(RADIATOR) MAC address filtering?
Hugh Irvine
hugh at open.com.au
Wed Jan 26 14:55:21 CST 2005
Hello Jim -
We will need to see the configuration file, as the Calling-Station-Id
is not being added to the inner request by the hook.
Have you installed the latest patches?
I agree - it is a simple requirement which is usually simple to
implement - the problem here is the EAP overlay.
_sigh_
regards
Hugh
On 27 Jan 2005, at 03:16, Jim Michael wrote:
> Hi Hugh and Mike-
>
> I tried the latest config file (with the authby FILE mac check within
> the TTLS handler) and it too fails. In this case, it is getting to that
> point and then trying to look for my *user name* in the addresses.mac
> file, which of course is impossible, and it fails. It seems that any
> solution where we try to look at the mac address on the "inner"
> authentication will not work because it will always want to look for
> the
> user in the file? Note that the addresses.mac file contains only the
> raw
> mac address as Mike suggested, nothing more. (though I also tried with
> AuthType=Accept again and that doesn't help).Here's the latest log, in
> case it tells you anything, or gives you more ideas. I never imagined
> such a simple concept would be so hard to implement! <g>
>
> Jim
>
> START LOG
> Wed Jan 26 09:59:53 2005: NOTICE: Server started: Radiator 3.11 on
> suser (LOCKED)
> Wed Jan 26 10:00:06 2005: DEBUG: Finished reading configuration file
> '/etc/radiator/coc.cfg'
> Wed Jan 26 10:00:06 2005: DEBUG: Reading dictionary file
> '/etc/radiator/dictionary'
> Wed Jan 26 10:00:06 2005: DEBUG: Creating authentication port
> 0.0.0.0:1812
> Wed Jan 26 10:00:06 2005: DEBUG: Creating accounting port 0.0.0.0:1813
> Wed Jan 26 10:00:06 2005: NOTICE: Server started: Radiator 3.11 on
> suser (LOCKED)
> Wed Jan 26 10:00:39 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1144 ....
> Code: Access-Request
> Identifier: 77
> Authentic: ^E^E^E^E^E^E^E^E
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 1
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message = <2><1><0><14><1>anonymous
> Message-Authenticator =
> MgA<143><24>Y<221><154><191><134><16>_<233>f<224><195>
>
> Wed Jan 26 10:00:39 2005: DEBUG: Handling request with Handler ''
> Wed Jan 26 10:00:39 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 1
> Wed Jan 26 10:00:39 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 26 10:00:39 2005: DEBUG: Handling with EAP: code 2, 1, 14
> Wed Jan 26 10:00:39 2005: DEBUG: Response type 1
> Wed Jan 26 10:00:39 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 26 10:00:39 2005: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Wed Jan 26 10:00:39 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1144 ....
> Code: Access-Challenge
> Identifier: 77
> Authentic: ^E^E^E^E^E^E^E^E
> Attributes:
> EAP-Message = <1><2><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 26 10:00:40 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1145 ....
> Code: Access-Request
> Identifier: 78
> Authentic: 8<228>8<228>8<228>8<228>8<228>8<228>8<228>8<228>
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 1
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message =
> <2><2><0>b<21><128><0><0><0>X<22><3><1><0>S<1><0><0>O<3><1>A<247><190><
> 168><207>u<225><23>~v<146><173><234><202>_<221><152><223><252>S<240>M9<
> 243><163><5>wT<19><21><160><214><0><0>(<0><22><0><19><0>f<0><21><0><18>
> <0><10><0><5><0><4><0><9><0>c<0>e<0>`<0>b<0>a<0>d<0><20><0><17><0><3><0
> ><6><0><8><1><0>
> Message-Authenticator = <127><205><220><243>
> $<148><185><<31>S<176><212>8.b
>
> Wed Jan 26 10:00:40 2005: DEBUG: Handling request with Handler ''
> Wed Jan 26 10:00:40 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 1
> Wed Jan 26 10:00:40 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 26 10:00:40 2005: DEBUG: Handling with EAP: code 2, 2, 98
> Wed Jan 26 10:00:40 2005: DEBUG: Response type 21
> Wed Jan 26 10:00:40 2005: DEBUG: EAP TTLS data, 24576, 2, -1
> Wed Jan 26 10:00:40 2005: DEBUG: EAP TLS SSL_accept result: -1, 2,
> 8576
> Wed Jan 26 10:00:40 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 26 10:00:40 2005: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Wed Jan 26 10:00:40 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1145 ....
> Code: Access-Challenge
> Identifier: 78
> Authentic: 8<228>8<228>8<228>8<228>8<228>8<228>8<228>8<228>
> Attributes:
> EAP-Message =
> <1><3><3><242><21><192><0><0><10>h<22><3><1><0>J<2><0><0>F<3><1>A<247><
> 190><168><169><186><10><129><190>9<218><157>k<253><185><7><188>0:
> <183><149><3><219>6<184>9<142><140>[<4>/<244>
> l<12><220><134><219>3<2>>KR<128><158>S<235>rE<238><204><27>a<225><197><
> 13><204>j<164>*Zo<241><255>F<0><10><0><22><3><1><8><213><11><0><8><209>
> <0><8><206><0><4>T0<130><4>P0<130><3>8<160><3><2><1><2><2><16>UPH<255>9
> <15><147><25><219><183><133><143><26>ja<13>0<13><6><9>*<134>H<134><247>
> <13><1><1><5><5><0>0M1<11>0<9><6><3>U<4><6><19><2>US1<22>0<20><6><3>U<4
> ><10><19><13>DigiCert
> Inc.1&0$<6><3>U<4><3><19><29>DigiCert Security Services
> CA0<30><23><13>041112000000Z<23><13>06011
> EAP-Message =
> 1235959Z0<129><215>1<11>0<9><6><3>U<4><6><19><2>US1<17>0<15><6><3>U<4><
> 8><19><8>Missouri1<21>0<19><6><3>U<4><7><19><12>Chesterfield1<29>0<27><
> 6><3>U<4><10><19><20>City
> of Chesterfield1<28>0<26><6><3>U<4><11><19><19>Information
> Systems1#0!<6><3>U<4><11><19><26>Provided by DigiCert,
> Inc.1<29>0<27><6><3>U<4><11><19><20>DigiCertSSL
> Wildcard1<29>0<27><6><3>U<4><3><20><20>*.chesterfield.mo.us0<129><159>0
> <13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><13
> 7><2><129>
> EAP-Message =
> <129><0><201><187><180><213>rS<215><246>R<170><26>~U<197><12><216>|<21>
> <200><214><19>g<24>A%?
> RQ<3><243><176><168><5><164><167>I(<151><16><144><231><127>|<241><250>6
> <141><219><184><162><128><200>C<159><246><197>n<254>d<186>J<170><187><1
> 31><136><247>G<211>CJL<234><234><187>[<163><248>ua<228><190><245>!'G<18
> 7><194><157><171>8<231>)}<137><171><178><178>;<214><237>)<31><200>?
> <242><5><10><138><16>B<20><23>.C<181>;
> <21><182><212><169><154><228><10><131>@`<147><221><2><3><1><0><1><163><
> 130><1>#0<130><1><31>0<31><6><3>U<29>#<4><24>0<22><128><20>0T<225>@c<27
> >
> <152>Wr0?bK<8>/
> S<135>=<8>0<29><6><3>U<29><14><4><22><4><20><243>7<145>W<237>aX^Qd<239>
> 9<146><211><218><130><240>W<148><13>0<14><6><3>U<29><15><1><1><255><4><
> 4><3><2><5><160>0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<29><6><3>U<2
> 9>%<4><22>0<20><6><8>+<6><1>
> EAP-Message =
> <5><5><7><3><1><6><8>+<6><1><5><5><7><3><2>0<129><140><6><3>U<29><31><4
> ><129><132>0<129><129>0><160><<160>:<134>8http://crl.digicert.com/
> DigiCertSecurityServicesCA_2.crl0?<160>=<160>;<134>9http://
> crl2.digicert.com/
> DigiCertSecurityServicesCA_2.crl0<17><6><9>`<134>H<1><134><248>B<1><1><
> 4><4><3><2><6><192>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><1
> 30><1><1><0><202>c<255><163>k<223><138><156><162><188><247><149><162>W<
> 255>B<146><12>D<226><189>X<26><254>]<211>yl<20><28>ro3$<248><194><15><1
> 44><200><20>K<191><165><216>7<206>(<176><242>$<15><237><164><177>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 26 10:00:40 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1146 ....
> Code: Access-Request
> Identifier: 79
> Authentic:
> <8><221><8><221><8><221><8><221><8><221><8><221><8><221><8><221>
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 1
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message = <2><3><0><6><21><0>
> Message-Authenticator =
> \%<225>"f<19><219><182>$<247>\t<211><148><207><246>
>
> Wed Jan 26 10:00:40 2005: DEBUG: Handling request with Handler ''
> Wed Jan 26 10:00:40 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 1
> Wed Jan 26 10:00:40 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 26 10:00:40 2005: DEBUG: Handling with EAP: code 2, 3, 6
> Wed Jan 26 10:00:40 2005: DEBUG: Response type 21
> Wed Jan 26 10:00:40 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 26 10:00:40 2005: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Wed Jan 26 10:00:40 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1146 ....
> Code: Access-Challenge
> Identifier: 79
> Authentic:
> <8><221><8><221><8><221><8><221><8><221><8><221><8><221><8><221>
> Attributes:
> EAP-Message =
> <1><4><3><238><21>@'<18>d<204><137><14>@<14><156>m<253><157><140><22>J<
> 159><177><146><212>z<176><210>`<207>y<2><216><1><22><155>r<232><239>
> <148><199><178><220><236>+<196><227><198><134><228>b`@<184>/
> <131>^l<235><132><20><208><128>*<188><245>D\M<164><21><182><6><138>!
> h<196><176>I<240><227><207><222><249>_<2><254>%n89<6><169>uC<173>9<177>
> O<189><145>=<0><31><142><254>dR<174>c<9><27><138><230><27><215>i<137><1
> 36>\0M0gL<156>@<195>E`S<168>"<201><254><211><171>swWw<0>)d<181><31><156
> ><22><173><12>(c<151>Te
> <196><7><10><172>>R<20><13><219>[<172>b<16><250><210><246><175><161><13
> 1>xR<19><237>d<10>"$y<7><150><141><249><236>D<171>e<173><148><190><216>
> <226>H<168>WT<200><239><129><201>5R<0><4>t0<130><4>p0<130><3><217><160>
> <3><2><1><2><2><4><4><0><3><163>0<13><6><9>*<134>H<134><247><13><1><1><
> 5><5><0>0u1<11>0<9><6><3>
> EAP-Message =
> U<4><6><19><2>US1<24>0<22><6><3>U<4><10><19><15>GTE
> Corporation1'0%<6><3>U<4><11><19><30>GTE CyberTrust Solutions,
> Inc.1#0!<6><3>U<4><3><19><26>GTE CyberTrust Global
> Root0<30><23><13>041013185100Z<23><13>111013235900Z0M1<11>0<9><6><3>U<4
> ><6><19><2>US1<22>0<20><6><3>U<4><10><19><13>DigiCert
> Inc.1&0$<6><3>U<4><3><19><29>DigiCert Security Services
> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><
> 15><0>0<130><1><10><2><130><1>
> EAP-Message =
> <1><0><208><170><180><165>\f<254><16><171>p<31><18><201><216>Sl/
> E<134>m<17>q<172><179><242>z<18><237>_<13><201>-
> <223><219>X<148>va<15>0<14>g<23><7><202><170>
> <15>-
> <15><186><143><19>F{<238>)<220>%<167><238>g=]'<234>K<222><254><213><227
> ><224><205><253><229><201><129><231>O<206>I6<164><244><7>1<144>jy<142><
> 197>sh<229>:<168>!?<249><249><242>`<202><225>n<234>g9/
> <201><152><129><146><188><184>wCs<185>1"<190><146><253><180>4<232><163>
> <184>wxM<132><240>+<224>v<246><162>_<18>yY<231>W<145><154><14>)<136><16
> 5><203>=<172><250><254>t<151><171><11><187>7V<180><131><200>R<135><19>=
> Qe<231><23>5<139>X<243>Bc]<1><244>z<23><136><174>E<11>u<228><24><242><1
> 59>g<5>|<11>Z<139><200><220><128>}G<131><180>.<160><225><208>t0X<136><4
> ><23><169><196>5<22><151><<236><222><211><14>Z<200>q<156><20><159><165>
> <232><173>u<157><3> <166>j<138>0,<205>]|<132>_
> EAP-Message =
> <200><245>M<159>[<2><3><1><0><1><163><130><1><175>0<130><1><171>0E<6><3
> >U<29><31><4>>0<0:<160>8<160>6<134>4http://www.public-trust.com/cgi-
> bin/CRL/2018/cdp.crl0<29><6><3>U<29><14><4><22><4><20>0T<225>@c<27>
> <152>Wr0?bK<8>/S<135>=<8>0<129><146><6><3>U<29>
> <4><129><138>0<129><135>0H<6><9>+<6><1><4><1><177>><1><0>0;
> 09<6><8>+<6><1><5><5><7><2><1><22>-http://www.public-trust.com/CPS/
> OmniRoot.html0;
> <6><12>+<6><1><4><1><178>1<1><2><1><3><1>0+0)<6><8>+<6><1><5><5><7><2><
> 1><22><29>https:/
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 26 10:00:40 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1147 ....
> Code: Access-Request
> Identifier: 80
> Authentic: UIUIUIUIUIUIUIUI
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 1
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message = <2><4><0><6><21><0>
> Message-Authenticator =
> Uf<215>\<227><222>X<253><20><31><170>L<247><153><22>=
>
> Wed Jan 26 10:00:40 2005: DEBUG: Handling request with Handler ''
> Wed Jan 26 10:00:40 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 1
> Wed Jan 26 10:00:40 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 26 10:00:40 2005: DEBUG: Handling with EAP: code 2, 4, 6
> Wed Jan 26 10:00:40 2005: DEBUG: Response type 21
> Wed Jan 26 10:00:40 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 26 10:00:40 2005: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Wed Jan 26 10:00:40 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1147 ....
> Code: Access-Challenge
> Identifier: 80
> Authentic: UIUIUIUIUIUIUIUI
> Attributes:
> EAP-Message =
> <1><5><2><158><21><0>/secure.comodo.net/
> CPS0<129><137><6><3>U<29>#<4><129><129>0<127><161>y<164>w0u1<11>0<9><6>
> <3>U<4><6><19><2>US1<24>0<22><6><3>U<4><10><19><15>GTE
> Corporation1'0%<6><3>U<4><11><19><30>GTE CyberTrust Solutions,
> Inc.1#0!<6><3>U<4><3><19><26>GTE CyberTrust Global
> Root<130><2><1><165>0<14><6><3>U<29><15><1><1><255><4><4><3><2><1><6>0<
> 18><6><3>U<29><19><1><1><255><4><8>0<6><1><1><255><2><1><0>0<13><6><9>*
> <134>H<134><247><13><1><1><5><5><0><3><129><129><0>*<27><206><144><4><2
> 53><15><9><2><253>o<201>|<132><178><178><11>z4<194><208><16>}<196>~W<21
> 8><181>X<156>
> EAP-Message =
> <203><234><23><145>I<222><250><21><30><15><185><12><242>:
> N<198>ev<152>L<237><234><1>f<246><9><198><243><252><165>G<163><176><239
> ><240>7<131>lc<21><183><<21><198>1<154><0>,<170><3><144>T<192><153><239
> ><179><222><176>8<173>w<134><246><142>&<171>2<15><230>g<213>fE<23>?
> r<218>dB<147><225><28><165><205><22>1HpM<227><236>D<139>3<179><160><150
> >e<22><3><1><1>:<13><0><1>2<2><1><2><1>-
> <0><218>0<129><215>1<11>0<9><6><3>U<4><6><19><2>US1<17>0<15><6><3>U<4><
> 8><19><8>Missouri1<21>0<19><6><3>U<4><7><19><12>Chesterfield1<29>0<27><
> 6><3>U<4><10><19><20>City
> of Chesterfield1<28>0<26><6><3>U<4><11><19><19>Information
> Systems1#0!<6><3>U<4><11><19><26>Provided
> EAP-Message = by DigiCert,
> Inc.1<29>0<27><6><3>U<4><11><19><20>DigiCertSSL
> Wildcard1<29>0<27><6><3>U<4><3><20><20>*.chesterfield.mo.us<0>O0M1<11>0
> <9><6><3>U<4><6><19><2>US1<22>0<20><6><3>U<4><10><19><13>DigiCert
> Inc.1&0$<6><3>U<4><3><19><29>DigiCert Security Services CA<14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 26 10:00:40 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1148 ....
> Code: Access-Request
> Identifier: 81
> Authentic: !<181>!<181>!<181>!<181>!<181>!<181>!<181>!<181>
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 1
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message =
> <2><5><0><212><21><128><0><0><0><202><22><3><1><0><7><11><0><0><3><0><0
> ><0><22><3><1><0><134><16><0><0><130><0><128><186><166><155>B<199><28><
> 26><210>fl<209><171>I!<253><246><2><158>
> <193>b4<131><233><175><136>?-
> <188><179><30><228><166><134>vq<248>k<138>5<225><164><12><178><221><151
> >yQ<200>?
> <240><150><18><192><222>R<31><149>c<0><232>KM<211><218><182><2>xu,<129>
> <202>D<219><221>g<231>q<237>!
> <229>*<23>I<165><246><225><18>g<147><27><228><182>]O<155><209><151><220
> ><244>m<192>#<205>c]<190>)<23><201>t4}<131><135><18><201>I<245><157><23
> >W)E<127>X<133><243><20><3><1><0><1><1><22><3><1><0>(<249><25><203><207
> >$<127>@;
> <193><242><254><150>'t<253>4<167><0><215>$<214>N^<22><12><214>k<237>]<1
> 76><150>6<18>v<7>6<225><193>c<254>
> Message-Authenticator = ;R<191><249><212>44nm4Ga<147>m><176>
>
> Wed Jan 26 10:00:40 2005: DEBUG: Handling request with Handler ''
> Wed Jan 26 10:00:40 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 1
> Wed Jan 26 10:00:40 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 26 10:00:40 2005: DEBUG: Handling with EAP: code 2, 5, 212
> Wed Jan 26 10:00:40 2005: DEBUG: Response type 21
> Wed Jan 26 10:00:40 2005: DEBUG: EAP TTLS data, 8576, 5, 2
> Wed Jan 26 10:00:40 2005: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Wed Jan 26 10:00:40 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 26 10:00:40 2005: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Wed Jan 26 10:00:40 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1148 ....
> Code: Access-Challenge
> Identifier: 81
> Authentic: !<181>!<181>!<181>!<181>!<181>!<181>!<181>!<181>
> Attributes:
> EAP-Message =
> <1><6><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<143>?
> <248>H.Og<131><234><9><233>3O$<129><248><218><22>/
> 8<218><210>SrV<204><165><246><172><154><138>d<150>9<164><0><227>C<240>'
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 26 10:00:49 2005: DEBUG: Packet dump:
> *** Received from 192.168.10.41 port 1149 ....
> Code: Access-Request
> Identifier: 82
> Authentic: \(\(\(\(\(\(\(\(
> Attributes:
> NAS-IP-Address = 192.168.10.41
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 1
> Framed-MTU = 1400
> User-Name = "anonymous"
> Calling-Station-Id = "000bcd5a0861"
> Called-Station-Id = "000d9df60559"
> NAS-Identifier = "Enterprise AP"
> EAP-Message =
> <2><6><0>G<21><128><0><0><0>=<23><3><1><0>8><184><217><1><140>~<223><15
> 9><132><225><225>2<23><188><250>z<31><176><1><194><172>`u<|<3><13><157>
> !!
> +D<217><31><169><203><135><239><212><26><237><147>qG<141><133>I<214><17
> 2>`$<129><241>x<14><133>
> Message-Authenticator =
> <24>V<216><226><175>~X<202><29><231><178>9<187>!gD
>
> Wed Jan 26 10:00:49 2005: DEBUG: Handling request with Handler ''
> Wed Jan 26 10:00:49 2005: DEBUG: Deleting session for anonymous,
> 192.168.10.41, 1
> Wed Jan 26 10:00:49 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 26 10:00:49 2005: DEBUG: Handling with EAP: code 2, 6, 71
> Wed Jan 26 10:00:49 2005: DEBUG: Response type 21
> Wed Jan 26 10:00:49 2005: DEBUG: EAP TTLS data, 3, 6, 5
> Wed Jan 26 10:00:49 2005: DEBUG: EAP TTLS inner authentication request
> for jimm
> Wed Jan 26 10:00:50 2005: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: ?<202><221><17><1><185>'<140>l<202>;<250><169>[<232><16>
> Attributes:
> User-Name = "jimm"
> User-Password = "xxxxxxxxx"
>
> Wed Jan 26 10:00:50 2005: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1'
> Wed Jan 26 10:00:50 2005: DEBUG: Deleting session for jimm,
> 192.168.10.41,
> Wed Jan 26 10:00:50 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 26 10:00:50 2005: DEBUG: Radius::AuthFILE looks for match with
>
> Wed Jan 26 10:00:50 2005: DEBUG: Reading users file
> /etc/radiator/addresses.mac
> Wed Jan 26 10:00:50 2005: INFO: Access rejected for jimm: No such user
> Wed Jan 26 10:00:50 2005: DEBUG: EAP result: 1, EAP TTLS inner
> authentication redespatched to a Handler
> Wed Jan 26 10:00:50 2005: INFO: Access rejected for anonymous: EAP TTLS
> inner authentication redespatched to a Handler
> Wed Jan 26 10:00:50 2005: DEBUG: Packet dump:
> *** Sending to 192.168.10.41 port 1149 ....
> Code: Access-Reject
> Identifier: 82
> Authentic: \(\(\(\(\(\(\(\(
> Attributes:
> EAP-Message = <4><6><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
>
> END LOG
>
>>>> Mike McCauley <mikem at open.com.au> 1/26/2005 1:05:16 AM >>>
> Hi Hugh,
>
> actually, the mac address file just needs to have the addresses one per
> line:
>
> 00409638d4cb
> 00409638d4cc
>
> no Auth-Type check items should be required.
>
> Cheers.
>
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list