(RADIATOR) AuthBy LSA and Lan Manager Auth Level
António Fernandes
afernandes at egp.up.pt
Tue Nov 30 03:24:23 CST 2004
Hi,
A question rises to me: being that Handler TunnelledByPEAP couldn't you not
use EAPTLS_CAFile, EAPTLS_CertificateFile, ..., EAPTLS_MaxFragmentSize ? The
only handler that should need that info would be the outer packet handler.
Im I right?
Thanks to all,
Antonio Fernandes
Porto Management School
University of Porto - Portugal
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Kawakubo, Ken
Sent: segunda-feira, 29 de Novembro de 2004 21:42
To: 'Kirk T Byers'; Hugh Irvine
Cc: radiator at open.com.au
Subject: RE: (RADIATOR) AuthBy LSA and Lan Manager Auth Level
Kirk,
We have successfully implemented PEAP/MSChapv2, EAP-TTLS/PAP, and LEAP
authentications against Active Directory using AuthBy LSA. We use Windows
built-in client for PEAP/MSChapv2 authentication. The pertinent portion of
the configuration looks like below. Basically, you need to put Authby LSA
under <Handler TunnelledByPEAP=1>. First, radius packets go to <Handler>,
then if they are PEAP authentication packets, they get dispatched to
<Handler TunnelledByPEAP=1>, and this is the Handler which does
authentication by LSA. Users file include "anonymous" user only.
Ken Kawakubo
<Handler TunnelledByPEAP=1>
# Authenticate with Windows LSA
<AuthBy LSA>
DomainController xxxxx
# This tells the PEAP client what types of inner EAP
requests
# we will honour
EAPType MSCHAP-V2
EAPTLS_CAFile C:/Program Files/Radiator/cacert.pem
EAPTLS_CertificateFile C:/Program Files/Radiator/xxxxx.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile C:/Program Files/Radiator/xxxxx.pem
EAPTLS_PrivateKeyPassword everwhat
EAPTLS_MaxFragmentSize 500
</AuthBy>
AcctLogFileName %L/detail
</Handler>
<Handler>
<AuthBy FILE>
Filename C:/Program Files/Radiator/users
EAPType PEAP,TTLS
EAPTLS_PEAPVersion 0
EAPTLS_CAFile C:/Program Files/Radiator/cacert.pem
EAPTLS_CertificateFile C:/Program
Files/Radiator/xxxxx.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile C:/Program
Files/Radiator/xxxxx.pem
EAPTLS_PrivateKeyPassword everwhat
EAPTLS_MaxFragmentSize 1024
AutoMPPEKeys
SSLeayTrace 4
</AuthBy>
AcctLogFileName %L/detail
AuthLog eap-authlog
</Handler>
-----Original Message-----
From: Kirk T Byers [mailto:ktbyers at stanford.edu]
Sent: Monday, November 29, 2004 12:49 PM
To: Hugh Irvine
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) AuthBy LSA and Lan Manager Auth Level
Hugh,
Here is my configuration file and debugging log. I have validated that I
can log into the domain using the username/password that I am testing with.
Thanks,
Kirk
******* radius.cfg *******
Foreground
LogStdout
LogDir .
DbDir .
Trace 4
<Client DEFAULT>
Secret XXXXXX
DupInterval 0
</Client>
<Handler TunnelledByPEAP=1>
<AuthBy LSA>
#Domain
Domain NT
#DefaultDomain NT
EAPType MSCHAP-V2
</AuthBy>
</Handler>
<Handler>
<AuthBy FILE>
Filename %D/users
EAPType PEAP
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
# EAPTLS_CAPath
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
# EAPTLS_RandomFile %D/certificates/random
EAPTLS_MaxFragmentSize 1000
#EAPTLS_CRLCheck
#EAPTLS_CRLFile %D/certificates/crl.pem
#EAPTLS_CRLFile %D/certificates/revocations.pem
AutoMPPEKeys
SSLeayTrace 4
#EAPTLS_SessionResumptionLimit 10
</AuthBy>
</Handler>
******* END radius.cfg *******
******* TRACE OUTPUT *******
Mon Nov 29 11:04:20 2004: DEBUG: Reading users file ./users
Mon Nov 29 11:04:20 2004: DEBUG: Finished reading configuration file
'C:\Program Files\Radiator\radius.cfg'
This Radiator license will expire on 2005-02-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your evaluation period, contact admin at open.com.au
Mon Nov 29 11:04:20 2004: DEBUG: Reading dictionary file './dictionary'
Mon Nov 29 11:04:20 2004: DEBUG: Creating authentication port 0.0.0.0:1645
Mon Nov 29 11:04:20 2004: DEBUG: Creating accounting port 0.0.0.0:1646
Mon Nov 29 11:04:20 2004: NOTICE: Server started: Radiator 3.9+patches on
testserver (LOCKED)
Mon Nov 29 11:04:23 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 35
Authentic: 6<4>(<170><190><226><203><141>n5O+<144><180><153><159>
Attributes:
User-Name = "NT\testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
<192><230><0>M<219>N<248><135><231>'<171><11>h<218><132>t
EAP-Message = <2><1><0><15><1>NT\testuser
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 286
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Mon Nov 29 11:04:23 2004: DEBUG: Handling request with Handler ''
Mon Nov 29 11:04:23 2004: DEBUG: Deleting session for NT\testuser,
171.64.19.234, 286
Mon Nov 29 11:04:23 2004: DEBUG: Handling with Radius::AuthFILE:
Mon Nov 29 11:04:23 2004: DEBUG: Handling with EAP: code 2, 1, 15
Mon Nov 29 11:04:23 2004: DEBUG: Response type 1
Mon Nov 29 11:04:24 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Nov 29 11:04:24 2004: DEBUG: Access challenged for NT\testuser: EAP PEAP
Challenge
Mon Nov 29 11:04:24 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Challenge
Identifier: 35
Authentic: 6<4>(<170><190><226><203><141>n5O+<144><180><153><159>
Attributes:
EAP-Message = <1><2><0><6><25>!
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Nov 29 11:04:56 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 36
Authentic: <216><138><0><176><13><239><158>l?<200><212><211>G<212><203><19>
Attributes:
User-Name = "NT\testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
<204>G<136><189><225>x<11>u<219>1$\<172>RY<211>
EAP-Message = <2><1><0><15><1>NT\testuser
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 287
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Mon Nov 29 11:04:56 2004: DEBUG: Handling request with Handler ''
Mon Nov 29 11:04:56 2004: DEBUG: Deleting session for NT\testuser,
171.64.19.234, 287
Mon Nov 29 11:04:56 2004: DEBUG: Handling with Radius::AuthFILE:
Mon Nov 29 11:04:56 2004: DEBUG: Handling with EAP: code 2, 1, 15
Mon Nov 29 11:04:56 2004: DEBUG: Response type 1
Mon Nov 29 11:04:56 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Nov 29 11:04:56 2004: DEBUG: Access challenged for NT\testuser: EAP PEAP
Challenge
Mon Nov 29 11:04:56 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Challenge
Identifier: 36
Authentic: <216><138><0><176><13><239><158>l?<200><212><211>G<212><203><19>
Attributes:
EAP-Message = <1><2><0><6><25>!
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 37
Authentic: <163>3c<250><30>!<v<213><194><145><238>I\<183><179>
Attributes:
User-Name = "NT\testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
<227><174><147><159>v<166>W<248><182>m<133>@<207><172><161>Q
EAP-Message = <2><2><0><15><1>NT\testuser
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 287
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Mon Nov 29 11:04:57 2004: DEBUG: Handling request with Handler ''
Mon Nov 29 11:04:57 2004: DEBUG: Deleting session for NT\testuser,
171.64.19.234, 287
Mon Nov 29 11:04:57 2004: DEBUG: Handling with Radius::AuthFILE:
Mon Nov 29 11:04:57 2004: DEBUG: Handling with EAP: code 2, 2, 15
Mon Nov 29 11:04:57 2004: DEBUG: Response type 1
Mon Nov 29 11:04:57 2004: DEBUG: Resuming session for
Radius::Context=HASH(0x246f058)
Mon Nov 29 11:04:57 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Nov 29 11:04:57 2004: DEBUG: Access challenged for NT\testuser: EAP PEAP
Challenge
Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Challenge
Identifier: 37
Authentic: <163>3c<250><30>!<v<213><194><145><238>I\<183><179>
Attributes:
EAP-Message = <1><3><0><6><25>!
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 38
Authentic: <151><182><11>H<246>j2<219><251><202><216>U<163><10><131><172>
Attributes:
User-Name = "NT\testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
u<132><23><219><136>?<31>{<194><141>}~<155>NV<138>
EAP-Message =
<2><3><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>A<171>r<239><246>
<19><1>ciy<230>5>U<231>o\]<11><163>9mh<149><227><151><133><220><166>
<176>y<0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><
0>c<1><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 287
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Mon Nov 29 11:04:57 2004: DEBUG: Handling request with Handler ''
Mon Nov 29 11:04:57 2004: DEBUG: Deleting session for NT\testuser,
171.64.19.234, 287
Mon Nov 29 11:04:57 2004: DEBUG: Handling with Radius::AuthFILE:
Mon Nov 29 11:04:57 2004: DEBUG: Handling with EAP: code 2, 3, 80
Mon Nov 29 11:04:57 2004: DEBUG: Response type 25
Mon Nov 29 11:04:57 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Mon Nov 29 11:04:57 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Nov 29 11:04:57 2004: DEBUG: Access challenged for NT\testuser: EAP PEAP
Challenge
Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Challenge
Identifier: 38
Authentic: <151><182><11>H<246>j2<219><251><202><216>U<163><10><131><172>
Attributes:
EAP-Message =
<1><4><3><242><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>A<171>r<217><
143><205><173>M<152><2><203><227><142><150><149><9><207>.<212><178>k7;<254><
6><163><146><240><222><200><175><28>
E<176>BNy<8><177><244>::p<134><13>y<183><164>*<215>Y_e<28><230><252><163><17
8><161>cl?2<198><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209
>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><2
47><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6
><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><
6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><
13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0
<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<24>
0<22><6><3>U<4><10><19><15>My
Test
Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13>
<6><9>*<134>H<134><247><13><1><1>
EAP-Message =
<1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/<
241>.9<209><250>\y<1><149>[<215><24>e<133><15><223>d<176><132>Z<222>#<234><1
2>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19><2
47>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/<16>HI<220><169>v
N<215>)<31><207><24><157><230>G<186>)<246>J<195><171><154><249><220>v<17><15
9><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>+<233><135>0<212
>Y<207><158>N<226><136><12><132><143><250><182><218>W<2><3><1><0><1><163><23
>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<
134>H<134><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>
>q<129>X<13>=l?<174><155><170><162><189><20><25>az<19>o<202><250>|B8N<209><2
25><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<21
1><248>oba<
EAP-Message =
JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<21
5><13><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254><206>U?<
214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><162
><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<
129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victor
ia1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do no
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 39
Authentic: <213><239><29><0><5>-<231>H<219><172><199><24><11>i<214><29>
Attributes:
User-Name = "NT\testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
<246><234><230><193><183><194><239>)D<150>f<190><15><145>h<14>
EAP-Message = <2><4><0><6><25><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 287
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Mon Nov 29 11:04:57 2004: DEBUG: Handling request with Handler ''
Mon Nov 29 11:04:57 2004: DEBUG: Deleting session for NT\testuser,
171.64.19.234, 287
Mon Nov 29 11:04:57 2004: DEBUG: Handling with Radius::AuthFILE:
Mon Nov 29 11:04:57 2004: DEBUG: Handling with EAP: code 2, 4, 6
Mon Nov 29 11:04:57 2004: DEBUG: Response type 25
Mon Nov 29 11:04:57 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Nov 29 11:04:57 2004: DEBUG: Access challenged for NT\testuser: EAP PEAP
Challenge
Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Challenge
Identifier: 39
Authentic: <213><239><29><0><5>-<231>H<219><172><199><24><11>i<214><29>
Attributes:
EAP-Message = <1><5><3><238><25>@t use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><
13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><6><19><2
>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbo
urne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
EAP-Message = roduction)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159
>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><
2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><199><214><25
3>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<13
8>n<203>k8<164><239><179>H<237>K<182>mo<155><145><138><143><136><127><230><<
9>l<172><210><205><136><162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185>
<173><234><3>^4<221><252><168>H<178><158><25><235><152><250>g<199><172><250>
uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0><1><163>
<130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>
F0D<173>f]r<193>H?<164><27>ke0<129><247><6><3>U<29>#
EAP-Message =
<4><129><239>0<129><236><128><20><23><2><196>#<233><210>F0D<173>f]r<193>H?<1
64><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19>
<2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Mel
bourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><1><0
>0<12><6><3>U<29><19><4><5>0<3>
EAP-Message =
<1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>0<
3>=<202><190><236>S<216><228>o<177><242><18>hEBe<219>W<136><245>tf<202><143>
<160><29><220>p9<5><24>2<185>)<128><227>8<17><247>'_J<28><159>;_<202><254><2
42>+{=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><193><29>-<228><19><1
84>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>DuY+<156><143><225><149><237>
<135>ix<22>O<231><212><154><184><10>fZ<248>Va#<192><160>l<21><129>0<199>6<22
><3><1><0><220><13><0><0><212><2><1><2><0><207><0><205>0<129><202>1<11>0<9><
6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U
<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certif
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Nov 29 11:04:57 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 40
Authentic: <195>VW<29><140><156>cP<187><218><248><2><131><243><160>@
Attributes:
User-Name = "NT\testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
<245><134>2<178>VV<193><240><212>WJ<215><226>2u~
EAP-Message = <2><5><0><6><25><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 287
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler ''
Mon Nov 29 11:04:58 2004: DEBUG: Deleting session for NT\testuser,
171.64.19.234, 287
Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthFILE:
Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 5, 6
Mon Nov 29 11:04:58 2004: DEBUG: Response type 25
Mon Nov 29 11:04:58 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Nov 29 11:04:58 2004: DEBUG: Access challenged for NT\testuser: EAP PEAP
Challenge
Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Challenge
Identifier: 40
Authentic: <195>VW<29><140><156>cP<187><218><248><2><131><243><160>@
Attributes:
EAP-Message =
<1><6><0><134><25><0>icates1!0<31><6><3>U<4><11><19><24>Test
Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<14><0><0>
<0>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 41
Authentic: <183><KX<175><216><194><233>MlL<206>{<133><192>S
Attributes:
User-Name = "NT\testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
<241><156><25>^m<211><9>W<21><198><162><146>t<141><200>F
EAP-Message =
<2><6><0><199><25><128><0><0><0><189><22><3><1><0><141><11><0><0><3><0><0><0
><16><0><0><130><0><128><179><226><223><254>t<181><129><166><210><141>`<206>
;<140><23><254>m<22>|<171>z<127><156><1><190>p<236>4Q<247>}<246><176><142><2
51><244>Y<229><159>,<163>q<127>$a<179><200><222><216>o<255><11>J[Dk<235>.<21
1><245>U<141><216><15><197><179>r<4><163><169><202><133>3<25><234><175><30>v
<194><254>i0<206>o<183><190><24><206><247><190>T<167><185><0><225><186><182>
<194><14>!6Z<23><254><223>u<178><168><158><149><<206><142><168><233>q<211>;n
<254><14><219><12><226><147><186>gd<20><3><1><0><1><1><22><3><1><0>
'<20>l[<190><2>Ae6<148><218><134><239>8<29><15>~7U<17>R<167>/<15>M<194><142>
<25><7><221><154><184>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 287
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler ''
Mon Nov 29 11:04:58 2004: DEBUG: Deleting session for NT\testuser,
171.64.19.234, 287
Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthFILE:
Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 6, 199
Mon Nov 29 11:04:58 2004: DEBUG: Response type 25
Mon Nov 29 11:04:58 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Mon Nov 29 11:04:58 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Nov 29 11:04:58 2004: DEBUG: Access challenged for NT\testuser: EAP PEAP
Challenge
Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Challenge
Identifier: 41
Authentic: <183><KX<175><216><194><233>MlL<206>{<133><192>S
Attributes:
EAP-Message =
<1><7><0>5<25><128><0><0><0>+<20><3><1><0><1><1><22><3><1><0>
oT<219>#<225><243>0?<136><19><132><166><239><2><219>h<215>3<192>K<21><133>9<
228><127><239><177><223><212><146>`<182>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 42
Authentic: <142>_TC<156><171>I<249><191><237><226><202>W;/5
Attributes:
User-Name = "NT\testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
<198><4><16>!2<193>IL<233><158><166><150><139><208>k!
EAP-Message = <2><7><0><6><25><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 287
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler ''
Mon Nov 29 11:04:58 2004: DEBUG: Deleting session for NT\testuser,
171.64.19.234, 287
Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthFILE:
Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 7, 6
Mon Nov 29 11:04:58 2004: DEBUG: Response type 25
Mon Nov 29 11:04:58 2004: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Nov 29 11:04:58 2004: DEBUG: Access challenged for NT\testuser: EAP PEAP
Challenge
Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Challenge
Identifier: 42
Authentic: <142>_TC<156><171>I<249><191><237><226><202>W;/5
Attributes:
EAP-Message =
<1><8><0><28><25><0><23><3><1><0><17><171><181>GpNQ<224><219><161><30><3><17
6><27><180><210>c<19>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 43
Authentic: |<218><222>^RHe<239><20><196>X<11><129><252><214><138>
Attributes:
User-Name = "NT\testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator = @>R<159><153>OK<15>gm<209><254>t<146>NV
EAP-Message =
<2><8><0>&<25><0><23><3><1><0><27>"<4><167><159><194><182><248><6><139><188>
<250>u<243><129><13><231>z<164>h<150><5><241><178><234>qi<176>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 287
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler ''
Mon Nov 29 11:04:58 2004: DEBUG: Deleting session for NT\testuser,
171.64.19.234, 287
Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthFILE:
Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 8, 38
Mon Nov 29 11:04:58 2004: DEBUG: Response type 25
Mon Nov 29 11:04:58 2004: DEBUG: EAP PEAP inner authentication request for
anonymous
Mon Nov 29 11:04:58 2004: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <255>X<1><129>G<136>\<161>{<179><241>]<170><144>s<138>
Attributes:
EAP-Message = <2><8><0><11><1>NT\testuser
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
NAS-Port = 287
Calling-Station-Id = "000c.41a9.930f"
Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler
'TunnelledByPEAP=1'
Mon Nov 29 11:04:58 2004: DEBUG: Deleting session for , 171.64.19.234, 287
Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthLSA:
Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 8, 11
Mon Nov 29 11:04:58 2004: DEBUG: Response type 1
Mon Nov 29 11:04:58 2004: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Mon Nov 29 11:04:58 2004: DEBUG: Access challenged for anonymous: EAP
MSCHAP-V2 Challenge
Mon Nov 29 11:04:58 2004: DEBUG: EAP result: 3, EAP PEAP inner
authentication redespatched to a Handler
Mon Nov 29 11:04:58 2004: DEBUG: Access challenged for NT\testuser: EAP PEAP
inner authentication redespatched to a Handler
Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Challenge
Identifier: 43
Authentic: |<218><222>^RHe<239><20><196>X<11><129><252><214><138>
Attributes:
EAP-Message =
<1><9><0>8<25><0><23><3><1><0>-)\t<212><167><26><168>*<248><11>T<220>s<3><20
0><22><170><176>E<179><16>KeG<190>o<137><216><201>XW<148><248>8B<138><138>)O
0(<196><211><252><152>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Nov 29 11:04:58 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 44
Authentic: <237>MN<251><158><5>h<9><192><191><197><10>[}<169><225>
Attributes:
User-Name = "NT\testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
<146>P<244><17><168><159><159>Sc<255><229><234><230>-<156><233>
EAP-Message =
<2><9><0>\<25><0><23><3><1><0>Q*<145>2<145>,|Y<158><165>\O<160><182><239><16
>6z<227><237><189>@<195><130><242><128>h<130><216><250><24>XX<140><179><217>
<27><192><157><208><243><213><162>6<209><247>f<165>]<152>&8<175><160>5<217><
24><27><189><27>s<206>m\<8><173><154><244>]UX<18><230>a<210><127><255>ZV<239
>d<159>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 287
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler ''
Mon Nov 29 11:04:58 2004: DEBUG: Deleting session for NT\testuser,
171.64.19.234, 287
Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthFILE:
Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 9, 92
Mon Nov 29 11:04:58 2004: DEBUG: Response type 25
Mon Nov 29 11:04:58 2004: DEBUG: EAP PEAP inner authentication request for
anonymous
Mon Nov 29 11:04:58 2004: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <233><187><249><170>9w<255><26><207><205>j<147>C<160><241>4
Attributes:
EAP-Message =
<2><9><0>A<26><2><9><0>@11<141><24>t<3><31>a<170><169>_T<28><26><25><217>Z<0
><0><0><0><0><0><0><0><14>Z<191><14><152><23><196><0><194>|<204>0<142>o0<20>
q<202><137>7<227><204>l<255><0>NT\testuser
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
NAS-Port = 287
Calling-Station-Id = "000c.41a9.930f"
Mon Nov 29 11:04:58 2004: DEBUG: Handling request with Handler
'TunnelledByPEAP=1'
Mon Nov 29 11:04:58 2004: DEBUG: Deleting session for , 171.64.19.234, 287
Mon Nov 29 11:04:58 2004: DEBUG: Handling with Radius::AuthLSA:
Mon Nov 29 11:04:58 2004: DEBUG: Handling with EAP: code 2, 9, 65
Mon Nov 29 11:04:58 2004: DEBUG: Response type 26
Mon Nov 29 11:04:58 2004: DEBUG: Radius::AuthLSA looks for match with
NT\testuser
Mon Nov 29 11:04:58 2004: DEBUG: Radius::AuthLSA ACCEPT:
Mon Nov 29 11:04:59 2004: WARNING: Could not LogonUserNetworkMSCHAP (V2):
3221225581, 0, Logon failure: unknown user name or bad password.
Mon Nov 29 11:04:59 2004: DEBUG: EAP result: 1, EAP MSCHAP-V2 Authentication
failure
Mon Nov 29 11:04:59 2004: INFO: Access rejected for anonymous: EAP MSCHAP-V2
Authentication failure
Mon Nov 29 11:04:59 2004: DEBUG: EAP result: 3, EAP PEAP inner
authentication redespatched to a Handler
Mon Nov 29 11:04:59 2004: DEBUG: Access challenged for NT\testuser: EAP PEAP
inner authentication redespatched to a Handler
Mon Nov 29 11:04:59 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Challenge
Identifier: 44
Authentic: <237>MN<251><158><5>h<9><192><191><197><10>[}<169><225>
Attributes:
EAP-Message =
<1><10><0>&<25><0><23><3><1><0><27><189>m0<5>X<21><18>*h<1><231>I\<147><230>
T<142>c<182>9<207>L<127><140>Y<253><144>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Nov 29 11:04:59 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 45
Authentic: <232><156><161><194>F<2>5<165>Y<217>0<247><171><167>R<151>
Attributes:
User-Name = "NT\testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
<8>f<170><13><172><25><230><250><241>r<241><255><237><189>)8
EAP-Message =
<2><10><0>&<25><0><23><3><1><0><27><155><199><223><161><174><197><134>{<137>
<175><173><191><165><6>p<180><10><162><210><214><191>{h<229><134>_@
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 287
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Mon Nov 29 11:04:59 2004: DEBUG: Handling request with Handler ''
Mon Nov 29 11:04:59 2004: DEBUG: Deleting session for NT\testuser,
171.64.19.234, 287
Mon Nov 29 11:04:59 2004: DEBUG: Handling with Radius::AuthFILE:
Mon Nov 29 11:04:59 2004: DEBUG: Handling with EAP: code 2, 10, 38
Mon Nov 29 11:04:59 2004: DEBUG: Response type 25
Mon Nov 29 11:04:59 2004: DEBUG: EAP result: 1, PEAP Authentication Failure
Mon Nov 29 11:04:59 2004: INFO: Access rejected for NT\testuser: PEAP
Authentication Failure
Mon Nov 29 11:04:59 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Reject
Identifier: 45
Authentic: <232><156><161><194>F<2>5<165>Y<217>0<247><171><167>R<151>
Attributes:
EAP-Message = <4><10><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
******* END TRACE OUTPUT *******
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list