c311430120603550408130b4e657
>> 468657
>> 26c616e6473311230100603550407130945696e64686f76656e312a3028060355040a1
>> 321546
>> 563686e697363686520556e697665727369746569742045696e64686f76656e3110300
>> e06035
>> 5040b13075454452d45434f311830160603550403140f73696c6d6172696c6c696f6e5
>> f63613
>> 11d301b06092a864886f70d010901160e612e6c6f70657a407475652e6e6c820100300
>> c06035
>> 51d13040530030101ff300d06092a864886f70d01010405000381 EAP-Message =
>> 0x81006962a093c7c6b4baa538d7a1a0cb68e4ffcca6f78fe72c66792b19c1e57ab046
>> a8c40
>> 7836e8a8a524a544419539cacf13fb6bf9ebf050b746c7bed7774634d4c792948906bc
>> 035717
>> eb2e1d4113799989a1d940389379e5aaf22e8c0d5e9be1401ccd714a0ffd1d5197ef23
>> 74e85b
>> --More--(19%)
>> 43872d746e20d83a5c07cd28993f797b5f816030100861000008200807a9cf8e349c58
>> 25ff9
>> a2c96de09aec269557ea13948256fc268dabfa2898cffe919615b8d3be0725d18af518
>> fce9a1
>> 33763fba3469cb986ed214de97f87e5ed545279746914776240609fa5de3c810d75ecc
>> 5bea0b
>> 12f4e45a9cc8a0f3097087eec3a5908a34537ce84b4d1d0a0bb7df EAP-Message =
>> 0x04ff52a777baeb9b88eba5c7c365e36716030100860f000082008093e6fd67bcd34b
>> 06354
>> 73dc6cddc63a06e25a21ce55f058a35f1eff1056c42e2f6aaea9265b52e134bef239b8
>> ef4846
>> 18376299228e7c8c7499b36d3bf91964fb483772319dfa28399a83a9ac26d0d8a7cf66
>> 21207d
>> b0d2aacae80d8fa6f5a5caee4fbfb70d3cce6713920ed46789678fe617fbd1bf7bdd19
>> ef6fa2
>> a5c3b1a92140301000101160301003024f05d323035cac274f1b0089f8a1aa12ee28ad
>> 978a1a
>> 5b5d1d2d90500f4f7413e431501bb0ef2cee83159eaa126956c
>> Message-Authenticator =
>> 0xa9e9c18561ac003f6e40f74d037e0c9b modcall: entering group authorize
>> for
>> request 5
>> modcall[authorize]: module "preprocess" returns ok for request 5
>> modcall[authorize]: module "chap" returns noop for request 5
>> rlm_eap: EAP packet type notification id 6 length 720
>> rlm_eap: EAP Start not found
>> modcall[authorize]: module "eap" returns updated for request 5
>> rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
>> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>> modcall[authorize]: module "suffix" returns noop for request 5
>> users: Matched a.lopez at amuse_tls.nl at 65
>> modcall[authorize]: module "files" returns ok for request 5
>> modcall[authorize]: module "mschap" returns noop for request 5
>> modcall: group authorize returns updated for request 5
>> rad_check_password: Found Auth-Type EAP
>> auth: type "EAP"
>> modcall: entering group authenticate for request 5
>> rlm_eap: EAP packet type notification id 6 length 720
>> rlm_eap: EAP Start not found
>> rlm_eap: Request found, released from the list
>> rlm_eap: EAP_TYPE - tls
>> rlm_eap: processing type tls
>> rlm_eap_tls: Authenticate
>> rlm_eap_tls: <<< TLS 1.0 Handshake [length 06ea], Certificate
>> chain-depth=1,
>> error=0
>> --> User-Name = a.lopez at amuse_tls.nl
>> --> BUF-Name = silmarillion_ca
>> --> subject = /C=NL/ST=Netherlands/L=Eindhoven/O=Technische
>> Universiteit
>> Eindhoven/ OU=TTE-ECO/CN=silmarillion_ca/emailAddress=a.lopez at tue.nl
>> --> issuer = /C=NL/ST=Netherlands/L=Eindhoven/O=Technische
>> Universiteit
>> Eindhoven/OU=TTE-ECO/CN=silmarillion_ca/emailAddress=a.lopez at tue.nl
>> -->
>> verify return:1
>> chain-depth=0,
>> error=0
>> --> User-Name = a.lopez at amuse_tls.nl
>> --> BUF-Name = a.lopez at amuse_tls.nl
>> --> subject = /C=NL/ST=Netherlands/L=Eindhoven/O=Technische
>> Universiteit
>> Eindhoven/OU=TTE-ECO/CN=a.lopez at amuse_tls.nl/
>> emailAddress=a.lopez at tue.nl
>> --> issuer = /C=NL/ST=Netherlands/L=Eindhoven/O=Technische
>> Universiteit
>> Eindhoven/OU=TTE-ECO/CN=silmarillion_ca/emailAddress=a.lopez at tue.nl
>> -->
>> verify return:1
>> TLS_accept: SSLv3 read client certificate A
>> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
>> TLS_accept: SSLv3 read client key exchange A
>> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
>> TLS_accept: SSLv3 read certificate verify A
>> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
>> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
>> TLS_accept: SSLv3 read finished A
>> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
>> TLS_accept: SSLv3 write change cipher spec A
>> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
>> TLS_accept: SSLv3 write finished A
>> TLS_accept: SSLv3 flush data
>> undefined: SSL negotiation finished successfully
>> rlm_eap_tls: SSL_read Error
>> Error code is ..... 2
>> SSL Error ..... 2
>> modcall[authenticate]: module "eap" returns ok for request 5
>> modcall: group authenticate returns ok for request 5
>> Sending Access-Challenge of id 235 to 131.155.193.92:1538
>> EAP-Message =
>> 0x010700450d800000003b1403010001011603010030ccfadfbd2a755b049f71ab1dac
>> 25abd
>> 8b23ac2016e99c566271f28b0a5a66f8e0bf6155336c47101203a3e5f95a2d5bb
>> Message-Authenticator = 0x00000000000000000000000000000000 State =
>> 0x91c5ec40e0bf7ca91f82199fa5328fdd277002407e7d0785bf060b6d03bb5caa9535
>> c15b
>> Finished request 5
>> Going to the next request
>> Waking up in 5 seconds...
>> rad_recv: Access-Request packet from host 131.155.193.92:1539, id=236,
>> length=167 User-Name = "a.lopez at amuse_tls.nl"
>> NAS-IP-Address = 131.155.193.92
>> Called-Station-Id = "004096310d73"
>> Calling-Station-Id = "00022d0292be"
>> NAS-Identifier = "ap340-2"
>> NAS-Port = 29
>> Framed-MTU = 1400
>> State =
>> 0x91c5ec40e0bf7ca91f82199fa5328fdd277002407e7d0785bf060b6d03bb5caa9535
>> c15b
>> NAS-Port-Type = Wireless-802.11
>> EAP-Message = 0x020700060d00
>> Message-Authenticator = 0x0a6689de38c6a05079c1b41d111459a1
>> modcall: entering group authorize for request 6
>> modcall[authorize]: module "preprocess" returns ok for request 6
>> modcall[authorize]: module "chap" returns noop for request 6
>> rlm_eap: EAP packet type notification id 7 length 6
>> rlm_eap: EAP Start not found
>> modcall[authorize]: module "eap" returns updated for request 6
>> rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
>> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>> modcall[authorize]: module "suffix" returns noop for request 6
>> users: Matched a.lopez at amuse_tls.nl at 65
>> modcall[authorize]: module "files" returns ok for request 6
>> modcall[authorize]: module "mschap" returns noop for request 6
>> modcall: group authorize returns updated for request 6
>> rad_check_password: Found Auth-Type EAP
>> auth: type "EAP"
>> modcall: entering group authenticate for request 6
>> rlm_eap: EAP packet type notification id 7 length 6
>> rlm_eap: EAP Start not found
>> rlm_eap: Request found, released from the list
>> rlm_eap: EAP_TYPE - tls
>> rlm_eap: processing type tls
>> rlm_eap_tls: Authenticate
>> rlm_eap_tls: Received EAP-TLS ACK message
>> rlm_eap: Freeing handler
>> modcall[authenticate]: module "eap" returns ok for request 6
>> modcall: group authenticate returns ok for request 6
>> Sending Access-Accept of id 236 to 131.155.193.92:1539
>> MS-MPPE-Recv-Key =
>> 0xb59f45a79823ccaa4df121444c9070051343528d9ece4621c76992629186600e
>> MS-MPPE-Send-Key =
>> 0x91c9c85b0ca44a087207c5a1dc1506186e7900378397059042d4356413d58773
>> EAP-Message = 0x03070004
>> Message-Authenticator = 0x00000000000000000000000000000000
>> Finished request 6
>> Going to the next request
>> Waking up in 5 seconds...
>> rad_recv: Access-Request packet from host 131.155.193.92:1540, id=237,
>> length=148 User-Name = "a.lopez at amuse_tls.nl"
>> NAS-IP-Address = 131.155.193.92
>> Called-Station-Id = "004096310d73"
>> Calling-Station-Id = "00022d0292be"
>> NAS-Identifier = "ap340-2"
>> NAS-Port = 29
>> Framed-MTU = 1400
>> NAS-Port-Type = Wireless-802.11
>> EAP-Message =
>> 0x0200001901612e6c6f70657a40616d7573655f746c732e6e6c
>> Message-Authenticator = 0xd7685ba98debe806ead7a32da463dc15
>> modcall: entering group authorize for request 7
>> modcall[authorize]: module "preprocess" returns ok for request 7
>> modcall[authorize]: module "chap" returns noop for request 7
>> rlm_eap: EAP packet type notification id 0 length 25
>> rlm_eap: EAP Start not found
>> modcall[authorize]: module "eap" returns updated for request 7
>> rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
>> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>> modcall[authorize]: module "suffix" returns noop for request 7
>> users: Matched a.lopez at amuse_tls.nl at 65
>> modcall[authorize]: module "files" returns ok for request 7
>> modcall[authorize]: module "mschap" returns noop for request 7
>> modcall: group authorize returns updated for request 7
>> rad_check_password: Found Auth-Type EAP
>> auth: type "EAP"
>> modcall: entering group authenticate for request 7
>> rlm_eap: EAP packet type notification id 0 length 25
>> rlm_eap: EAP Start not found
>> rlm_eap: EAP Identity
>> rlm_eap: processing type tls
>> rlm_eap_tls: Initiate
>> rlm_eap_tls: Start returned 1
>> modcall[authenticate]: module "eap" returns ok for request 7
>> modcall: group authenticate returns ok for request 7
>> Sending Access-Challenge of id 237 to 131.155.193.92:1540
>> EAP-Message = 0x010100060d20
>> Message-Authenticator = 0x00000000000000000000000000000000
>> State =
>> 0xd1d5ae30de056ab3d41d71431d5358a728700240e8807ad76343a59291a27a027438
>> c321
>> Finished request 7
>> Going to the next request
>> --- Walking the entire request list ---
>> Waking up in 4 seconds...
>> rad_recv: Access-Request packet from host 131.155.193.92:1541, id=238,
>> length=271 User-Name = "a.lopez at amuse_tls.nl"
>> NAS-IP-Address = 131.155.193.92
>> Called-Station-Id = "004096310d73"
>> Calling-Station-Id = "00022d0292be"
>> NAS-Identifier = "ap340-2"
>> NAS-Port = 29
>> Framed-MTU = 1400
>> State =
>> 0xd1d5ae30de056ab3d41d71431d5358a728700240e8807ad76343a59291a27a027438
>> c321
>> NAS-Port-Type = Wireless-802.11
>> EAP-Message =
>> 0x0201006e0d8000000064160301005f0100005b0301400271071da94672bad0f8f4cc
>> a7b43
>> e922998c135c90403c50bc5c67ae75f6f00003400390038003500160013000a0033003
>> 2002f0
>> 0660005000400630062006100150012000900650064006000140011000800060003010
>> 0
>> Message-Authenticator = 0x82618b8001d9e3e2befa8c65d26f5ac2 modcall:
>> entering group authorize for request 8
>> modcall[authorize]: module "preprocess" returns ok for request 8
>> modcall[authorize]: module "chap" returns noop for request 8
>> rlm_eap: EAP packet type notification id 1 length 110
>> rlm_eap: EAP Start not found
>> modcall[authorize]: module "eap" returns updated for request 8
>> rlm_realm: Looking up realm "amuse_tls.nl" for User-Name =
>> "a.lopez at amuse_tls.nl" rlm_realm: No such realm "amuse_tls.nl"
>> modcall[authorize]: module "suffix" returns noop for request 8
>> users: Matched a.lopez at amuse_tls.nl at 65
>> modcall[authorize]: module "files" returns ok for request 8
>> modcall[authorize]: module "mschap" returns noop for request 8
>> modcall: group authorize returns updated for request 8
>> rad_check_password: Found Auth-Type EAP
>> auth: type "EAP"
>> modcall: entering group authenticate for request 8
>> rlm_eap: EAP packet type notification id 1 length 110
>> rlm_eap: EAP Start not found
>> rlm_eap: Request found, released from the list
>> rlm_eap: EAP_TYPE - tls
>> rlm_eap: processing type tls
>> rlm_eap_tls: Authenticate
>> rlm_eap_tls: Length Included
>> undefined: before/accept initialization
>> TLS_accept: before/accept initialization
>> rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello
>> TLS_accept: SSLv3 read client hello A
>> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
>> TLS_accept: SSLv3 write server hello A
>> rlm_eap_tls: >>> TLS 1.0 Handshake [length 06e9], Certificate
>> TLS_accept: SSLv3 write certificate A
>> rlm_eap_tls: >>> TLS 1.0 Handshake [length 00c0], CertificateRequest
>> TLS_accept: SSLv3 write certificate request A
>> TLS_accept: SSLv3 flush data
>> TLS_accept:error in SSLv3 read client certificate A
>> rlm_eap_tls: SSL_read Error
>> Error code is ..... 2
>> SSL Error ..... 2
>> modcall[authenticate]: module "eap" returns ok for request 8
>> modcall: group authenticate returns ok for request 8
>> Sending Access-Challenge of id 238 to 131.155.193.92:1541
>> EAP-Message =
>> 0x0102040a0dc000000802160301004a02000046030140027028ebc51af87d64e51c4d
>> 8162f
>> cde5c55a3614794796268ad48b8b59ef020d349b0e3abb0e1894acf52811348defa7b1
>> 203612
>> bc41df97def0d23c39415d300350016030106e90b0006e50006e20002f3308202ef308
>> 20258a
>> 003020102020101300d06092a864886f70d01010405003081ae310b300906035504061
>> 3024e4
>> c311430120603550408130b4e65746865726c616e64733112301006035504071309456
>> 96e646
>> 86f76656e312a3028060355040a1321546563686e697363686520556e6976657273697
>> 465697
>> 42045696e64686f76656e3110300e060355040b13075454452d45 EAP-Message =
>> 0x434f311830160603550403140f73696c6d6172696c6c696f6e5f6361311d301b0609
>> 2a864
>> 886f70d010901160e612e6c6f70657a407475652e6e6c301e170d30333132313931333
>> 036303
>> 15a170d3034313231383133303630315a3081b2310b3009060355040613024e4c31143
>> 012060
>> 3550408130b4e65746865726c616e6473311230100603550407130945696e64686f766
>> 56e312
>> a3028060355040a1321546563686e697363686520556e6976657273697465697420456
>> 96e646
>> 86f76656e3110300e060355040b13075454452d45434f311c301a06035504031413736
>> 572766
>> 5725f73696c6d6172696c6c696f6e311d301b06092a864886f70d EAP-Message =
>> 0x010901160e612e6c6f70657a407475652e6e6c30819f300d06092a864886f70d0101
>> 01050
>> 003818d0030818902818100c1d96b5184619337233d264facee95bc1cac85452abb8fa
>> c4b502
>> 1c254fde659de720b141628d66f3ca6abadba27b9595713ff0e7a53e727429c55ef1b5
>> 4579f3
>> ba086ff5ca498739b90fa1c6e0b7d2d8108c5bfd6ac7bf18e0ca39f744667c52c74511
>> 478905
>> fd35e1fd8c87dc83e8145d2871de801c026928cf74b2537eca70203010001a31730153
>> 013060
>> 3551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818
>> 100a17
>> 9cef2b6b29a0f10b545b58e2ebdf9dfa13baed3942e5f074df0de EAP-Message =
>> 0xc1589094ac85ece28d0e845a3e93a4153f6a3a345c4506eb438df5cb701fa4ae349c
>> 37871
>> 3e2285d80231dc743f59a388d5f851fb6906d1344c76cff9faa382af0f922fd0b1994f
>> 8af4b2
>> 1f790fdf15763ba4b5cec1ef2b9ee45804b2b749a40fe2e6fee0003e9308203e530820
>> 34ea00
>> 3020102020100300d06092a864886f70d01010405003081ae310b30090603550406130
>> 24e4c3
>> 11430120603550408130b4e65746865726c616e6473311230100603550407130945696
>> e64686
>> f76656e312a3028060355040a1321546563686e697363686520556e697665727369746
>> 569742
>> 045696e64686f76656e3110300e060355040b13075454452d4543 EAP-Message =
>> 0x4f311830160603550403140f73696c6d6172696c6c69 Message-Authenticator =
>> 0x00000000000000000000000000000000 State =
>> 0xc5468798369d26e7469cc34357c144ef28700240359a5564b9530e26e05be66f22ec
>> 23b2
>> Finished request 8
>> Going to the next request
>> Waking up in 4 seconds...
>> rad_recv: Access-Request packet from host 131.155.193.92:1542, id=239,
>> length=167 User-Name = "a.lopez at amuse_tls.nl"
>> NAS-IP-Address = 131.155.193.92
>> Called-Station-Id = "004096310d73"
>> Calling-Station-Id = "00022d0292be"
>> NAS-Identifier = "ap340-2"
>> NAS-Port = 29
>> Framed-MTU = 1400
>> State =
>> 0xc5468798369d26e7469cc34357c144ef28700240359a5564b9530e26e05be66f22ec
>> 23b2
>> NAS-Port-Type = Wireless-802.11
>> EAP-Message = 0x020200060d00
>>
>>
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: Mike McCauley
>> To: Lopez, A.; radiator at open.com.au
>> Sent: 1/11/2004 11:16 AM
>> Subject: Re: (RADIATOR) Xsupplicant Radiator EAP_TLS problems
>>
>> Hello Alex,
>>
>> Im not sure what is going on here.
>> Looks like Radiator is send back its certificate fine, but then the
>> client
>> does not send its certificate.
>>
>> I suspect that there is a problem innthe clinet: either it does not
>> like
>> the
>> servers certificate, or else it cant access or decode it own
>> certificate.
>>
>> Suggest you have a close look at the XSupplicant log.
>>
>> We have tested Radiator against XSupplicant and TLS successfully here.
>>
>> Cheers.
>>
>> On Sat, 10 Jan 2004 01:21 am, Lopez, A. wrote:
>>> Dear all,
>>> I am trying to make EAP-TLS work between Xsupplicant and Radiator.
>>> But
>>
>> I
>>
>>> am having some problems.
>>> I generated the certidficates using Openssl and authentication works
>>> perfectly when authenticating against Radiator from a windows
>>> supplicant. The problem only appears when using Xsupplicant (under
>>> GNU/Debian).
>>> In my notebook I installed:
>>> Xsupplicant 0.8b
>>> Openssl 0.9.7b
>>> Libpcap 0.7.2
>>> Lindnet 1.7
>>> Below there is the 1.conf I used for Xsupplicant and the output
>>> generated by Radiator during the authentication process.
>>> I would appreciate any idea.
>>> Thanks in advance
>>> Alex
>>>
>>> /etc/1x/1x.conf
>>> --------------------------
>>> default : id = a.lopez at amuse_tls.nl
>>> default : cert = /etc/1x/certs/certs_amuse/a.lopez at amuse_tls.nl.der
>>> default : key = /etc/1x/certs/certs_amuse/a.lopez at amuse_tls.nl.pem
>>> default : root = /etc/1x/certs/certs_amuse/root.pem
>>> default :auth = EAP
>>> default : pref = tls
>>> default : random_file = /dev/random
>>> default : after_auth = "/bin/echo I authenticated"
>>>
>>> =================================
>>>
>>> RADIATOR OUTPUT:
>>> ------------------------
>>> Fri Jan 9 14:12:25 2004: DEBUG: Reading users file
>>> /etc/radiator/users_tls
>>> Fri Jan 9 14:12:25 2004: DEBUG: Reading users file
>>
>> /etc/radiator/users
>>
>>> Fri Jan 9 14:12:25 2004: DEBUG: Reading users file
>>
>> /etc/radiator/users
>>
>>> Fri Jan 9 14:12:25 2004: DEBUG: Finished reading configuration file
>>> '/etc/radiator/radius.cfg'
>>> This Radiator license will expire on 2004-02-01
>>> This Radiator license will stop operating after 1000 requests
>>> To purchase an unlimited full source version of Radiator, see
>>> http://www.open.com.au/ordering.html
>>> To extend your evaluation period, contact admin at open.com.au
>>>
>>> Fri Jan 9 14:12:25 2004: DEBUG: Reading dictionary file
>>> '/etc/radiator/dictionary'
>>> Fri Jan 9 14:12:26 2004: DEBUG: Creating authentication port
>>> 0.0.0.0:1812
>>> Fri Jan 9 14:12:26 2004: DEBUG: Creating accounting port
>>> 0.0.0.0:1813
>>> Fri Jan 9 14:12:26 2004: NOTICE: Server started: Radiator 3.7.1 on
>>> phoenix (EVALUATION)
>>> Fri Jan 9 14:13:54 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1035 ....
>>> Code: Access-Request
>>> Identifier: 5
>>> Authentic:
>>> <233>,<246><157>.<209><178><150><24>8<255><25><185><151><30><161>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><0><0><25><1>a.lopez at amuse_tls.nl
>>> Message-Authenticator =
>>> <200><181><130><228>DP<195><234><152><140>T<229><24><24><201>`
>>>
>>> Fri Jan 9 14:13:54 2004: DEBUG: Handling request with Handler
>>> 'Realm=amuse_tls.nl'
>>> Fri Jan 9 14:13:54 2004: DEBUG: Deleting session for
>>> a.lopez at amuse_tls.nl, 131.155.193.92, 29
>>> Fri Jan 9 14:13:54 2004: DEBUG: Handling with Radius::AuthFILE:
>>> Fri Jan 9 14:13:54 2004: DEBUG: Handling with EAP: code 2, 0, 25
>>> Fri Jan 9 14:13:54 2004: DEBUG: Response type 1
>>> Fri Jan 9 14:13:55 2004: DEBUG: EAP result: 3, EAP TLS Challenge
>>> Fri Jan 9 14:13:55 2004: DEBUG: Access challenged for
>>> a.lopez at amuse_tls.nl: EAP TLS Challenge
>>> Fri Jan 9 14:13:55 2004: DEBUG: Packet dump:
>>> *** Sending to 131.155.193.92 port 1035 ....
>>> Code: Access-Challenge
>>> Identifier: 5
>>> Authentic:
>>> <233>,<246><157>.<209><178><150><24>8<255><25><185><151><30><161>
>>> Attributes:
>>> EAP-Message = <1><1><0><6><13>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Fri Jan 9 14:13:55 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1036 ....
>>> Code: Access-Request
>>> Identifier: 6
>>> Authentic:
>>> <247><214><254><245><146>p<189><133><221><24><183><178><177>:
>>> <11><192>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message =
>>
>> <2><1><0>n<13><128><0><0><0>d<22><3><1><0>_<1><0><0>[<3><1>?
>> <254><169><2
>>
>>> 37>k<233><229>|<206>I<248><166>
>>
>> U<25><208><130>M<237><229><188><218><152><210><187>Y<9><219><172><139>
>> <2
>>
>>> 28><141><22><0><0>4<0>9<0>8<0>5<0><22><0><19><0><10><
>>
>> 0>3<0>2<0>/
>> <0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<
>>
>>> 0><20><0><17><0><8><0><6><0><3><1><0>
>>>
>>> Message-Authenticator =
>>> <15><180><202><136><208>;<153>Q<224><29>}Z<243>K<7><21>
>>>
>>> Fri Jan 9 14:13:55 2004: DEBUG: Handling request with Handler
>>> 'Realm=amuse_tls.nl'
>>> Fri Jan 9 14:13:55 2004: DEBUG: Deleting session for
>>> a.lopez at amuse_tls.nl, 131.155.193.92, 29
>>> Fri Jan 9 14:13:55 2004: DEBUG: Handling with Radius::AuthFILE:
>>> Fri Jan 9 14:13:55 2004: DEBUG: Handling with EAP: code 2, 1, 110
>>> Fri Jan 9 14:13:55 2004: DEBUG: Response type 13
>>> Fri Jan 9 14:13:55 2004: DEBUG: EAP result: 3, EAP TLS Challenge
>>> Fri Jan 9 14:13:55 2004: DEBUG: Access challenged for
>>> a.lopez at amuse_tls.nl: EAP TLS Challenge
>>> Fri Jan 9 14:13:55 2004: DEBUG: Packet dump:
>>> *** Sending to 131.155.193.92 port 1036 ....
>>> Code: Access-Challenge
>>> Identifier: 6
>>> Authentic:
>>> <247><214><254><245><146>p<189><133><221><24><183><178><177>:
>>> <11><192>
>>> Attributes:
>>> EAP-Message =
>>
>> <1><2><4><10><13><192><0><0><8><2><22><3><1><0>J<2><0><0>F<3><1>?
>> <254><1
>>
>>> 69><19><213><19>s<234><181><128
>>>
>>>> <253>3~<204><146><134>{y<237>Za<171>y.<252>Z<135>j<138><212>I<199>
>>>
>>> <159><17>)5<217><156><183><213>Z<136><193><137><175>DTMHa
>>
>> <129><166><242>!
>> y<146><229>VQ<189>+<183><153><30><0>5<0><22><3><1><6><23
>>
>>> 3><11><0><6><229><0><6><226><0><2><243>0<130><2><239>
>>
>> 0<130><2>X<160><3><2><1><2><2><1><1>0<13><6><9>*<134>H<134><247><13><1
>> ><
>>
>>> 1><4><5><0>0<129><174>1<11>0<9><6><3>U<4><6><19><2>NL
>>
>> 1<20>0<18><6><3>U<4><8><19><11>Netherlands1<18>0<16><6><3>U<4><7><19><
>> 9>
>>
>>> Eindhoven1*0(<6><3>U<4><10><19>!Technische Universite it
>>> Eindhoven1<16>0<14><6><3>U<4><11><19><7>TTE-E
>>>
>>> EAP-Message =
>>
>> CO1<24>0<22><6><3>U<4><3><20><15>silmarillion_ca1<29>0<27><6><9>*<134>
>> H<
>>
>>> 134><247><13><1><9><1><22><14>a
>>
>> .lopez at tue.nl0<30><23><13>031219130601Z<23><13>041218130601Z0<129><178
>> >1
>>
>>> <11>0<9><6><3>U<4><6><19><2>NL1<20>0<18><6><3>U<4><8>
>>
>> <19><11>Netherlands1<18>0<16><6><3>U<4><7><19><9>Eindhoven1*0(<6><3>U<
>> 4>
>>
>>> <10><19>!Technische Universiteit Eindhoven1<16>0<14><
>>
>> 6><3>U<4><11><19><7>TTE-
>> ECO1<28>0<26><6><3>U<4><3><20><19>server_silmari
>>
>>> llion1<29>0<27><6><9>*<134>H<134><247><13>
>>>
>>> EAP-Message =
>>
>> <1><9><1><22><14>a.lopez at tue.nl0<129><159>0<13><6><9>*<134>H<134><247>
>> <1
>>
>>> 3><1><1><1><5><0><3><129><141><
>>
>> 0>0<129><137><2><129><129><0><193><217>kQ<132>a<147>7#=&O<172><238><14
>> 9>
>>
>>> <188><28><172><133>E*<187><143><172>KP!<194>T<253><23
>>
>> 0>Y<222>r<11><20><22>(<214>o<<166><171><173><186>'<185>YW<19><255><14>
>> zS
>>
>>> <231>'B<156>U<239><27>TW<159>;<160><134><255>\<164><1
>>
>> 52>s<155><144><250><28>n<11>}-
>> <129><8><197><191><214><172>{<241><142><12
>>
>>>> <163><159>tFg<197>,tQ<20>x<144>_<211>^<31><216><200>
>>
>> }<200>><129>E<210><135><29><232><1><192>&<146><140><247>K%7<236><167><
>> 2>
>>
>>> <3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<1
>>
>> 0><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4
>> ><
>>
>>> 5><0><3><129><129><0><161>y<206><242><182><178><154><
>>
>> 15><16><181>E<181><142>.<189><249><223><161>;
>> <174><211><148>._<7>M<240><
>>
>>> 222>
>>>
>>> EAP-Message =
>>
>> <193>X<144><148><172><133><236><226><141><14><132>Z><147><164><21>?j:
>> 4\E
>>
>>> <6><235>C<141><245><203>p<31><1
>>
>> 64><174>4<156>7<135><19><226>(]<128>#<29><199>C<245><154>8<141>_<133><
>> 31
>>
>>>> <182><144>m<19>D<199>l<255><159><170>8*<240><249>"<2
>>
>> 53><11><25><148><248><175>K!
>> <247><144><253><241>Wc<186>K\<236><30><242><
>>
>>> 185><238>E<128>K+t<154>@<254>.o<238><0><3><233>0<130>
>>
>> <3><229>0<130><3>N<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><24
>> 7>
>>
>>> <13><1><1><4><5><0>0<129><174>1<11>0<9><6><3>U<4><6><
>>
>> 19><2>NL1<20>0<18><6><3>U<4><8><19><11>Netherlands1<18>0<16><6><3>U<4>
>> <7
>>
>>>> <19><9>Eindhoven1*0(<6><3>U<4><10><19>!Technische Un iversiteit
>>>
>>> Eindhoven1<16>0<14><6><3>U<4><11><19><7>TTE-EC
>>>
>>> EAP-Message = O1<24>0<22><6><3>U<4><3><20><15>silmarilli
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Fri Jan 9 14:13:55 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1037 ....
>>> Code: Access-Request
>>> Identifier: 7
>>> Authentic: <9><24>`J<194><160>r<201><144><137><175>K<151>#<166><171>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><2><0><6><13><0>
>>> Message-Authenticator =
>>> <161><189><171><156><137><205><200><159><215>:Y<142>U<23><140>z
>>>
>>> Fri Jan 9 14:13:55 2004: DEBUG: Handling request with Handler
>>> 'Realm=amuse_tls.nl'
>>> Fri Jan 9 14:13:55 2004: DEBUG: Deleting session for
>>> a.lopez at amuse_tls.nl, 131.155.193.92, 29
>>> Fri Jan 9 14:13:55 2004: DEBUG: Handling with Radius::AuthFILE:
>>> Fri Jan 9 14:13:55 2004: DEBUG: Handling with EAP: code 2, 2, 6
>>> Fri Jan 9 14:13:55 2004: DEBUG: Response type 13
>>> Fri Jan 9 14:13:55 2004: DEBUG: EAP result: 3, EAP TLS Challenge
>>> Fri Jan 9 14:13:55 2004: DEBUG: Access challenged for
>>> a.lopez at amuse_tls.nl: EAP TLS Challenge
>>> Fri Jan 9 14:13:55 2004: DEBUG: Packet dump:
>>> *** Sending to 131.155.193.92 port 1037 ....
>>> Code: Access-Challenge
>>> Identifier: 7
>>> Authentic: <9><24>`J<194><160>r<201><144><137><175>K<151>#<166><171>
>>> Attributes:
>>> EAP-Message =
>>
>> <1><3><4><6><13>@on_ca1<29>0<27><6><9>*<134>H<134><247><13><1><9><1><2
>> 2>
>>
>>> <14>a.lopez at tue.nl0<30><23><13>
>>
>> 031219130528Z<23><13>040118130528Z0<129><174>1<11>0<9><6><3>U<4><6><19
>> ><
>>
>>> 2>NL1<20>0<18><6><3>U<4><8><19><11>Netherlands1<18>0<
>>> 16><6><3>U<4><7><19><9>Eindhoven1*0(<6><3>U<4><10><19>!Technische
>>> Universiteit Eindhoven1<16>0<14><6><3>U<4><11><19><7>TTE-EC
>>
>> O1<24>0<22><6><3>U<4><3><20><15>silmarillion_ca1<29>0<27><6><9>*<134>H
>> <1
>>
>>> 34><247><13><1><9><1><22><14>a.lopez at tue.nl0<129>
>>>
>>> EAP-Message =
>>
>> <159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<
>> 12
>>
>>> 9><137><2><129><129><0><196>*<1
>>
>> 35><211><234><210><150>7]<165><209><242><129><29>v<163><12>p<215>h<139
>> ><
>>
>>> 172><234>o<179><227><205><159>^><207><165><182><1>7<1
>>
>> 53>cw<247><236><248>|<194><163>"<220>>K&<167><1><137>UD<8><21>@<157><0
>> >L
>>
>>> <255><174><215><205>Aa%K<1>n<193>1<249>{(<152><199>`<
>>
>> 205><133>Y|XI}<1><225>F<167><19><219>q<9>T<140><176><10><14>"@<17><132
>> ><
>>
>>> 184><14>+1<231>P<23><241>M<239><151><8><178><154><228
>>>
>>>
>>> <181><170><150><228>d<235><145>HL<186><181><2><3><1><0><1><163><130><
>>> 1>
>>>
>>> <15>0<130><1><11>0<29><6><3>U<29><14><4><22><4><20>\-
>>
>> <136><218><218><244>N<178><10><165><225>t<170><150>2L<178>T<20>u0<129>
>> <2
>>
>>> 19><6><3>U<29>#<4><129><211>0<129><208><128><20>\-<13
>>
>> 6><218><218><244>N<178><10><165><225>t<170><150>2L<178>T<20>u<161><129
>> ><
>>
>>> 180><164><129><177>0<129><174>1<11>0<9><6><3>U<4><6>
>>>
>>> EAP-Message =
>>
>> <19><2>NL1<20>0<18><6><3>U<4><8><19><11>Netherlands1<18>0<16><6><3>U<4
>> ><
>>
>>> 7><19><9>Eindhoven1*0(<6><3>U<4 ><10><19>!Technische Universiteit
>>
>> Eindhoven1<16>0<14><6><3>U<4><11><19><7>TTE-
>> ECO1<24>0<22><6><3>U<4><3><2
>>
>>> 0><15>silmarillion_
>>
>> ca1<29>0<27><6><9>*<134>H<134><247><13><1><9><1><22><14>a.lopez at tue.nl
>> <1
>>
>>> 30><1><0>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<1
>>
>> 3><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>ib<160><14
>> 7>
>>
>>> <199><198><180><186><165>8<215><161><160><203>h<228><
>>
>> 255><204><166><247><143><231>,fy+<25><193><229>z<176>F<168><196><7><13
>> 1>
>>
>>> n<138><138>RJTD<25>S<156><172><241>?<182><191><158>
>>>
>>> EAP-Message =
>>
>> <191><5><11>tl{<237>wtcMLy)H<144>k<192>5q~<178><225><212><17>7<153><15
>> 2>
>>
>>> <154><29><148><3><137>7<158>Z<1
>>
>> 75>"<232><192><213><233><190><20><1><204><215><20><160><255><209><213>
>> <2
>>
>>> 5>~<242>7N<133><180>8r<215>F<226><13><131><165><192>|
>>
>> <210><137><147><247><151><181><248><22><3><1><0><192><13><0><0><184><2
>> ><
>>
>>> 1><2><0><179><0><177>0<129><174>1<11>0<9><6><3>U<4><6
>>>
>>>
>>> <19><2>NL1<20>0<18><6><3>U<4><8><19><11>Netherlands1<18>0<16><6><3>U<
>>> 4>
>>>
>>> <7><19><9>Eindhoven1*0(<6><3>U<4><10><19>!Technische Universiteit
>>
>> Eindhoven1<16>0<14><6><3>U<4><11><19><7>TTE-
>> ECO1<24>0<22><6><3>U<4><3><2
>>
>>> 0><15>silmarillion_ca1<29>0<27><6><9>*<1 34>H<134><247><13><1><9><1>
>>>
>>> EAP-Message = <22><14>a.lopez at tue.nl<14><0>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Fri Jan 9 14:13:56 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1038 ....
>>> Code: Access-Request
>>> Identifier: 8
>>> Authentic:
>>> <142><21><200><145><176><24><188>RO<193><246>~<188><15><<172>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><3><0><6><13><0>
>>> Message-Authenticator =
>>> W<223>2<136>><153><160>a<172><173>H<15><226><148><237>I
>>>
>>> Fri Jan 9 14:13:56 2004: DEBUG: Handling request with Handler
>>> 'Realm=amuse_tls.nl'
>>> Fri Jan 9 14:13:56 2004: DEBUG: Deleting session for
>>> a.lopez at amuse_tls.nl, 131.155.193.92, 29
>>> Fri Jan 9 14:13:56 2004: DEBUG: Handling with Radius::AuthFILE:
>>> Fri Jan 9 14:13:56 2004: DEBUG: Handling with EAP: code 2, 3, 6
>>> Fri Jan 9 14:13:56 2004: DEBUG: Response type 13
>>> Fri Jan 9 14:13:56 2004: DEBUG: EAP result: 3, EAP TLS Challenge
>>> Fri Jan 9 14:13:56 2004: DEBUG: Access challenged for
>>> a.lopez at amuse_tls.nl: EAP TLS Challenge
>>> Fri Jan 9 14:13:56 2004: DEBUG: Packet dump:
>>> *** Sending to 131.155.193.92 port 1038 ....
>>> Code: Access-Challenge
>>> Identifier: 8
>>> Authentic:
>>> <142><21><200><145><176><24><188>RO<193><246>~<188><15><<172>
>>> Attributes:
>>> EAP-Message = <1><4><0><8><13><0><0><0>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Fri Jan 9 14:13:56 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1039 ....
>>> Code: Access-Request
>>> Identifier: 9
>>> Authentic: f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><4><0><6><13><0>
>>> Message-Authenticator =
>>> <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
>>>
>>> Fri Jan 9 14:13:56 2004: DEBUG: Handling request with Handler
>>> 'Realm=amuse_tls.nl'
>>> Fri Jan 9 14:13:56 2004: DEBUG: Deleting session for
>>> a.lopez at amuse_tls.nl, 131.155.193.92, 29
>>> Fri Jan 9 14:13:56 2004: DEBUG: Handling with Radius::AuthFILE:
>>> Fri Jan 9 14:13:56 2004: DEBUG: Handling with EAP: code 2, 4, 6
>>> Fri Jan 9 14:13:56 2004: DEBUG: Response type 13
>>> Fri Jan 9 14:13:56 2004: DEBUG: EAP result: 2, EAP TLS Nothing to
>>
>> read
>>
>>> or write
>>> Fri Jan 9 14:13:57 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1039 ....
>>> Code: Access-Request
>>> Identifier: 9
>>> Authentic: f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><4><0><6><13><0>
>>> Message-Authenticator =
>>> <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
>>>
>>> Fri Jan 9 14:13:57 2004: INFO: Duplicate request id 9 received from
>>> 131.155.193.92(1039): ignored
>>> Fri Jan 9 14:13:58 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1039 ....
>>> Code: Access-Request
>>> Identifier: 9
>>> Authentic: f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><4><0><6><13><0>
>>> Message-Authenticator =
>>> <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
>>>
>>> Fri Jan 9 14:13:58 2004: DEBUG: Handling request with Handler
>>> 'Realm=amuse_tls.nl'
>>> Fri Jan 9 14:13:58 2004: DEBUG: Deleting session for
>>> a.lopez at amuse_tls.nl, 131.155.193.92, 29
>>> Fri Jan 9 14:13:58 2004: DEBUG: Handling with Radius::AuthFILE:
>>> Fri Jan 9 14:13:58 2004: DEBUG: Handling with EAP: code 2, 4, 6
>>> Fri Jan 9 14:13:58 2004: DEBUG: Response type 13
>>> Fri Jan 9 14:13:58 2004: DEBUG: EAP result: 2, EAP TLS Nothing to
>>
>> read
>>
>>> or write
>>> Fri Jan 9 14:13:59 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1039 ....
>>> Code: Access-Request
>>> Identifier: 9
>>> Authentic: f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><4><0><6><13><0>
>>> Message-Authenticator =
>>> <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
>>>
>>> Fri Jan 9 14:13:59 2004: INFO: Duplicate request id 9 received from
>>> 131.155.193.92(1039): ignored
>>> Fri Jan 9 14:14:00 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1039 ....
>>> Code: Access-Request
>>> Identifier: 9
>>> Authentic: f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><4><0><6><13><0>
>>> Message-Authenticator =
>>> <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
>>>
>>> Fri Jan 9 14:14:00 2004: DEBUG: Handling request with Handler
>>> 'Realm=amuse_tls.nl'
>>> Fri Jan 9 14:14:00 2004: DEBUG: Deleting session for
>>> a.lopez at amuse_tls.nl, 131.155.193.92, 29
>>> Fri Jan 9 14:14:00 2004: DEBUG: Handling with Radius::AuthFILE:
>>> Fri Jan 9 14:14:00 2004: DEBUG: Handling with EAP: code 2, 4, 6
>>> Fri Jan 9 14:14:00 2004: DEBUG: Response type 13
>>> Fri Jan 9 14:14:00 2004: DEBUG: EAP result: 2, EAP TLS Nothing to
>>
>> read
>>
>>> or write
>>> Fri Jan 9 14:14:01 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1039 ....
>>> Code: Access-Request
>>> Identifier: 9
>>> Authentic: f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><4><0><6><13><0>
>>> Message-Authenticator =
>>> <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
>>>
>>> Fri Jan 9 14:14:01 2004: INFO: Duplicate request id 9 received from
>>> 131.155.193.92(1039): ignored
>>> Fri Jan 9 14:14:02 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1039 ....
>>> Code: Access-Request
>>> Identifier: 9
>>> Authentic: f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><4><0><6><13><0>
>>> Message-Authenticator =
>>> <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
>>>
>>> Fri Jan 9 14:14:02 2004: DEBUG: Handling request with Handler
>>> 'Realm=amuse_tls.nl'
>>> Fri Jan 9 14:14:02 2004: DEBUG: Deleting session for
>>> a.lopez at amuse_tls.nl, 131.155.193.92, 29
>>> Fri Jan 9 14:14:02 2004: DEBUG: Handling with Radius::AuthFILE:
>>> Fri Jan 9 14:14:02 2004: DEBUG: Handling with EAP: code 2, 4, 6
>>> Fri Jan 9 14:14:02 2004: DEBUG: Response type 13
>>> Fri Jan 9 14:14:02 2004: DEBUG: EAP result: 2, EAP TLS Nothing to
>>
>> read
>>
>>> or write
>>> Fri Jan 9 14:14:03 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1039 ....
>>> Code: Access-Request
>>> Identifier: 9
>>> Authentic: f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><4><0><6><13><0>
>>> Message-Authenticator =
>>> <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
>>>
>>> Fri Jan 9 14:14:03 2004: INFO: Duplicate request id 9 received from
>>> 131.155.193.92(1039): ignored
>>> Fri Jan 9 14:14:04 2004: DEBUG: Packet dump:
>>> *** Received from 131.155.193.92 port 1039 ....
>>> Code: Access-Request
>>> Identifier: 9
>>> Authentic: f<249><168><236><130>%<167>t<252>N<198>K<2><247>Y<11>
>>> Attributes:
>>> User-Name = "a.lopez at amuse_tls.nl"
>>> NAS-IP-Address = 131.155.193.92
>>> Called-Station-Id = "004096310d73"
>>> Calling-Station-Id = "00022d0292be"
>>> NAS-Identifier = "ap340-2"
>>> NAS-Port = 29
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><4><0><6><13><0>
>>> Message-Authenticator =
>>> <169><132>%h<239><217><5>!<197><239>pU<154><179>jx
>>>
>>> Fri Jan 9 14:14:04 2004: DEBUG: Handling request with Handler
>>> 'Realm=amuse_tls.nl'
>>> Fri Jan 9 14:14:04 2004: DEBUG: Deleting session for
>>> a.lopez at amuse_tls.nl, 131.155.193.92, 29
>>> Fri Jan 9 14:14:04 2004: DEBUG: Handling with Radius::AuthFILE:
>>> Fri Jan 9 14:14:04 2004: DEBUG: Handling with EAP: code 2, 4, 6
>>> Fri Jan 9 14:14:04 2004: DEBUG: Response type 13
>>> Fri Jan 9 14:14:04 2004: DEBUG: EAP result: 2, EAP TLS Nothing to
>>
>> read
>>
>>> or write
>>>
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> http://www.open.com.au
> Phone +61 7 5598-7474 Fax +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list