(RADIATOR) I don't think this a Radiator problem, but...
Mike McCauley
mikem at open.com.au
Tue Mar 22 03:44:53 CST 2005
Hello Philip,
On Tuesday 22 March 2005 09:27, Philip Ershler wrote:
> I use radiator to do TTLS authentication on my wireless system. Most of
> the time, things work just fine. However at times the connection
> process from the computer to the wireless system hangs at the
> authentication phase. I have included a verbose dump from the log of
> one such occurrence. It looks for some reason like the "conversation"
> between the WAP and the radiator server just stops, with each side
> waiting for the other. I'm not sure this is actually a radiator issue,
> but I'd appreciate any suggestions you might have.
I dont think its a Radiator issue either. Looks like the last message was
sent by Radiator to the client, and nothing was heard from the client again.
I think you will have to enable some tracing in the client to find out what
the client thinks the problem is.
What client is it?
Does it happen only with the same client(s), or randomly distributed?
Have you noticed any other patterns or clues?
Cheers.
>
> Thanks,
>
> Phil
>
>
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Received from 155.100.140.18 port 1029 ....
> Code: Access-Request
> Identifier: 0
> Authentic: +<206>E<183><15>(<30>.B<147><25>_*<165>[<159>
> Attributes:
> Message-Authenticator =
> <1>z<174><191><203>i<153><144>s<180><139><195>+Hj<150>
> Service-Type = Framed-User
> User-Name = "ershler"
> Framed-MTU = 1488
> Called-Station-Id = "00-0F-3D-AA-33-E5:CVRTI-G"
> Calling-Station-Id = "00-90-4B-6F-0E-19"
> NAS-Identifier = "D-link Corp. Access Point"
> NAS-Port-Type = Wireless-IEEE-802-11
> Connect-Info = "CONNECT 54Mbps 802.11g"
> EAP-Message = <2><0><0><12><1>ershler
> NAS-IP-Address = 155.100.140.18
> NAS-Port = 1
> NAS-Port-Id = "STA port # 1"
>
> Mon Mar 21 09:42:40 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Mar 21 09:42:40 2005: DEBUG: Deleting session for ershler,
> 155.100.140.18, 1
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with Radius::AuthLDAP2:
> LDAPBind
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with EAP: code 2, 0, 12
> Mon Mar 21 09:42:40 2005: DEBUG: Response type 1
> Mon Mar 21 09:42:40 2005: DEBUG: Resuming session for
> Radius::Context=HASH(0xb1b8c4)
>
> Mon Mar 21 09:42:40 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Access challenged for ershler: EAP
> TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Sending to 155.100.140.18 port 1029 ....
> Code: Access-Challenge
> Identifier: 0
> Authentic: +<206>E<183><15>(<30>.B<147><25>_*<165>[<159>
> Attributes:
> EAP-Message = <1><1><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Received from 155.100.140.18 port 1029 ....
> Code: Access-Request
> Identifier: 1
> Authentic: X:d<178>Wic<16><4><163>wid<168>#<30>
> Attributes:
> Message-Authenticator =
> <190><19><250><189><140><138><139><253><158>w<194><253>MF<189>e
> Service-Type = Framed-User
> User-Name = "ershler"
> Framed-MTU = 1488
> Called-Station-Id = "00-0F-3D-AA-33-E5:CVRTI-G"
> Calling-Station-Id = "00-90-4B-6F-0E-19"
> NAS-Identifier = "D-link Corp. Access Point"
> NAS-Port-Type = Wireless-IEEE-802-11
> Connect-Info = "CONNECT 54Mbps 802.11g"
> EAP-Message =
> <2><1><0><<21><128><0><0><0>2<22><3><1><0>-
> <1><0><0>)<3><1><224><1><1><0>L<193>r<131><153>$<242><134>%d<139><155><6
>
> ><166><225>W<187>R<194><31>p<180><177><214><233>fZ<221><0><0><2><0><10><
>
> 1><0>
> NAS-IP-Address = 155.100.140.18
> NAS-Port = 1
> NAS-Port-Id = "STA port # 1"
>
> Mon Mar 21 09:42:40 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Mar 21 09:42:40 2005: DEBUG: Deleting session for ershler,
> 155.100.140.18, 1
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with Radius::AuthLDAP2:
> LDAPBind
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with EAP: code 2, 1, 60
> Mon Mar 21 09:42:40 2005: DEBUG: Response type 21
> Mon Mar 21 09:42:40 2005: DEBUG: EAP TLS SSL_accept result: -1, 2, 8465
> Mon Mar 21 09:42:40 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Access challenged for ershler: EAP
> TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Sending to 155.100.140.18 port 1029 ....
> Code: Access-Challenge
> Identifier: 1
> Authentic: X:d<178>Wic<16><4><163>wid<168>#<30>
> Attributes:
> EAP-Message = <1><2><0><6><21><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Received from 155.100.140.18 port 1029 ....
> Code: Access-Request
> Identifier: 3
> Authentic: <0>3<127>BYN1<234>Z?<13><243>"Jb!
> Attributes:
> Message-Authenticator =
> <240>?<219><220><18><240><222>_<24><191><230><160><210><178><206><136>
> Service-Type = Framed-User
> User-Name = "ershler"
> Framed-MTU = 1488
> Called-Station-Id = "00-0F-3D-AA-33-E5:CVRTI-G"
> Calling-Station-Id = "00-90-4B-6F-0E-19"
> NAS-Identifier = "D-link Corp. Access Point"
> NAS-Port-Type = Wireless-IEEE-802-11
> Connect-Info = "CONNECT 54Mbps 802.11g"
> EAP-Message = <2><3><0><12><1>ershler
> NAS-IP-Address = 155.100.140.18
> NAS-Port = 1
> NAS-Port-Id = "STA port # 1"
>
> Mon Mar 21 09:42:40 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Mar 21 09:42:40 2005: DEBUG: Deleting session for ershler,
> 155.100.140.18, 1
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with Radius::AuthLDAP2:
> LDAPBind
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with EAP: code 2, 3, 12
> Mon Mar 21 09:42:40 2005: DEBUG: Response type 1
> Mon Mar 21 09:42:40 2005: DEBUG: Resuming session for
> Radius::Context=HASH(0xb1b8c4)
>
> Mon Mar 21 09:42:40 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Access challenged for ershler: EAP
> TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Sending to 155.100.140.18 port 1029 ....
> Code: Access-Challenge
> Identifier: 3
> Authentic: <0>3<127>BYN1<234>Z?<13><243>"Jb!
> Attributes:
> EAP-Message = <1><4><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Received from 155.100.140.18 port 1029 ....
> Code: Access-Request
> Identifier: 4
> Authentic: U2x8<25><211>`<149>:<196><22><142>2t)<191>
> Attributes:
> Message-Authenticator = <241><225>^<30><198>>6s<244>t<129>5<246>Y/<20>
> Service-Type = Framed-User
> User-Name = "ershler"
> Framed-MTU = 1488
> Called-Station-Id = "00-0F-3D-AA-33-E5:CVRTI-G"
> Calling-Station-Id = "00-90-4B-6F-0E-19"
> NAS-Identifier = "D-link Corp. Access Point"
> NAS-Port-Type = Wireless-IEEE-802-11
> Connect-Info = "CONNECT 54Mbps 802.11g"
> EAP-Message =
> <2><4><0><<21><128><0><0><0>2<22><3><1><0>-
> <1><0><0>)<3><1><254><1><1><0><174>A<21>s<143><26><156><165>(<152><165><
> 201><142><191>/
> <22><190>v"0<234><246><30><19>bi<179><166><0><0><2><0><10><1><0>
> NAS-IP-Address = 155.100.140.18
> NAS-Port = 1
> NAS-Port-Id = "STA port # 1"
>
> Mon Mar 21 09:42:40 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Mar 21 09:42:40 2005: DEBUG: Deleting session for ershler,
> 155.100.140.18, 1
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with Radius::AuthLDAP2:
> LDAPBind
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with EAP: code 2, 4, 60
> Mon Mar 21 09:42:40 2005: DEBUG: Response type 21
> Mon Mar 21 09:42:40 2005: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Mon Mar 21 09:42:40 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Access challenged for ershler: EAP
> TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Sending to 155.100.140.18 port 1029 ....
> Code: Access-Challenge
> Identifier: 4
> Authentic: U2x8<25><211>`<149>:<196><22><142>2t)<191>
> Attributes:
> EAP-Message =
> <1><5><3><242><21><192><0><0><7><210><22><3><1><0>J<2><0><0>F<3><1>B><24
> 9><128><127><203><175><157><137><249><0>X<28><27><130><134>4<8><133>#m<1
> 50><175><248>H<147><232>a<245><236><181><30>
> <160><3><131><220>i<162>E<128><161><158><205><29><202>z`<148><3>SU<234><
> 228>F=uN,<167>a<168>Q<160>2<0><10><0><22><3><1><6><193><11><0><6><189><0
>
> ><6><186><0><2><227>0<130><2><223>0<130><2>H<160><3><2><1><2><2><1><1>0<
>
> 13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><166>1<11>0<9><6><3>U
> <4><6><19><2>US1<13>0<11><6><3>U<4><8><19><4>Utah1<23>0<21><6><3>U<4><7>
> <19><14>Salt Lake City1<27>0<25><6><3>U<4><10><19><18>University of
> Utah1<14>0<12><6><3>U<4><11><19><5>CVRTI1<24>0<22><6><3>U<4><3><19><15>C
> VRTI'
> EAP-Message = s root
> CA1(0&<6><9>*<134>H<134><247><13><1><9><1><22><25>postmaster at cvrti.utah.
> edu0<30><23><13>050301201633Z<23><13>060301201633Z0<129><170>1<11>0<9><6
>
> ><3>U<4><6><19><2>US1<13>0<11><6><3>U<4><8><19><4>Utah1<23>0<21><6><3>U<
>
> 4><7><19><14>Salt Lake City1<27>0<25><6><3>U<4><10><19><18>University
> of
> Utah1<14>0<12><6><3>U<4><11><19><5>CVRTI1<28>0<26><6><3>U<4><3><19><19>C
> VRTI Radius
> Server1(0&<6><9>*<134>H<134><247><13><1><9><1><22><25>postmaster at cvrti.u
> tah.
> EAP-Message =
> edu0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><14
> 1><0>0<129><137><2><129><129><0><183>eFc<179>T:
> 4<237><22><228>d\<176>=<225>f<241>G<160>k<12><162><240>^<130><223><186><
> 138><150><241><220><249><128><229><30><135><29>}<169><192><15><208><15>U
> <150>E><194>/m<129>t<191>RI<136><187><225><208><157>q<131>-
> <211><162><169><229>Y<235><21><255><134>J<194><214>6<249><24><10><156><1
> 68><9><212>`<181><164><209><13>1<209><136><214>]<185><165><22>R!
> <160><224>'<218><151>D<149><187>E<208><249><249><31><177><211><8><215><1
> 62>$<134><8><231><229>o<16><255><216><132><193><2><3><1><0><1><163><23>0
> <21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>
> *<134>H<134><247><13><1><1><4><5><0><3><129><129><0>Ax<173>;
> <252><195><250>!<142><250>F!
> l<203>]^t<174><22><139><205><148>Ec<195>|G.2(<197><132>YNl?
> <178>s<242><188><0><165><20><184>
> EAP-Message =
> <31>8[@<223><31><244><172>6<221><254>A<128><137>{<233>`_<155><5>/
> <241>xH<230>+<185>g<198>c<12>d&j<180><183><211><179><154><209><158><154>
> <9><127><245><190>]'<240>A<27><31><143>J1>G<245><30><172><190><135>u*b<1
> 96>2<142><14><10><190><26><228><198><132>N0c<232><3><208><235>P<201><0><
> 3><209>0<130><3><205>0<130><3>6<160><3><2><1><2><2><1><0>0<13><6><9>*<13
> 4>H<134><247><13><1><1><4><5><0>0<129><166>1<11>0<9><6><3>U<4><6><19><2>
> US1<13>0<11><6><3>U<4><8><19><4>Utah1<23>0<21><6><3>U<4><7><19><14>Salt
> Lake City1<27>0<25><6><3>U<4><10><19><18>University of
> Utah1<14>0<12><6><3>U<4><11><19><5>CVRTI1<24>0<22><6><3>U<4><3><19><15>C
> VRTI's root CA1(0&<6><9>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Received from 155.100.140.18 port 1029 ....
> Code: Access-Request
> Identifier: 5
> Authentic: U:<2>Y^<227><127>2<6><210><15><246>[<142>3U
> Attributes:
> Message-Authenticator =
> <212><191><170><238>3g6<188>A<174>e<194><174><219>QH
> Service-Type = Framed-User
> User-Name = "ershler"
> Framed-MTU = 1488
> Called-Station-Id = "00-0F-3D-AA-33-E5:CVRTI-G"
> Calling-Station-Id = "00-90-4B-6F-0E-19"
> NAS-Identifier = "D-link Corp. Access Point"
> NAS-Port-Type = Wireless-IEEE-802-11
> Connect-Info = "CONNECT 54Mbps 802.11g"
> EAP-Message = <2><5><0><6><21><0>
> NAS-IP-Address = 155.100.140.18
> NAS-Port = 1
> NAS-Port-Id = "STA port # 1"
>
> Mon Mar 21 09:42:40 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Mar 21 09:42:40 2005: DEBUG: Deleting session for ershler,
> 155.100.140.18, 1
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with Radius::AuthLDAP2:
> LDAPBind
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with EAP: code 2, 5, 6
> Mon Mar 21 09:42:40 2005: DEBUG: Response type 21
> Mon Mar 21 09:42:40 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Access challenged for ershler: EAP
> TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Sending to 155.100.140.18 port 1029 ....
> Code: Access-Challenge
> Identifier: 5
> Authentic: U:<2>Y^<227><127>2<6><210><15><246>[<142>3U
> Attributes:
> EAP-Message =
> <1><6><3><238><21>@*<134>H<134><247><13><1><9><1><22><25>postmaster at cvrt
> i.utah.edu0<30><23><13>050301201453Z<23><13>050331201453Z0<129><166>1<11
>
> >0<9><6><3>U<4><6><19><2>US1<13>0<11><6><3>U<4><8><19><4>Utah1<23>0<21><
>
> 6><3>U<4><7><19><14>Salt Lake
> City1<27>0<25><6><3>U<4><10><19><18>University of
> Utah1<14>0<12><6><3>U<4><11><19><5>CVRTI1<24>0<22><6><3>U<4><3><19><15>C
> VRTI's root
> CA1(0&<6><9>*<134>H<134><247><13><1><9><1><22><25>postmaster at cvrti.utah.
> edu0<129><159>0<13><6><9>*<134>H
> EAP-Message =
> <134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0>
> <180>.<239>V<167><131><174>i<134><24>h<230><22><16>pk<18><179>h<215>=<23
> 3><12><177><22><164><221><149><138><173><166><178>]<10>pW^<249><189>K<28
>
> ><130>XJ<198><209><154><138><252><162><144>r<31><150><187>L<23><252><195
> ><236>E<233><2><247><214>t<244>r<133><31><193>z6<232><194><2>&<208><163>
>
> <186>N5<206>eS<194><156>v<27><5><221><145><203><230><130><216><240><254>
> <30><31><170><180><130><148><153><185><242><186>(+|y<191><193>x<14><160>
> <173><239><251><155>1Y<28><203>W<227><219><2><3><1><0><1><163><130><1><7
>
> >0<130><1><3>0<29><6><3>U<29><14><4><22><4><20>.<207>$v<129>7l&<22><163>
>
> }<220><244><235><148><178><187>><25><0>0<129><211><6><3>U<29>#<4><129><2
> 03>0<129><200><128><20>.<207>$v<129>7l&<22><163>}<220><244><235><148><17
> 8><187>><25><0><161><129><172><164><129><169>0<129><166>1<11>0<9><6><3>U
> <4><6><19><2>US1<13>0<11>
> EAP-Message =
> <6><3>U<4><8><19><4>Utah1<23>0<21><6><3>U<4><7><19><14>Salt Lake
> City1<27>0<25><6><3>U<4><10><19><18>University of
> Utah1<14>0<12><6><3>U<4><11><19><5>CVRTI1<24>0<22><6><3>U<4><3><19><15>C
> VRTI's root
> CA1(0&<6><9>*<134>H<134><247><13><1><9><1><22><25>postmaster at cvrti.utah.
> edu<130><1><0>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>
> H<134><247><13><1><1><4><5><0><3><129><129><0><150><25><195><181><144><2
> 43><134><223>pxE<233><226><253><4><20><187><230><189><201><10>qm^,<23>6<
> 166><1>xzGE2<7><10>qhX<252><230>'<165>Jj9=<152><176><190><203>~<249><27>
> <27><214><11><8><154>h<221><127><243>/n{g<185>
> EAP-Message =
> <8><154>8<6><129>5<3><28><156><154>;
> (<203><186>8<203>U<29>'#<232><225><4>B^<186><191><148><157><139><170><14
> 1><30>-<160><207><210>S<249><uja<130><129>s[<255>h<144>
> a|<199><177>t<226><5><137>{<22><3><1><0><184><13><0><0><176><2><1><2><0>
> <171><0><169>0<129><166>1<11>0<9><6><3>U<4><6><19><2>US1<13>0<11><6><3>U
> <4><8><19><4>Utah1<23>0<21><6><3>U<4><7><19><14>Salt Lake
> City1<27>0<25><6><3>U<4><10><19><18>University of
> Utah1<14>0<12><6><3>U<4><11><19><5>CVRTI1<24>0<22><6><3>U<4><3><19><15>C
> VRTI's root
> CA1(0&<6><9>*<134>H<134><247><13><1><9><1><22><25>postmaster at cvrti.utah.
> edu<14><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Received from 155.100.140.18 port 1029 ....
> Code: Access-Request
> Identifier: 6
> Authentic: <5><171><26>H<15><153>U6,<131>q<242>h*<7>x
> Attributes:
> Message-Authenticator = <161><213><15>D<154><201><244>sNS5<187>h<152>;|
> Service-Type = Framed-User
> User-Name = "ershler"
> Framed-MTU = 1488
> Called-Station-Id = "00-0F-3D-AA-33-E5:CVRTI-G"
> Calling-Station-Id = "00-90-4B-6F-0E-19"
> NAS-Identifier = "D-link Corp. Access Point"
> NAS-Port-Type = Wireless-IEEE-802-11
> Connect-Info = "CONNECT 54Mbps 802.11g"
> EAP-Message = <2><6><0><6><21><0>
> NAS-IP-Address = 155.100.140.18
> NAS-Port = 1
> NAS-Port-Id = "STA port # 1"
>
> Mon Mar 21 09:42:40 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Mar 21 09:42:40 2005: DEBUG: Deleting session for ershler,
> 155.100.140.18, 1
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with Radius::AuthLDAP2:
> LDAPBind
> Mon Mar 21 09:42:40 2005: DEBUG: Handling with EAP: code 2, 6, 6
> Mon Mar 21 09:42:40 2005: DEBUG: Response type 21
> Mon Mar 21 09:42:40 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Access challenged for ershler: EAP
> TTLS Challenge
> Mon Mar 21 09:42:40 2005: DEBUG: Packet dump:
> *** Sending to 155.100.140.18 port 1029 ....
> Code: Access-Challenge
> Identifier: 6
> Authentic: <5><171><26>H<15><153>U6,<131>q<242>h*<7>x
> Attributes:
> EAP-Message = <1><7><0><8><21><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
>
> At this point the log entries stop until another access request begins.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list