(RADIATOR) MAC address filtering?
Hugh Irvine
hugh at open.com.au
Mon Jan 24 18:40:34 CST 2005
Hello Jim -
Thanks for sending the configuration and debug - it helps enormously.
The problem is that the Called-Station-Id / Calling-Station-Id are not
included in the inner request.
Therefore here is an alternative configuration - note the changed
addresses.mac file and the changed configuration file.
Please let me know how you get on.
regards
Hugh
# CONTENTS OF addresses.mac (single mac address of my test notebook)
000bcd5a0861 Auth-Type = Accept
# configuration file
AuthPort 1812
AcctPort 1813
Foreground
LogStdout
LogDir /var/log/radius
DbDir /etc/radiator
Trace 4
<Client DEFAULT>
Secret xxxxxxxxxx
DupInterval 0
</Client>
<AuthBy FILE>
Identifier CheckMACAddress
Filename /etc/radiator/addresses.mac
AuthenticateAttribute Calling-Station-Id
</AuthBy>
<AuthBy LDAP2>
Identifier CheckLDAP
Host ren.chesterfield.mo.us
AuthDN cn=admin,o=coc
AuthPassword xxxxxxxxxxxx
BaseDN ou=Users,o=Private
UsernameAttr cn
ServerChecksPassword
SearchFilter (&(cn=%1)(cocWLANAllowed=true))
</AuthBy>
<Handler TunnelledByTTLS=1>
AuthBy CheckLDAP
</Handler>
<Handler>
AuthByPolicy ContinueWhileAccept
AuthBy CheckMACAddress
<AuthBy FILE>
Filename /etc/radiator/users
EAPType TTLS
EAPTLS_CAFile /etc/radiator/certificates/digicert.pem
EAPTLS_CertificateFile
/etc/radiator/certificates/star_chesterfield_mo_us.crt
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile
/etc/radiator/certificates/digicert.pem
EAPTLS_PrivateKeyPassword locutusofborg
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
</AuthBy>
</Handler>
On 25 Jan 2005, at 10:54, Jim Michael wrote:
> Hello Jim -
>
>> As mentioned in my previous mail (shown below) the
>> contents of the file
> <snip>
>> BTW - when you are having problems it is much
>> easier for me to see what
>> is going on if you send me a copy of the
>> configuration file (no
>> secrets) together with a trace 4 debug showing
>> what is happening.
>
> Sorry for the confusion, Hugh! I had indeed already created the
> addresses.mac file with your code, but it didn't work. I'm posting my
> complete config file, and after that, the log of me trying to log in.
>> From what I can decipher of the log, it is not trying ldap2 at all,
>> but
> instead looking for "jimm" in the flat file.
>
> Jim
>
> CONFIG FILE START
> AuthPort 1812
> AcctPort 1813
> Foreground
> LogStdout
> LogDir /var/log/radius
> DbDir /etc/radiator
> Trace 4
>
> <Client DEFAULT>
> Secret xxxxxxxxxx
> DupInterval 0
> </Client>
>
> <AuthBy FILE>
> Identifier CheckMACAddress
> Filename /etc/radiator/addresses.mac
> AuthenticateAttribute Calling-Station-Id
> </AuthBy>
>
> <AuthBy LDAP2>
> Identifier CheckLDAP
> Host ren.chesterfield.mo.us
> AuthDN cn=admin,o=coc
> AuthPassword xxxxxxxxxxxx
> BaseDN ou=Users,o=Private
> UsernameAttr cn
> ServerChecksPassword
> SearchFilter (&(cn=%1)(cocWLANAllowed=true))
> </AuthBy>
>
> <Handler TunnelledByTTLS=1>
> AuthBy CheckMACAddress
> </Handler>
>
> <Handler>
> <AuthBy FILE>
> Filename /etc/radiator/users
> EAPType TTLS
> EAPTLS_CAFile /etc/radiator/certificates/digicert.pem
> EAPTLS_CertificateFile
> /etc/radiator/certificates/star_chesterfield_mo_us.crt
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile
> /etc/radiator/certificates/digicert.pem
> EAPTLS_PrivateKeyPassword locutusofborg
> EAPTLS_MaxFragmentSize 1000
> AutoMPPEKeys
> </AuthBy>
> </Handler>
> CONFIG FILE END
>
> CONTENTS OF addresses.mac (single mac address of my test notebook)
>
> 000bcd5a0861 Auth-Type = CheckLDAP
>
> LOG FILE START
> Mon Jan 24 17:42:00 2005: DEBUG: Finished reading configuration file
> '/etc/radiator/coc.cfg'
> Mon Jan 24 17:42:00 2005: DEBUG: Reading dictionary file
> '/etc/radiator/dictionary'
> Mon Jan 24 17:42:00 2005: DEBUG: Creating authentication port
> 0.0.0.0:1812
> Mon Jan 24 17:42:00 2005: DEBUG: Creating accounting port 0.0.0.0:1813
> Mon Jan 24 17:42:00 2005: NOTICE: Server started: Radiator 3.11 on
> suser (LOCKED)
> Mon Jan 24 17:42:04 2005: DEBUG: Finished reading configuration file
> '/etc/radiator/coc.cfg'
> Mon Jan 24 17:42:04 2005: DEBUG: Reading dictionary file
> '/etc/radiator/dictionary'
> Mon Jan 24 17:42:04 2005: DEBUG: Creating authentication port
> 0.0.0.0:1812
> Mon Jan 24 17:42:04 2005: DEBUG: Creating accounting port 0.0.0.0:1813
> Mon Jan 24 17:42:04 2005: NOTICE: Server started: Radiator 3.11 on
> suser (LOCKED)
> Mon Jan 24 17:42:10 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1697 ....
> Code: Access-Request
> Identifier: 66
> Authentic: H<136>H<136>H<136>H<136>H<136>H<136>H<136>H<136>
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 2
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message = <2><1><0><14><1>anonymous
> Message-Authenticator =
> <5><15>j<199>T)P<244><212>CRT<199>Au<140>
>
> Mon Jan 24 17:42:10 2005: DEBUG: Handling request with Handler ''
> Mon Jan 24 17:42:10 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 2
> Mon Jan 24 17:42:10 2005: DEBUG: Handling with Radius::AuthFILE:
> Mon Jan 24 17:42:10 2005: DEBUG: Handling with EAP: code 2, 1, 14
> Mon Jan 24 17:42:10 2005: DEBUG: Response type 1
> Mon Jan 24 17:42:10 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan 24 17:42:10 2005: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan 24 17:42:10 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1697 ....
> Code: Access-Challenge
> Identifier: 66
> Authentic: H<136>H<136>H<136>H<136>H<136>H<136>H<136>H<136>
> Attributes:
> EAP-Message = <1><2><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 24 17:42:10 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1698 ....
> Code: Access-Request
> Identifier: 67
> Authentic: a`a`a`a`a`a`a`a`
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 2
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message =
> <2><2><0><130><21><128><0><0><0>x<22><3><1><0>s<1><0><0>o<3><1>A<245><1
> 35><209>f!<151><1><173><4><227><18>P<231><159>a<16><227>y<147>SNA?;
> <4><218>~<203><23><9>j
> <182><232>z<137><247><197>V<221><197><161><138><213><207>;
> Z<149>P<183>_W<3><23>^<172><158>C\<24><204>!
> <233>9<0>(<0><22><0><19><0>f<0><21><0><18><0><10><0><5><0><4><0><9><0>c
> <0>e<0>`<0>b<0>a<0>d<0><20><0><17><0><3><0><6><0><8><1><0>
> Message-Authenticator =
> <191>k<251><25><199><203><241><160><148><242><29><204><24>m<15>s
>
> Mon Jan 24 17:42:10 2005: DEBUG: Handling request with Handler ''
> Mon Jan 24 17:42:10 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 2
> Mon Jan 24 17:42:10 2005: DEBUG: Handling with Radius::AuthFILE:
> Mon Jan 24 17:42:10 2005: DEBUG: Handling with EAP: code 2, 2, 130
> Mon Jan 24 17:42:10 2005: DEBUG: Response type 21
> Mon Jan 24 17:42:10 2005: DEBUG: EAP TTLS data, 24576, 2, -1
> Mon Jan 24 17:42:10 2005: DEBUG: EAP TLS SSL_accept result: -1, 2,
> 8576
> Mon Jan 24 17:42:10 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan 24 17:42:10 2005: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan 24 17:42:10 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1698 ....
> Code: Access-Challenge
> Identifier: 67
> Authentic: a`a`a`a`a`a`a`a`
> Attributes:
> EAP-Message =
> <1><3><3><242><21><192><0><0><10>h<22><3><1><0>J<2><0><0>F<3><1>A<245><
> 135><210>&6<164><212><2><197>7<153>i}<150><198>
> <128>+<186>`<242><13><188>h><243>z<31><191><162>
> I<232>Ks<238><140>I<201>dGD{<216>'`<3><2>
> <155><246><204><152><156><165><149>=<28><153><173><151>;
> f<0><10><0><22><3><1><8><213><11><0><8><209><0><8><206><0><4>T0<130><4>
> P0<130><3>8<160><3><2><1><2><2><16>UPH<255>9<15><147><25><219><183><133
> ><143><26>ja<13>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0M1<11>0
> <9><6><3>U<4><6><19><2>US1<22>0<20><6><3>U<4><10><19><13>DigiCert
> Inc.1&0$<6><3>U<4><3><19><29>DigiCert Security Services
> CA0<30><23><13>041112000000Z<23><13>06011
> EAP-Message =
> 1235959Z0<129><215>1<11>0<9><6><3>U<4><6><19><2>US1<17>0<15><6><3>U<4><
> 8><19><8>Missouri1<21>0<19><6><3>U<4><7><19><12>Chesterfield1<29>0<27><
> 6><3>U<4><10><19><20>City
> of Chesterfield1<28>0<26><6><3>U<4><11><19><19>Information
> Systems1#0!<6><3>U<4><11><19><26>Provided by DigiCert,
> Inc.1<29>0<27><6><3>U<4><11><19><20>DigiCertSSL
> Wildcard1<29>0<27><6><3>U<4><3><20><20>*.chesterfield.mo.us0<129><159>0
> <13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><13
> 7><2><129>
> EAP-Message =
> <129><0><201><187><180><213>rS<215><246>R<170><26>~U<197><12><216>|<21>
> <200><214><19>g<24>A%?
> RQ<3><243><176><168><5><164><167>I(<151><16><144><231><127>|<241><250>6
> <141><219><184><162><128><200>C<159><246><197>n<254>d<186>J<170><187><1
> 31><136><247>G<211>CJL<234><234><187>[<163><248>ua<228><190><245>!'G<18
> 7><194><157><171>8<231>)}<137><171><178><178>;<214><237>)<31><200>?
> <242><5><10><138><16>B<20><23>.C<181>;
> <21><182><212><169><154><228><10><131>@`<147><221><2><3><1><0><1><163><
> 130><1>#0<130><1><31>0<31><6><3>U<29>#<4><24>0<22><128><20>0T<225>@c<27
> >
> <152>Wr0?bK<8>/
> S<135>=<8>0<29><6><3>U<29><14><4><22><4><20><243>7<145>W<237>aX^Qd<239>
> 9<146><211><218><130><240>W<148><13>0<14><6><3>U<29><15><1><1><255><4><
> 4><3><2><5><160>0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<29><6><3>U<2
> 9>%<4><22>0<20><6><8>+<6><1>
> EAP-Message =
> <5><5><7><3><1><6><8>+<6><1><5><5><7><3><2>0<129><140><6><3>U<29><31><4
> ><129><132>0<129><129>0><160><<160>:<134>8http://crl.digicert.com/
> DigiCertSecurityServicesCA_2.crl0?<160>=<160>;<134>9http://
> crl2.digicert.com/
> DigiCertSecurityServicesCA_2.crl0<17><6><9>`<134>H<1><134><248>B<1><1><
> 4><4><3><2><6><192>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><1
> 30><1><1><0><202>c<255><163>k<223><138><156><162><188><247><149><162>W<
> 255>B<146><12>D<226><189>X<26><254>]<211>yl<20><28>ro3$<248><194><15><1
> 44><200><20>K<191><165><216>7<206>(<176><242>$<15><237><164><177>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 24 17:42:10 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1699 ....
> Code: Access-Request
> Identifier: 68
> Authentic: o<147>o<147>o<147>o<147>o<147>o<147>o<147>o<147>
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 2
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message = <2><3><0><6><21><0>
> Message-Authenticator =
> <143><230><240>oa<24><135>U|<154><179><15>-<198>*<203>
>
> Mon Jan 24 17:42:10 2005: DEBUG: Handling request with Handler ''
> Mon Jan 24 17:42:10 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 2
> Mon Jan 24 17:42:10 2005: DEBUG: Handling with Radius::AuthFILE:
> Mon Jan 24 17:42:10 2005: DEBUG: Handling with EAP: code 2, 3, 6
> Mon Jan 24 17:42:10 2005: DEBUG: Response type 21
> Mon Jan 24 17:42:10 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan 24 17:42:10 2005: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan 24 17:42:10 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1699 ....
> Code: Access-Challenge
> Identifier: 68
> Authentic: o<147>o<147>o<147>o<147>o<147>o<147>o<147>o<147>
> Attributes:
> EAP-Message =
> <1><4><3><238><21>@'<18>d<204><137><14>@<14><156>m<253><157><140><22>J<
> 159><177><146><212>z<176><210>`<207>y<2><216><1><22><155>r<232><239>
> <148><199><178><220><236>+<196><227><198><134><228>b`@<184>/
> <131>^l<235><132><20><208><128>*<188><245>D\M<164><21><182><6><138>!
> h<196><176>I<240><227><207><222><249>_<2><254>%n89<6><169>uC<173>9<177>
> O<189><145>=<0><31><142><254>dR<174>c<9><27><138><230><27><215>i<137><1
> 36>\0M0gL<156>@<195>E`S<168>"<201><254><211><171>swWw<0>)d<181><31><156
> ><22><173><12>(c<151>Te
> <196><7><10><172>>R<20><13><219>[<172>b<16><250><210><246><175><161><13
> 1>xR<19><237>d<10>"$y<7><150><141><249><236>D<171>e<173><148><190><216>
> <226>H<168>WT<200><239><129><201>5R<0><4>t0<130><4>p0<130><3><217><160>
> <3><2><1><2><2><4><4><0><3><163>0<13><6><9>*<134>H<134><247><13><1><1><
> 5><5><0>0u1<11>0<9><6><3>
> EAP-Message =
> U<4><6><19><2>US1<24>0<22><6><3>U<4><10><19><15>GTE
> Corporation1'0%<6><3>U<4><11><19><30>GTE CyberTrust Solutions,
> Inc.1#0!<6><3>U<4><3><19><26>GTE CyberTrust Global
> Root0<30><23><13>041013185100Z<23><13>111013235900Z0M1<11>0<9><6><3>U<4
> ><6><19><2>US1<22>0<20><6><3>U<4><10><19><13>DigiCert
> Inc.1&0$<6><3>U<4><3><19><29>DigiCert Security Services
> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><
> 15><0>0<130><1><10><2><130><1>
> EAP-Message =
> <1><0><208><170><180><165>\f<254><16><171>p<31><18><201><216>Sl/
> E<134>m<17>q<172><179><242>z<18><237>_<13><201>-
> <223><219>X<148>va<15>0<14>g<23><7><202><170>
> <15>-
> <15><186><143><19>F{<238>)<220>%<167><238>g=]'<234>K<222><254><213><227
> ><224><205><253><229><201><129><231>O<206>I6<164><244><7>1<144>jy<142><
> 197>sh<229>:<168>!?<249><249><242>`<202><225>n<234>g9/
> <201><152><129><146><188><184>wCs<185>1"<190><146><253><180>4<232><163>
> <184>wxM<132><240>+<224>v<246><162>_<18>yY<231>W<145><154><14>)<136><16
> 5><203>=<172><250><254>t<151><171><11><187>7V<180><131><200>R<135><19>=
> Qe<231><23>5<139>X<243>Bc]<1><244>z<23><136><174>E<11>u<228><24><242><1
> 59>g<5>|<11>Z<139><200><220><128>}G<131><180>.<160><225><208>t0X<136><4
> ><23><169><196>5<22><151><<236><222><211><14>Z<200>q<156><20><159><165>
> <232><173>u<157><3> <166>j<138>0,<205>]|<132>_
> EAP-Message =
> <200><245>M<159>[<2><3><1><0><1><163><130><1><175>0<130><1><171>0E<6><3
> >U<29><31><4>>0<0:<160>8<160>6<134>4http://www.public-trust.com/cgi-
> bin/CRL/2018/cdp.crl0<29><6><3>U<29><14><4><22><4><20>0T<225>@c<27>
> <152>Wr0?bK<8>/S<135>=<8>0<129><146><6><3>U<29>
> <4><129><138>0<129><135>0H<6><9>+<6><1><4><1><177>><1><0>0;
> 09<6><8>+<6><1><5><5><7><2><1><22>-http://www.public-trust.com/CPS/
> OmniRoot.html0;
> <6><12>+<6><1><4><1><178>1<1><2><1><3><1>0+0)<6><8>+<6><1><5><5><7><2><
> 1><22><29>https:/
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 24 17:42:11 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1700 ....
> Code: Access-Request
> Identifier: 69
> Authentic: ;<255>;<255>;<255>;<255>;<255>;<255>;<255>;<255>
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 2
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message = <2><4><0><6><21><0>
> Message-Authenticator =
> _<20><166><234><180><2>9M<241><29>vi<199><212>~<229>
>
> Mon Jan 24 17:42:11 2005: DEBUG: Handling request with Handler ''
> Mon Jan 24 17:42:11 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 2
> Mon Jan 24 17:42:11 2005: DEBUG: Handling with Radius::AuthFILE:
> Mon Jan 24 17:42:11 2005: DEBUG: Handling with EAP: code 2, 4, 6
> Mon Jan 24 17:42:11 2005: DEBUG: Response type 21
> Mon Jan 24 17:42:11 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan 24 17:42:11 2005: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan 24 17:42:11 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1700 ....
> Code: Access-Challenge
> Identifier: 69
> Authentic: ;<255>;<255>;<255>;<255>;<255>;<255>;<255>;<255>
> Attributes:
> EAP-Message =
> <1><5><2><158><21><0>/secure.comodo.net/
> CPS0<129><137><6><3>U<29>#<4><129><129>0<127><161>y<164>w0u1<11>0<9><6>
> <3>U<4><6><19><2>US1<24>0<22><6><3>U<4><10><19><15>GTE
> Corporation1'0%<6><3>U<4><11><19><30>GTE CyberTrust Solutions,
> Inc.1#0!<6><3>U<4><3><19><26>GTE CyberTrust Global
> Root<130><2><1><165>0<14><6><3>U<29><15><1><1><255><4><4><3><2><1><6>0<
> 18><6><3>U<29><19><1><1><255><4><8>0<6><1><1><255><2><1><0>0<13><6><9>*
> <134>H<134><247><13><1><1><5><5><0><3><129><129><0>*<27><206><144><4><2
> 53><15><9><2><253>o<201>|<132><178><178><11>z4<194><208><16>}<196>~W<21
> 8><181>X<156>
> EAP-Message =
> <203><234><23><145>I<222><250><21><30><15><185><12><242>:
> N<198>ev<152>L<237><234><1>f<246><9><198><243><252><165>G<163><176><239
> ><240>7<131>lc<21><183><<21><198>1<154><0>,<170><3><144>T<192><153><239
> ><179><222><176>8<173>w<134><246><142>&<171>2<15><230>g<213>fE<23>?
> r<218>dB<147><225><28><165><205><22>1HpM<227><236>D<139>3<179><160><150
> >e<22><3><1><1>:<13><0><1>2<2><1><2><1>-
> <0><218>0<129><215>1<11>0<9><6><3>U<4><6><19><2>US1<17>0<15><6><3>U<4><
> 8><19><8>Missouri1<21>0<19><6><3>U<4><7><19><12>Chesterfield1<29>0<27><
> 6><3>U<4><10><19><20>City
> of Chesterfield1<28>0<26><6><3>U<4><11><19><19>Information
> Systems1#0!<6><3>U<4><11><19><26>Provided
> EAP-Message = by DigiCert,
> Inc.1<29>0<27><6><3>U<4><11><19><20>DigiCertSSL
> Wildcard1<29>0<27><6><3>U<4><3><20><20>*.chesterfield.mo.us<0>O0M1<11>0
> <9><6><3>U<4><6><19><2>US1<22>0<20><6><3>U<4><10><19><13>DigiCert
> Inc.1&0$<6><3>U<4><3><19><29>DigiCert Security Services CA<14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 24 17:42:11 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1701 ....
> Code: Access-Request
> Identifier: 70
> Authentic: <8>k<8>k<8>k<8>k<8>k<8>k<8>k<8>k
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 2
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message =
> <2><5><0><212><21><128><0><0><0><202><22><3><1><0><7><11><0><0><3><0><0
> ><0><22><3><1><0><134><16><0><0><130><0><128><170><213>Q<128><154>"2L<2
> 00>)<184><172>&<217><3><221><14>)GU<178><135><160>j<188>k<186><237><179
> ><214><151>o<187><226><226><16>m<163><4><130>H<189>$*<161>M<204><186><1
> 95>Yb<183>h><171>`P<219>e8<198>ow<226><168><25>t<194><239>u<152>6<186><
> 19>1<243><179>g<25><168><173><228><28>P<130><127><14>x<129>,<169><147>k
> R=<193>!
> Xm<221><215><13><223><11><174><228><218><17><251><225>l<1><170><13><228
> ><4>{o%<172><245><203>b<231><208><188><224>Y<20><3><1><0><1><1><22><3><
> 1><0>(JA<154><0><212>|<242><168>$<3>m<1>a2<127><173><16><149><16><206><
> 161><157><166><192><131><182><142><237><29>!
> <249><211><230><13><23><23>B<231><148><18>
> Message-Authenticator =
> Y<232><180><198><198><202><134><255><254><254><199>}h<5><146><251>
>
> Mon Jan 24 17:42:11 2005: DEBUG: Handling request with Handler ''
> Mon Jan 24 17:42:11 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 2
> Mon Jan 24 17:42:11 2005: DEBUG: Handling with Radius::AuthFILE:
> Mon Jan 24 17:42:11 2005: DEBUG: Handling with EAP: code 2, 5, 212
> Mon Jan 24 17:42:11 2005: DEBUG: Response type 21
> Mon Jan 24 17:42:11 2005: DEBUG: EAP TTLS data, 8576, 5, 2
> Mon Jan 24 17:42:11 2005: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Mon Jan 24 17:42:11 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Jan 24 17:42:11 2005: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Mon Jan 24 17:42:11 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1701 ....
> Code: Access-Challenge
> Identifier: 70
> Authentic: <8>k<8>k<8>k<8>k<8>k<8>k<8>k<8>k
> Attributes:
> EAP-Message =
> <1><6><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<250><153
> >rN<189>*<254>\<189>luk<255>t<1><26>7<15><222><135><146><153>K<194><21>
> q6<195><129><0>8Wb<234><180>Sr<140><12><191>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Jan 24 17:42:14 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1702 ....
> Code: Access-Request
> Identifier: 71
> Authentic: 5<31>5<31>5<31>5<31>5<31>5<31>5<31>5<31>
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 2
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message =
> <2><6><0>G<21><128><0><0><0>=<23><3><1><0>8<152><25>9S<138>O<224><217>&
> <205><235><240><247>w<5>P<145>[{<30><200>8<165>W<26><168><235><138><198
> ><213><159><134><156><202>2(9'<174><27>R
> <169>(<196>+<218><24><230><233><203><191><200>WiW
> Message-Authenticator =
> <243><178><131>$<207><8>!6<144><161><165>0<21>|<211>>
>
> Mon Jan 24 17:42:14 2005: DEBUG: Handling request with Handler ''
> Mon Jan 24 17:42:14 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 2
> Mon Jan 24 17:42:14 2005: DEBUG: Handling with Radius::AuthFILE:
> Mon Jan 24 17:42:14 2005: DEBUG: Handling with EAP: code 2, 6, 71
> Mon Jan 24 17:42:14 2005: DEBUG: Response type 21
> Mon Jan 24 17:42:14 2005: DEBUG: EAP TTLS data, 3, 6, 5
> Mon Jan 24 17:42:14 2005: DEBUG: EAP TTLS inner authentication request
> for jimm
> Mon Jan 24 17:42:14 2005: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: 8<145><195>.<4>5u&<239>;<10><17>x<27>?<238>
> Attributes:
> User-Name = "jimm"
> User-Password = "xxxxxxxx"
>
> Mon Jan 24 17:42:14 2005: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1'
> Mon Jan 24 17:42:14 2005: DEBUG: Deleting session for jimm,
> 192.168.10.41,
> Mon Jan 24 17:42:14 2005: DEBUG: Handling with Radius::AuthFILE:
> CheckMACAddress
> Mon Jan 24 17:42:14 2005: DEBUG: Radius::AuthFILE looks for match with
>
> Mon Jan 24 17:42:14 2005: DEBUG: Reading users file
> /etc/radiator/addresses.mac
> Mon Jan 24 17:42:14 2005: INFO: Access rejected for jimm: No such user
> Mon Jan 24 17:42:14 2005: DEBUG: EAP result: 1, EAP TTLS inner
> authentication redespatched to a Handler
> Mon Jan 24 17:42:14 2005: INFO: Access rejected for anonymous: EAP TTLS
> inner authentication redespatched to a Handler
> Mon Jan 24 17:42:14 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1702 ....
> Code: Access-Reject
> Identifier: 71
> Authentic: 5<31>5<31>5<31>5<31>5<31>5<31>5<31>5<31>
> Attributes:
> EAP-Message = <4><6><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
> LOG FILE END
>
>
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list