(RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 WLAN
Mike McCauley
mikem at open.com.au
Wed Jul 28 04:35:44 CDT 2004
Hi Scott,
On Wednesday 28 July 2004 18:41, Scott Xiao - ANTlabs wrote:
> Hi,Mike,
> Thanks, so do you have any suggestion that I can purchase regarding the
> cert for radius server?Verisign?which type?If you have any recommendation
> that it works well on Radiator....Thanks
Verisign offer certificates for radius servers, but I dont know the details of
how to apply for one. They do work with Radiator. You should try to get it in
PEM format.
Cheers.
> Scott ?? ANTlabs Singapore
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> Behalf Of Mike McCauley
> Sent: Tuesday, July 27, 2004 5:46 PM
> To: scottxiao at antlabs.com
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 WLAN
>
>
> Hello Scott,
>
> On Tuesday 27 July 2004 19:21, Scott Xiao - ANTlabs wrote:
> > Hi,Mike,
> > Thanks.But what I will deploy is a public hotspot and I will not let the
> > visitors to abtain a client certificate for 802.1x
> > authentication(PEAP),so the Radius server certificate has to be a signed
> > but a trusted CA on internet instead of using within a company only.So
> > the private cert
>
> created
>
> > with you CAtool might not be suitable ,right?
>
> Correct.
>
> > An I am so not clear why you mentioned "generic web client certificate
>
> will
>
> > not work",since I will only create cert for Radiator Radius server,not
> > for client.Please advise,thanks!
>
> The server certificate must contain the the XP server extension OID. I dont
> know if the certificates you can get from freessl contain that OID. Im only
> saying that you have to make sure you get that OID in your certificate.
>
> Cheers.
>
> > Cheers,
> >
> > Scott Xiao Qian,ANTlabs Singapore
> >
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: Tuesday, July 27, 2004 3:55 PM
> > To: scottxiao at antlabs.com
> > Cc: Hugh Irvine; radiator at open.com.au
> > Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 WLAN
> >
> > On Tuesday 27 July 2004 17:40, Scott Xiao - ANTlabs wrote:
> > > Hi,Hugh,
> > > Thanks,I am arranging to get a Gemtek Access point this week to test it
> > > since my Aironet AP is for internal testing only and no technical
>
> support
>
> > > from Cisco and Cisco deosn't support me on that issue.If you or any
> >
> > friends
> >
> > > in the mail list know about the issue,please let me and other people
>
> know
>
> > > ,thanks.
> > >
> > > Now I am going to purchase an SSL certificate from www.freessl.com for
> > > the radius server,but the one I found from that website doesn't
> > > mentione
> >
> > radius
> >
> > > server,it seems it only works with web server.Are the the same ?Can use
> >
> > it?
> >
> > If you plan to use the server certificate with Windows XP clients and
> > similar,
> > the server certificate _must_ contain the XP server extension OID, so a
> > generic web client certificate will not work.
> >
> > > Or do you sell any certificate as well?How much for one year,if you do
> > > ?
> >
> > See our private certificate authority software CATool
> > (www.open.com.au/catool)
> >
> > Cheers.
> >
> > > Thanks!
> > >
> > > Rgds
> > > Scott Xiao Qian / ANTlabs Singapore
> > > www.antlabs.com
> > >
> > > -----Original Message-----
> > > From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> > > Behalf Of Hugh Irvine
> > > Sent: Friday, July 23, 2004 10:06 AM
> > > To: scottxiao at antlabs.com
> > > Cc: radiator at open.com.au; Terry Simons; Mike McCauley
> > > Subject: Re: (RADIATOR) User always get authentication succeeded after
> > > Timeleft expired with 802.1x PEAP/aironet1100 WLAN
> > >
> > >
> > >
> > > Hello Scott -
> > >
> > > Thanks for sending the debug which does indeed show that there are no
> > > accounting requests.
> > >
> > > If there are no accouning requests, then the TIMELEFT is not
> > > decremented, therefore the authentication will succeed and the
> > > Session-Timeout will always remain the same.
> > >
> > > You will need to find out why the accounting requests are not being
> > > sent by the access point.
> > >
> > > regards
> > >
> > > Hugh
> > >
> > > On 22 Jul 2004, at 21:25, Scott Xiao - ANTlabs wrote:
> > > > Hi,Hugh,
> > > > I checked the Radiator configure file and added the line of update
> > > > the timeleft for the user,so UAM works well now.But for 802.1x
> > > > login,the user is
> > > > still authenticated automatically and the timeleft ( I set to 30
> > > > seconds)
> > > > value remains.Unless I stop the radiator,the authentication will not
> > > > fail,
> > > > it seems the radiator or AP didn't send accounting stop to update the
> > > > mysql
> > > > user database....here is the log...thanks! -- Scott
> > > > Mon Jul 19 19:21:39 2004: DEBUG: Packet dump:
> > > > *** Received from 192.168.123.9 port 1814 ....
> > > > Code: Access-Request
> > > > Identifier: 156
> > > > Authentic: }<4><139>$)O<180>M<240><210>a3<160><212>E<151>
> > > > Attributes:
> > > > User-Name = "john"
> > > > Framed-MTU = 1400
> > > > Called-Station-Id = "000f.34db.6690"
> > > > Calling-Station-Id = "000c.f108.37bf"
> > > > Message-Authenticator =
> > > > <199><212><236><212><233><*B$_$<169><164>Uj<135>
> > > > EAP-Message =
>
> <2><9><0><29><25><0><23><3><1><0><18><139><141><197><223><189><229>4<0>
>
> > > > <22>X
> > > > <254><231>1N<27><208><161>V
> > > > NAS-Port-Type = Wireless-IEEE-802-11
> > > > NAS-Port = 298
> > > > Service-Type = Framed-User
> > > > NAS-IP-Address = 10.0.0.1
> > > > NAS-Identifier = "ps-ap"
> > > > Proxy-State = 239
> > > >
> > > > Mon Jul 19 19:21:39 2004: DEBUG: Handling request with Handler ''
> > > > Mon Jul 19 19:21:39 2004: DEBUG: Deleting session for john,
> > > > 10.0.0.1, 298
> > > > Mon Jul 19 19:21:39 2004: DEBUG: Handling with Radius::AuthSQL
> > > > Mon Jul 19 19:21:39 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > Mon Jul 19 19:21:39 2004: DEBUG: Handling with EAP: code 2, 9, 29
> > > > Mon Jul 19 19:21:39 2004: DEBUG: Response type 25
> > > > Mon Jul 19 19:21:39 2004: DEBUG: EAP PEAP inner authentication
> > > > request for
> > > > anonymous
> > > > Mon Jul 19 19:21:41 2004: DEBUG: PEAP Tunnelled request Packet dump:
> > > > Code: Access-Request
> > > > Identifier: UNDEF
> > > > Authentic: <165><165><180><156><234>1cd<141><251><2>g<11>,<215><2>
> > > > Attributes:
> > > > EAP-Message = <2><9><0><2><26><3>
> > > > Message-Authenticator =
> > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > > User-Name = "anonymous"
> > > > NAS-IP-Address = 10.0.0.1
> > > > NAS-Identifier = "ps-ap"
> > > > NAS-Port = 298
> > > > Calling-Station-Id = "000c.f108.37bf"
> > > >
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Handling request with Handler
> > > > 'TunnelledByPEAP=1'
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Rewrote user name to anonymous
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Deleting session for , 10.0.0.1,
> > > > 298 Mon Jul 19 19:21:41 2004: DEBUG: Handling with Radius::AuthSQL
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Handling with Radius::AuthSQL: Mon
> > > > Jul 19 19:21:41 2004: DEBUG: Handling with EAP: code 2, 9, 2 Mon Jul
> > > > 19 19:21:41 2004: DEBUG: Response type 26
> > > > Mon Jul 19 19:21:41 2004: DEBUG: EAP result: 0,
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Access accepted for anonymous
> > > > Mon Jul 19 19:21:41 2004: DEBUG: EAP result: 3, EAP PEAP inner
> > > > authentication redespatched to a Handler
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Access challenged for john: EAP PEAP
> > > > inner
> > > > authentication redespatched to a Handler
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Packet dump:
> > > > *** Sending to 192.168.123.9 port 1814 ....
> > > > Code: Access-Challenge
> > > > Identifier: 156
> > > > Authentic: }<4><139>$)O<180>M<240><210>a3<160><212>E<151>
> > > > Attributes:
> > > > EAP-Message =
>
> <1><10><0>&<25><0><23><3><1><0><27>nL]<255><149>H<227>}s<225>YF<210><20
>
> > > > 7><16
> > > >
> > > >> <213><12><196>0<178>/<13>x<174><179><0><150>
> > > >
> > > > Message-Authenticator =
> > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > > Proxy-State = 239
> > > >
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Packet dump:
> > > > *** Received from 192.168.123.9 port 1814 ....
> > > > Code: Access-Request
> > > > Identifier: 157
> > > > Authentic: <212><135>3o<178><182><27><224><192>-<241><138><195>ee
> > > > Attributes:
> > > > User-Name = "john"
> > > > Framed-MTU = 1400
> > > > Called-Station-Id = "000f.34db.6690"
> > > > Calling-Station-Id = "000c.f108.37bf"
> > > > Message-Authenticator =
> > > > <146><195><193>C<156><240><128><26><15>|=<248><180><225>S<220>
> > > > EAP-Message =
>
> <2><10><0>&<25><0><23><3><1><0><27><150>l<+<4><2><168><174><238>0<169>?
>
> > > > K7<20
> > > > 1><5><25><179>3<146><1><222><253>d<193><16><254>
> > > > NAS-Port-Type = Wireless-IEEE-802-11
> > > > NAS-Port = 298
> > > > Service-Type = Framed-User
> > > > NAS-IP-Address = 10.0.0.1
> > > > NAS-Identifier = "ps-ap"
> > > > Proxy-State = 240
> > > >
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Handling request with Handler ''
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Deleting session for john,
> > > > 10.0.0.1, 298
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Handling with Radius::AuthSQL
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Handling with EAP: code 2, 10, 38
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Response type 25
> > > > Mon Jul 19 19:21:41 2004: DEBUG: EAP result: 0,
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Access accepted for john
> > > > Mon Jul 19 19:21:41 2004: DEBUG: Packet dump:
> > > > *** Sending to 192.168.123.9 port 1814 ....
> > > > Code: Access-Accept
> > > > Identifier: 157
> > > > Authentic: <212><135>3o<178><182><27><224><192>-<241><138><195>ee
> > > > Attributes:
> > > > Session-Timeout = 30
> > > > EAP-Message = <3><10><0><4>
> > > > Message-Authenticator =
> > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > > MS-MPPE-Send-Key =
>
> "<130><182>^<193>@<204><179><231>"<250><244><140><24><164>F.<140>Yq<179
>
> > > > ><191
> > > >>
> > > >> x<225><202><31>W<181><^a><0><207><152>Y<251><150><166>E"<189>JcT?
> > > >> <146>u<174
> > > >> 2^"
> > > >
> > > > MS-MPPE-Recv-Key =
> > > > "<157>Gq<224><175><146><250><251>-
> > > > ~<162><161><254><236><28>+<169>gt<153><138
> > > >
> > > >> <26>M<141><132><243><172>@<143>m<185>B-
> > > >> '<204><0>h<198><185>il<187>+<175>t<1
> > > >
> > > > 92><191>C<177><17>"
> > > > Proxy-State = 240
> > > >
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > > *** Received from 192.168.123.9 port 1814 ....
> > > > Code: Access-Request
> > > > Identifier: 158
> > > > Authentic: <2><214>Y<138><226><10>8<25><254><143><21>qu<2><161><229>
> > > > Attributes:
> > > > User-Name = "john"
> > > > Framed-MTU = 1400
> > > > Called-Station-Id = "000f.34db.6690"
> > > > Calling-Station-Id = "000c.f108.37bf"
> > > > Message-Authenticator =
> > > > <221>q<184><190><2><202><144><182><225>*<28><130>V<129><194>0
> > > > EAP-Message = <2><5><0><9><1>john
> > > > NAS-Port-Type = Wireless-IEEE-802-11
> > > > NAS-Port = 298
> > > > Service-Type = Framed-User
> > > > NAS-IP-Address = 10.0.0.1
> > > > NAS-Identifier = "ps-ap"
> > > > Proxy-State = 241
> > > >
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling request with Handler ''
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Deleting session for john,
> > > > 10.0.0.1, 298
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with EAP: code 2, 5, 9
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Response type 1
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Resuming session for
> > > > Radius::Context=HASH(0x97a1d48)
> > > >
> > > > Mon Jul 19 19:22:08 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Access challenged for john: EAP PEAP
> > > > Challenge
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > > *** Sending to 192.168.123.9 port 1814 ....
> > > > Code: Access-Challenge
> > > > Identifier: 158
> > > > Authentic: <2><214>Y<138><226><10>8<25><254><143><21>qu<2><161><229>
> > > > Attributes:
> > > > EAP-Message = <1><6><0><6><25>!
> > > > Message-Authenticator =
> > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > > Proxy-State = 241
> > > >
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > > *** Received from 192.168.123.9 port 1814 ....
> > > > Code: Access-Request
> > > > Identifier: 159
> > > > Authentic:
>
> <215>x<159><31><186><217>Y<200>gd<182>#<229><187><228><159>
>
> > > > Attributes:
> > > > User-Name = "john"
> > > > Framed-MTU = 1400
> > > > Called-Station-Id = "000f.34db.6690"
> > > > Calling-Station-Id = "000c.f108.37bf"
> > > > Message-Authenticator =
> > > > <22><22><16>?0R<156><176><5><167>c<184><203><239><22>F
> > > > EAP-Message =
>
> <2><6><0>p<25><128><0><0><0>f<22><3><1><0>a<1><0><0>]<3><1>@<255><161><
>
> > > > 136>o
> > > > <142><195>,<166><236>\<134><151>t<20>S<175><208>"<243><24>:
> > > > <142>7<29><17>H<3
> > > > 0><173><190><212>R
>
> <245><23><240><233><243>V><213><181>vs<245><252><158><194><254><179><13
>
> > > > 2><1>
> > > > <175><1><15><210><216>-
> > > > <230>YJ<163><245><224><176><0><22><0><4><0><5><0><10>
> > > > <0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0>
> > > > NAS-Port-Type = Wireless-IEEE-802-11
> > > > NAS-Port = 298
> > > > Service-Type = Framed-User
> > > > NAS-IP-Address = 10.0.0.1
> > > > NAS-Identifier = "ps-ap"
> > > > Proxy-State = 242
> > > >
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling request with Handler ''
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Deleting session for john,
> > > > 10.0.0.1, 298
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with EAP: code 2, 6, 112
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Response type 25
> > > > Mon Jul 19 19:22:08 2004: DEBUG: EAP TLS SSL_accept result: -1, 2,
>
> 8640
>
> > > > Mon Jul 19 19:22:08 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Access challenged for john: EAP PEAP
> > > > Challenge
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > > *** Sending to 192.168.123.9 port 1814 ....
> > > > Code: Access-Challenge
> > > > Identifier: 159
> > > > Authentic:
>
> <215>x<159><31><186><217>Y<200>gd<182>#<229><187><228><159>
>
> > > > Attributes:
> > > > EAP-Message =
>
> <1><7><0><132><25><128><0><0><0>z<22><3><1><0>J<2><0><0>F<3><1>@<251><1
>
> > > > 74><2
>
> 24><143><24>Y<149>><171><222><234><169><131>D%<190><216>R,r(<3>Bb<194><
>
> > > > 137><
> > > > 8><187>u<2><248>
>
> <245><23><240><233><243>V><213><181>vs<245><252><158><194><254><179><13
>
> > > > 2><1>
> > > > <175><1><15><210><216>-
> > > > <230>YJ<163><245><224><176><0><4><0><20><3><1><0><1><
> > > > 1><22><3><1><0>
> > > > =q<21>A<18><17><18><229>`<254>%<188>;
> > > > <164>^<245>*<1><28>f~<210>~<164><6>S8<1
> > > > 36><135>22<137>
> > > > Message-Authenticator =
> > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > > Proxy-State = 242
> > > >
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > > *** Received from 192.168.123.9 port 1814 ....
> > > > Code: Access-Request
> > > > Identifier: 160
> > > > Authentic: <142><194>m<191>%9<30><191><217>yq<162><141><238>0L
> > > > Attributes:
> > > > User-Name = "john"
> > > > Framed-MTU = 1400
> > > > Called-Station-Id = "000f.34db.6690"
> > > > Calling-Station-Id = "000c.f108.37bf"
> > > > Message-Authenticator =
>
> <163>D<198>7K<190>MU<253><226><251>~$<184><2>Y
>
> > > > EAP-Message =
> > > > <2><7><0>5<25><128><0><0><0>+<20><3><1><0><1><1><22><3><1><0>
> > > > 9w[<189><147>cUi<229><27>?
> > > > rQ<190><146>Q<134><10><233><132>d<144><178><129>g<
> > > > 233>uu<<15><18><237>
> > > > NAS-Port-Type = Wireless-IEEE-802-11
> > > > NAS-Port = 298
> > > > Service-Type = Framed-User
> > > > NAS-IP-Address = 10.0.0.1
> > > > NAS-Identifier = "ps-ap"
> > > > Proxy-State = 243
> > > >
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling request with Handler ''
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Deleting session for john,
> > > > 10.0.0.1, 298
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling with EAP: code 2, 7, 53
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Response type 25
> > > > Mon Jul 19 19:22:08 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> > > > Mon Jul 19 19:22:08 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Access challenged for john: EAP PEAP
> > > > Challenge
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > > *** Sending to 192.168.123.9 port 1814 ....
> > > > Code: Access-Challenge
> > > > Identifier: 160
> > > > Authentic: <142><194>m<191>%9<30><191><217>yq<162><141><238>0L
> > > > Attributes:
> > > > EAP-Message =
>
> <1><8><0><28><25><0><23><3><1><0><17><173><244><201>0<135><128><162>O<2
>
> > > > 51>B<
> > > > 128><143><232><252><237>Yn
> > > > Message-Authenticator =
> > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > > Proxy-State = 243
> > > >
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Packet dump:
> > > > *** Received from 192.168.123.9 port 1814 ....
> > > > Code: Access-Request
> > > > Identifier: 161
> > > > Authentic: <196>]Q<207>{<131><199><244>]<255>}<198><161><139>&<231>
> > > > Attributes:
> > > > User-Name = "john"
> > > > Framed-MTU = 1400
> > > > Called-Station-Id = "000f.34db.6690"
> > > > Calling-Station-Id = "000c.f108.37bf"
> > > > Message-Authenticator =
> > > > U<137>|<176><173>f<30><186>I<129>Q<131><244><0><174><31>
> > > > EAP-Message = <2><8><0>
>
> <25><0><23><3><1><0><21>w<197><141>U<R<1><26><3>|<5><227>f<215><155><13
>
> > > > 3><14
> > > > 5>y@<208><215>
> > > > NAS-Port-Type = Wireless-IEEE-802-11
> > > > NAS-Port = 298
> > > > Service-Type = Framed-User
> > > > NAS-IP-Address = 10.0.0.1
> > > > NAS-Identifier = "ps-ap"
> > > > Proxy-State = 244
> > > >
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Handling request with Handler ''
> > > > Mon Jul 19 19:22:08 2004: DEBUG: Deleting session for john,
> > > > 10.0.0.1, 298
> > > > Mon Jul 19 19:22:09 2004: DEBUG: Handling with Radius::AuthSQL
> > > > Mon Jul 19 19:22:09 2004: DEBUG: Handling with Radius::AuthSQL:
> > > > Mon Jul 19 19:22:09 2004: DEBUG: Handling with EAP: code 2, 8, 32
> > > > Mon Jul 19 19:22:09 2004: DEBUG: Response type 25
> > > > Mon Jul 19 19:22:09 2004: DEBUG: EAP PEAP inner authentication
> > > > request for
> > > > anonymous
> > > > Mon Jul 19 19:22:09 2004: DEBUG: PEAP Tunnelled request Packet dump:
> > > > Code: Access-Request
> > > > Identifier: UNDEF
> > > > Authentic: <29><187><15>Q1<233><173><196>"n1<167>"<212><214><185>
> > > > Attributes:
> > > > EAP-Message = <2><8><0><5><1>john
> > > > Message-Authenticator =
> > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > > User-Name = "anonymous"
> > > > NAS-IP-Address = 10.0.0.1
> > > > NAS-Identifier = "ps-ap"
> > > > NAS-Port = 298
> > > > Calling-Station-Id = "000c.f108.37bf"
> > > >
> > > > Mon Jul 19 19:22:09 2004: DEBUG: Handling request with Handler
> > > > 'TunnelledByPEAP=1'
> > > > Mon Jul 19 19:22:09 2004: DEBUG: Rewrote user name to anonymous
> > > > Mon Jul 19 19:22:09 2004: DEBUG: Deleting session for , 10.0.0.1,
> > > > 298 Mon Jul 19 19:22:09 2004: DEBUG: Handling with Radius::AuthSQL
> > > > Mon Jul 19 19:22:09 2004: DEBUG: Handling with Radius::AuthSQL: Mon
> > > > Jul 19 19:22:09 2004: DEBUG: Handling with EAP: code 2, 8, 5 Mon Jul
> > > > 19 19:22:09 2004: DEBUG: Response type 1
> > > > Mon Jul 19 19:22:09 2004: DEBUG: EAP result: 3, EAP MSCHAP-V2
>
> Challenge
>
> > > > Mon Jul 19 19:22:09 2004: DEBUG: Access challenged for anonymous: EAP
> > > > MSCHAP-V2 Challenge
> > > > Mon Jul 19 19:22:09 2004: DEBUG: EAP result: 3, EAP PEAP inner
> > > > authentication redespatched to a Handler
> > > > Mon Jul 19 19:22:09 2004: DEBUG: Access challenged for john: EAP PEAP
> > > > inner
> > > > authentication redespatched to a Handler
> > > > Mon Jul 19 19:22:09 2004: DEBUG: Packet dump:
> > > > *** Sending to 192.168.123.9 port 1814 ....
> > > > Code: Access-Challenge
> > > > Identifier: 161
> > > > Authentic: <196>]Q<207>{<131><199><244>]<255>}<198><161><139>&<231>
> > > > Attributes:
> > > > EAP-Message =
>
> <1><9><0>3<25><0><23><3><1><0>(<224>|<156>o<171><203><148><166>2<17><17
>
> > > > ><150
> > > >>
> > > >> R<185>?<131>?
> > > >>
> > > >> >C<3><137>B<161>,<160><2><253><201><195><8><164><233><14>t<13>
> > > >
> > > > ]ps<1>S
> > > > Message-Authenticator =
> > > > <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > > > Proxy-State = 244
> > >
> > > NB: have you included a copy of your configuration file (no secrets),
> > > together with a trace 4 debug showing what is happening?
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
> > > -
> > > CATool: Private Certificate Authority for Unix and Unix-like systems.
> > >
> > > --
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Mike McCauley mikem at open.com.au
> > Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>
> http://www.open.com.au
>
> > Phone +61 7 5598-7474 Fax +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > TTLS, PEAP etc on Unix, Windows, MacOS etc.
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
> Phone +61 7 5598-7474 Fax +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list