(RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 WLAN

Scott Xiao - ANTlabs scottxiao at antlabs.com
Wed Jul 28 03:41:15 CDT 2004


Hi,Mike,
Thanks, so do you have any suggestion that I can purchase regarding the cert
for radius server?Verisign?which type?If you have any recommendation that it
works well on Radiator....Thanks
Scott ?? ANTlabs Singapore

-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
Behalf Of Mike McCauley
Sent: Tuesday, July 27, 2004 5:46 PM
To: scottxiao at antlabs.com
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 WLAN


Hello Scott,


On Tuesday 27 July 2004 19:21, Scott Xiao  - ANTlabs wrote:
> Hi,Mike,
> Thanks.But what I will deploy is a public hotspot and I will not let the
> visitors to abtain a client certificate for 802.1x authentication(PEAP),so
> the Radius server certificate has to be a signed but a trusted CA on
> internet instead of using within a company only.So the private cert
created
> with you CAtool might not be suitable ,right?

Correct.

> An I am so not clear why you mentioned "generic web client certificate
will
> not work",since I will only create cert for Radiator Radius server,not for
> client.Please advise,thanks!

The server certificate must contain the the XP server extension OID. I dont
know if the certificates you can get from freessl contain that OID. Im only
saying that you have to make sure you get that OID in your certificate.

Cheers.

>
>
> Cheers,
>
> Scott Xiao Qian,ANTlabs Singapore
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: Tuesday, July 27, 2004 3:55 PM
> To: scottxiao at antlabs.com
> Cc: Hugh Irvine; radiator at open.com.au
> Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 WLAN
>
> On Tuesday 27 July 2004 17:40, Scott Xiao  - ANTlabs wrote:
> > Hi,Hugh,
> > Thanks,I am arranging to get a Gemtek Access point this week to test it
> > since my Aironet AP is for internal testing only and no technical
support
> > from Cisco and Cisco deosn't support me on that issue.If you or any
>
> friends
>
> > in the mail list know about the issue,please let me and other people
know
> > ,thanks.
> >
> > Now I am going to purchase an SSL certificate from www.freessl.com for
> > the radius server,but the one I found from that website doesn't mentione
>
> radius
>
> > server,it seems it only works with web server.Are the the same ?Can use
>
> it?
>
> If you plan to use the server certificate with Windows XP clients and
> similar,
> the server certificate _must_ contain the XP server extension OID, so a
> generic web client certificate will not work.
>
> > Or do you sell any certificate as well?How much for one year,if you do ?
>
> See our private certificate authority software CATool
> (www.open.com.au/catool)
>
> Cheers.
>
> > Thanks!
> >
> > Rgds
> > Scott Xiao Qian / ANTlabs Singapore
> > www.antlabs.com
> >
> > -----Original Message-----
> > From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> > Behalf Of Hugh Irvine
> > Sent: Friday, July 23, 2004 10:06 AM
> > To: scottxiao at antlabs.com
> > Cc: radiator at open.com.au; Terry Simons; Mike McCauley
> > Subject: Re: (RADIATOR) User always get authentication succeeded after
> > Timeleft expired with 802.1x PEAP/aironet1100 WLAN
> >
> >
> >
> > Hello Scott -
> >
> > Thanks for sending the debug which does indeed show that there are no
> > accounting requests.
> >
> > If there are no accouning requests, then the TIMELEFT is not
> > decremented, therefore the authentication will succeed and the
> > Session-Timeout will always remain the same.
> >
> > You will need to find out why the accounting requests are not being
> > sent by the access point.
> >
> > regards
> >
> > Hugh
> >
> > On 22 Jul 2004, at 21:25, Scott Xiao - ANTlabs wrote:
> > > Hi,Hugh,
> > > I checked the Radiator configure file and added the line of update the
> > > timeleft for the user,so UAM works well now.But for 802.1x login,the
> > > user is
> > > still authenticated automatically and the  timeleft ( I set to 30
> > > seconds)
> > > value remains.Unless I stop the radiator,the authentication will not
> > > fail,
> > > it seems the radiator or AP didn't send accounting stop to update the
> > > mysql
> > > user database....here is the log...thanks! -- Scott
> > >  Mon Jul 19 19:21:39 2004: DEBUG: Packet dump:
> > > *** Received from 192.168.123.9 port 1814 ....
> > > Code:       Access-Request
> > > Identifier: 156
> > > Authentic:  }<4><139>$)O<180>M<240><210>a3<160><212>E<151>
> > > Attributes:
> > > 	User-Name = "john"
> > > 	Framed-MTU = 1400
> > > 	Called-Station-Id = "000f.34db.6690"
> > > 	Calling-Station-Id = "000c.f108.37bf"
> > > 	Message-Authenticator =
> > > <199><212><236><212><233><*B$_$<169><164>Uj<135>
> > > 	EAP-Message =
> > >
<2><9><0><29><25><0><23><3><1><0><18><139><141><197><223><189><229>4<0>
> > > <22>X
> > > <254><231>1N<27><208><161>V
> > > 	NAS-Port-Type = Wireless-IEEE-802-11
> > > 	NAS-Port = 298
> > > 	Service-Type = Framed-User
> > > 	NAS-IP-Address = 10.0.0.1
> > > 	NAS-Identifier = "ps-ap"
> > > 	Proxy-State = 239
> > >
> > > Mon Jul 19 19:21:39 2004: DEBUG: Handling request with Handler ''
> > > Mon Jul 19 19:21:39 2004: DEBUG:  Deleting session for john, 10.0.0.1,
> > > 298
> > > Mon Jul 19 19:21:39 2004: DEBUG: Handling with Radius::AuthSQL
> > > Mon Jul 19 19:21:39 2004: DEBUG: Handling with Radius::AuthSQL:
> > > Mon Jul 19 19:21:39 2004: DEBUG: Handling with EAP: code 2, 9, 29
> > > Mon Jul 19 19:21:39 2004: DEBUG: Response type 25
> > > Mon Jul 19 19:21:39 2004: DEBUG: EAP PEAP inner authentication request
> > > for
> > > anonymous
> > > Mon Jul 19 19:21:41 2004: DEBUG: PEAP Tunnelled request Packet dump:
> > > Code:       Access-Request
> > > Identifier: UNDEF
> > > Authentic:  <165><165><180><156><234>1cd<141><251><2>g<11>,<215><2>
> > > Attributes:
> > > 	EAP-Message = <2><9><0><2><26><3>
> > > 	Message-Authenticator =
> > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > 	User-Name = "anonymous"
> > > 	NAS-IP-Address = 10.0.0.1
> > > 	NAS-Identifier = "ps-ap"
> > > 	NAS-Port = 298
> > > 	Calling-Station-Id = "000c.f108.37bf"
> > >
> > > Mon Jul 19 19:21:41 2004: DEBUG: Handling request with Handler
> > > 'TunnelledByPEAP=1'
> > > Mon Jul 19 19:21:41 2004: DEBUG: Rewrote user name to anonymous
> > > Mon Jul 19 19:21:41 2004: DEBUG:  Deleting session for , 10.0.0.1, 298
> > > Mon Jul 19 19:21:41 2004: DEBUG: Handling with Radius::AuthSQL
> > > Mon Jul 19 19:21:41 2004: DEBUG: Handling with Radius::AuthSQL:
> > > Mon Jul 19 19:21:41 2004: DEBUG: Handling with EAP: code 2, 9, 2
> > > Mon Jul 19 19:21:41 2004: DEBUG: Response type 26
> > > Mon Jul 19 19:21:41 2004: DEBUG: EAP result: 0,
> > > Mon Jul 19 19:21:41 2004: DEBUG: Access accepted for anonymous
> > > Mon Jul 19 19:21:41 2004: DEBUG: EAP result: 3, EAP PEAP inner
> > > authentication redespatched to a Handler
> > > Mon Jul 19 19:21:41 2004: DEBUG: Access challenged for john: EAP PEAP
> > > inner
> > > authentication redespatched to a Handler
> > > Mon Jul 19 19:21:41 2004: DEBUG: Packet dump:
> > > *** Sending to 192.168.123.9 port 1814 ....
> > > Code:       Access-Challenge
> > > Identifier: 156
> > > Authentic:  }<4><139>$)O<180>M<240><210>a3<160><212>E<151>
> > > Attributes:
> > > 	EAP-Message =
> > >
<1><10><0>&<25><0><23><3><1><0><27>nL]<255><149>H<227>}s<225>YF<210><20
> > > 7><16
> > >
> > >> <213><12><196>0<178>/<13>x<174><179><0><150>
> > >
> > > 	Message-Authenticator =
> > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > 	Proxy-State = 239
> > >
> > > Mon Jul 19 19:21:41 2004: DEBUG: Packet dump:
> > > *** Received from 192.168.123.9 port 1814 ....
> > > Code:       Access-Request
> > > Identifier: 157
> > > Authentic:   <212><135>3o<178><182><27><224><192>-<241><138><195>ee
> > > Attributes:
> > > 	User-Name = "john"
> > > 	Framed-MTU = 1400
> > > 	Called-Station-Id = "000f.34db.6690"
> > > 	Calling-Station-Id = "000c.f108.37bf"
> > > 	Message-Authenticator =
> > > <146><195><193>C<156><240><128><26><15>|=<248><180><225>S<220>
> > > 	EAP-Message =
> > >
<2><10><0>&<25><0><23><3><1><0><27><150>l<+<4><2><168><174><238>0<169>?
> > > K7<20
> > > 1><5><25><179>3<146><1><222><253>d<193><16><254>
> > > 	NAS-Port-Type = Wireless-IEEE-802-11
> > > 	NAS-Port = 298
> > > 	Service-Type = Framed-User
> > > 	NAS-IP-Address = 10.0.0.1
> > > 	NAS-Identifier = "ps-ap"
> > > 	Proxy-State = 240
> > >
> > > Mon Jul 19 19:21:41 2004: DEBUG: Handling request with Handler ''
> > > Mon Jul 19 19:21:41 2004: DEBUG:  Deleting session for john, 10.0.0.1,
> > > 298
> > > Mon Jul 19 19:21:41 2004: DEBUG: Handling with Radius::AuthSQL
> > > Mon Jul 19 19:21:41 2004: DEBUG: Handling with Radius::AuthSQL:
> > > Mon Jul 19 19:21:41 2004: DEBUG: Handling with EAP: code 2, 10, 38
> > > Mon Jul 19 19:21:41 2004: DEBUG: Response type 25
> > > Mon Jul 19 19:21:41 2004: DEBUG: EAP result: 0,
> > > Mon Jul 19 19:21:41 2004: DEBUG: Access accepted for john
> > > Mon Jul 19 19:21:41 2004: DEBUG: Packet dump:
> > > *** Sending to 192.168.123.9 port 1814 ....
> > > Code:       Access-Accept
> > > Identifier: 157
> > > Authentic:   <212><135>3o<178><182><27><224><192>-<241><138><195>ee
> > > Attributes:
> > > 	Session-Timeout = 30
> > > 	EAP-Message = <3><10><0><4>
> > > 	Message-Authenticator =
> > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > 	MS-MPPE-Send-Key =
> > >
"<130><182>^<193>@<204><179><231>"<250><244><140><24><164>F.<140>Yq<179
> > >
> > > ><191
> > >>
> > >> x<225><202><31>W<181><^a><0><207><152>Y<251><150><166>E"<189>JcT?
> > >> <146>u<174
> > >> 2^"
> > >
> > > 	MS-MPPE-Recv-Key =
> > > "<157>Gq<224><175><146><250><251>-
> > > ~<162><161><254><236><28>+<169>gt<153><138
> > >
> > >> <26>M<141><132><243><172>@<143>m<185>B-
> > >> '<204><0>h<198><185>il<187>+<175>t<1
> > >
> > > 92><191>C<177><17>"
> > > 	Proxy-State = 240
> > >
> > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > *** Received from 192.168.123.9 port 1814 ....
> > > Code:       Access-Request
> > > Identifier: 158
> > > Authentic:  <2><214>Y<138><226><10>8<25><254><143><21>qu<2><161><229>
> > > Attributes:
> > > 	User-Name = "john"
> > > 	Framed-MTU = 1400
> > > 	Called-Station-Id = "000f.34db.6690"
> > > 	Calling-Station-Id = "000c.f108.37bf"
> > > 	Message-Authenticator =
> > > <221>q<184><190><2><202><144><182><225>*<28><130>V<129><194>0
> > > 	EAP-Message = <2><5><0><9><1>john
> > > 	NAS-Port-Type = Wireless-IEEE-802-11
> > > 	NAS-Port = 298
> > > 	Service-Type = Framed-User
> > > 	NAS-IP-Address = 10.0.0.1
> > > 	NAS-Identifier = "ps-ap"
> > > 	Proxy-State = 241
> > >
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling request with Handler ''
> > > Mon Jul 19 19:22:08 2004: DEBUG:  Deleting session for john, 10.0.0.1,
> > > 298
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL:
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with EAP: code 2, 5, 9
> > > Mon Jul 19 19:22:08 2004: DEBUG: Response type 1
> > > Mon Jul 19 19:22:08 2004: DEBUG: Resuming session for
> > > Radius::Context=HASH(0x97a1d48)
> > >
> > > Mon Jul 19 19:22:08 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> > > Mon Jul 19 19:22:08 2004: DEBUG: Access challenged for john: EAP PEAP
> > > Challenge
> > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > *** Sending to 192.168.123.9 port 1814 ....
> > > Code:       Access-Challenge
> > > Identifier: 158
> > > Authentic:  <2><214>Y<138><226><10>8<25><254><143><21>qu<2><161><229>
> > > Attributes:
> > > 	EAP-Message = <1><6><0><6><25>!
> > > 	Message-Authenticator =
> > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > 	Proxy-State = 241
> > >
> > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > *** Received from 192.168.123.9 port 1814 ....
> > > Code:       Access-Request
> > > Identifier: 159
> > > Authentic:
<215>x<159><31><186><217>Y<200>gd<182>#<229><187><228><159>
> > > Attributes:
> > > 	User-Name = "john"
> > > 	Framed-MTU = 1400
> > > 	Called-Station-Id = "000f.34db.6690"
> > > 	Calling-Station-Id = "000c.f108.37bf"
> > > 	Message-Authenticator =
> > > <22><22><16>?0R<156><176><5><167>c<184><203><239><22>F
> > > 	EAP-Message =
> > >
<2><6><0>p<25><128><0><0><0>f<22><3><1><0>a<1><0><0>]<3><1>@<255><161><
> > > 136>o
> > > <142><195>,<166><236>\<134><151>t<20>S<175><208>"<243><24>:
> > > <142>7<29><17>H<3
> > > 0><173><190><212>R
> > >
<245><23><240><233><243>V><213><181>vs<245><252><158><194><254><179><13
> > > 2><1>
> > > <175><1><15><210><216>-
> > > <230>YJ<163><245><224><176><0><22><0><4><0><5><0><10>
> > > <0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0>
> > > 	NAS-Port-Type = Wireless-IEEE-802-11
> > > 	NAS-Port = 298
> > > 	Service-Type = Framed-User
> > > 	NAS-IP-Address = 10.0.0.1
> > > 	NAS-Identifier = "ps-ap"
> > > 	Proxy-State = 242
> > >
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling request with Handler ''
> > > Mon Jul 19 19:22:08 2004: DEBUG:  Deleting session for john, 10.0.0.1,
> > > 298
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL:
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with EAP: code 2, 6, 112
> > > Mon Jul 19 19:22:08 2004: DEBUG: Response type 25
> > > Mon Jul 19 19:22:08 2004: DEBUG: EAP TLS SSL_accept result: -1, 2,
8640
> > > Mon Jul 19 19:22:08 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> > > Mon Jul 19 19:22:08 2004: DEBUG: Access challenged for john: EAP PEAP
> > > Challenge
> > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > *** Sending to 192.168.123.9 port 1814 ....
> > > Code:       Access-Challenge
> > > Identifier: 159
> > > Authentic:
<215>x<159><31><186><217>Y<200>gd<182>#<229><187><228><159>
> > > Attributes:
> > > 	EAP-Message =
> > >
<1><7><0><132><25><128><0><0><0>z<22><3><1><0>J<2><0><0>F<3><1>@<251><1
> > > 74><2
> > >
24><143><24>Y<149>><171><222><234><169><131>D%<190><216>R,r(<3>Bb<194><
> > > 137><
> > > 8><187>u<2><248>
> > >
<245><23><240><233><243>V><213><181>vs<245><252><158><194><254><179><13
> > > 2><1>
> > > <175><1><15><210><216>-
> > > <230>YJ<163><245><224><176><0><4><0><20><3><1><0><1><
> > > 1><22><3><1><0>
> > > =q<21>A<18><17><18><229>`<254>%<188>;
> > > <164>^<245>*<1><28>f~<210>~<164><6>S8<1
> > > 36><135>22<137>
> > > 	Message-Authenticator =
> > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > 	Proxy-State = 242
> > >
> > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > *** Received from 192.168.123.9 port 1814 ....
> > > Code:       Access-Request
> > > Identifier: 160
> > > Authentic:  <142><194>m<191>%9<30><191><217>yq<162><141><238>0L
> > > Attributes:
> > > 	User-Name = "john"
> > > 	Framed-MTU = 1400
> > > 	Called-Station-Id = "000f.34db.6690"
> > > 	Calling-Station-Id = "000c.f108.37bf"
> > > 	Message-Authenticator =
<163>D<198>7K<190>MU<253><226><251>~$<184><2>Y
> > > 	EAP-Message =
> > > <2><7><0>5<25><128><0><0><0>+<20><3><1><0><1><1><22><3><1><0>
> > > 9w[<189><147>cUi<229><27>?
> > > rQ<190><146>Q<134><10><233><132>d<144><178><129>g<
> > > 233>uu<<15><18><237>
> > > 	NAS-Port-Type = Wireless-IEEE-802-11
> > > 	NAS-Port = 298
> > > 	Service-Type = Framed-User
> > > 	NAS-IP-Address = 10.0.0.1
> > > 	NAS-Identifier = "ps-ap"
> > > 	Proxy-State = 243
> > >
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling request with Handler ''
> > > Mon Jul 19 19:22:08 2004: DEBUG:  Deleting session for john, 10.0.0.1,
> > > 298
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL:
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with EAP: code 2, 7, 53
> > > Mon Jul 19 19:22:08 2004: DEBUG: Response type 25
> > > Mon Jul 19 19:22:08 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> > > Mon Jul 19 19:22:08 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> > > Mon Jul 19 19:22:08 2004: DEBUG: Access challenged for john: EAP PEAP
> > > Challenge
> > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > *** Sending to 192.168.123.9 port 1814 ....
> > > Code:       Access-Challenge
> > > Identifier: 160
> > > Authentic:  <142><194>m<191>%9<30><191><217>yq<162><141><238>0L
> > > Attributes:
> > > 	EAP-Message =
> > >
<1><8><0><28><25><0><23><3><1><0><17><173><244><201>0<135><128><162>O<2
> > > 51>B<
> > > 128><143><232><252><237>Yn
> > > 	Message-Authenticator =
> > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > 	Proxy-State = 243
> > >
> > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > *** Received from 192.168.123.9 port 1814 ....
> > > Code:       Access-Request
> > > Identifier: 161
> > > Authentic:  <196>]Q<207>{<131><199><244>]<255>}<198><161><139>&<231>
> > > Attributes:
> > > 	User-Name = "john"
> > > 	Framed-MTU = 1400
> > > 	Called-Station-Id = "000f.34db.6690"
> > > 	Calling-Station-Id = "000c.f108.37bf"
> > > 	Message-Authenticator =
> > > U<137>|<176><173>f<30><186>I<129>Q<131><244><0><174><31>
> > > 	EAP-Message = <2><8><0>
> > >
<25><0><23><3><1><0><21>w<197><141>U<R<1><26><3>|<5><227>f<215><155><13
> > > 3><14
> > > 5>y@<208><215>
> > > 	NAS-Port-Type = Wireless-IEEE-802-11
> > > 	NAS-Port = 298
> > > 	Service-Type = Framed-User
> > > 	NAS-IP-Address = 10.0.0.1
> > > 	NAS-Identifier = "ps-ap"
> > > 	Proxy-State = 244
> > >
> > > Mon Jul 19 19:22:08 2004: DEBUG: Handling request with Handler ''
> > > Mon Jul 19 19:22:08 2004: DEBUG:  Deleting session for john, 10.0.0.1,
> > > 298
> > > Mon Jul 19 19:22:09 2004: DEBUG: Handling with Radius::AuthSQL
> > > Mon Jul 19 19:22:09 2004: DEBUG: Handling with Radius::AuthSQL:
> > > Mon Jul 19 19:22:09 2004: DEBUG: Handling with EAP: code 2, 8, 32
> > > Mon Jul 19 19:22:09 2004: DEBUG: Response type 25
> > > Mon Jul 19 19:22:09 2004: DEBUG: EAP PEAP inner authentication request
> > > for
> > > anonymous
> > > Mon Jul 19 19:22:09 2004: DEBUG: PEAP Tunnelled request Packet dump:
> > > Code:       Access-Request
> > > Identifier: UNDEF
> > > Authentic:  <29><187><15>Q1<233><173><196>"n1<167>"<212><214><185>
> > > Attributes:
> > > 	EAP-Message = <2><8><0><5><1>john
> > > 	Message-Authenticator =
> > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > 	User-Name = "anonymous"
> > > 	NAS-IP-Address = 10.0.0.1
> > > 	NAS-Identifier = "ps-ap"
> > > 	NAS-Port = 298
> > > 	Calling-Station-Id = "000c.f108.37bf"
> > >
> > > Mon Jul 19 19:22:09 2004: DEBUG: Handling request with Handler
> > > 'TunnelledByPEAP=1'
> > > Mon Jul 19 19:22:09 2004: DEBUG: Rewrote user name to anonymous
> > > Mon Jul 19 19:22:09 2004: DEBUG:  Deleting session for , 10.0.0.1, 298
> > > Mon Jul 19 19:22:09 2004: DEBUG: Handling with Radius::AuthSQL
> > > Mon Jul 19 19:22:09 2004: DEBUG: Handling with Radius::AuthSQL:
> > > Mon Jul 19 19:22:09 2004: DEBUG: Handling with EAP: code 2, 8, 5
> > > Mon Jul 19 19:22:09 2004: DEBUG: Response type 1
> > > Mon Jul 19 19:22:09 2004: DEBUG: EAP result: 3, EAP MSCHAP-V2
Challenge
> > > Mon Jul 19 19:22:09 2004: DEBUG: Access challenged for anonymous: EAP
> > > MSCHAP-V2 Challenge
> > > Mon Jul 19 19:22:09 2004: DEBUG: EAP result: 3, EAP PEAP inner
> > > authentication redespatched to a Handler
> > > Mon Jul 19 19:22:09 2004: DEBUG: Access challenged for john: EAP PEAP
> > > inner
> > > authentication redespatched to a Handler
> > > Mon Jul 19 19:22:09 2004: DEBUG: Packet dump:
> > > *** Sending to 192.168.123.9 port 1814 ....
> > > Code:       Access-Challenge
> > > Identifier: 161
> > > Authentic:  <196>]Q<207>{<131><199><244>]<255>}<198><161><139>&<231>
> > > Attributes:
> > > 	EAP-Message =
> > >
<1><9><0>3<25><0><23><3><1><0>(<224>|<156>o<171><203><148><166>2<17><17
> > >
> > > ><150
> > >>
> > >> R<185>?<131>?
> > >>
> > >> >C<3><137>B<161>,<160><2><253><201><195><8><164><233><14>t<13>
> > >
> > > ]ps<1>S
> > > 	Message-Authenticator =
> > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > 	Proxy-State = 244
> >
> > NB: have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > -
> > CATool: Private Certificate Authority for Unix and Unix-like systems.
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia
http://www.open.com.au
> Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

--
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list