(RADIATOR) problems w/ HP420 802.11g, radiator 3.11, PEAP, TTLS auth

Jennifer Mehl jmehl at physics.ucsb.edu
Mon Oct 3 22:20:40 CDT 2005


Hi everyone,

I'm experiencing some strange problems, and I'm not sure if this is a
Radiator issue or an AP issue, or some combination thereof, so I'm
hoping for some ideas from any of you who may have a similar setup or
have similar equipment you could test.

Here is my environment:

HP ProCurve 420 AP (2.1.0 firmware)
WPA/TKIP and WPA2/AES supported
802.1x authentication to Radiator 3.11 on RedHat Enterprise Linux 3
Radiator config for PEAP and TTLS to flat file, dynamic VLAN assignment, 
SSL cert issued by Thawte Premium CA
Various wireless cards for WinXP built-in client or SecureW2 client 
(Dell 1350 and D-Link DWL-G650) and Mac OS X 10.4 (Airport)

Here is the problem:
If I configure the 420 AP radio to 802.11b-only mode, authentication 
happens successfully, and quickly, for TTLS and PEAP clients.  BUT, If I 
change the 420 AP radio back to its default radio setting, 802.11g+b or 
802.11g only, the 802.1x authentication process never completes.  It 
seems that the Access-Challenge is the last thing sent by the RADIUS 
server to the AP/client.  The client keeps sending Access-Requests until 
it gives up.

I have tried playing around with EAPTLS_MaxFragmentSize in my Radiator 
config, but I haven't had any luck, and I'm not entirely sure if that 
option even has anything to do with the problem... it doesn't make sense 
to me that authentication would complete with 802.11b but not 802.11g if 
packet size or fragmentation were the issue (please correct me if I'm 
wrong!).  The AP 2.1.0 firmware has a new configuration option in the 
wireless-g config interface called "fragmentation-threshold" and the 
default value is 2346.  Not sure if/how this might relate to 
EAPTLS_MaxFragmentSize (which I currently have set at 1000).

I believe I had the same problem with the older HP 420 firmware, 2.0.41. 
I also have a support call in with HP (their 1st line of support says 
she's never heard of this issue), but I'd like to be able to rule out 
Radiator as a "suspect" in this problem before continuing on with HP.

I have 7 APs that all exhibit this exact same problem, and I have tried 
configuring a fresh "bare bones" config on them as well.  I do not have 
another AP to test with Radiator, nor another RADIUS server to test the 
APs with, to rule either of them out.  Right now, I have all of the 
production APs running at 802.11b, and one test AP with a different SSID 
running at 802.11b+g so I can troubleshoot this issue.

My Radiator config is below, as well as a Level 5 trace of a "failed" 
authentication while on the 802.11g radio.

Thanks for any help you all can provide,
Jennifer

-- 
========================================
Jennifer L. Mehl
Senior Systems Administrator
University of California, Santa Barbara
Physics Computing Services
jmehl -at- physics.ucsb.edu
========================================

###/etc/radiator/radius.cfg
###last updated 10-3-2005
###########################

# Listen for authentication requests on ports 1645 and 1812
AuthPort 1645, 1812

# Listen for accounting requests on ports 1646 and 1813
AcctPort 1646, 1813

# Run as user radius (not root)
User    radius

# Make usernames case in-sensitive
RewriteUsername         tr/A-Z/a-z/

# Dictionary file lives here
DictionaryFile /etc/radiator/dictionary.cfg

# Logging parameters
Trace   5
LogDir  /var/log/
LogFile /var/log/radius

# PID file
PidFile /var/run/radiusd.pid

# This is the default client - used for radpwtest
<Client DEFAULT>
         Secret  mysecret
         DupInterval 0
</Client>


# This is the 5223-1AP wireless access point
<Client 10.111.16.20>
         Secret ********
         NoIgnoreDuplicates Access-Challenge
         NoIgnoreDuplicates Access-Request
         DupInterval 0
         Identifier IntegerVLANTag
</Client>


<AuthBy FILE>
         Identifier              BY_FILE
         Filename                /etc/radiator/users
         EAPType                 TTLS,PEAP
         EAPTLS_MaxFragmentSize  1000
         EAPTLS_CAFile           /usr/share/ssl/certs/ca-thawte-prem.crt
         EAPTLS_CAPath           /usr/share/ssl/certs/
         EAPTLS_CertificateFile
/usr/share/ssl/certs/onstar.physics.ucsb.edu.pem
         EAPTLS_CertificateType PEM
         EAPTLS_PrivateKeyFile
/usr/share/ssl/certs/onstar.physics.ucsb.edu.pem
         EAPTLS_SessionResumption 0
         EAPAnonymous    %0
         AutoMPPEKeys
######## PEAP v.0 is required for use with Mac OS X clients
         EAPTLS_PEAPVersion      0
</AuthBy>

# This is for TTLS inner authentication request
<Handler TunnelledByTTLS=1>
         #AcctLogFileName /var/log/radacctlog
         RewriteUsername s/^([^@]+).*/$1/
         AuthBy BY_FILE
         PostAuthHook file:"/etc/radiator/vlan_post_auth_hook.pl"
</Handler>

# This is for PEAP inner authentication reuqest
<Handler TunnelledByPEAP=1>
         #AcctLogFileName /var/log/radacctlog
         <AuthBy FILE>
                 Filename                /etc/radiator/users
                 RewriteUsername s/^([^@]+).*/$1/
                 EAPType                 MSCHAP-V2
         </AuthBy>
         PostAuthHook file:"/etc/radiator/vlan_post_auth_hook.pl"
</Handler>


# This is the default handler

<Handler>
         AcctLogFileName /var/log/radacctlog
         RewriteUsername s/^([^@]+).*/$1/
         AuthBy BY_FILE
</Handler>
#####end /etc/radiator/radius.cfg



##begin /var/log/radius trace 4 of failed authentication##

0b 0d 00 2e 04 93 f8 fa 74 ee 45 ed 39 47 9a 36
0d ec 0e 34 4f 08 01 02 00 06 15 20 50 12 c1 5e
41 b2 e1 cc 74 9a ab 26 3a 2f ae b1 86 40
Code:       Access-Challenge
Identifier: 13
Authentic:  c;c;c;c;c;c;c;c;
Attributes:
         EAP-Message = <1><2><0><6><21>
         Message-Authenticator = 
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Mon Oct  3 16:13:28 2005: DEBUG: Packet dump:
*** Received from 10.111.16.20 port 1056 ....

Packet length = 132
01 0e 00 84 06 b9 06 b9 06 b9 06 b9 06 b9 06 b9
06 b9 06 b9 04 06 0a 6f 10 14 3d 06 00 00 00 13
05 06 00 00 00 01 0c 06 00 00 05 78 01 0b 61 6e
6f 6e 79 6d 6f 75 73 1f 0e 30 30 30 62 37 64 31
35 39 66 32 34 1e 0e 30 30 30 31 65 36 66 66 39
34 38 39 20 0f 45 6e 74 65 72 70 72 69 73 65 20
41 50 4f 10 02 01 00 0e 01 61 6e 6f 6e 79 6d 6f
75 73 50 12 e6 40 0e c3 c2 17 24 e4 1f be 08 23
5c f8 73 d8
Code:       Access-Request
Identifier: 14
Authentic:  <6><185><6><185><6><185><6><185><6><185><6><185><6><185><6><185>
Attributes:
         NAS-IP-Address = 10.111.16.20
         NAS-Port-Type = Wireless-IEEE-802-11
         NAS-Port = 1
         Framed-MTU = 1400
         User-Name = "anonymous"
         Calling-Station-Id = "000b7d159f24"
         Called-Station-Id = "0001e6ff9489"
         NAS-Identifier = "Enterprise AP"
         EAP-Message = <2><1><0><14><1>anonymous
         Message-Authenticator = 
<230>@<14><195><194><23>$<228><31><190><8>#\<248>s<216>

Mon Oct  3 16:13:28 2005: DEBUG: Rewrote user name to anonymous
Mon Oct  3 16:13:28 2005: DEBUG: Handling request with Handler ''
Mon Oct  3 16:13:28 2005: DEBUG: Rewrote user name to anonymous
Mon Oct  3 16:13:28 2005: DEBUG:  Deleting session for anonymous, 
10.111.16.20, 1
Mon Oct  3 16:13:28 2005: DEBUG: Handling with Radius::AuthFILE: BY_FILE
Mon Oct  3 16:13:28 2005: DEBUG: Handling with EAP: code 2, 1, 14
Mon Oct  3 16:13:28 2005: DEBUG: Response type 1
Mon Oct  3 16:13:28 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Oct  3 16:13:28 2005: DEBUG: Access challenged for anonymous: EAP 
TTLS Challenge
Mon Oct  3 16:13:28 2005: DEBUG: Packet dump:
*** Sending to 10.111.16.20 port 1056 ....

Packet length = 46
0b 0e 00 2e 10 80 9b 32 91 30 40 2b 90 4c a9 a9
28 cc 90 6d 4f 08 01 02 00 06 15 20 50 12 c7 7e
7e 99 e6 ea df 30 03 36 6a 84 7c b1 25 63
Code:       Access-Challenge
Identifier: 14
Authentic:  <6><185><6><185><6><185><6><185><6><185><6><185><6><185><6><185>
Attributes:
         EAP-Message = <1><2><0><6><21>
         Message-Authenticator = 
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Mon Oct  3 16:13:28 2005: DEBUG: Packet dump:
*** Received from 10.111.16.20 port 1057 ....

Packet length = 178
01 0f 00 b2 53 25 53 25 53 25 53 25 53 25 53 25
53 25 53 25 04 06 0a 6f 10 14 3d 06 00 00 00 13
05 06 00 00 00 01 0c 06 00 00 05 78 01 0b 61 6e
6f 6e 79 6d 6f 75 73 1f 0e 30 30 30 62 37 64 31
35 39 66 32 34 1e 0e 30 30 30 31 65 36 66 66 39
34 38 39 20 0f 45 6e 74 65 72 70 72 69 73 65 20
41 50 4f 3e 02 02 00 3c 15 80 00 00 00 32 16 03
01 00 2d 01 00 00 29 03 01 df 02 1c 00 8f 00 d8
f5 04 4f d9 cb 7c e9 a4 a7 8f 3a 35 ab 52 43 f2
ee 45 e7 ca d3 a9 03 14 4c 00 00 02 00 0a 01 00
50 12 50 f2 e4 71 5f 9a 83 8b e0 26 db de 75 b6
7d 42
Code:       Access-Request
Identifier: 15
Authentic:  S%S%S%S%S%S%S%S%
Attributes:
         NAS-IP-Address = 10.111.16.20
         NAS-Port-Type = Wireless-IEEE-802-11
         NAS-Port = 1
         Framed-MTU = 1400
         User-Name = "anonymous"
         Calling-Station-Id = "000b7d159f24"
         Called-Station-Id = "0001e6ff9489"
         NAS-Identifier = "Enterprise AP"
         EAP-Message = 
<2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1><223><2><28><0><143><0><216><245><4>O<217><203>|<233><164><167><143>:5<171>RC<242><238>E<231><202><211><169><3><20>L<0><0><2><0><10><1><0>
         Message-Authenticator = 
P<242><228>q_<154><131><139><224>&<219><222>u<182>}B

Mon Oct  3 16:13:28 2005: DEBUG: Rewrote user name to anonymous
Mon Oct  3 16:13:28 2005: DEBUG: Handling request with Handler ''
Mon Oct  3 16:13:28 2005: DEBUG: Rewrote user name to anonymous
Mon Oct  3 16:13:28 2005: DEBUG:  Deleting session for anonymous, 
10.111.16.20, 1
Mon Oct  3 16:13:28 2005: DEBUG: Handling with Radius::AuthFILE: BY_FILE
Mon Oct  3 16:13:28 2005: DEBUG: Handling with EAP: code 2, 2, 60
Mon Oct  3 16:13:28 2005: DEBUG: Response type 21
Mon Oct  3 16:13:28 2005: DEBUG: EAP TTLS data, 24576, 2, -1
Mon Oct  3 16:13:28 2005: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Mon Oct  3 16:13:28 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Oct  3 16:13:28 2005: DEBUG: Access challenged for anonymous: EAP 
TTLS Challenge
Mon Oct  3 16:13:28 2005: DEBUG: Packet dump:
*** Sending to 10.111.16.20 port 1057 ....

Packet length = 1056
0b 0f 04 20 8a 23 79 d7 67 b2 17 00 3f 7d 6c ec
b8 9a 55 55 4f ff 01 03 03 f2 15 c0 00 00 08 0f
16 03 01 00 4a 02 00 00 46 03 01 43 41 bb 18 4e
47 6a 8c e5 3a c6 4d 8b b4 42 a9 a0 8b f1 95 f5
a2 12 44 59 cb fa cc 81 21 f8 a1 20 df 83 e7 90
98 fc 26 f6 d9 d8 87 37 ba 15 81 6c 9c e1 49 28
23 64 75 d0 54 c5 c4 f5 59 9d 53 97 00 0a 00 16
03 01 06 d6 0b 00 06 d2 00 06 cf 00 03 9e 30 82
03 9a 30 82 03 03 a0 03 02 01 02 02 03 21 cc da
30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30
81 ce 31 0b 30 09 06 03 55 04 06 13 02 5a 41 31
15 30 13 06 03 55 04 08 13 0c 57 65 73 74 65 72
6e 20 43 61 70 65 31 12 30 10 06 03 55 04 07 13
09 43 61 70 65 20 54 6f 77 6e 31 1d 30 1b 06 03
55 04 0a 13 14 54 68 61 77 74 65 20 43 6f 6e 73
75 6c 74 69 6e 67 20 63 63 31 28 30 26 06 03 55
04 0b 13 1f 43 65 72 74 69 66 69 63 61 74 69 6f
6e 20 53 4f ff 65 72 76 69 63 65 73 20 44 69 76
69 73 69 6f 6e 31 21 30 1f 06 03 55 04 03 13 18
54 68 61 77 74 65 20 50 72 65 6d 69 75 6d 20 53
65 72 76 65 72 20 43 41 31 28 30 26 06 09 2a 86
48 86 f7 0d 01 09 01 16 19 70 72 65 6d 69 75 6d
2d 73 65 72 76 65 72 40 74 68 61 77 74 65 2e 63
6f 6d 30 1e 17 0d 30 35 30 39 31 36 32 31 32 37
35 32 5a 17 0d 30 36 30 39 31 36 32 31 32 37 35
32 5a 30 81 ab 31 0b 30 09 06 03 55 04 06 13 02
55 53 31 13 30 11 06 03 55 04 08 13 0a 43 61 6c
69 66 6f 72 6e 69 61 31 16 30 14 06 03 55 04 07
13 0d 53 61 6e 74 61 20 42 61 72 62 61 72 61 31
30 30 2e 06 03 55 04 0a 13 27 55 6e 69 76 65 72
73 69 74 79 20 6f 66 20 43 61 6c 69 66 6f 72 6e
69 61 2c 20 53 61 6e 74 61 20 42 61 72 62 61 72
61 31 1b 30 19 06 03 55 04 0b 13 12 50 68 79 73
69 63 4f ff 73 20 44 65 70 61 72 74 6d 65 6e 74
31 20 30 1e 06 03 55 04 03 13 17 6f 6e 73 74 61
72 2e 70 68 79 73 69 63 73 2e 75 63 73 62 2e 65
64 75 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01
01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 9e
9f 4b 38 81 18 e8 90 bd 92 16 e6 65 51 9d 0b ea
14 47 34 e9 8d 06 38 49 f6 11 6d 51 ee ff 2d c5
15 c5 32 3a aa 6d 05 9b 93 65 35 73 34 c6 35 53
ed 1b d4 7e 9c 80 d7 b4 50 0c 23 04 f9 08 13 88
94 12 a5 47 7d 48 9a a1 3a 92 4e 80 c8 f3 c4 9f
39 21 2e 35 ca d2 c4 f0 b3 34 93 07 13 71 9c 3c
3b a6 c2 7e 25 a4 d3 80 bb b4 d1 ee 14 c4 2f 47
46 6d ee cb 1b 11 61 50 42 8e d2 45 9c 22 f9 02
03 01 00 01 a3 81 a6 30 81 a3 30 1d 06 03 55 1d
25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06
08 2b 06 01 05 05 07 03 02 30 40 06 03 55 1d 1f
04 4f fd 39 30 37 30 35 a0 33 a0 31 86 2f 68 74
74 70 3a 2f 2f 63 72 6c 2e 74 68 61 77 74 65 2e
63 6f 6d 2f 54 68 61 77 74 65 50 72 65 6d 69 75
6d 53 65 72 76 65 72 43 41 2e 63 72 6c 30 32 06
08 2b 06 01 05 05 07 01 01 04 26 30 24 30 22 06
08 2b 06 01 05 05 07 30 01 86 16 68 74 74 70 3a
2f 2f 6f 63 73 70 2e 74 68 61 77 74 65 2e 63 6f
6d 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30
0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81
81 00 6d a2 f9 65 3b 77 f0 fd fe 19 26 91 09 30
c0 05 53 16 57 20 a4 fd 81 45 5b 4c 76 b6 9b 38
15 b9 37 bc 49 c3 92 ca d7 63 f2 94 82 cd 40 65
21 e1 37 61 af e3 d1 72 fa 9e 20 e5 d3 bf 49 63
31 1b b4 77 3e 8c a8 ae b1 c7 b1 5a c4 a4 79 3b
97 62 fd 23 30 a9 e3 bc e7 2a 82 ce c5 e6 40 f5
9e 17 3d 3d d1 f5 df c3 86 13 1f 97 06 9a 50 12
ef a6 0d fa eb 04 a6 26 83 f9 a7 41 88 92 e3 d8
Code:       Access-Challenge
Identifier: 15
Authentic:  S%S%S%S%S%S%S%S%
Attributes:
         EAP-Message = 
<1><3><3><242><21><192><0><0><8><15><22><3><1><0>J<2><0><0>F<3><1>CA<187><24>NGj<140><229>:<198>M<139><180>B<169><160><139><241><149><245><162><18>DY<203><250><204><129>!<248><161> 
<223><131><231><144><152><252>&<246><217><216><135>7<186><21><129>l<156><225>I(#du<208>T<197><196><245>Y<157>S<151><0><10><0><22><3><1><6><214><11><0><6><210><0><6><207><0><3><158>0<130><3><154>0<130><3><3><160><3><2><1><2><2><3>!<204><218>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><206>1<11>0<9><6><3>U<4><6><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>Western 
Cape1<18>0<16><6><3>U<4><7><19><9>Cape 
Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting 
cc1(0&<6><3>U<4><11><19><31>Certification S
         EAP-Message = ervices 
Division1!0<31><6><3>U<4><3><19><24>Thawte Premium Server 
CA1(0&<6><9>*<134>H<134><247><13><1><9><1><22><25>premium-server at thawte.com0<30><23><13>050916212752Z<23><13>060916212752Z0<129><171>1<11>0<9><6><3>U<4><6><19><2>US1<19>0<17><6><3>U<4><8><19><10>California1<22>0<20><6><3>U<4><7><19><13>Santa 
Barbara100.<6><3>U<4><10><19>'University of California, Santa 
Barbara1<27>0<25><6><3>U<4><11><19><18>Physic
         EAP-Message = s Department1 
0<30><6><3>U<4><3><19><23>onstar.physics.ucsb.edu0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><158><159>K8<129><24><232><144><189><146><22><230>eQ<157><11><234><20>G4<233><141><6>8I<246><17>mQ<238><255>-<197><21><197>2:<170>m<5><155><147>e5s4<198>5S<237><27><212>~<156><128><215><180>P<12>#<4><249><8><19><136><148><18><165>G}H<154><161>:<146>N<128><200><243><196><159>9!.5<202><210><196><240><179>4<147><7><19>q<156><;<166><194>~%<164><211><128><187><180><209><238><20><196>/GFm<238><203><27><17>aPB<142><210>E<156>"<249><2><3><1><0><1><163><129><166>0<129><163>0<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>+<6><1><5><5><7><3><2>0@<6><3>U<29><31><4>
         EAP-Message = 
90705<160>3<160>1<134>/http://crl.thawte.com/ThawtePremiumServerCA.crl02<6><8>+<6><1><5><5><7><1><1><4>&0$0"<6><8>+<6><1><5><5><7>0<1><134><22>http://ocsp.thawte.com0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>m<162><249>e;w<240><253><254><25>&<145><9>0<192><5>S<22>W 
<164><253><129>E[Lv<182><155>8<21><185>7<188>I<195><146><202><215>c<242><148><130><205>@e!<225>7a<175><227><209>r<250><158> 
<229><211><191>Ic1<27><180>w><140><168><174><177><199><177>Z<196><164>y;<151>b<253>#0<169><227><188><231>*<130><206><197><230>@<245><158><23>==<209><245><223><195><134><19><31><151><6><154>
         Message-Authenticator = 
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Mon Oct  3 16:13:58 2005: DEBUG: Packet dump:
*** Received from 10.111.16.20 port 1058 ....

Packet length = 132
01 10 00 84 5b e7 5b e7 5b e7 5b e7 5b e7 5b e7
5b e7 5b e7 04 06 0a 6f 10 14 3d 06 00 00 00 13
05 06 00 00 00 01 0c 06 00 00 05 78 01 0b 61 6e
6f 6e 79 6d 6f 75 73 1f 0e 30 30 30 62 37 64 31
35 39 66 32 34 1e 0e 30 30 30 31 65 36 66 66 39
34 38 39 20 0f 45 6e 74 65 72 70 72 69 73 65 20
41 50 4f 10 02 01 00 0e 01 61 6e 6f 6e 79 6d 6f
75 73 50 12 31 9c 8a 45 fc 8a 8b 7c 89 10 90 f8
4c a1 19 07
Code:       Access-Request
Identifier: 16
Authentic:  [<231>[<231>[<231>[<231>[<231>[<231>[<231>[<231>
Attributes:
         NAS-IP-Address = 10.111.16.20
         NAS-Port-Type = Wireless-IEEE-802-11
         NAS-Port = 1
         Framed-MTU = 1400
         User-Name = "anonymous"
         Calling-Station-Id = "000b7d159f24"
         Called-Station-Id = "0001e6ff9489"
         NAS-Identifier = "Enterprise AP"
         EAP-Message = <2><1><0><14><1>anonymous
         Message-Authenticator = 
1<156><138>E<252><138><139>|<137><16><144><248>L<161><25><7>

Mon Oct  3 16:13:58 2005: DEBUG: Rewrote user name to anonymous
Mon Oct  3 16:13:58 2005: DEBUG: Handling request with Handler ''
Mon Oct  3 16:13:58 2005: DEBUG: Rewrote user name to anonymous
Mon Oct  3 16:13:58 2005: DEBUG:  Deleting session for anonymous, 
10.111.16.20, 1
Mon Oct  3 16:13:58 2005: DEBUG: Handling with Radius::AuthFILE: BY_FILE
Mon Oct  3 16:13:58 2005: DEBUG: Handling with EAP: code 2, 1, 14
Mon Oct  3 16:13:58 2005: DEBUG: Response type 1
Mon Oct  3 16:13:58 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Oct  3 16:13:58 2005: DEBUG: Access challenged for anonymous: EAP 
TTLS Challenge
Mon Oct  3 16:13:58 2005: DEBUG: Packet dump:
*** Sending to 10.111.16.20 port 1058 ....

Packet length = 46
0b 10 00 2e df 66 17 9c 76 f0 02 70 1b b0 7f 66
0c bc 6d f2 4f 08 01 02 00 06 15 20 50 12 3e 0e
9a 25 6c 7b eb a6 e2 1a 85 5c 22 60 20 bd
Code:       Access-Challenge
Identifier: 16
Authentic:  [<231>[<231>[<231>[<231>[<231>[<231>[<231>[<231>
Attributes:
         EAP-Message = <1><2><0><6><21>
         Message-Authenticator = 
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Mon Oct  3 16:13:58 2005: DEBUG: Packet dump:
*** Received from 10.111.16.20 port 1059 ....

Packet length = 178
01 11 00 b2 62 05 62 05 62 05 62 05 62 05 62 05
62 05 62 05 04 06 0a 6f 10 14 3d 06 00 00 00 13
05 06 00 00 00 01 0c 06 00 00 05 78 01 0b 61 6e
6f 6e 79 6d 6f 75 73 1f 0e 30 30 30 62 37 64 31
35 39 66 32 34 1e 0e 30 30 30 31 65 36 66 66 39
34 38 39 20 0f 45 6e 74 65 72 70 72 69 73 65 20
41 50 4f 3e 02 02 00 3c 15 80 00 00 00 32 16 03
01 00 2d 01 00 00 29 03 01 7d 03 3a 00 95 b1 75
8d e8 ce d1 10 0a 95 00 71 45 cd ee d2 b3 81 43
48 cc de f4 8f a4 83 51 9a 00 00 02 00 0a 01 00
50 12 dd 2b 12 c6 ac 6b b9 fc 5c 7f 32 c5 38 23
d6 75
Code:       Access-Request
Identifier: 17
Authentic:  b<5>b<5>b<5>b<5>b<5>b<5>b<5>b<5>
Attributes:
         NAS-IP-Address = 10.111.16.20
         NAS-Port-Type = Wireless-IEEE-802-11
         NAS-Port = 1
         Framed-MTU = 1400
         User-Name = "anonymous"
         Calling-Station-Id = "000b7d159f24"
         Called-Station-Id = "0001e6ff9489"
         NAS-Identifier = "Enterprise AP"
         EAP-Message = 
<2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1>}<3>:<0><149><177>u<141><232><206><209><16><10><149><0>qE<205><238><210><179><129>CH<204><222><244><143><164><131>Q<154><0><0><2><0><10><1><0>
         Message-Authenticator = 
<221>+<18><198><172>k<185><252>\<127>2<197>8#<214>u

Mon Oct  3 16:13:58 2005: DEBUG: Rewrote user name to anonymous
Mon Oct  3 16:13:58 2005: DEBUG: Handling request with Handler ''
Mon Oct  3 16:13:58 2005: DEBUG: Rewrote user name to anonymous
Mon Oct  3 16:13:58 2005: DEBUG:  Deleting session for anonymous, 
10.111.16.20, 1
Mon Oct  3 16:13:58 2005: DEBUG: Handling with Radius::AuthFILE: BY_FILE
Mon Oct  3 16:13:58 2005: DEBUG: Handling with EAP: code 2, 2, 60
Mon Oct  3 16:13:58 2005: DEBUG: Response type 21
Mon Oct  3 16:13:58 2005: DEBUG: EAP TTLS data, 24576, 2, -1
Mon Oct  3 16:13:58 2005: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Mon Oct  3 16:13:58 2005: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Oct  3 16:13:58 2005: DEBUG: Access challenged for anonymous: EAP 
TTLS Challenge
Mon Oct  3 16:13:58 2005: DEBUG: Packet dump:
*** Sending to 10.111.16.20 port 1059 ....

Packet length = 1056
0b 11 04 20 7d d2 f6 66 e3 cc db b9 a2 6f 8e d1
68 b0 7e f7 4f ff 01 03 03 f2 15 c0 00 00 08 0f
16 03 01 00 4a 02 00 00 46 03 01 43 41 bb 36 d6
0a c0 c6 dd ca 03 3d 3d 1f 38 9c d6 69 de 2b 5d
3d 36 65 46 b9 5a 2a 18 ab 8e 70 20 6f cd f1 04
b4 23 a8 6d ec d7 80 17 70 dd f8 15 fe d2 f5 0d
8b 2f 67 a8 38 28 13 c4 67 ed bb 26 00 0a 00 16
03 01 06 d6 0b 00 06 d2 00 06 cf 00 03 9e 30 82
03 9a 30 82 03 03 a0 03 02 01 02 02 03 21 cc da
30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30
81 ce 31 0b 30 09 06 03 55 04 06 13 02 5a 41 31
15 30 13 06 03 55 04 08 13 0c 57 65 73 74 65 72
6e 20 43 61 70 65 31 12 30 10 06 03 55 04 07 13
09 43 61 70 65 20 54 6f 77 6e 31 1d 30 1b 06 03
55 04 0a 13 14 54 68 61 77 74 65 20 43 6f 6e 73
75 6c 74 69 6e 67 20 63 63 31 28 30 26 06 03 55
04 0b 13 1f 43 65 72 74 69 66 69 63 61 74 69 6f
6e 20 53 4f ff 65 72 76 69 63 65 73 20 44 69 76
69 73 69 6f 6e 31 21 30 1f 06 03 55 04 03 13 18
54 68 61 77 74 65 20 50 72 65 6d 69 75 6d 20 53
65 72 76 65 72 20 43 41 31 28 30 26 06 09 2a 86
48 86 f7 0d 01 09 01 16 19 70 72 65 6d 69 75 6d
2d 73 65 72 76 65 72 40 74 68 61 77 74 65 2e 63
6f 6d 30 1e 17 0d 30 35 30 39 31 36 32 31 32 37
35 32 5a 17 0d 30 36 30 39 31 36 32 31 32 37 35
32 5a 30 81 ab 31 0b 30 09 06 03 55 04 06 13 02
55 53 31 13 30 11 06 03 55 04 08 13 0a 43 61 6c
69 66 6f 72 6e 69 61 31 16 30 14 06 03 55 04 07
13 0d 53 61 6e 74 61 20 42 61 72 62 61 72 61 31
30 30 2e 06 03 55 04 0a 13 27 55 6e 69 76 65 72
73 69 74 79 20 6f 66 20 43 61 6c 69 66 6f 72 6e
69 61 2c 20 53 61 6e 74 61 20 42 61 72 62 61 72
61 31 1b 30 19 06 03 55 04 0b 13 12 50 68 79 73
69 63 4f ff 73 20 44 65 70 61 72 74 6d 65 6e 74
31 20 30 1e 06 03 55 04 03 13 17 6f 6e 73 74 61
72 2e 70 68 79 73 69 63 73 2e 75 63 73 62 2e 65
64 75 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01
01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 9e
9f 4b 38 81 18 e8 90 bd 92 16 e6 65 51 9d 0b ea
14 47 34 e9 8d 06 38 49 f6 11 6d 51 ee ff 2d c5
15 c5 32 3a aa 6d 05 9b 93 65 35 73 34 c6 35 53
ed 1b d4 7e 9c 80 d7 b4 50 0c 23 04 f9 08 13 88
94 12 a5 47 7d 48 9a a1 3a 92 4e 80 c8 f3 c4 9f
39 21 2e 35 ca d2 c4 f0 b3 34 93 07 13 71 9c 3c
3b a6 c2 7e 25 a4 d3 80 bb b4 d1 ee 14 c4 2f 47
46 6d ee cb 1b 11 61 50 42 8e d2 45 9c 22 f9 02
03 01 00 01 a3 81 a6 30 81 a3 30 1d 06 03 55 1d
25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06
08 2b 06 01 05 05 07 03 02 30 40 06 03 55 1d 1f
04 4f fd 39 30 37 30 35 a0 33 a0 31 86 2f 68 74
74 70 3a 2f 2f 63 72 6c 2e 74 68 61 77 74 65 2e
63 6f 6d 2f 54 68 61 77 74 65 50 72 65 6d 69 75
6d 53 65 72 76 65 72 43 41 2e 63 72 6c 30 32 06
08 2b 06 01 05 05 07 01 01 04 26 30 24 30 22 06
08 2b 06 01 05 05 07 30 01 86 16 68 74 74 70 3a
2f 2f 6f 63 73 70 2e 74 68 61 77 74 65 2e 63 6f
6d 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30
0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81
81 00 6d a2 f9 65 3b 77 f0 fd fe 19 26 91 09 30
c0 05 53 16 57 20 a4 fd 81 45 5b 4c 76 b6 9b 38
15 b9 37 bc 49 c3 92 ca d7 63 f2 94 82 cd 40 65
21 e1 37 61 af e3 d1 72 fa 9e 20 e5 d3 bf 49 63
31 1b b4 77 3e 8c a8 ae b1 c7 b1 5a c4 a4 79 3b
97 62 fd 23 30 a9 e3 bc e7 2a 82 ce c5 e6 40 f5
9e 17 3d 3d d1 f5 df c3 86 13 1f 97 06 9a 50 12
26 1a 87 42 cd 11 6c a8 fa 09 98 cf 27 9a d3 7a
Code:       Access-Challenge
Identifier: 17
Authentic:  b<5>b<5>b<5>b<5>b<5>b<5>b<5>b<5>
Attributes:
         EAP-Message = 
<1><3><3><242><21><192><0><0><8><15><22><3><1><0>J<2><0><0>F<3><1>CA<187>6<214><10><192><198><221><202><3>==<31>8<156><214>i<222>+]=6eF<185>Z*<24><171><142>p 
o<205><241><4><180>#<168>m<236><215><128><23>p<221><248><21><254><210><245><13><139>/g<168>8(<19><196>g<237><187>&<0><10><0><22><3><1><6><214><11><0><6><210><0><6><207><0><3><158>0<130><3><154>0<130><3><3><160><3><2><1><2><2><3>!<204><218>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><206>1<11>0<9><6><3>U<4><6><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>Western 
Cape1<18>0<16><6><3>U<4><7><19><9>Cape 
Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting 
cc1(0&<6><3>U<4><11><19><31>Certification S
         EAP-Message = ervices 
Division1!0<31><6><3>U<4><3><19><24>Thawte Premium Server 
CA1(0&<6><9>*<134>H<134><247><13><1><9><1><22><25>premium-server at thawte.com0<30><23><13>050916212752Z<23><13>060916212752Z0<129><171>1<11>0<9><6><3>U<4><6><19><2>US1<19>0<17><6><3>U<4><8><19><10>California1<22>0<20><6><3>U<4><7><19><13>Santa 
Barbara100.<6><3>U<4><10><19>'University of California, Santa 
Barbara1<27>0<25><6><3>U<4><11><19><18>Physic
         EAP-Message = s Department1 
0<30><6><3>U<4><3><19><23>onstar.physics.ucsb.edu0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><158><159>K8<129><24><232><144><189><146><22><230>eQ<157><11><234><20>G4<233><141><6>8I<246><17>mQ<238><255>-<197><21><197>2:<170>m<5><155><147>e5s4<198>5S<237><27><212>~<156><128><215><180>P<12>#<4><249><8><19><136><148><18><165>G}H<154><161>:<146>N<128><200><243><196><159>9!.5<202><210><196><240><179>4<147><7><19>q<156><;<166><194>~%<164><211><128><187><180><209><238><20><196>/GFm<238><203><27><17>aPB<142><210>E<156>"<249><2><3><1><0><1><163><129><166>0<129><163>0<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>+<6><1><5><5><7><3><2>0@<6><3>U<29><31><4>
         EAP-Message = 
90705<160>3<160>1<134>/http://crl.thawte.com/ThawtePremiumServerCA.crl02<6><8>+<6><1><5><5><7><1><1><4>&0$0"<6><8>+<6><1><5><5><7>0<1><134><22>http://ocsp.thawte.com0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>m<162><249>e;w<240><253><254><25>&<145><9>0<192><5>S<22>W 
<164><253><129>E[Lv<182><155>8<21><185>7<188>I<195><146><202><215>c<242><148><130><205>@e!<225>7a<175><227><209>r<250><158> 
<229><211><191>Ic1<27><180>w><140><168><174><177><199><177>Z<196><164>y;<151>b<253>#0<169><227><188><231>*<130><206><197><230>@<245><158><23>==<209><245><223><195><134><19><31><151><6><154>
         Message-Authenticator = 
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>









--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list