(RADIATOR) AuthBy LSA and Lan Manager Auth Level

Hugh Irvine hugh at open.com.au
Mon Nov 29 22:17:27 CST 2004


Hello Kirk -

You should first of all upgrade to the latest Radiator 3.11 (plus  
patches).

There is a new example configuration file in "goodies/lsa.cfg" that you  
should start with.

At least part of the problem is likely to be the "NT\" prefix on the  
username string.

regards

Hugh


On 30 Nov 2004, at 07:49, Kirk T Byers wrote:

> Hugh,
>
> Here is my configuration file and debugging log.  I have validated  
> that I
> can log into the domain using the username/password that I am testing  
> with.
>
> Thanks,
>
> Kirk
>
>
> ******* radius.cfg *******
>
> Foreground
> LogStdout
> LogDir		.
> DbDir		.
> Trace 		4
>
> <Client DEFAULT>
> 	Secret	XXXXXX
> 	DupInterval 0
> </Client>
>
> <Handler TunnelledByPEAP=1>
>
> 	<AuthBy LSA>
> 		#Domain
> 		Domain NT
> 		#DefaultDomain NT
>
> 		EAPType MSCHAP-V2
> 	</AuthBy>
> </Handler>
>
>
> <Handler>
> 	<AuthBy FILE>
> 		Filename %D/users
>
> 		EAPType PEAP
>
> 		EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>
> #		EAPTLS_CAPath
>
> 		EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> 		EAPTLS_CertificateType PEM
>
> 		EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> 		EAPTLS_PrivateKeyPassword whatever
>
> #		EAPTLS_RandomFile %D/certificates/random
>
> 		EAPTLS_MaxFragmentSize 1000
>
> 		#EAPTLS_CRLCheck
> 		#EAPTLS_CRLFile %D/certificates/crl.pem
> 		#EAPTLS_CRLFile %D/certificates/revocations.pem
>
> 		AutoMPPEKeys
>
> 		SSLeayTrace 4
>
> 		#EAPTLS_SessionResumptionLimit 10
> 	</AuthBy>
> </Handler>
>
> ******* END radius.cfg *******
>
>
> ******* TRACE OUTPUT *******
> Mon Nov 29 11:04:20 2004: DEBUG: Reading users file ./users
> Mon Nov 29 11:04:20 2004: DEBUG: Finished reading configuration file
> 'C:\Program Files\Radiator\radius.cfg'
> This Radiator license will expire on 2005-02-01
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your evaluation period, contact admin at open.com.au
>
> Mon Nov 29 11:04:20 2004: DEBUG: Reading dictionary file './dictionary'
> Mon Nov 29 11:04:20 2004: DEBUG: Creating authentication port  
> 0.0.0.0:1645
> Mon Nov 29 11:04:20 2004: DEBUG: Creating accounting port 0.0.0.0:1646
> Mon Nov 29 11:04:20 2004: NOTICE: Server started: Radiator 3.9+patches  
> on
> testserver (LOCKED)
> Mon Nov 29 11:04:23 2004: DEBUG: Packet dump:
> *** Received from 171.64.19.234 port 21645 ....
> Code:       Access-Request
> Identifier: 35
> Authentic:  6<4>(<170><190><226><203><141>n5O+<144><180><153><159>
> Attributes:
> 	User-Name = "NT\testuser"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "0011.931f.57c0"
> 	Calling-Station-Id = "000c.41a9.930f"
> 	Message-Authenticator =
> <192><230><0>M<219>N<248><135><231>'<171><11>h<218><132>t
> 	EAP-Message = <2><1><0><15><1>NT\testuser
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 286
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
>
> Mon Nov 29 11:04:23 2004: DEBUG: Handling request with Handler ''
> Mon Nov 29 11:04:23 2004: DEBUG:  Deleting session for NT\testuser,
> 171.64.19.234, 286
> Mon Nov 29 11:04:23 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 29 11:04:23 2004: DEBUG: Handling with EAP: code 2, 1, 15
> Mon Nov 29 11:04:23 2004: DEBUG: Response type 1
> Mon Nov 29 11:04:24 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Nov 29 11:04:24 2004: DEBUG: Access challenged for NT\testuser:  
> EAP PEAP
> Challenge
> Mon Nov 29 11:04:24 2004: DEBUG: Packet dump:
> *** Sending to 171.64.19.234 port 21645 ....
> Code:       Access-Challenge
> Identifier: 35
> Authentic:  6<4>(<170><190><226><203><141>n5O+<144><180><153><159>
> Attributes:
> 	EAP-Message = <1><2><0><6><25>!
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Nov 29 11:04:56 2004: DEBUG: Packet dump:
> *** Received from 171.64.19.234 port 21645 ....
> Code:       Access-Request
> Identifier: 36
> Authentic:   
> <216><138><0><176><13><239><158>l?<200><212><211>G<212><203><19>
> Attributes:
> 	User-Name = "NT\testuser"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "0011.931f.57c0"
> 	Calling-Station-Id = "000c.41a9.930f"
> 	Message-Authenticator =  
> <204>G<136><189><225>x<11>u<219>1$\<172>RY<211>
> 	EAP-Message = <2><1><0><15><1>NT\testuser
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 287
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
>
> Mon Nov 29 11:04:56 2004: DEBUG: Handling request with Handler ''
> Mon Nov 29 11:04:56 2004: DEBUG:  Deleting session for NT\testuser,
> 171.64.19.234, 287
> Mon Nov 29 11:04:56 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 29 11:04:56 2004: DEBUG: Handling with EAP: code 2, 1, 15
> Mon Nov 29 11:04:56 2004: DEBUG: Response type 1
> Mon Nov 29 11:04:56 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Nov 29 11:04:56 2004: DEBUG: Access challenged for NT\testuser:  
> EAP PEAP
> Challenge
> Mon Nov 29 11:04:56 2004: DEBUG: Packet dump:
> *** Sending to 171.64.19.234 port 21645 ....
> Code:       Access-Challenge
> Identifier: 36
> Authentic:   
> <216><138><0><176><13><239><158>l?<200><212><211>G<212><203><19>
> Attributes:
> 	EAP-Message = <1><2><0><6><25>!
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
> *** Received from 171.64.19.234 port 21645 ....
> Code:       Access-Request
> Identifier: 37
> Authentic:  <163>3c<250><30>!<v<213><194><145><238>I\<183><179>
> Attributes:
> 	User-Name = "NT\testuser"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "0011.931f.57c0"
> 	Calling-Station-Id = "000c.41a9.930f"
> 	Message-Authenticator =
> <227><174><147><159>v<166>W<248><182>m<133>@<207><172><161>Q
> 	EAP-Message = <2><2><0><15><1>NT\testuser
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 287
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
>
> Mon Nov 29 11:04:57 2004: DEBUG: Handling request with Handler ''
> Mon Nov 29 11:04:57 2004: DEBUG:  Deleting session for NT\testuser,
> 171.64.19.234, 287
> Mon Nov 29 11:04:57 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 29 11:04:57 2004: DEBUG: Handling with EAP: code 2, 2, 15
> Mon Nov 29 11:04:57 2004: DEBUG: Response type 1
> Mon Nov 29 11:04:57 2004: DEBUG: Resuming session for
> Radius::Context=HASH(0x246f058)
>
> Mon Nov 29 11:04:57 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Nov 29 11:04:57 2004: DEBUG: Access challenged for NT\testuser:  
> EAP PEAP
> Challenge
> Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
> *** Sending to 171.64.19.234 port 21645 ....
> Code:       Access-Challenge
> Identifier: 37
> Authentic:  <163>3c<250><30>!<v<213><194><145><238>I\<183><179>
> Attributes:
> 	EAP-Message = <1><3><0><6><25>!
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
> *** Received from 171.64.19.234 port 21645 ....
> Code:       Access-Request
> Identifier: 38
> Authentic:   
> <151><182><11>H<246>j2<219><251><202><216>U<163><10><131><172>
> Attributes:
> 	User-Name = "NT\testuser"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "0011.931f.57c0"
> 	Calling-Station-Id = "000c.41a9.930f"
> 	Message-Authenticator =  
> u<132><23><219><136>?<31>{<194><141>}~<155>NV<138>
> 	EAP-Message =
> <2><3><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>A<171>r<239> 
> <246><19><1>ciy<230>5>U<231>o\]<11><163>9mh<149><227><151><133><220><16 
> 6>
> <176>y<0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0> 
> <18><0>c<1><0>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 287
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
>
> Mon Nov 29 11:04:57 2004: DEBUG: Handling request with Handler ''
> Mon Nov 29 11:04:57 2004: DEBUG:  Deleting session for NT\testuser,
> 171.64.19.234, 287
> Mon Nov 29 11:04:57 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 29 11:04:57 2004: DEBUG: Handling with EAP: code 2, 3, 80
> Mon Nov 29 11:04:57 2004: DEBUG: Response type 25
> Mon Nov 29 11:04:57 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Mon Nov 29 11:04:57 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Nov 29 11:04:57 2004: DEBUG: Access challenged for NT\testuser:  
> EAP PEAP
> Challenge
> Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
> *** Sending to 171.64.19.234 port 21645 ....
> Code:       Access-Challenge
> Identifier: 38
> Authentic:   
> <151><182><11>H<246>j2<219><251><202><216>U<163><10><131><172>
> Attributes:
> 	EAP-Message =
> <1><4><3><242><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>A<171>r< 
> 217><143><205><173>M<152><2><203><227><142><150><149><9><207>.<212><178 
> >k7;<254><6><163><146><240><222><200><175><28>
> E<176>BNy<8><177><244>:: 
> p<134><13>y<183><164>*<215>Y_e<28><230><252><163><178><161>cl? 
> 2<198><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<13 
> 0><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><2 
> 47><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0< 
> 15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1 
> <30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
> 	EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
> production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30> 
> <23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19>< 
> 2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9 
> >Melbourne1<24>0<22><6><3>U<4><10><19><15>My
> Test
> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159> 
> 0<13><6><9>*<134>H<134><247><13><1><1>
> 	EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><2 
> 34>/ 
> <241>.9<209><250>\y<1><149>[<215><24>e<133><15><223>d<176><132>Z<222>#< 
> 234><12>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><13 
> 8><6><19><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/ 
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><171>< 
> 154><249><220>v<17><159><2>x<29><136><148>: 
> b<170><254><4><207><183><144><210><251>+<233><135>0<212>Y<207><158>N<22 
> 6><136><12><132><143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19> 
> <6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H< 
> 134><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>> 
> q<129>X<13>=l? 
> <174><155><170><162><189><20><25>az<19>o<202><250>|B8N<209><225><253>? 
> hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<211><2 
> 48>oba<
> 	EAP-Message =
> JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25 
> >w<215><13><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><25 
> 4><206>U? 
> <214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130>< 
> 3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1> 
> <4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4> 
> <8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6>< 
> 3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do no
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
> *** Received from 171.64.19.234 port 21645 ....
> Code:       Access-Request
> Identifier: 39
> Authentic:   
> <213><239><29><0><5>-<231>H<219><172><199><24><11>i<214><29>
> Attributes:
> 	User-Name = "NT\testuser"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "0011.931f.57c0"
> 	Calling-Station-Id = "000c.41a9.930f"
> 	Message-Authenticator =
> <246><234><230><193><183><194><239>)D<150>f<190><15><145>h<14>
> 	EAP-Message = <2><4><0><6><25><0>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 287
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
>
> Mon Nov 29 11:04:57 2004: DEBUG: Handling request with Handler ''
> Mon Nov 29 11:04:57 2004: DEBUG:  Deleting session for NT\testuser,
> 171.64.19.234, 287
> Mon Nov 29 11:04:57 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 29 11:04:57 2004: DEBUG: Handling with EAP: code 2, 4, 6
> Mon Nov 29 11:04:57 2004: DEBUG: Response type 25
> Mon Nov 29 11:04:57 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Nov 29 11:04:57 2004: DEBUG: Access challenged for NT\testuser:  
> EAP PEAP
> Challenge
> Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
> *** Sending to 171.64.19.234 port 21645 ....
> Code:       Access-Challenge
> Identifier: 39
> Authentic:   
> <213><239><29><0><5>-<231>H<219><172><199><24><11>i<214><29>
> Attributes:
> 	EAP-Message = <1><5><3><238><25>@t use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30> 
> <23><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4 
> ><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4> 
> <7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
> 	EAP-Message = roduction)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129 
> ><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0< 
> 129><137><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><24 
> 8><199><214><253>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie< 
> 144>'<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><145><1 
> 38><143><136><127><230><<9>l<172><210><205><136><162><29>)1<4><206><11> 
> g<163><226>i@<206>o<210>,<185><173><234><3>^4<221><252><168>H<178><158> 
> <25><235><152><250>g<199><172><250>uSr<156><205>P<150>O<197><240>=a<255 
> >_<209><12><163><0>U<2><3><1><0><1><163><130><1>+0<130><1>'0<29><6><3>U 
> <29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H? 
> <164><27>ke0<129><247><6><3>U<29>#
> 	EAP-Message =
> <4><129><239>0<129><236><128><20><23><2><196>#<233><210>F0D<173>f]r<193 
> >H? 
> <164><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4> 
> <6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4>< 
> 7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130> 
> <1><0>0<12><6><3>U<29><19><4><5>0<3>
> 	EAP-Message =
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129> 
> <0>0<3>=<202><190><236>S<216><228>o<177><242><18>hEBe<219>W<136><245>tf 
> <202><143><160><29><220>p9<5><24>2<185>)<128><227>8<17><247>'_J<28><159 
> >; 
> _<202><254><242>+{=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><19 
> 3><29>- 
> <228><19><184>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>DuY+<156><143 
> ><225><149><237><135>ix<22>O<231><212><154><184><10>fZ<248>Va#<192><160 
> >l<21><129>0<199>6<22><3><1><0><220><13><0><0><212><2><1><2><0><207><0> 
> <205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8>< 
> 19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U< 
> 4><10><19><21>OSC
> Demo Certif
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
> *** Received from 171.64.19.234 port 21645 ....
> Code:       Access-Request
> Identifier: 40
> Authentic:  <195>VW<29><140><156>cP<187><218><248><2><131><243><160>@
> Attributes:
> 	User-Name = "NT\testuser"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "0011.931f.57c0"
> 	Calling-Station-Id = "000c.41a9.930f"
> 	Message-Authenticator =  
> <245><134>2<178>VV<193><240><212>WJ<215><226>2u~
> 	EAP-Message = <2><5><0><6><25><0>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 287
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
>
> Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler ''
> Mon Nov 29 11:04:58 2004: DEBUG:  Deleting session for NT\testuser,
> 171.64.19.234, 287
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 5, 6
> Mon Nov 29 11:04:58 2004: DEBUG: Response type 25
> Mon Nov 29 11:04:58 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Nov 29 11:04:58 2004: DEBUG: Access challenged for NT\testuser:  
> EAP PEAP
> Challenge
> Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
> *** Sending to 171.64.19.234 port 21645 ....
> Code:       Access-Challenge
> Identifier: 40
> Authentic:  <195>VW<29><140><156>cP<187><218><248><2><131><243><160>@
> Attributes:
> 	EAP-Message =  
> <1><6><0><134><25><0>icates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
> production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<14>< 
> 0><0><0>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
> *** Received from 171.64.19.234 port 21645 ....
> Code:       Access-Request
> Identifier: 41
> Authentic:  <183><KX<175><216><194><233>MlL<206>{<133><192>S
> Attributes:
> 	User-Name = "NT\testuser"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "0011.931f.57c0"
> 	Calling-Station-Id = "000c.41a9.930f"
> 	Message-Authenticator =
> <241><156><25>^m<211><9>W<21><198><162><146>t<141><200>F
> 	EAP-Message =
> <2><6><0><199><25><128><0><0><0><189><22><3><1><0><141><11><0><0><3><0> 
> <0><0><16><0><0><130><0><128><179><226><223><254>t<181><129><166><210>< 
> 141>`<206>; 
> <140><23><254>m<22>|<171>z<127><156><1><190>p<236>4Q<247>}<246><176><14 
> 2><251><244>Y<229><159>,<163>q<127>$a<179><200><222><216>o<255><11>J[Dk 
> <235>.<211><245>U<141><216><15><197><179>r<4><163><169><202><133>3<25>< 
> 234><175><30>v<194><254>i0<206>o<183><190><24><206><247><190>T<167><185 
> ><0><225><186><182><194><14>! 
> 6Z<23><254><223>u<178><168><158><149><<206><142><168><233>q<211>; 
> n<254><14><219><12><226><147><186>gd<20><3><1><0><1><1><22><3><1><0>
> '<20>l[<190><2>Ae6<148><218><134><239>8<29><15>~7U<17>R<167>/ 
> <15>M<194><142><25><7><221><154><184>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 287
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
>
> Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler ''
> Mon Nov 29 11:04:58 2004: DEBUG:  Deleting session for NT\testuser,
> 171.64.19.234, 287
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 6, 199
> Mon Nov 29 11:04:58 2004: DEBUG: Response type 25
> Mon Nov 29 11:04:58 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Mon Nov 29 11:04:58 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Nov 29 11:04:58 2004: DEBUG: Access challenged for NT\testuser:  
> EAP PEAP
> Challenge
> Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
> *** Sending to 171.64.19.234 port 21645 ....
> Code:       Access-Challenge
> Identifier: 41
> Authentic:  <183><KX<175><216><194><233>MlL<206>{<133><192>S
> Attributes:
> 	EAP-Message =  
> <1><7><0>5<25><128><0><0><0>+<20><3><1><0><1><1><22><3><1><0>
> oT<219>#<225><243>0? 
> <136><19><132><166><239><2><219>h<215>3<192>K<21><133>9<228><127><239>< 
> 177><223><212><146>`<182>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
> *** Received from 171.64.19.234 port 21645 ....
> Code:       Access-Request
> Identifier: 42
> Authentic:  <142>_TC<156><171>I<249><191><237><226><202>W;/5
> Attributes:
> 	User-Name = "NT\testuser"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "0011.931f.57c0"
> 	Calling-Station-Id = "000c.41a9.930f"
> 	Message-Authenticator =
> <198><4><16>!2<193>IL<233><158><166><150><139><208>k!
> 	EAP-Message = <2><7><0><6><25><0>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 287
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
>
> Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler ''
> Mon Nov 29 11:04:58 2004: DEBUG:  Deleting session for NT\testuser,
> 171.64.19.234, 287
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 7, 6
> Mon Nov 29 11:04:58 2004: DEBUG: Response type 25
> Mon Nov 29 11:04:58 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Nov 29 11:04:58 2004: DEBUG: Access challenged for NT\testuser:  
> EAP PEAP
> Challenge
> Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
> *** Sending to 171.64.19.234 port 21645 ....
> Code:       Access-Challenge
> Identifier: 42
> Authentic:  <142>_TC<156><171>I<249><191><237><226><202>W;/5
> Attributes:
> 	EAP-Message =
> <1><8><0><28><25><0><23><3><1><0><17><171><181>GpNQ<224><219><161><30>< 
> 3><176><27><180><210>c<19>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
> *** Received from 171.64.19.234 port 21645 ....
> Code:       Access-Request
> Identifier: 43
> Authentic:  |<218><222>^RHe<239><20><196>X<11><129><252><214><138>
> Attributes:
> 	User-Name = "NT\testuser"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "0011.931f.57c0"
> 	Calling-Station-Id = "000c.41a9.930f"
> 	Message-Authenticator = @>R<159><153>OK<15>gm<209><254>t<146>NV
> 	EAP-Message =
> <2><8><0>&<25><0><23><3><1><0><27>"<4><167><159><194><182><248><6><139> 
> <188><250>u<243><129><13><231>z<164>h<150><5><241><178><234>qi<176>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 287
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
>
> Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler ''
> Mon Nov 29 11:04:58 2004: DEBUG:  Deleting session for NT\testuser,
> 171.64.19.234, 287
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 8, 38
> Mon Nov 29 11:04:58 2004: DEBUG: Response type 25
> Mon Nov 29 11:04:58 2004: DEBUG: EAP PEAP inner authentication request  
> for
> anonymous
> Mon Nov 29 11:04:58 2004: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <255>X<1><129>G<136>\<161>{<179><241>]<170><144>s<138>
> Attributes:
> 	EAP-Message = <2><8><0><11><1>NT\testuser
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	User-Name = "anonymous"
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
> 	NAS-Port = 287
> 	Calling-Station-Id = "000c.41a9.930f"
>
> Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1'
> Mon Nov 29 11:04:58 2004: DEBUG:  Deleting session for ,  
> 171.64.19.234, 287
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthLSA:
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 8, 11
> Mon Nov 29 11:04:58 2004: DEBUG: Response type 1
> Mon Nov 29 11:04:58 2004: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
> Mon Nov 29 11:04:58 2004: DEBUG: Access challenged for anonymous: EAP
> MSCHAP-V2 Challenge
> Mon Nov 29 11:04:58 2004: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redespatched to a Handler
> Mon Nov 29 11:04:58 2004: DEBUG: Access challenged for NT\testuser:  
> EAP PEAP
> inner authentication redespatched to a Handler
> Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
> *** Sending to 171.64.19.234 port 21645 ....
> Code:       Access-Challenge
> Identifier: 43
> Authentic:  |<218><222>^RHe<239><20><196>X<11><129><252><214><138>
> Attributes:
> 	EAP-Message =
> <1><9><0>8<25><0><23><3><1><0>-)\t<212><167><26><168>*<248><11>T<220>s< 
> 3><200><22><170><176>E<179><16>KeG<190>o<137><216><201>XW<148><248>8B<1 
> 38><138>)O0(<196><211><252><152>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
> *** Received from 171.64.19.234 port 21645 ....
> Code:       Access-Request
> Identifier: 44
> Authentic:  <237>MN<251><158><5>h<9><192><191><197><10>[}<169><225>
> Attributes:
> 	User-Name = "NT\testuser"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "0011.931f.57c0"
> 	Calling-Station-Id = "000c.41a9.930f"
> 	Message-Authenticator =
> <146>P<244><17><168><159><159>Sc<255><229><234><230>-<156><233>
> 	EAP-Message =
> <2><9><0>\<25><0><23><3><1><0>Q*<145>2<145>,|Y<158><165>\O<160><182><23 
> 9><16>6z<227><237><189>@<195><130><242><128>h<130><216><250><24>XX<140> 
> <179><217><27><192><157><208><243><213><162>6<209><247>f<165>]<152>&8<1 
> 75><160>5<217><24><27><189><27>s<206>m\<8><173><154><244>]UX<18><230>a< 
> 210><127><255>ZV<239>d<159>
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 287
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
>
> Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler ''
> Mon Nov 29 11:04:58 2004: DEBUG:  Deleting session for NT\testuser,
> 171.64.19.234, 287
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 9, 92
> Mon Nov 29 11:04:58 2004: DEBUG: Response type 25
> Mon Nov 29 11:04:58 2004: DEBUG: EAP PEAP inner authentication request  
> for
> anonymous
> Mon Nov 29 11:04:58 2004: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <233><187><249><170>9w<255><26><207><205>j<147>C<160><241>4
> Attributes:
> 	EAP-Message =
> <2><9><0>A<26><2><9><0>@11<141><24>t<3><31>a<170><169>_T<28><26><25><21 
> 7>Z<0><0><0><0><0><0><0><0><14>Z<191><14><152><23><196><0><194>|<204>0< 
> 142>o0<20>q<202><137>7<227><204>l<255><0>NT\testuser
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	User-Name = "anonymous"
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
> 	NAS-Port = 287
> 	Calling-Station-Id = "000c.41a9.930f"
>
> Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1'
> Mon Nov 29 11:04:58 2004: DEBUG:  Deleting session for ,  
> 171.64.19.234, 287
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthLSA:
> Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 9, 65
> Mon Nov 29 11:04:58 2004: DEBUG: Response type 26
> Mon Nov 29 11:04:58 2004: DEBUG: Radius::AuthLSA looks for match with
> NT\testuser
> Mon Nov 29 11:04:58 2004: DEBUG: Radius::AuthLSA ACCEPT:
> Mon Nov 29 11:04:59 2004: WARNING: Could not LogonUserNetworkMSCHAP  
> (V2):
> 3221225581, 0, Logon failure: unknown user name or bad password.
> Mon Nov 29 11:04:59 2004: DEBUG: EAP result: 1, EAP MSCHAP-V2  
> Authentication
> failure
> Mon Nov 29 11:04:59 2004: INFO: Access rejected for anonymous: EAP  
> MSCHAP-V2
> Authentication failure
> Mon Nov 29 11:04:59 2004: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redespatched to a Handler
> Mon Nov 29 11:04:59 2004: DEBUG: Access challenged for NT\testuser:  
> EAP PEAP
> inner authentication redespatched to a Handler
> Mon Nov 29 11:04:59 2004: DEBUG: Packet dump:
> *** Sending to 171.64.19.234 port 21645 ....
> Code:       Access-Challenge
> Identifier: 44
> Authentic:  <237>MN<251><158><5>h<9><192><191><197><10>[}<169><225>
> Attributes:
> 	EAP-Message =
> <1><10><0>&<25><0><23><3><1><0><27><189>m0<5>X<21><18>*h<1><231>I\<147> 
> <230>T<142>c<182>9<207>L<127><140>Y<253><144>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Nov 29 11:04:59 2004: DEBUG: Packet dump:
> *** Received from 171.64.19.234 port 21645 ....
> Code:       Access-Request
> Identifier: 45
> Authentic:  <232><156><161><194>F<2>5<165>Y<217>0<247><171><167>R<151>
> Attributes:
> 	User-Name = "NT\testuser"
> 	Framed-MTU = 1400
> 	Called-Station-Id = "0011.931f.57c0"
> 	Calling-Station-Id = "000c.41a9.930f"
> 	Message-Authenticator =
> <8>f<170><13><172><25><230><250><241>r<241><255><237><189>)8
> 	EAP-Message =
> <2><10><0>&<25><0><23><3><1><0><27><155><199><223><161><174><197><134>{ 
> <137><175><173><191><165><6>p<180><10><162><210><214><191>{h<229><134>_ 
> @
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 287
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 171.64.19.234
> 	NAS-Identifier = "ap"
>
> Mon Nov 29 11:04:59 2004: DEBUG: Handling request with Handler ''
> Mon Nov 29 11:04:59 2004: DEBUG:  Deleting session for NT\testuser,
> 171.64.19.234, 287
> Mon Nov 29 11:04:59 2004: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 29 11:04:59 2004: DEBUG: Handling with EAP: code 2, 10, 38
> Mon Nov 29 11:04:59 2004: DEBUG: Response type 25
> Mon Nov 29 11:04:59 2004: DEBUG: EAP result: 1, PEAP Authentication  
> Failure
> Mon Nov 29 11:04:59 2004: INFO: Access rejected for NT\testuser: PEAP
> Authentication Failure
> Mon Nov 29 11:04:59 2004: DEBUG: Packet dump:
> *** Sending to 171.64.19.234 port 21645 ....
> Code:       Access-Reject
> Identifier: 45
> Authentic:  <232><156><161><194>F<2>5<165>Y<217>0<247><171><167>R<151>
> Attributes:
> 	EAP-Message = <4><10><0><4>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Reply-Message = "Request Denied"
>
> ******* END TRACE OUTPUT *******
>
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive  
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list