(RADIATOR) Mac-Adress Check and LDAP on OS X
Urs Landis
urs.landis at mac.com
Mon Feb 28 11:51:10 CST 2005
Hi all
now i tried with LEAP. with radpwtst it looks great! With the access
point i have a strange error message! It looks for a user in the
mac-address file! But why?
my config
# leap.cfg
#
Foreground
LogStdout
LogDir /var/log/radius
DbDir /etc/radiator
# User a lower trace level in production systems:
Trace 4
<Client DEFAULT>
Secret xxxyyy
DupInterval 0
</Client>
<AuthBy FILE>
Identifier CheckMACAddress
Filename %D/addresses.mac
AuthenticateAttribute Calling-Station-Id
EAPType LEAP
</AuthBy>
<AuthBy LDAP2>
Identifier CheckLDAP
Host xxx.xxx.xxx.xxx
BaseDN dc=aaa, dc=bbb
Version 3
UsernameAttr uid
ServerChecksPassword
SearchFilter (&(uid=%1)(buildingName=WLAN))
AddToReply buildingName
</AuthBy>
<Handler DEFAULT>
AuthBy CheckMACAddress
</Handler>
The trace 4 log:
Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
*** Received from 192.168.95.59 port 21648 ....
Code: Access-Request
Identifier: 224
Authentic: <184><198>f<136>t<211>`]<162>=W<9><131><26><17>M
Attributes:
User-Name = "urs_landis"
Framed-MTU = 1400
Called-Station-Id = "0013.19fc.2f90"
Calling-Station-Id = "0030.6503.0a96"
Service-Type = Login-User
Message-Authenticator =
<158><208>Y<145><244><8>>.<155>U<12><159><177><17><237>g
EAP-Message = <2><1><0><15><1>urs_landis
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 1050
NAS-IP-Address = 192.168.95.59
NAS-Identifier = "AP-09-023"
Mon Feb 28 18:44:09 2005: DEBUG: Handling request with Handler 'DEFAULT'
Mon Feb 28 18:44:09 2005: DEBUG: Deleting session for urs_landis,
192.168.95.59, 1050
Mon Feb 28 18:44:09 2005: DEBUG: Handling with Radius::AuthFILE:
CheckMACAddress
Mon Feb 28 18:44:09 2005: DEBUG: Handling with EAP: code 2, 1, 15
Mon Feb 28 18:44:09 2005: DEBUG: Response type 1
Mon Feb 28 18:44:09 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
Mon Feb 28 18:44:09 2005: DEBUG: Access challenged for urs_landis: EAP
LEAP Challenge
Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
*** Sending to 192.168.95.59 port 21648 ....
Code: Access-Challenge
Identifier: 224
Authentic: <184><198>f<136>t<211>`]<162>=W<9><131><26><17>M
Attributes:
EAP-Message =
<1><2><0><26><17><1><0><8>6<249>#<6>I<127><189><20>urs_landis
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
*** Received from 192.168.95.59 port 21648 ....
Code: Access-Request
Identifier: 225
Authentic: <238><208><201>#|<148>q<172><12><201><140><132><3><<132>n
Attributes:
User-Name = "urs_landis"
Framed-MTU = 1400
Called-Station-Id = "0013.19fc.2f90"
Calling-Station-Id = "0030.6503.0a96"
Service-Type = Login-User
Message-Authenticator =
<26><194><2><30><201><144>E<181><31><193><251>g<23><205><127><13>
EAP-Message =
<2><2><0>*<17><1><0><24><188><6><24>t<7>W]<203>B<191><6>(<29><233><216><
141>;%<235><27>^?<27><161>urs_landis
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 1050
NAS-IP-Address = 192.168.95.59
NAS-Identifier = "AP-09-023"
Mon Feb 28 18:44:09 2005: DEBUG: Handling request with Handler 'DEFAULT'
Mon Feb 28 18:44:09 2005: DEBUG: Deleting session for urs_landis,
192.168.95.59, 1050
Mon Feb 28 18:44:09 2005: DEBUG: Handling with Radius::AuthFILE:
CheckMACAddress
Mon Feb 28 18:44:09 2005: DEBUG: Handling with EAP: code 2, 2, 42
Mon Feb 28 18:44:09 2005: DEBUG: Response type 17
Mon Feb 28 18:44:09 2005: DEBUG: Radius::AuthFILE looks for match with
urs_landis
Mon Feb 28 18:44:09 2005: DEBUG: EAP result: 1, EAP LEAP failed: no
such user urs_landis
Mon Feb 28 18:44:09 2005: INFO: Access rejected for urs_landis: EAP
LEAP failed: no such user urs_landis
Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
*** Sending to 192.168.95.59 port 21648 ....
Code: Access-Reject
Identifier: 225
Authentic: <238><208><201>#|<148>q<172><12><201><140><132><3><<132>n
Attributes:
EAP-Message = <4><2><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
*** Received from 192.168.95.59 port 21648 ....
Code: Access-Request
Identifier: 226
Authentic: <246>8Hc<246>P<186>q<136>J<147><252><238><22><184>$
Attributes:
User-Name = "urs_landis"
Framed-MTU = 1400
Called-Station-Id = "0013.19fc.2f90"
Calling-Station-Id = "0030.6503.0a96"
Service-Type = Login-User
Message-Authenticator =
<171><226><160><206>#<240><204><29><237><11><22><243><127>e<156><129>
EAP-Message = <2><1><0><15><1>urs_landis
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 1051
NAS-IP-Address = 192.168.95.59
NAS-Identifier = "AP-09-023"
Mon Feb 28 18:44:10 2005: DEBUG: Handling request with Handler 'DEFAULT'
Mon Feb 28 18:44:10 2005: DEBUG: Deleting session for urs_landis,
192.168.95.59, 1051
Mon Feb 28 18:44:10 2005: DEBUG: Handling with Radius::AuthFILE:
CheckMACAddress
Mon Feb 28 18:44:10 2005: DEBUG: Handling with EAP: code 2, 1, 15
Mon Feb 28 18:44:10 2005: DEBUG: Response type 1
Mon Feb 28 18:44:10 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
Mon Feb 28 18:44:10 2005: DEBUG: Access challenged for urs_landis: EAP
LEAP Challenge
Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
*** Sending to 192.168.95.59 port 21648 ....
Code: Access-Challenge
Identifier: 226
Authentic: <246>8Hc<246>P<186>q<136>J<147><252><238><22><184>$
Attributes:
EAP-Message =
<1><2><0><26><17><1><0><8><17>(<251><195><230>E<237>durs_landis
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
*** Received from 192.168.95.59 port 21648 ....
Code: Access-Request
Identifier: 227
Authentic: <2><251><21><205><234>4<215>o<244><231>=<200><188>^<167>x
Attributes:
User-Name = "urs_landis"
Framed-MTU = 1400
Called-Station-Id = "0013.19fc.2f90"
Calling-Station-Id = "0030.6503.0a96"
Service-Type = Login-User
Message-Authenticator =
<255>,<171>K<219><221>Y'<157><180>+e<164>X-&
EAP-Message =
<2><2><0>*<17><1><0><24><157>G<24><197>*!
K<136><0>t<254>V<228><161><177><155>&<4><19><205><204>M<170>3urs_landis
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 1051
NAS-IP-Address = 192.168.95.59
NAS-Identifier = "AP-09-023"
Mon Feb 28 18:44:10 2005: DEBUG: Handling request with Handler 'DEFAULT'
Mon Feb 28 18:44:10 2005: DEBUG: Deleting session for urs_landis,
192.168.95.59, 1051
Mon Feb 28 18:44:10 2005: DEBUG: Handling with Radius::AuthFILE:
CheckMACAddress
Mon Feb 28 18:44:10 2005: DEBUG: Handling with EAP: code 2, 2, 42
Mon Feb 28 18:44:10 2005: DEBUG: Response type 17
Mon Feb 28 18:44:10 2005: DEBUG: Radius::AuthFILE looks for match with
urs_landis
Mon Feb 28 18:44:10 2005: DEBUG: EAP result: 1, EAP LEAP failed: no
such user urs_landis
Mon Feb 28 18:44:10 2005: INFO: Access rejected for urs_landis: EAP
LEAP failed: no such user urs_landis
Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
*** Sending to 192.168.95.59 port 21648 ....
Code: Access-Reject
Identifier: 227
Authentic: <2><251><21><205><234>4<215>o<244><231>=<200><188>^<167>x
Attributes:
EAP-Message = <4><2><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
*** Received from 192.168.95.59 port 21648 ....
Code: Access-Request
Identifier: 228
Authentic: +h<201><218>1o<163><186><148><246><194><238>q<186><225>9
Attributes:
User-Name = "urs_landis"
Framed-MTU = 1400
Called-Station-Id = "0013.19fc.2f90"
Calling-Station-Id = "0030.6503.0a96"
Service-Type = Login-User
Message-Authenticator =
7<152>!c<159><4>w<173><191>Pt<138><147><231><15>%
EAP-Message = <2><1><0><15><1>urs_landis
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 1052
NAS-IP-Address = 192.168.95.59
NAS-Identifier = "AP-09-023"
Mon Feb 28 18:44:12 2005: DEBUG: Handling request with Handler 'DEFAULT'
Mon Feb 28 18:44:12 2005: DEBUG: Deleting session for urs_landis,
192.168.95.59, 1052
Mon Feb 28 18:44:12 2005: DEBUG: Handling with Radius::AuthFILE:
CheckMACAddress
Mon Feb 28 18:44:12 2005: DEBUG: Handling with EAP: code 2, 1, 15
Mon Feb 28 18:44:12 2005: DEBUG: Response type 1
Mon Feb 28 18:44:12 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
Mon Feb 28 18:44:12 2005: DEBUG: Access challenged for urs_landis: EAP
LEAP Challenge
Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
*** Sending to 192.168.95.59 port 21648 ....
Code: Access-Challenge
Identifier: 228
Authentic: +h<201><218>1o<163><186><148><246><194><238>q<186><225>9
Attributes:
EAP-Message =
<1><2><0><26><17><1><0><8><255><175><20>p<190>&<225>Vurs_landis
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
*** Received from 192.168.95.59 port 21648 ....
Code: Access-Request
Identifier: 229
Authentic:
<254><148><29><176>"<251><146><163>4<219><141><231>U<203><193><159>
Attributes:
User-Name = "urs_landis"
Framed-MTU = 1400
Called-Station-Id = "0013.19fc.2f90"
Calling-Station-Id = "0030.6503.0a96"
Service-Type = Login-User
Message-Authenticator = c<189>n?`-X0[6$<186><186>j<5>F
EAP-Message =
<2><2><0>*<17><1><0><24><233>;
<243>P<240><160>9i<25>q<229><4><188>[bQt*8<179><197><15>|<235>urs_landis
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 1052
NAS-IP-Address = 192.168.95.59
NAS-Identifier = "AP-09-023"
Mon Feb 28 18:44:12 2005: DEBUG: Handling request with Handler 'DEFAULT'
Mon Feb 28 18:44:12 2005: DEBUG: Deleting session for urs_landis,
192.168.95.59, 1052
Mon Feb 28 18:44:12 2005: DEBUG: Handling with Radius::AuthFILE:
CheckMACAddress
Mon Feb 28 18:44:12 2005: DEBUG: Handling with EAP: code 2, 2, 42
Mon Feb 28 18:44:12 2005: DEBUG: Response type 17
Mon Feb 28 18:44:12 2005: DEBUG: Radius::AuthFILE looks for match with
urs_landis
Mon Feb 28 18:44:12 2005: DEBUG: EAP result: 1, EAP LEAP failed: no
such user urs_landis
Mon Feb 28 18:44:12 2005: INFO: Access rejected for urs_landis: EAP
LEAP failed: no such user urs_landis
Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
*** Sending to 192.168.95.59 port 21648 ....
Code: Access-Reject
Identifier: 229
Authentic:
<254><148><29><176>"<251><146><163>4<219><141><231>U<203><193><159>
Attributes:
EAP-Message = <4><2><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
*** Received from 192.168.95.59 port 21648 ....
Code: Access-Request
Identifier: 230
Authentic: N<217>V<237><12>(<166>(<201><216><208><173>Q<9><239><29>
Attributes:
User-Name = "urs_landis"
Framed-MTU = 1400
Called-Station-Id = "0013.19fc.2f90"
Calling-Station-Id = "0030.6503.0a96"
Service-Type = Login-User
Message-Authenticator =
<182>7ZH<150><235>E<15><185><250>g<235><1><145><192>C
EAP-Message = <2><1><0><15><1>urs_landis
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 1053
NAS-IP-Address = 192.168.95.59
NAS-Identifier = "AP-09-023"
Mon Feb 28 18:44:13 2005: DEBUG: Handling request with Handler 'DEFAULT'
Mon Feb 28 18:44:13 2005: DEBUG: Deleting session for urs_landis,
192.168.95.59, 1053
Mon Feb 28 18:44:13 2005: DEBUG: Handling with Radius::AuthFILE:
CheckMACAddress
Mon Feb 28 18:44:13 2005: DEBUG: Handling with EAP: code 2, 1, 15
Mon Feb 28 18:44:13 2005: DEBUG: Response type 1
Mon Feb 28 18:44:13 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
Mon Feb 28 18:44:13 2005: DEBUG: Access challenged for urs_landis: EAP
LEAP Challenge
Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
*** Sending to 192.168.95.59 port 21648 ....
Code: Access-Challenge
Identifier: 230
Authentic: N<217>V<237><12>(<166>(<201><216><208><173>Q<9><239><29>
Attributes:
EAP-Message =
<1><2><0><26><17><1><0><8>|+M<237>u<144>4<183>urs_landis
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
*** Received from 192.168.95.59 port 21648 ....
Code: Access-Request
Identifier: 231
Authentic: <155><235><174>$[Q<247><6><162>d<211>i<189><198><241><230>
Attributes:
User-Name = "urs_landis"
Framed-MTU = 1400
Called-Station-Id = "0013.19fc.2f90"
Calling-Station-Id = "0030.6503.0a96"
Service-Type = Login-User
Message-Authenticator =
<159><242>U<173><149><158><164><236><245><135>j<149><144><206>_W
EAP-Message =
<2><2><0>*<17><1><0><24>;
<20><245>Y<155><18><241><138>U#<208><1><169>o<252>$<231><8>.<131><236><2
06><237><253>urs_landis
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 1053
NAS-IP-Address = 192.168.95.59
NAS-Identifier = "AP-09-023"
Mon Feb 28 18:44:13 2005: DEBUG: Handling request with Handler 'DEFAULT'
Mon Feb 28 18:44:13 2005: DEBUG: Deleting session for urs_landis,
192.168.95.59, 1053
Mon Feb 28 18:44:13 2005: DEBUG: Handling with Radius::AuthFILE:
CheckMACAddress
Mon Feb 28 18:44:13 2005: DEBUG: Handling with EAP: code 2, 2, 42
Mon Feb 28 18:44:13 2005: DEBUG: Response type 17
Mon Feb 28 18:44:13 2005: DEBUG: Radius::AuthFILE looks for match with
urs_landis
Mon Feb 28 18:44:13 2005: DEBUG: EAP result: 1, EAP LEAP failed: no
such user urs_landis
Mon Feb 28 18:44:13 2005: INFO: Access rejected for urs_landis: EAP
LEAP failed: no such user urs_landis
Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
*** Sending to 192.168.95.59 port 21648 ....
Code: Access-Reject
Identifier: 231
Authentic: <155><235><174>$[Q<247><6><162>d<211>i<189><198><241><230>
Attributes:
EAP-Message = <4><2><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Mit freundlichen Grüssen
Urs Landis
ICT
Kantonsschule
Hohe Promenade
Promenadengasse 11
CH-8001 Zürich
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list