(RADIATOR) Mac-Adress Check and LDAP on OS X
Urs Landis
urs.landis at mac.com
Tue Mar 1 04:36:23 CST 2005
Hugh
i try to make a config for:
1. For WLAN Clients
1.1 Check the mac-address against a local file
1.2 Check Username and Password against OS X LDAP-Server
and this for the moment only with LEAP, later also with TTLS, ....
thats all!
best regards
Urs Landis
ICT
Kantonsschule
Hohe Promenade
Postfach
Promenadengasse 11
CH-8090 Zürich
Am 01.03.2005 um 11:27 schrieb Hugh Irvine:
>
> Hello Urs -
>
> Thanks for the clarification, now I understand.
>
> The problem is the access point which is using EAP (unlike radpwtst).
>
> EAP checks the EAP Identity in the EAP message.
>
> Basically you will need to structure things differently, but I will
> need to know in more detail what you are wanting to do.
>
> You will probably need to use separate Handlers for the outer and
> inner requests.
>
> This has been discussed previously on the mailing list:
>
> www.open.com.au/archives/radiator
>
> regards
>
> Hugh
>
>
> On 1 Mar 2005, at 09:17, Urs Landis wrote:
>
>> Hugh
>>
>> Im not sure that you have understand my problem (proberly because of
>> my bad english??)
>> If i try to connect with radpwtst i get the following trace4: All
>> looks good and he says that he look for a match with 987654321, find
>> it and goes to the LDAP
>> If i try the same thing from the AccessPoint he says that he is
>> looking for a match with urs_landis, but he should look for the
>> mac-address, is this only a strange message, or what is wrong? The
>> mac Address of the connecting Computer is in the address-file as he
>> is printed in the trace Calling-Station-Id file without the "".
>> Where is my fault???
>>
>> Please help!!
>>
>>
>> Urs
>>
>> trace from radpwtst:
>>
>> Tue Mar 1 09:01:12 2005: DEBUG: Packet dump:
>> *** Received from 127.0.0.1 port 50650 ....
>> Code: Access-Request
>> Identifier: 207
>> Authentic: 1234567890123456
>> Attributes:
>> User-Name = "Urs_Landis"
>> Service-Type = Framed-User
>> NAS-IP-Address = 203.63.154.1
>> NAS-Port = 1234
>> Called-Station-Id = "123456789"
>> Calling-Station-Id = "987654321"
>> NAS-Port-Type = Async
>> User-Password =
>> "Q<238><228><168><185><212><156>F<177>/<190><8>L<1>@<233>"
>>
>> Tue Mar 1 09:01:12 2005: DEBUG: Handling request with Handler
>> 'DEFAULT'
>> Tue Mar 1 09:01:12 2005: DEBUG: Deleting session for Urs_Landis,
>> 203.63.154.1, 1234
>> Tue Mar 1 09:01:12 2005: DEBUG: Handling with Radius::AuthFILE:
>> CheckMACAddress
>> Tue Mar 1 09:01:12 2005: DEBUG: Radius::AuthFILE looks for match
>> with 987654321
>> Tue Mar 1 09:01:12 2005: DEBUG: Handling with Radius::AuthLDAP2:
>> CheckLDAP
>> Tue Mar 1 09:01:12 2005: INFO: Connecting to 192.168.1.21, port 389
>> Tue Mar 1 09:01:12 2005: INFO: Attempting to bind to LDAP server
>> 192.168.1.21:389)
>>
>>
>>
>> Trace 'from AccessPoint'
>> Tue Mar 1 09:04:06 2005: DEBUG: Packet dump:
>> *** Received from 192.168.95.59 port 21649 ....
>> Code: Access-Request
>> Identifier: 84
>> Authentic: .]<212><28>?<24>8<185><162><207><148>j<229>H<13><235>
>> Attributes:
>> User-Name = "urs_landis"
>> Framed-MTU = 1400
>> Called-Station-Id = "0013.19fc.2f90"
>> Calling-Station-Id = "0030.6503.0a96"
>> Service-Type = Login-User
>> Message-Authenticator =
>> <169>C<246>5<136><219><208>`+<168><225>3<149><195><181><250>
>> EAP-Message = <2><1><0><15><1>urs_landis
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 1121
>> NAS-IP-Address = 192.168.95.59
>> NAS-Identifier = "AP-09-023"
>>
>> Tue Mar 1 09:04:06 2005: DEBUG: Handling request with Handler
>> 'DEFAULT'
>> Tue Mar 1 09:04:06 2005: DEBUG: Deleting session for urs_landis,
>> 192.168.95.59, 1121
>> Tue Mar 1 09:04:06 2005: DEBUG: Handling with Radius::AuthFILE:
>> CheckMACAddress
>> Tue Mar 1 09:04:06 2005: DEBUG: Handling with EAP: code 2, 1, 15
>> Tue Mar 1 09:04:06 2005: DEBUG: Response type 1
>> Tue Mar 1 09:04:06 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
>> Tue Mar 1 09:04:06 2005: DEBUG: Access challenged for urs_landis:
>> EAP LEAP Challenge
>> Tue Mar 1 09:04:06 2005: DEBUG: Packet dump:
>> *** Sending to 192.168.95.59 port 21649 ....
>> Code: Access-Challenge
>> Identifier: 84
>> Authentic: .]<212><28>?<24>8<185><162><207><148>j<229>H<13><235>
>> Attributes:
>> EAP-Message =
>> <1><2><0><26><17><1><0><8>U<176>9<138><27><200><255><26>urs_landis
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Tue Mar 1 09:04:06 2005: DEBUG: Packet dump:
>> *** Received from 192.168.95.59 port 21649 ....
>> Code: Access-Request
>> Identifier: 85
>> Authentic: <172><187>*gh<29><199><227>b<242><4><141><127>2<7><151>
>> Attributes:
>> User-Name = "urs_landis"
>> Framed-MTU = 1400
>> Called-Station-Id = "0013.19fc.2f90"
>> Calling-Station-Id = "0030.6503.0a96"
>> Service-Type = Login-User
>> Message-Authenticator =
>> F<167><233>1U<153><24>1<145><143>2Y<22><253><134>U
>> EAP-Message =
>> <2><2><0>*<17><1><0><24><214><200>z<204><136>8o<15><166><233>i<241>rD&
>> <198><28><232>m<146><236>i<227><146>urs_landis
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 1121
>> NAS-IP-Address = 192.168.95.59
>> NAS-Identifier = "AP-09-023"
>>
>> Tue Mar 1 09:04:06 2005: DEBUG: Handling request with Handler
>> 'DEFAULT'
>> Tue Mar 1 09:04:06 2005: DEBUG: Deleting session for urs_landis,
>> 192.168.95.59, 1121
>> Tue Mar 1 09:04:06 2005: DEBUG: Handling with Radius::AuthFILE:
>> CheckMACAddress
>> Tue Mar 1 09:04:06 2005: DEBUG: Handling with EAP: code 2, 2, 42
>> Tue Mar 1 09:04:06 2005: DEBUG: Response type 17
>> Tue Mar 1 09:04:06 2005: DEBUG: Radius::AuthFILE looks for match
>> with urs_landis
>> Tue Mar 1 09:04:06 2005: DEBUG: EAP result: 1, EAP LEAP failed: no
>> such user urs_landis
>>
>> My config:
>>
>> # leap.cfg
>> #
>>
>> Foreground
>> LogStdout
>> LogDir /var/log/radius
>> DbDir /etc/radiator
>>
>> # User a lower trace level in production systems:
>> Trace 4
>>
>> <Client DEFAULT>
>> Secret xxxxxx
>> DupInterval 0
>> </Client>
>>
>> <AuthBy FILE>
>> Identifier CheckMACAddress
>> Filename %D/addresses.mac
>> AuthenticateAttribute Calling-Station-Id
>> EAPType LEAP
>> # EAPType TTLS
>> # EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>> # EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>> # EAPTLS_CertificateType PEM
>> # EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>> # EAPTLS_PrivateKeyPassword whatever
>> # EAPTLS_MaxFragmentSize 1000
>> # AutoMPPEKeys
>> </AuthBy>
>>
>> <AuthBy LDAP2>
>> Identifier CheckLDAP
>> Host 192.168.1.21
>> BaseDN dc=hopro, dc=edu
>> Version 3
>> UsernameAttr uid
>> ServerChecksPassword
>> # SearchFilter (&(uid=%1)(buildingName=WLAN))
>> # AddToReply buildingName
>> </AuthBy>
>>
>> <Handler DEFAULT>
>> AuthBy CheckMACAddress
>> </Handler>
>>
>> my addresses file:
>>
>> # MAC-Adressen Tabelle
>> # PowerBook G4 17" von Urs Landis Privat
>> 00:03:93:eb:cf:2f Auth-Type = CheckLDAP
>> # Testadresse radpwtst
>> 987654321 Auth-Type = CheckLDAP
>> # iBook Urs Landis
>> 0011.242b.11a9 Auth-Type = CheckLDAP
>> #PowerBook-LG-05
>> 0030.6503.0a96 Auth-Type = CheckLDAP
>>
>>
>> Urs Landis
>> ICT
>> Kantonsschule
>> Hohe Promenade
>> Postfach
>> Promenadengasse 11
>> CH-8090 Zürich
>>
>> Am 28.02.2005 um 21:06 schrieb Hugh Irvine:
>>
>>>
>>> Hello Urs -
>>>
>>> Your configuration file says to use the AuthBy CheckMACAddress:
>>>
>>>>
>>>> <Handler DEFAULT>
>>>> AuthBy CheckMACAddress
>>>> </Handler>
>>>
>>> So that is what it is doing.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 28 Feb 2005, at 18:51, Urs Landis wrote:
>>>
>>>> Hi all
>>>>
>>>> now i tried with LEAP. with radpwtst it looks great! With the
>>>> access point i have a strange error message! It looks for a user in
>>>> the mac-address file! But why?
>>>>
>>>> my config
>>>>
>>>> # leap.cfg
>>>> #
>>>>
>>>> Foreground
>>>> LogStdout
>>>> LogDir /var/log/radius
>>>> DbDir /etc/radiator
>>>>
>>>> # User a lower trace level in production systems:
>>>> Trace 4
>>>>
>>>> <Client DEFAULT>
>>>> Secret xxxyyy
>>>> DupInterval 0
>>>> </Client>
>>>>
>>>> <AuthBy FILE>
>>>> Identifier CheckMACAddress
>>>> Filename %D/addresses.mac
>>>>
>>>> AuthenticateAttribute Calling-Station-Id
>>>> EAPType LEAP
>>>>
>>>>
>>>> </AuthBy>
>>>>
>>>> <AuthBy LDAP2>
>>>> Identifier CheckLDAP
>>>> Host xxx.xxx.xxx.xxx
>>>> BaseDN dc=aaa, dc=bbb
>>>> Version 3
>>>> UsernameAttr uid
>>>> ServerChecksPassword
>>>> SearchFilter (&(uid=%1)(buildingName=WLAN))
>>>> AddToReply buildingName
>>>> </AuthBy>
>>>> <Handler DEFAULT>
>>>> AuthBy CheckMACAddress
>>>> </Handler>
>>>>
>>>> The trace 4 log:
>>>>
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
>>>> *** Received from 192.168.95.59 port 21648 ....
>>>> Code: Access-Request
>>>> Identifier: 224
>>>> Authentic: <184><198>f<136>t<211>`]<162>=W<9><131><26><17>M
>>>> Attributes:
>>>> User-Name = "urs_landis"
>>>> Framed-MTU = 1400
>>>> Called-Station-Id = "0013.19fc.2f90"
>>>> Calling-Station-Id = "0030.6503.0a96"
>>>> Service-Type = Login-User
>>>> Message-Authenticator =
>>>> <158><208>Y<145><244><8>>.<155>U<12><159><177><17><237>g
>>>> EAP-Message = <2><1><0><15><1>urs_landis
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> NAS-Port = 1050
>>>> NAS-IP-Address = 192.168.95.59
>>>> NAS-Identifier = "AP-09-023"
>>>>
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling request with Handler
>>>> 'DEFAULT'
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Deleting session for urs_landis,
>>>> 192.168.95.59, 1050
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling with Radius::AuthFILE:
>>>> CheckMACAddress
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling with EAP: code 2, 1, 15
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Response type 1
>>>> Mon Feb 28 18:44:09 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Access challenged for urs_landis:
>>>> EAP LEAP Challenge
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
>>>> *** Sending to 192.168.95.59 port 21648 ....
>>>> Code: Access-Challenge
>>>> Identifier: 224
>>>> Authentic: <184><198>f<136>t<211>`]<162>=W<9><131><26><17>M
>>>> Attributes:
>>>> EAP-Message =
>>>> <1><2><0><26><17><1><0><8>6<249>#<6>I<127><189><20>urs_landis
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
>>>> *** Received from 192.168.95.59 port 21648 ....
>>>> Code: Access-Request
>>>> Identifier: 225
>>>> Authentic:
>>>> <238><208><201>#|<148>q<172><12><201><140><132><3><<132>n
>>>> Attributes:
>>>> User-Name = "urs_landis"
>>>> Framed-MTU = 1400
>>>> Called-Station-Id = "0013.19fc.2f90"
>>>> Calling-Station-Id = "0030.6503.0a96"
>>>> Service-Type = Login-User
>>>> Message-Authenticator =
>>>> <26><194><2><30><201><144>E<181><31><193><251>g<23><205><127><13>
>>>> EAP-Message =
>>>> <2><2><0>*<17><1><0><24><188><6><24>t<7>W]<203>B<191><6>(<29><233><2
>>>> 16><141>;%<235><27>^?<27><161>urs_landis
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> NAS-Port = 1050
>>>> NAS-IP-Address = 192.168.95.59
>>>> NAS-Identifier = "AP-09-023"
>>>>
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling request with Handler
>>>> 'DEFAULT'
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Deleting session for urs_landis,
>>>> 192.168.95.59, 1050
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling with Radius::AuthFILE:
>>>> CheckMACAddress
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Handling with EAP: code 2, 2, 42
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Response type 17
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Radius::AuthFILE looks for match
>>>> with urs_landis
>>>> Mon Feb 28 18:44:09 2005: DEBUG: EAP result: 1, EAP LEAP failed: no
>>>> such user urs_landis
>>>> Mon Feb 28 18:44:09 2005: INFO: Access rejected for urs_landis: EAP
>>>> LEAP failed: no such user urs_landis
>>>> Mon Feb 28 18:44:09 2005: DEBUG: Packet dump:
>>>> *** Sending to 192.168.95.59 port 21648 ....
>>>> Code: Access-Reject
>>>> Identifier: 225
>>>> Authentic:
>>>> <238><208><201>#|<148>q<172><12><201><140><132><3><<132>n
>>>> Attributes:
>>>> EAP-Message = <4><2><0><4>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>> Reply-Message = "Request Denied"
>>>>
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
>>>> *** Received from 192.168.95.59 port 21648 ....
>>>> Code: Access-Request
>>>> Identifier: 226
>>>> Authentic: <246>8Hc<246>P<186>q<136>J<147><252><238><22><184>$
>>>> Attributes:
>>>> User-Name = "urs_landis"
>>>> Framed-MTU = 1400
>>>> Called-Station-Id = "0013.19fc.2f90"
>>>> Calling-Station-Id = "0030.6503.0a96"
>>>> Service-Type = Login-User
>>>> Message-Authenticator =
>>>> <171><226><160><206>#<240><204><29><237><11><22><243><127>e<156><129
>>>> >
>>>> EAP-Message = <2><1><0><15><1>urs_landis
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> NAS-Port = 1051
>>>> NAS-IP-Address = 192.168.95.59
>>>> NAS-Identifier = "AP-09-023"
>>>>
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling request with Handler
>>>> 'DEFAULT'
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Deleting session for urs_landis,
>>>> 192.168.95.59, 1051
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling with Radius::AuthFILE:
>>>> CheckMACAddress
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling with EAP: code 2, 1, 15
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Response type 1
>>>> Mon Feb 28 18:44:10 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Access challenged for urs_landis:
>>>> EAP LEAP Challenge
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
>>>> *** Sending to 192.168.95.59 port 21648 ....
>>>> Code: Access-Challenge
>>>> Identifier: 226
>>>> Authentic: <246>8Hc<246>P<186>q<136>J<147><252><238><22><184>$
>>>> Attributes:
>>>> EAP-Message =
>>>> <1><2><0><26><17><1><0><8><17>(<251><195><230>E<237>durs_landis
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
>>>> *** Received from 192.168.95.59 port 21648 ....
>>>> Code: Access-Request
>>>> Identifier: 227
>>>> Authentic:
>>>> <2><251><21><205><234>4<215>o<244><231>=<200><188>^<167>x
>>>> Attributes:
>>>> User-Name = "urs_landis"
>>>> Framed-MTU = 1400
>>>> Called-Station-Id = "0013.19fc.2f90"
>>>> Calling-Station-Id = "0030.6503.0a96"
>>>> Service-Type = Login-User
>>>> Message-Authenticator =
>>>> <255>,<171>K<219><221>Y'<157><180>+e<164>X-&
>>>> EAP-Message =
>>>> <2><2><0>*<17><1><0><24><157>G<24><197>*!
>>>> K<136><0>t<254>V<228><161><177><155>&<4><19><205><204>M<170>3urs_lan
>>>> dis
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> NAS-Port = 1051
>>>> NAS-IP-Address = 192.168.95.59
>>>> NAS-Identifier = "AP-09-023"
>>>>
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling request with Handler
>>>> 'DEFAULT'
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Deleting session for urs_landis,
>>>> 192.168.95.59, 1051
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling with Radius::AuthFILE:
>>>> CheckMACAddress
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Handling with EAP: code 2, 2, 42
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Response type 17
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Radius::AuthFILE looks for match
>>>> with urs_landis
>>>> Mon Feb 28 18:44:10 2005: DEBUG: EAP result: 1, EAP LEAP failed: no
>>>> such user urs_landis
>>>> Mon Feb 28 18:44:10 2005: INFO: Access rejected for urs_landis: EAP
>>>> LEAP failed: no such user urs_landis
>>>> Mon Feb 28 18:44:10 2005: DEBUG: Packet dump:
>>>> *** Sending to 192.168.95.59 port 21648 ....
>>>> Code: Access-Reject
>>>> Identifier: 227
>>>> Authentic:
>>>> <2><251><21><205><234>4<215>o<244><231>=<200><188>^<167>x
>>>> Attributes:
>>>> EAP-Message = <4><2><0><4>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>> Reply-Message = "Request Denied"
>>>>
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
>>>> *** Received from 192.168.95.59 port 21648 ....
>>>> Code: Access-Request
>>>> Identifier: 228
>>>> Authentic: +h<201><218>1o<163><186><148><246><194><238>q<186><225>9
>>>> Attributes:
>>>> User-Name = "urs_landis"
>>>> Framed-MTU = 1400
>>>> Called-Station-Id = "0013.19fc.2f90"
>>>> Calling-Station-Id = "0030.6503.0a96"
>>>> Service-Type = Login-User
>>>> Message-Authenticator =
>>>> 7<152>!c<159><4>w<173><191>Pt<138><147><231><15>%
>>>> EAP-Message = <2><1><0><15><1>urs_landis
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> NAS-Port = 1052
>>>> NAS-IP-Address = 192.168.95.59
>>>> NAS-Identifier = "AP-09-023"
>>>>
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling request with Handler
>>>> 'DEFAULT'
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Deleting session for urs_landis,
>>>> 192.168.95.59, 1052
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling with Radius::AuthFILE:
>>>> CheckMACAddress
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling with EAP: code 2, 1, 15
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Response type 1
>>>> Mon Feb 28 18:44:12 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Access challenged for urs_landis:
>>>> EAP LEAP Challenge
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
>>>> *** Sending to 192.168.95.59 port 21648 ....
>>>> Code: Access-Challenge
>>>> Identifier: 228
>>>> Authentic: +h<201><218>1o<163><186><148><246><194><238>q<186><225>9
>>>> Attributes:
>>>> EAP-Message =
>>>> <1><2><0><26><17><1><0><8><255><175><20>p<190>&<225>Vurs_landis
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
>>>> *** Received from 192.168.95.59 port 21648 ....
>>>> Code: Access-Request
>>>> Identifier: 229
>>>> Authentic:
>>>> <254><148><29><176>"<251><146><163>4<219><141><231>U<203><193><159>
>>>> Attributes:
>>>> User-Name = "urs_landis"
>>>> Framed-MTU = 1400
>>>> Called-Station-Id = "0013.19fc.2f90"
>>>> Calling-Station-Id = "0030.6503.0a96"
>>>> Service-Type = Login-User
>>>> Message-Authenticator = c<189>n?`-X0[6$<186><186>j<5>F
>>>> EAP-Message =
>>>> <2><2><0>*<17><1><0><24><233>;
>>>> <243>P<240><160>9i<25>q<229><4><188>[bQt*8<179><197><15>|<235>urs_la
>>>> ndis
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> NAS-Port = 1052
>>>> NAS-IP-Address = 192.168.95.59
>>>> NAS-Identifier = "AP-09-023"
>>>>
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling request with Handler
>>>> 'DEFAULT'
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Deleting session for urs_landis,
>>>> 192.168.95.59, 1052
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling with Radius::AuthFILE:
>>>> CheckMACAddress
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Handling with EAP: code 2, 2, 42
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Response type 17
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Radius::AuthFILE looks for match
>>>> with urs_landis
>>>> Mon Feb 28 18:44:12 2005: DEBUG: EAP result: 1, EAP LEAP failed: no
>>>> such user urs_landis
>>>> Mon Feb 28 18:44:12 2005: INFO: Access rejected for urs_landis: EAP
>>>> LEAP failed: no such user urs_landis
>>>> Mon Feb 28 18:44:12 2005: DEBUG: Packet dump:
>>>> *** Sending to 192.168.95.59 port 21648 ....
>>>> Code: Access-Reject
>>>> Identifier: 229
>>>> Authentic:
>>>> <254><148><29><176>"<251><146><163>4<219><141><231>U<203><193><159>
>>>> Attributes:
>>>> EAP-Message = <4><2><0><4>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>> Reply-Message = "Request Denied"
>>>>
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
>>>> *** Received from 192.168.95.59 port 21648 ....
>>>> Code: Access-Request
>>>> Identifier: 230
>>>> Authentic: N<217>V<237><12>(<166>(<201><216><208><173>Q<9><239><29>
>>>> Attributes:
>>>> User-Name = "urs_landis"
>>>> Framed-MTU = 1400
>>>> Called-Station-Id = "0013.19fc.2f90"
>>>> Calling-Station-Id = "0030.6503.0a96"
>>>> Service-Type = Login-User
>>>> Message-Authenticator =
>>>> <182>7ZH<150><235>E<15><185><250>g<235><1><145><192>C
>>>> EAP-Message = <2><1><0><15><1>urs_landis
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> NAS-Port = 1053
>>>> NAS-IP-Address = 192.168.95.59
>>>> NAS-Identifier = "AP-09-023"
>>>>
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling request with Handler
>>>> 'DEFAULT'
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Deleting session for urs_landis,
>>>> 192.168.95.59, 1053
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling with Radius::AuthFILE:
>>>> CheckMACAddress
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling with EAP: code 2, 1, 15
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Response type 1
>>>> Mon Feb 28 18:44:13 2005: DEBUG: EAP result: 3, EAP LEAP Challenge
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Access challenged for urs_landis:
>>>> EAP LEAP Challenge
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
>>>> *** Sending to 192.168.95.59 port 21648 ....
>>>> Code: Access-Challenge
>>>> Identifier: 230
>>>> Authentic: N<217>V<237><12>(<166>(<201><216><208><173>Q<9><239><29>
>>>> Attributes:
>>>> EAP-Message =
>>>> <1><2><0><26><17><1><0><8>|+M<237>u<144>4<183>urs_landis
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
>>>> *** Received from 192.168.95.59 port 21648 ....
>>>> Code: Access-Request
>>>> Identifier: 231
>>>> Authentic:
>>>> <155><235><174>$[Q<247><6><162>d<211>i<189><198><241><230>
>>>> Attributes:
>>>> User-Name = "urs_landis"
>>>> Framed-MTU = 1400
>>>> Called-Station-Id = "0013.19fc.2f90"
>>>> Calling-Station-Id = "0030.6503.0a96"
>>>> Service-Type = Login-User
>>>> Message-Authenticator =
>>>> <159><242>U<173><149><158><164><236><245><135>j<149><144><206>_W
>>>> EAP-Message =
>>>> <2><2><0>*<17><1><0><24>;
>>>> <20><245>Y<155><18><241><138>U#<208><1><169>o<252>$<231><8>.<131><23
>>>> 6><206><237><253>urs_landis
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> NAS-Port = 1053
>>>> NAS-IP-Address = 192.168.95.59
>>>> NAS-Identifier = "AP-09-023"
>>>>
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling request with Handler
>>>> 'DEFAULT'
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Deleting session for urs_landis,
>>>> 192.168.95.59, 1053
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling with Radius::AuthFILE:
>>>> CheckMACAddress
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Handling with EAP: code 2, 2, 42
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Response type 17
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Radius::AuthFILE looks for match
>>>> with urs_landis
>>>> Mon Feb 28 18:44:13 2005: DEBUG: EAP result: 1, EAP LEAP failed: no
>>>> such user urs_landis
>>>> Mon Feb 28 18:44:13 2005: INFO: Access rejected for urs_landis: EAP
>>>> LEAP failed: no such user urs_landis
>>>> Mon Feb 28 18:44:13 2005: DEBUG: Packet dump:
>>>> *** Sending to 192.168.95.59 port 21648 ....
>>>> Code: Access-Reject
>>>> Identifier: 231
>>>> Authentic:
>>>> <155><235><174>$[Q<247><6><162>d<211>i<189><198><241><230>
>>>> Attributes:
>>>> EAP-Message = <4><2><0><4>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>> Reply-Message = "Request Denied"
>>>>
>>>>
>>>> Mit freundlichen Grüssen
>>>>
>>>>
>>>> Urs Landis
>>>> ICT
>>>> Kantonsschule
>>>> Hohe Promenade
>>>> Promenadengasse 11
>>>> CH-8001 Zürich
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>> NB: I am travelling this week, so there may be delays in our
>>> correspondence.
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>
> NB: I am travelling this week, so there may be delays in our
> correspondence.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 24518 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050301/5a0624ef/attachment.bin>
More information about the radiator
mailing list