(RADIATOR) Mac-Adress Check and LDAP on OS X

Hugh Irvine hugh at open.com.au
Tue Mar 1 04:27:27 CST 2005


Hello Urs -

Thanks for the clarification, now I understand.

The problem is the access point which is using EAP (unlike radpwtst).

EAP checks the EAP Identity in the EAP message.

Basically you will need to structure things differently, but I will  
need to know in more detail what you are wanting to do.

You will probably need to use separate Handlers for the outer and inner  
requests.

This has been discussed previously on the mailing list:

	www.open.com.au/archives/radiator

regards

Hugh


On 1 Mar 2005, at 09:17, Urs Landis wrote:

> Hugh
>
> Im not sure that you have understand my problem (proberly because of  
> my bad english??)
> If i try to connect with radpwtst i get the following trace4: All  
> looks good and he says that he look for a match with 987654321, find  
> it and goes to the LDAP
> If i try the same thing from the AccessPoint he says that he is  
> looking for a match with urs_landis, but he should look for the  
> mac-address, is this only a strange message, or what is wrong? The mac  
> Address of the connecting Computer is in the address-file as he is  
> printed in the trace Calling-Station-Id file without the "".
> Where is my fault???
>
> Please help!!
>
>
> Urs
>
> trace from radpwtst:
>
> Tue Mar  1 09:01:12 2005: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 50650 ....
> Code:       Access-Request
> Identifier: 207
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "Urs_Landis"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =  
> "Q<238><228><168><185><212><156>F<177>/<190><8>L<1>@<233>"
>
> Tue Mar  1 09:01:12 2005: DEBUG: Handling request with Handler  
> 'DEFAULT'
> Tue Mar  1 09:01:12 2005: DEBUG:  Deleting session for Urs_Landis,  
> 203.63.154.1, 1234
> Tue Mar  1 09:01:12 2005: DEBUG: Handling with Radius::AuthFILE:  
> CheckMACAddress
> Tue Mar  1 09:01:12 2005: DEBUG: Radius::AuthFILE looks for match with  
> 987654321
> Tue Mar  1 09:01:12 2005: DEBUG: Handling with Radius::AuthLDAP2:  
> CheckLDAP
> Tue Mar  1 09:01:12 2005: INFO: Connecting to 192.168.1.21, port 389
> Tue Mar  1 09:01:12 2005: INFO: Attempting to bind to LDAP server  
> 192.168.1.21:389)
>
>
>
> Trace 'from AccessPoint'
> Tue Mar  1 09:04:06 2005: DEBUG: Packet dump:
> *** Received from 192.168.95.59 port 21649 ....
> Code:       Access-Request
> Identifier: 84
> Authentic:  .]<212><28>?<24>8<185><162><207><148>j<229>H<13><235>
> Attributes:
>         User-Name = "urs_landis"
>         Framed-MTU = 1400
>         Called-Station-Id = "0013.19fc.2f90"
>         Calling-Station-Id = "0030.6503.0a96"
>         Service-Type = Login-User
>         Message-Authenticator =  
> <169>C<246>5<136><219><208>`+<168><225>3<149><195><181><250>
>         EAP-Message = <2><1><0><15><1>urs_landis
>         NAS-Port-Type = Wireless-IEEE-802-11
>         NAS-Port = 1121
>         NAS-IP-Address = 192.168.95.59
>         NAS-Identifier = "AP-09-023"
>
> Tue Mar  1 09:04:06 2005: DEBUG: Handling request with Handler  
> 'DEFAULT'
> Tue Mar  1 09:04:06 2005: DEBUG:  Deleting session for urs_landis,  
> 192.168.95.59, 1121
> Tue Mar  1 09:04:06 2005: DEBUG: Handling with Radius::AuthFILE:  
> CheckMACAddress
> Tue Mar  1 09:04:06 2005: DEBUG: Handling with EAP: code 2, 1, 15
> Tue Mar  1 09:04:06 2005: DEBUG: Response type 1
> Tue Mar  1 09:04:06 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
> Tue Mar  1 09:04:06 2005: DEBUG: Access challenged for urs_landis: EAP  
> LEAP Challenge
> Tue Mar  1 09:04:06 2005: DEBUG: Packet dump:
> *** Sending to 192.168.95.59 port 21649 ....
> Code:       Access-Challenge
> Identifier: 84
> Authentic:  .]<212><28>?<24>8<185><162><207><148>j<229>H<13><235>
> Attributes:
>         EAP-Message =  
> <1><2><0><26><17><1><0><8>U<176>9<138><27><200><255><26>urs_landis
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Mar  1 09:04:06 2005: DEBUG: Packet dump:
> *** Received from 192.168.95.59 port 21649 ....
> Code:       Access-Request
> Identifier: 85
> Authentic:  <172><187>*gh<29><199><227>b<242><4><141><127>2<7><151>
> Attributes:
>         User-Name = "urs_landis"
>         Framed-MTU = 1400
>         Called-Station-Id = "0013.19fc.2f90"
>         Calling-Station-Id = "0030.6503.0a96"
>         Service-Type = Login-User
>         Message-Authenticator =  
> F<167><233>1U<153><24>1<145><143>2Y<22><253><134>U
>         EAP-Message =  
> <2><2><0>*<17><1><0><24><214><200>z<204><136>8o<15><166><233>i<241>rD&< 
> 198><28><232>m<146><236>i<227><146>urs_landis
>         NAS-Port-Type = Wireless-IEEE-802-11
>         NAS-Port = 1121
>         NAS-IP-Address = 192.168.95.59
>         NAS-Identifier = "AP-09-023"
>
> Tue Mar  1 09:04:06 2005: DEBUG: Handling request with Handler  
> 'DEFAULT'
> Tue Mar  1 09:04:06 2005: DEBUG:  Deleting session for urs_landis,  
> 192.168.95.59, 1121
> Tue Mar  1 09:04:06 2005: DEBUG: Handling with Radius::AuthFILE:  
> CheckMACAddress
> Tue Mar  1 09:04:06 2005: DEBUG: Handling with EAP: code 2, 2, 42
> Tue Mar  1 09:04:06 2005: DEBUG: Response type 17
> Tue Mar  1 09:04:06 2005: DEBUG: Radius::AuthFILE looks for match with  
> urs_landis
> Tue Mar  1 09:04:06 2005: DEBUG: EAP result: 1, EAP LEAP failed: no  
> such user urs_landis
>
> My config:
>
> # leap.cfg
> #
>
> Foreground
> LogStdout
> LogDir          /var/log/radius
> DbDir           /etc/radiator
>
> # User a lower trace level in production systems:
> Trace           4
>
> <Client DEFAULT>
>         Secret  xxxxxx
>         DupInterval 0
> </Client>
>
> <AuthBy FILE>
>         Identifier CheckMACAddress
>         Filename %D/addresses.mac
>         AuthenticateAttribute Calling-Station-Id
>         EAPType LEAP
> #       EAPType TTLS
> #       EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> #       EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> #       EAPTLS_CertificateType PEM
> #       EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> #       EAPTLS_PrivateKeyPassword whatever
> #       EAPTLS_MaxFragmentSize 1000
> #       AutoMPPEKeys
> </AuthBy>
>
> <AuthBy LDAP2>
>         Identifier CheckLDAP
>         Host            192.168.1.21
>         BaseDN          dc=hopro, dc=edu
>         Version         3
>         UsernameAttr    uid
>         ServerChecksPassword
> #       SearchFilter (&(uid=%1)(buildingName=WLAN))
> #       AddToReply buildingName
> </AuthBy>
>
> <Handler DEFAULT>
>         AuthBy CheckMACAddress
> </Handler>
>
> my addresses file:
>
> # MAC-Adressen Tabelle
> # PowerBook G4 17" von Urs Landis Privat
> 00:03:93:eb:cf:2f Auth-Type = CheckLDAP
> # Testadresse radpwtst
> 987654321 Auth-Type = CheckLDAP
> # iBook Urs Landis
> 0011.242b.11a9 Auth-Type = CheckLDAP
> #PowerBook-LG-05
> 0030.6503.0a96 Auth-Type = CheckLDAP
>
>
> Urs Landis
> ICT
> Kantonsschule
> Hohe Promenade
> Postfach
> Promenadengasse 11
> CH-8090 Zürich
>
> Am 28.02.2005 um 21:06 schrieb Hugh Irvine:
>
>>
>> Hello Urs -
>>
>> Your configuration file says to use the AuthBy CheckMACAddress:
>>
>>>
>>> <Handler DEFAULT>
>>>         AuthBy CheckMACAddress
>>> </Handler>
>>
>> So that is what it is doing.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 28 Feb 2005, at 18:51, Urs Landis wrote:
>>
>>> Hi all
>>>
>>> now i tried with LEAP. with radpwtst it looks great! With the access  
>>> point i have a strange error message! It looks for a user in the  
>>> mac-address file! But why?
>>>
>>> my config
>>>
>>> # leap.cfg
>>> #
>>>
>>> Foreground
>>> LogStdout
>>> LogDir          /var/log/radius
>>> DbDir           /etc/radiator
>>>
>>> # User a lower trace level in production systems:
>>> Trace           4
>>>
>>> <Client DEFAULT>
>>>         Secret  xxxyyy
>>>         DupInterval 0
>>> </Client>
>>>
>>> <AuthBy FILE>
>>>         Identifier CheckMACAddress
>>>         Filename %D/addresses.mac
>>>
>>>         AuthenticateAttribute Calling-Station-Id
>>>         EAPType LEAP
>>>
>>>
>>> </AuthBy>
>>>
>>> <AuthBy LDAP2>
>>>         Identifier CheckLDAP
>>>         Host            xxx.xxx.xxx.xxx
>>>         BaseDN          dc=aaa, dc=bbb
>>>         Version         3
>>>         UsernameAttr    uid
>>>         ServerChecksPassword
>>>         SearchFilter (&(uid=%1)(buildingName=WLAN))
>>>         AddToReply buildingName
>>> </AuthBy>
>>> <Handler DEFAULT>
>>>         AuthBy CheckMACAddress
>>> </Handler>
>>>
>>> The trace 4 log:
>>>
>>> Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
>>> *** Received from 192.168.95.59 port 21648 ....
>>> Code:       Access-Request
>>> Identifier: 224
>>> Authentic:  <184><198>f<136>t<211>`]<162>=W<9><131><26><17>M
>>> Attributes:
>>>         User-Name = "urs_landis"
>>>         Framed-MTU = 1400
>>>         Called-Station-Id = "0013.19fc.2f90"
>>>         Calling-Station-Id = "0030.6503.0a96"
>>>         Service-Type = Login-User
>>>         Message-Authenticator =  
>>> <158><208>Y<145><244><8>>.<155>U<12><159><177><17><237>g
>>>         EAP-Message = <2><1><0><15><1>urs_landis
>>>         NAS-Port-Type = Wireless-IEEE-802-11
>>>         NAS-Port = 1050
>>>         NAS-IP-Address = 192.168.95.59
>>>         NAS-Identifier = "AP-09-023"
>>>
>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling request with Handler  
>>> 'DEFAULT'
>>> Mon Feb 28 18:44:09 2005: DEBUG:  Deleting session for urs_landis,  
>>> 192.168.95.59, 1050
>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling with Radius::AuthFILE:  
>>> CheckMACAddress
>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling with EAP: code 2, 1, 15
>>> Mon Feb 28 18:44:09 2005: DEBUG: Response type 1
>>> Mon Feb 28 18:44:09 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
>>> Mon Feb 28 18:44:09 2005: DEBUG: Access challenged for urs_landis:  
>>> EAP LEAP Challenge
>>> Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
>>> *** Sending to 192.168.95.59 port 21648 ....
>>> Code:       Access-Challenge
>>> Identifier: 224
>>> Authentic:  <184><198>f<136>t<211>`]<162>=W<9><131><26><17>M
>>> Attributes:
>>>         EAP-Message =  
>>> <1><2><0><26><17><1><0><8>6<249>#<6>I<127><189><20>urs_landis
>>>         Message-Authenticator =  
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
>>> *** Received from 192.168.95.59 port 21648 ....
>>> Code:       Access-Request
>>> Identifier: 225
>>> Authentic:  <238><208><201>#|<148>q<172><12><201><140><132><3><<132>n
>>> Attributes:
>>>         User-Name = "urs_landis"
>>>         Framed-MTU = 1400
>>>         Called-Station-Id = "0013.19fc.2f90"
>>>         Calling-Station-Id = "0030.6503.0a96"
>>>         Service-Type = Login-User
>>>         Message-Authenticator =  
>>> <26><194><2><30><201><144>E<181><31><193><251>g<23><205><127><13>
>>>         EAP-Message =  
>>> <2><2><0>*<17><1><0><24><188><6><24>t<7>W]<203>B<191><6>(<29><233><21 
>>> 6><141>;%<235><27>^?<27><161>urs_landis
>>>         NAS-Port-Type = Wireless-IEEE-802-11
>>>         NAS-Port = 1050
>>>         NAS-IP-Address = 192.168.95.59
>>>         NAS-Identifier = "AP-09-023"
>>>
>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling request with Handler  
>>> 'DEFAULT'
>>> Mon Feb 28 18:44:09 2005: DEBUG:  Deleting session for urs_landis,  
>>> 192.168.95.59, 1050
>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling with Radius::AuthFILE:  
>>> CheckMACAddress
>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling with EAP: code 2, 2, 42
>>> Mon Feb 28 18:44:09 2005: DEBUG: Response type 17
>>> Mon Feb 28 18:44:09 2005: DEBUG: Radius::AuthFILE looks for match  
>>> with urs_landis
>>> Mon Feb 28 18:44:09 2005: DEBUG: EAP result: 1, EAP LEAP failed: no  
>>> such user urs_landis
>>> Mon Feb 28 18:44:09 2005: INFO: Access rejected for urs_landis: EAP  
>>> LEAP failed: no such user urs_landis
>>> Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
>>> *** Sending to 192.168.95.59 port 21648 ....
>>> Code:       Access-Reject
>>> Identifier: 225
>>> Authentic:  <238><208><201>#|<148>q<172><12><201><140><132><3><<132>n
>>> Attributes:
>>>         EAP-Message = <4><2><0><4>
>>>         Message-Authenticator =  
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>         Reply-Message = "Request Denied"
>>>
>>> Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
>>> *** Received from 192.168.95.59 port 21648 ....
>>> Code:       Access-Request
>>> Identifier: 226
>>> Authentic:  <246>8Hc<246>P<186>q<136>J<147><252><238><22><184>$
>>> Attributes:
>>>         User-Name = "urs_landis"
>>>         Framed-MTU = 1400
>>>         Called-Station-Id = "0013.19fc.2f90"
>>>         Calling-Station-Id = "0030.6503.0a96"
>>>         Service-Type = Login-User
>>>         Message-Authenticator =  
>>> <171><226><160><206>#<240><204><29><237><11><22><243><127>e<156><129>
>>>         EAP-Message = <2><1><0><15><1>urs_landis
>>>         NAS-Port-Type = Wireless-IEEE-802-11
>>>         NAS-Port = 1051
>>>         NAS-IP-Address = 192.168.95.59
>>>         NAS-Identifier = "AP-09-023"
>>>
>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling request with Handler  
>>> 'DEFAULT'
>>> Mon Feb 28 18:44:10 2005: DEBUG:  Deleting session for urs_landis,  
>>> 192.168.95.59, 1051
>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling with Radius::AuthFILE:  
>>> CheckMACAddress
>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling with EAP: code 2, 1, 15
>>> Mon Feb 28 18:44:10 2005: DEBUG: Response type 1
>>> Mon Feb 28 18:44:10 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
>>> Mon Feb 28 18:44:10 2005: DEBUG: Access challenged for urs_landis:  
>>> EAP LEAP Challenge
>>> Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
>>> *** Sending to 192.168.95.59 port 21648 ....
>>> Code:       Access-Challenge
>>> Identifier: 226
>>> Authentic:  <246>8Hc<246>P<186>q<136>J<147><252><238><22><184>$
>>> Attributes:
>>>         EAP-Message =  
>>> <1><2><0><26><17><1><0><8><17>(<251><195><230>E<237>durs_landis
>>>         Message-Authenticator =  
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
>>> *** Received from 192.168.95.59 port 21648 ....
>>> Code:       Access-Request
>>> Identifier: 227
>>> Authentic:  <2><251><21><205><234>4<215>o<244><231>=<200><188>^<167>x
>>> Attributes:
>>>         User-Name = "urs_landis"
>>>         Framed-MTU = 1400
>>>         Called-Station-Id = "0013.19fc.2f90"
>>>         Calling-Station-Id = "0030.6503.0a96"
>>>         Service-Type = Login-User
>>>         Message-Authenticator =  
>>> <255>,<171>K<219><221>Y'<157><180>+e<164>X-&
>>>         EAP-Message =  
>>> <2><2><0>*<17><1><0><24><157>G<24><197>*! 
>>> K<136><0>t<254>V<228><161><177><155>&<4><19><205><204>M<170>3urs_land 
>>> is
>>>         NAS-Port-Type = Wireless-IEEE-802-11
>>>         NAS-Port = 1051
>>>         NAS-IP-Address = 192.168.95.59
>>>         NAS-Identifier = "AP-09-023"
>>>
>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling request with Handler  
>>> 'DEFAULT'
>>> Mon Feb 28 18:44:10 2005: DEBUG:  Deleting session for urs_landis,  
>>> 192.168.95.59, 1051
>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling with Radius::AuthFILE:  
>>> CheckMACAddress
>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling with EAP: code 2, 2, 42
>>> Mon Feb 28 18:44:10 2005: DEBUG: Response type 17
>>> Mon Feb 28 18:44:10 2005: DEBUG: Radius::AuthFILE looks for match  
>>> with urs_landis
>>> Mon Feb 28 18:44:10 2005: DEBUG: EAP result: 1, EAP LEAP failed: no  
>>> such user urs_landis
>>> Mon Feb 28 18:44:10 2005: INFO: Access rejected for urs_landis: EAP  
>>> LEAP failed: no such user urs_landis
>>> Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
>>> *** Sending to 192.168.95.59 port 21648 ....
>>> Code:       Access-Reject
>>> Identifier: 227
>>> Authentic:  <2><251><21><205><234>4<215>o<244><231>=<200><188>^<167>x
>>> Attributes:
>>>         EAP-Message = <4><2><0><4>
>>>         Message-Authenticator =  
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>         Reply-Message = "Request Denied"
>>>
>>> Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
>>> *** Received from 192.168.95.59 port 21648 ....
>>> Code:       Access-Request
>>> Identifier: 228
>>> Authentic:  +h<201><218>1o<163><186><148><246><194><238>q<186><225>9
>>> Attributes:
>>>         User-Name = "urs_landis"
>>>         Framed-MTU = 1400
>>>         Called-Station-Id = "0013.19fc.2f90"
>>>         Calling-Station-Id = "0030.6503.0a96"
>>>         Service-Type = Login-User
>>>         Message-Authenticator =  
>>> 7<152>!c<159><4>w<173><191>Pt<138><147><231><15>%
>>>         EAP-Message = <2><1><0><15><1>urs_landis
>>>         NAS-Port-Type = Wireless-IEEE-802-11
>>>         NAS-Port = 1052
>>>         NAS-IP-Address = 192.168.95.59
>>>         NAS-Identifier = "AP-09-023"
>>>
>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling request with Handler  
>>> 'DEFAULT'
>>> Mon Feb 28 18:44:12 2005: DEBUG:  Deleting session for urs_landis,  
>>> 192.168.95.59, 1052
>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling with Radius::AuthFILE:  
>>> CheckMACAddress
>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling with EAP: code 2, 1, 15
>>> Mon Feb 28 18:44:12 2005: DEBUG: Response type 1
>>> Mon Feb 28 18:44:12 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
>>> Mon Feb 28 18:44:12 2005: DEBUG: Access challenged for urs_landis:  
>>> EAP LEAP Challenge
>>> Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
>>> *** Sending to 192.168.95.59 port 21648 ....
>>> Code:       Access-Challenge
>>> Identifier: 228
>>> Authentic:  +h<201><218>1o<163><186><148><246><194><238>q<186><225>9
>>> Attributes:
>>>         EAP-Message =  
>>> <1><2><0><26><17><1><0><8><255><175><20>p<190>&<225>Vurs_landis
>>>         Message-Authenticator =  
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
>>> *** Received from 192.168.95.59 port 21648 ....
>>> Code:       Access-Request
>>> Identifier: 229
>>> Authentic:   
>>> <254><148><29><176>"<251><146><163>4<219><141><231>U<203><193><159>
>>> Attributes:
>>>         User-Name = "urs_landis"
>>>         Framed-MTU = 1400
>>>         Called-Station-Id = "0013.19fc.2f90"
>>>         Calling-Station-Id = "0030.6503.0a96"
>>>         Service-Type = Login-User
>>>         Message-Authenticator = c<189>n?`-X0[6$<186><186>j<5>F
>>>         EAP-Message =  
>>> <2><2><0>*<17><1><0><24><233>; 
>>> <243>P<240><160>9i<25>q<229><4><188>[bQt*8<179><197><15>|<235>urs_lan 
>>> dis
>>>         NAS-Port-Type = Wireless-IEEE-802-11
>>>         NAS-Port = 1052
>>>         NAS-IP-Address = 192.168.95.59
>>>         NAS-Identifier = "AP-09-023"
>>>
>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling request with Handler  
>>> 'DEFAULT'
>>> Mon Feb 28 18:44:12 2005: DEBUG:  Deleting session for urs_landis,  
>>> 192.168.95.59, 1052
>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling with Radius::AuthFILE:  
>>> CheckMACAddress
>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling with EAP: code 2, 2, 42
>>> Mon Feb 28 18:44:12 2005: DEBUG: Response type 17
>>> Mon Feb 28 18:44:12 2005: DEBUG: Radius::AuthFILE looks for match  
>>> with urs_landis
>>> Mon Feb 28 18:44:12 2005: DEBUG: EAP result: 1, EAP LEAP failed: no  
>>> such user urs_landis
>>> Mon Feb 28 18:44:12 2005: INFO: Access rejected for urs_landis: EAP  
>>> LEAP failed: no such user urs_landis
>>> Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
>>> *** Sending to 192.168.95.59 port 21648 ....
>>> Code:       Access-Reject
>>> Identifier: 229
>>> Authentic:   
>>> <254><148><29><176>"<251><146><163>4<219><141><231>U<203><193><159>
>>> Attributes:
>>>         EAP-Message = <4><2><0><4>
>>>         Message-Authenticator =  
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>         Reply-Message = "Request Denied"
>>>
>>> Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
>>> *** Received from 192.168.95.59 port 21648 ....
>>> Code:       Access-Request
>>> Identifier: 230
>>> Authentic:  N<217>V<237><12>(<166>(<201><216><208><173>Q<9><239><29>
>>> Attributes:
>>>         User-Name = "urs_landis"
>>>         Framed-MTU = 1400
>>>         Called-Station-Id = "0013.19fc.2f90"
>>>         Calling-Station-Id = "0030.6503.0a96"
>>>         Service-Type = Login-User
>>>         Message-Authenticator =  
>>> <182>7ZH<150><235>E<15><185><250>g<235><1><145><192>C
>>>         EAP-Message = <2><1><0><15><1>urs_landis
>>>         NAS-Port-Type = Wireless-IEEE-802-11
>>>         NAS-Port = 1053
>>>         NAS-IP-Address = 192.168.95.59
>>>         NAS-Identifier = "AP-09-023"
>>>
>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling request with Handler  
>>> 'DEFAULT'
>>> Mon Feb 28 18:44:13 2005: DEBUG:  Deleting session for urs_landis,  
>>> 192.168.95.59, 1053
>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling with Radius::AuthFILE:  
>>> CheckMACAddress
>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling with EAP: code 2, 1, 15
>>> Mon Feb 28 18:44:13 2005: DEBUG: Response type 1
>>> Mon Feb 28 18:44:13 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
>>> Mon Feb 28 18:44:13 2005: DEBUG: Access challenged for urs_landis:  
>>> EAP LEAP Challenge
>>> Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
>>> *** Sending to 192.168.95.59 port 21648 ....
>>> Code:       Access-Challenge
>>> Identifier: 230
>>> Authentic:  N<217>V<237><12>(<166>(<201><216><208><173>Q<9><239><29>
>>> Attributes:
>>>         EAP-Message =  
>>> <1><2><0><26><17><1><0><8>|+M<237>u<144>4<183>urs_landis
>>>         Message-Authenticator =  
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
>>> *** Received from 192.168.95.59 port 21648 ....
>>> Code:       Access-Request
>>> Identifier: 231
>>> Authentic:   
>>> <155><235><174>$[Q<247><6><162>d<211>i<189><198><241><230>
>>> Attributes:
>>>         User-Name = "urs_landis"
>>>         Framed-MTU = 1400
>>>         Called-Station-Id = "0013.19fc.2f90"
>>>         Calling-Station-Id = "0030.6503.0a96"
>>>         Service-Type = Login-User
>>>         Message-Authenticator =  
>>> <159><242>U<173><149><158><164><236><245><135>j<149><144><206>_W
>>>         EAP-Message =  
>>> <2><2><0>*<17><1><0><24>; 
>>> <20><245>Y<155><18><241><138>U#<208><1><169>o<252>$<231><8>.<131><236 
>>> ><206><237><253>urs_landis
>>>         NAS-Port-Type = Wireless-IEEE-802-11
>>>         NAS-Port = 1053
>>>         NAS-IP-Address = 192.168.95.59
>>>         NAS-Identifier = "AP-09-023"
>>>
>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling request with Handler  
>>> 'DEFAULT'
>>> Mon Feb 28 18:44:13 2005: DEBUG:  Deleting session for urs_landis,  
>>> 192.168.95.59, 1053
>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling with Radius::AuthFILE:  
>>> CheckMACAddress
>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling with EAP: code 2, 2, 42
>>> Mon Feb 28 18:44:13 2005: DEBUG: Response type 17
>>> Mon Feb 28 18:44:13 2005: DEBUG: Radius::AuthFILE looks for match  
>>> with urs_landis
>>> Mon Feb 28 18:44:13 2005: DEBUG: EAP result: 1, EAP LEAP failed: no  
>>> such user urs_landis
>>> Mon Feb 28 18:44:13 2005: INFO: Access rejected for urs_landis: EAP  
>>> LEAP failed: no such user urs_landis
>>> Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
>>> *** Sending to 192.168.95.59 port 21648 ....
>>> Code:       Access-Reject
>>> Identifier: 231
>>> Authentic:   
>>> <155><235><174>$[Q<247><6><162>d<211>i<189><198><241><230>
>>> Attributes:
>>>         EAP-Message = <4><2><0><4>
>>>         Message-Authenticator =  
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>         Reply-Message = "Request Denied"
>>>
>>>
>>> Mit freundlichen Grüssen
>>>
>>>
>>> Urs Landis
>>> ICT
>>> Kantonsschule
>>> Hohe Promenade
>>> Promenadengasse 11
>>> CH-8001 Zürich
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: I am travelling this week, so there may be delays in our  
>> correspondence.
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>

NB: I am travelling this week, so there may be delays in our  
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list