(RADIATOR) EAP/PEAP issue, Radiator doesn't talk to AD (was: how do I fix "Could not AdgjustPrivilege SE_TCB_PRIVILEGE"?)

Mike McCauley mikem at open.com.au
Wed Oct 5 04:22:03 CDT 2005


Hello Slava,

Im not completely sure whats going on here, but it appears that you have your 
Radiator ruinning on a very slow box, and the retransmit timeout on your 
Radius client is 2 seconds. This is resulting in unnecessary retransmits, 
which appears to be causing rejects and then confusing the client.

I suggest the first thing you do is to change the retranmit interval for the 
client to 5 secs, and find out why the Radiator host is running so slow.

After that you may get more sense.

Cheers.


On Wednesday 05 October 2005 09:51, Veaceslav Revutchi wrote:
> Hugh,
> I updated my dictionary with the Airespace's VSAs
> and started radiator on command line like you
> suggested. I am attaching the new log. I can see the
> TunnelledByPEAP handler kicking in, but I get an
> error at that point about a EAP_71 module not being
> able to load.
>
> slava.
>
> Tue Oct  4 14:58:12 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 50
> Authentic:
> <131><156><17>a<174>k<184><27><196><15><136><225><137><225>:<229>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message = <2><0><0><16><1>WB\wb12345
> 	Message-Authenticator =
> p at Zw<168><234>2<127><191>)<203><168><20><244>#>
>
> Tue Oct  4 14:58:12 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:12 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:12 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:12 2005: DEBUG: Handling with EAP:
> code 2, 0, 16
> Tue Oct  4 14:58:12 2005: DEBUG: Response type 1
> Tue Oct  4 14:58:12 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:12 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:12 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:12 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 50
> Authentic:
> <131><156><17>a<174>k<184><27><196><15><136><225><137><225>:<229>
> Attributes:
> 	EAP-Message = <1><1><0><6><25>!
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:19 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 51
> Authentic:
> <217><10>y<149>k<9>h<220><218>4N<133>A{<234><207>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message =
> <2><1><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>CB<250><250><27>
><155><191><10><165>Q>o<249><175><235>v<245><29>v<164><224>P<220><22><15><150
>><142><164><20><132><11>Z<0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0
>><6><0><19><0><18><0>c<1><0> Message-Authenticator =
> B/<170><209><4><28>'Y<207><30>1X<28>f<219><167>
>
> Tue Oct  4 14:58:19 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:19 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:19 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:19 2005: DEBUG: Handling with EAP:
> code 2, 1, 80
> Tue Oct  4 14:58:19 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:19 2005: DEBUG: EAP TLS SSL_accept
> result: -1, 2, 8576
> Tue Oct  4 14:58:19 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:19 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:19 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:19 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 51
> Authentic:
> <217><10>y<149>k<9>h<220><218>4N<133>A{<234><207>
> Attributes:
> 	EAP-Message =
> <1><2><3><242><25><192><0><0><8>Q<22><3><1><0>J<2><0><0>F<3><1>CB<250><251>
>D_<214><136>oQ<10>H<177>N{]0v<206>'O<214>)~F99<231><3><183>R<157>
> <8>U$"<176>
> <190>Y<159><131><227><143><143>\<213><25><149>wSH<19>87<235>^<134>,z$]<173>
>x<0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<130><2><205>
>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4
>><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19>
><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><1
>9><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Sec
> 	EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23>
><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>
>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<24
>>0<22><6><3>U<4><10><19><15>My Test
> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13
>><6><9>*<134>H<134><247><13><1><1> EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/
><241>.9<209><250>\y<1><149>[<215><24>e<133><15><223>d<176><132>Z<222>#<234><
>12>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19><
>247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/<16>HI<220><169>
>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><171><154><249><220>v<17><1
>59><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>+<233><135>0<21
>2>Y<207><158>N<226><136><12><132><143><250><182><218>W<2><3><1><0><1><163><2
>3>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*
><134>H<134><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188
>>>q<129>X<13>=l?<174><155><170><162><189><20><25>az<19>o<202><250>|B8N<209><
>225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<2
>11><248>oba< EAP-Message =
> JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<2
>15><13><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254><206>U?
><214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><16
>2><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0
><129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victo
>ria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OS
>C Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do no
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:20 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 51
> Authentic:
> <217><10>y<149>k<9>h<220><218>4N<133>A{<234><207>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message =
> <2><1><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>CB<250><250><27>
><155><191><10><165>Q>o<249><175><235>v<245><29>v<164><224>P<220><22><15><150
>><142><164><20><132><11>Z<0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0
>><6><0><19><0><18><0>c<1><0> Message-Authenticator =
> B/<170><209><4><28>'Y<207><30>1X<28>f<219><167>
>
> Tue Oct  4 14:58:20 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:20 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:20 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:20 2005: DEBUG: Handling with EAP:
> code 2, 1, 80
> Tue Oct  4 14:58:20 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:20 2005: DEBUG: EAP TLS SSL_accept
> result: -1, 2, 8576
> Tue Oct  4 14:58:20 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:20 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:20 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:21 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 51
> Authentic:
> <217><10>y<149>k<9>h<220><218>4N<133>A{<234><207>
> Attributes:
> 	EAP-Message = <1><2><3><238><25>@t use in
> production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23>
><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><6><19><
>2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melb
>ourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in p
> 	EAP-Message = roduction)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><15
>9>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137>
><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><199><214><2
>53>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<1
>38>n<203>k8<164><239><179>H<237>K<182>mo<155><145><138><143><136><127><230><
><9>l<172><210><205><136><162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185
>><173><234><3>^4<221><252><168>H<178><158><25><235><152><250>g<199><172><250
>>uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0><1><163
>><130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210
>>F0D<173>f]r<193>H?<164><27>ke0<129><247><6><3>U<29># EAP-Message =
> <4><129><239>0<129><236><128><20><23><2><196>#<233><210>F0D<173>f]r<193>H?<
>164><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19
>><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Me
>lbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><1><
>0>0<12><6><3>U<29><19><4><5>0<3> EAP-Message =
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>0
><3>=<202><190><236>S<216><228>o<177><242><18>hEBe<219>W<136><245>tf<202><143
>><160><29><220>p9<5><24>2<185>)<128><227>8<17><247>'_J<28><159>;_<202><254><
>242>+{=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><193><29>-<228><19><
>184>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>DuY+<156><143><225><149><237
>><135>ix<22>O<231><212><154><184><10>fZ<248>Va#<192><160>l<21><129>0<199>6<2
>2><3><1><0><221><13><0><0><213><3><1><2><5><0><207><0><205>0<129><202>1<11>0
><9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6>
><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certi
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:21 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 52
> Authentic:
> <206><162><167>(<200><131><197><201><153><20>Rf<181>X<160><182>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message = <2><2><0><6><25><0>
> 	Message-Authenticator = <227>Y^<26><194>M<206>g
> <185><203><8><13>, U
>
> Tue Oct  4 14:58:21 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:21 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:21 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:21 2005: DEBUG: Handling with EAP:
> code 2, 2, 6
> Tue Oct  4 14:58:21 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:21 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:21 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:21 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:22 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 52
> Authentic:
> <206><162><167>(<200><131><197><201><153><20>Rf<181>X<160><182>
> Attributes:
> 	EAP-Message =
> <1><3><3><238><25>@ficates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<14><0><0
>><0><22><3><1><0>J<2><0><0>F<3><1>CB<250><252><21>d<140><226><128><17><159>"
><16>p<7>U<251><7>Q<220><226>j<23>k<165><230>Ru<181><18><222>U
> <190>z<251><215><225>k<216><193><1>Mj9G<194>B<14><26><183><162>EQ\<142>B<20
>><28><15><12><226>U2<244><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><
>0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134
>>H<134> EAP-Message =
> <247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
>><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<2
>8><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23>
><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U EAP-Message =
> <4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7
>><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test
> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13
>><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><12
>9><129><0><216>4<7><6><214><234>/<241>.9<209><250>\y<1><149>[<215><24>e<133>
><15><223>d<176><132>Z<222>#<234><12>%<133>aF<28><20><24><218><160><197><239>
><237><136><222><218><138><6><19><247>}*3B<155><24>TE<18><240><194><220><164>
><183>9<192><176>/<16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>
>J<195><171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254><4><207><1
>83><144><210><251>+<233><135>0 EAP-Message =
> <212>Y<207><158>N<226><136><12><132><143><250><182><218>W<2><3><1><0><1><16
>3><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6>
><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165>
><188>>q<129>X<13>=l?<174><155><170><162><189><20><25>az<19>o<202><250>|B8N<2
>09><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179
>>p<211><248>oba<JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<2
>31><173><25>w<215><13><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<1
>88><254><206>U?<214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><
>4>90<130><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><
>1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:22 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 52
> Authentic:
> <206><162><167>(<200><131><197><201><153><20>Rf<181>X<160><182>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message = <2><2><0><6><25><0>
> 	Message-Authenticator = <227>Y^<26><194>M<206>g
> <185><203><8><13>, U
>
> Tue Oct  4 14:58:22 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:22 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:22 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:22 2005: DEBUG: Handling with EAP:
> code 2, 2, 6
> Tue Oct  4 14:58:22 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:22 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:22 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:22 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:23 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 52
> Authentic:
> <206><162><167>(<200><131><197><201><153><20>Rf<181>X<160><182>
> Attributes:
> 	EAP-Message =
> <1><3><3><238><25>@U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melb
>ourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23>
><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><6><19><
>2>AU1<17>0<15><6><3>U<4><8><19><8>Victo EAP-Message =
> ria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>O
>SC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><15
>9>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137>
><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><199><214><2
>53>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<1
>38>n<203>k8<164> EAP-Message =
> <239><179>H<237>K<182>mo<155><145><138><143><136><127><230><<9>l<172><210><
>205><136><162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^
>4<221><252><168>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P
><150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0><1><163><130><1>+0<130
>><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<19
>3>H?<164><27>ke0<129><247><6><3>U<29>#<4><129><239>0<129><236><128><20><23><
>2><196>#<233><210>F0D<173>f]r<193>H?<164><27>ke<161><129><208><164><129><205
>>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Vic
>toria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>
>OSC Demo Certificates1!0
> 	EAP-Message = <31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><1><
>0>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><
>1><1><4><5><0><3><129><129><0>0<3>=<202><190><236>S<216><228>o<177><242><18>
>hEBe<219>W<136><245>tf<202><143><160><29><220>p9<5><24>2<185>)<128><227>8<17
>><247>'_J<28><159>;_<202><254><242>+{=P<245><215>K<160><136>qml<181><24>3<0>
>f<166>Q(<2><193><29>-<228><19><184>C<139>9}r1<188>DTlK<255><15><12>TL<160><1
>77>D Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:23 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 53
> Authentic:
> <10><205>{<215>j<1><162><210><178>T<212><150><203>-<179><162>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message = <2><3><0><6><25><0>
> 	Message-Authenticator =
> P<128><203>LZs<191><18><224><189><17><22><175>
> <163><29>
>
> Tue Oct  4 14:58:23 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:23 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:23 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:23 2005: DEBUG: Handling with EAP:
> code 2, 3, 6
> Tue Oct  4 14:58:23 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:23 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:23 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:23 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:23 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 53
> Authentic:
> <10><205>{<215>j<1><162><210><178>T<212><150><203>-<179><162>
> Attributes:
> 	EAP-Message =
> <1><4><1><8><25><0>uY+<156><143><225><149><237><135>ix<22>O<231><212><154><
>184><10>fZ<248>Va#<192><160>l<21><129>0<199>6<22><3><1><0><221><13><0><0><21
>3><3><1><2><5><0><207><0><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17
>>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<3
>0>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open
> 	EAP-Message = .com.au<14><0><0><0>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:28 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 54
> Authentic:  <174><2>h]3$<171><213>`lkB<24><172><"
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message =
> <2><4><0><17><25><128><0><0><0><7><21><3><1><0><2><2>/
> 	Message-Authenticator =
> G<151><151>X<12><205><255><137><248><174><253><197>9<184>O<151>
>
> Tue Oct  4 14:58:28 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:28 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:28 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:28 2005: DEBUG: Handling with EAP:
> code 2, 4, 17
> Tue Oct  4 14:58:28 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:28 2005: DEBUG: EAP TLS SSL_accept
> result: 0, 1, 8576
> Tue Oct  4 14:58:28 2005: ERR: EAP PEAP TLS Handshake
> unsuccessful:  4088: 1 - error:14094417:SSL
> routines:SSL3_READ_BYTES:sslv3 alert illegal parameter
>
> Tue Oct  4 14:58:28 2005: DEBUG: EAP result: 1, EAP
> PEAP TLS Handshake unsuccessful
> Tue Oct  4 14:58:28 2005: DEBUG: AuthBy FILE result:
> REJECT, EAP PEAP TLS Handshake unsuccessful
> Tue Oct  4 14:58:28 2005: INFO: Access rejected for
> WB\wb12345: EAP PEAP TLS Handshake unsuccessful
> Tue Oct  4 14:58:28 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Reject
> Identifier: 54
> Authentic:  <174><2>h]3$<171><213>`lkB<24><172><"
> Attributes:
> 	Reply-Message = "Request Denied"
>
> Tue Oct  4 14:58:34 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 55
> Authentic:  <160><9><247><246>=<205>=<8>6<172>y>3%[<6>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message = <2><5><0><16><1>WB\wb12345
> 	Message-Authenticator =
> <220><149><240>+<151><0><237>G<177><137>e#*<210>V<206>
>
> Tue Oct  4 14:58:34 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:34 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:34 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:34 2005: DEBUG: Handling with EAP:
> code 2, 5, 16
> Tue Oct  4 14:58:34 2005: DEBUG: Response type 1
> Tue Oct  4 14:58:34 2005: DEBUG: Resuming session for
> Radius::Context=HASH(0x20a72a4)
>
> Tue Oct  4 14:58:34 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:34 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:34 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:34 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 55
> Authentic:  <160><9><247><246>=<205>=<8>6<172>y>3%[<6>
> Attributes:
> 	EAP-Message = <1><6><0><6><25>!
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:35 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 56
> Authentic:
> <203>YlF<197><194>5?<182>*!<169>E<222><2><233>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message =
> <2><6><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>CB<251><12><212>
><167>G<236>^o!#<3><137>G3w<142><217><14><161><148><11>z<213>`;<215><232><164
>><225>-<0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18>
><0>c<1><0> Message-Authenticator =
> <244><2>IQp<131><178><17><229><134>J<196><221><226>/<203>
>
> Tue Oct  4 14:58:35 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:35 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:35 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:35 2005: DEBUG: Handling with EAP:
> code 2, 6, 80
> Tue Oct  4 14:58:35 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:35 2005: DEBUG: EAP TLS SSL_accept
> result: -1, 2, 8576
> Tue Oct  4 14:58:35 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:35 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:35 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:36 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 56
> Authentic:
> <203>YlF<197><194>5?<182>*!<169>E<222><2><233>
> Attributes:
> 	EAP-Message =
> <1><7><3><242><25><192><0><0><8>Q<22><3><1><0>J<2><0><0>F<3><1>CB<251><11><
>29>u1<207><236>,fY<243><236><230>Z<7><207><211><6><238><218><163>p<211>
> 94t<199>6<194>
> <200><223><21>q<30><135><191><2><235>L<218><28><9>ix<248>R<149>G<178>'<153>
>$<26>}<156>V<132><208><221><160>(<0><4><0><22><3><1><7><27><11><0><7><23><0>
><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6>
><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19>
><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Mel
>bourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Sec
> 	EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23>
><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>
>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<24
>>0<22><6><3>U<4><10><19><15>My Test
> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13
>><6><9>*<134>H<134><247><13><1><1> EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/
><241>.9<209><250>\y<1><149>[<215><24>e<133><15><223>d<176><132>Z<222>#<234><
>12>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19><
>247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/<16>HI<220><169>
>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><171><154><249><220>v<17><1
>59><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>+<233><135>0<21
>2>Y<207><158>N<226><136><12><132><143><250><182><218>W<2><3><1><0><1><163><2
>3>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*
><134>H<134><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188
>>>q<129>X<13>=l?<174><155><170><162><189><20><25>az<19>o<202><250>|B8N<209><
>225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<2
>11><248>oba< EAP-Message =
> JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<2
>15><13><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254><206>U?
><214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><16
>2><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0
><129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victo
>ria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OS
>C Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do no
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:36 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 57
> Authentic:
> <186><222><237><141><191><30><132>k<201>,<196><170><<241>j<142>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message = <2><7><0><6><25><0>
> 	Message-Authenticator =
> ;x<140><21>(<202>B<236><188><142><156><180><237><172><208><136>
>
> Tue Oct  4 14:58:36 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:36 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:36 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:36 2005: DEBUG: Handling with EAP:
> code 2, 7, 6
> Tue Oct  4 14:58:36 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:36 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:36 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:36 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:37 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 57
> Authentic:
> <186><222><237><141><191><30><132>k<201>,<196><170><<241>j<142>
> Attributes:
> 	EAP-Message = <1><8><3><238><25>@t use in
> production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23>
><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><6><19><
>2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melb
>ourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in p
> 	EAP-Message = roduction)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><15
>9>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137>
><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><199><214><2
>53>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<1
>38>n<203>k8<164><239><179>H<237>K<182>mo<155><145><138><143><136><127><230><
><9>l<172><210><205><136><162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185
>><173><234><3>^4<221><252><168>H<178><158><25><235><152><250>g<199><172><250
>>uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0><1><163
>><130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210
>>F0D<173>f]r<193>H?<164><27>ke0<129><247><6><3>U<29># EAP-Message =
> <4><129><239>0<129><236><128><20><23><2><196>#<233><210>F0D<173>f]r<193>H?<
>164><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19
>><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Me
>lbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><1><
>0>0<12><6><3>U<29><19><4><5>0<3> EAP-Message =
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>0
><3>=<202><190><236>S<216><228>o<177><242><18>hEBe<219>W<136><245>tf<202><143
>><160><29><220>p9<5><24>2<185>)<128><227>8<17><247>'_J<28><159>;_<202><254><
>242>+{=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><193><29>-<228><19><
>184>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>DuY+<156><143><225><149><237
>><135>ix<22>O<231><212><154><184><10>fZ<248>Va#<192><160>l<21><129>0<199>6<2
>2><3><1><0><221><13><0><0><213><3><1><2><5><0><207><0><205>0<129><202>1<11>0
><9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6>
><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certi
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:37 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 58
> Authentic:
> 9%<227><243><11><236><232><3><147>D<192><235><191><184><234><156>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message = <2><8><0><6><25><0>
> 	Message-Authenticator =
> +<29><187>Hd<249>@<26>Q<179>Y<221><202><160><0><164>
>
> Tue Oct  4 14:58:37 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:37 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:37 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:37 2005: DEBUG: Handling with EAP:
> code 2, 8, 6
> Tue Oct  4 14:58:37 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:37 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:37 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:37 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:37 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 58
> Authentic:
> 9%<227><243><11><236><232><3><147>D<192><235><191><184><234><156>
> Attributes:
> 	EAP-Message =
> <1><9><0><135><25><0>ficates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<14><0><0
>><0> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:42 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 59
> Authentic:  <211>><171>CS`B9>L[kd<175><162><167>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message =
> <2><9><0><199><25><128><0><0><0><189><22><3><1><0><141><11><0><0><3><0><0><
>0><16><0><0><130><0><128>}g<11><203><11><158>7<128>18Y<138><215><17>/<209>A
> .<218><220><240>'P3,@\<227><184>Y<20>`<226><157><19>o<17>Q<162><211><197>e<
>26><146>rD<239><5>DD4<5><141>G<9>@<209><13><247><216>W<8><25>X8<132><162>t<1
>75><206><196>y<242><127><7>[<187>@<171><4><235><147><154>CB<240><186><18><25
>><135>bK"<164><244>d(<203>@<2>^f<234>B~<133><202><29><6><2><220><204>Q<1><21
>7><220><188><162>Cz?<139>b<198>umd<20><3><1><0><1><1><22><3><1><0>
> /<18><134>K<244>a<167>^<135><152>b%1<12><161><146>%<216>b<137><4>Gqx<26>f`<
>18><200><155><21><208> Message-Authenticator =
> ="<182><18><191>0<189>n<160><140>!<141>@K.<156>
>
> Tue Oct  4 14:58:42 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:42 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:42 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:42 2005: DEBUG: Handling with EAP:
> code 2, 9, 199
> Tue Oct  4 14:58:42 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:42 2005: DEBUG: EAP TLS SSL_accept
> result: 1, 0, 3
> Tue Oct  4 14:58:43 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:43 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:43 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:43 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 59
> Authentic:  <211>><171>CS`B9>L[kd<175><162><167>
> Attributes:
> 	EAP-Message =
> <1><10><0>5<25><128><0><0><0>+<20><3><1><0><1><1><22><3><1><0>
> <184><237><17><169><16><171>)<144><230><151>v<188><201><194><149><199><197>
><15><186><10><160><237>h+1<213><129><243>E<230><137><165>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:44 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 60
> Authentic:
> y<224><127>t<249>p<136>OZD<220><<8>2<221><237>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message = <2><10><0><6><25><0>
> 	Message-Authenticator =
> <17>iv<196><143><234><153><2><175><129><225>+<194><8>f<200>
>
> Tue Oct  4 14:58:44 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:44 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:44 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:44 2005: DEBUG: Handling with EAP:
> code 2, 10, 6
> Tue Oct  4 14:58:44 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:44 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Tue Oct  4 14:58:44 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Tue Oct  4 14:58:44 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Tue Oct  4 14:58:45 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 60
> Authentic:
> y<224><127>t<249>p<136>OZD<220><<8>2<221><237>
> Attributes:
> 	EAP-Message =
> <1><11><0><28><25><0><23><3><1><0><17><141><213><251><232><223>Hm3<6>i<16>Q
><163><250><128>@5 Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:45 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 61
> Authentic:  \
> <8>gW<164>$<139>A<216><199><238><244><201><211><205>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message =
> <2><11><0>'<25><0><23><3><1><0><28>`S<138><240>#<226>R<222>D!<222><198>`<10
>><178><173>1<188>=a&<147><220><149>f<188>7- Message-Authenticator =
> G<24>M<17><179><189><170><245><251><129><168><196><129>afa
>
> Tue Oct  4 14:58:45 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:46 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:46 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:46 2005: DEBUG: Handling with EAP:
> code 2, 11, 39
> Tue Oct  4 14:58:46 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:46 2005: DEBUG: EAP PEAP inner
> authentication request for anonymous
> Tue Oct  4 14:58:46 2005: DEBUG: PEAP Tunnelled
> request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  2<155><6><240><214>=!t
> <213><24><3><25><242><173>r
> Attributes:
> 	EAP-Message = <2><11><0><12><1>WB\wb12345
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	User-Name = "anonymous"
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	NAS-Port = 1
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
>
> Tue Oct  4 14:58:46 2005: DEBUG: Handling request with
> Handler 'TunnelledByPEAP=1'
> Tue Oct  4 14:58:46 2005: DEBUG:  Deleting session for
> , 10.220.7.205, 1
> Tue Oct  4 14:58:46 2005: DEBUG: Handling with
> Radius::AuthLSA:
> Tue Oct  4 14:58:46 2005: DEBUG: Handling with EAP:
> code 2, 11, 12
> Tue Oct  4 14:58:46 2005: DEBUG: Response type 1
> Tue Oct  4 14:58:47 2005: DEBUG: EAP result: 3, EAP
> MSCHAP-V2 Challenge
> Tue Oct  4 14:58:47 2005: DEBUG: AuthBy LSA result:
> CHALLENGE, EAP MSCHAP-V2 Challenge
> Tue Oct  4 14:58:47 2005: DEBUG: Access challenged for
> anonymous: EAP MSCHAP-V2 Challenge
> Tue Oct  4 14:58:47 2005: DEBUG: EAP result: 3, EAP
> PEAP inner authentication redespatched to a Handler
> Tue Oct  4 14:58:47 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP inner authentication redespatched
> to a Handler
> Tue Oct  4 14:58:47 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP inner authentication redespatched
> to a Handler
> Tue Oct  4 14:58:47 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 61
> Authentic:  \
> <8>gW<164>$<139>A<216><199><238><244><201><211><205>
> Attributes:
> 	EAP-Message =
> <1><12><0>6<25><0><23><3><1><0>+4<182><252><181>.<192><194>n at 4r<168><231><2
>24><242>.<212>[=<195><178>o<169><185>0<28>2W<183><203>s<231><156><3><248>xL<
>143><166>Z<243>A<163> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:47 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 61
> Authentic:  \
> <8>gW<164>$<139>A<216><199><238><244><201><211><205>
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message =
> <2><11><0>'<25><0><23><3><1><0><28>`S<138><240>#<226>R<222>D!<222><198>`<10
>><178><173>1<188>=a&<147><220><149>f<188>7- Message-Authenticator =
> G<24>M<17><179><189><170><245><251><129><168><196><129>afa
>
> Tue Oct  4 14:58:47 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:48 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:48 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:48 2005: DEBUG: Handling with EAP:
> code 2, 11, 39
> Tue Oct  4 14:58:48 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:48 2005: ERR: EAP PEAP TLS read
> failed:  4088: 1 - error:1408F455:SSL
> routines:SSL3_GET_RECORD:decryption failed or bad
> record mac
>
> Tue Oct  4 14:58:48 2005: DEBUG: EAP result: 1, EAP
> PEAP TLS read failed
> Tue Oct  4 14:58:48 2005: DEBUG: AuthBy FILE result:
> REJECT, EAP PEAP TLS read failed
> Tue Oct  4 14:58:48 2005: INFO: Access rejected for
> WB\wb12345: EAP PEAP TLS read failed
> Tue Oct  4 14:58:48 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Reject
> Identifier: 61
> Authentic:  \
> <8>gW<164>$<139>A<216><199><238><244><201><211><205>
> Attributes:
> 	Reply-Message = "Request Denied"
>
> Tue Oct  4 14:58:49 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 62
> Authentic:
> <136><176><23><227><206><9>y<215><184>p<221>f<168>Y<213>g
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message =
> <2><12><0>]<25><0><23><3><1><0>R=<17><19>)<20>=r<237><232>1<248>l<16>\/<233
>>R<5><151><163>zz<239>n<186>y<139>',]<246><155>&<227><255>}<137><136>q<141><
>187><25>P5<155>`\+<5>rZ<6>jH<189><168>[Y<141>"<201><0><144><228><246><228><2
>47><134><9>I<20>`<165>X<156><27><171><181><223>;K<248> Message-Authenticator
> =
> <131><163><211><183><250><213><129><242>O<243><132><242>;[#<25>
>
> Tue Oct  4 14:58:49 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:49 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:49 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:49 2005: DEBUG: Handling with EAP:
> code 2, 12, 93
> Tue Oct  4 14:58:49 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:49 2005: DEBUG: EAP PEAP inner
> authentication request for anonymous
> Tue Oct  4 14:58:49 2005: DEBUG: PEAP Tunnelled
> request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:
> a<173><245><165>Q<144>$<171><30><203><236><214>X+<234><188>
> Attributes:
> 	EAP-Message =
> <2><12><0><12>G@<149><217>v<238>'<216><223>.3<175>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	User-Name = "anonymous"
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	NAS-Port = 1
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
>
> Tue Oct  4 14:58:50 2005: DEBUG: Handling request with
> Handler 'TunnelledByPEAP=1'
> Tue Oct  4 14:58:50 2005: DEBUG:  Deleting session for
> , 10.220.7.205, 1
> Tue Oct  4 14:58:50 2005: DEBUG: Handling with
> Radius::AuthLSA:
> Tue Oct  4 14:58:50 2005: DEBUG: Handling with EAP:
> code 2, 12, 12
> Tue Oct  4 14:58:50 2005: DEBUG: Response type 71
> Tue Oct  4 14:58:50 2005: ERR: Could not load EAP
> module Radius::EAP_71: Can't locate Radius/EAP_71.pm
> in @INC (@INC contains: . c:/Perl/lib c:/Perl/site/lib
> .) at (eval 56) line 3.
>
> Tue Oct  4 14:58:50 2005: DEBUG: EAP result: 1,
> Unsupported EAP Response 71
> Tue Oct  4 14:58:50 2005: DEBUG: AuthBy LSA result:
> REJECT, Unsupported EAP Response 71
> Tue Oct  4 14:58:50 2005: INFO: Access rejected for
> anonymous: Unsupported EAP Response 71
> Tue Oct  4 14:58:50 2005: DEBUG: EAP result: 3, EAP
> PEAP inner authentication redespatched to a Handler
> Tue Oct  4 14:58:50 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP inner authentication redespatched
> to a Handler
> Tue Oct  4 14:58:50 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP inner authentication redespatched
> to a Handler
> Tue Oct  4 14:58:50 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 62
> Authentic:
> <136><176><23><227><206><9>y<215><184>p<221>f<168>Y<213>g
> Attributes:
> 	EAP-Message =
> <1><13><0>=<25><0><21><3><1><0><18>7<153><204>Z~
> @4<242><6><178>p&]<9>V4<0><23><3><1><0><27><254>:k<185><151><128>5/<134>:<1
>34>d<224><247><17>k+%<166><128>{<14>3<6>0<4>R Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Oct  4 14:58:51 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 62
> Authentic:
> <136><176><23><227><206><9>y<215><184>p<221>f<168>Y<213>g
> Attributes:
> 	User-Name = "WB\wb12345"
> 	Calling-Station-Id = "00:14:A5:0E:FA:7B"
> 	Called-Station-Id = "00:0B:85:24:BF:F0:radi"
> 	NAS-Port = 1
> 	NAS-IP-Address = 10.220.7.205
> 	NAS-Identifier = "wlc-fh1"
> 	Airespace-WLAN-Id = 4
> 	Service-Type = Framed-User
> 	Framed-MTU = 1300
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Tunnel-Type = 0:VLAN
> 	Tunnel-Medium-Type = 0:802
> 	Tunnel-Private-Group-ID = 90
> 	EAP-Message =
> <2><12><0>]<25><0><23><3><1><0>R=<17><19>)<20>=r<237><232>1<248>l<16>\/<233
>>R<5><151><163>zz<239>n<186>y<139>',]<246><155>&<227><255>}<137><136>q<141><
>187><25>P5<155>`\+<5>rZ<6>jH<189><168>[Y<141>"<201><0><144><228><246><228><2
>47><134><9>I<20>`<165>X<156><27><171><181><223>;K<248> Message-Authenticator
> =
> <131><163><211><183><250><213><129><242>O<243><132><242>;[#<25>
>
> Tue Oct  4 14:58:51 2005: DEBUG: Handling request with
> Handler ''
> Tue Oct  4 14:58:51 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Tue Oct  4 14:58:51 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Tue Oct  4 14:58:51 2005: DEBUG: Handling with EAP:
> code 2, 12, 93
> Tue Oct  4 14:58:51 2005: DEBUG: Response type 25
> Tue Oct  4 14:58:51 2005: ERR: EAP PEAP TLS read
> failed:  4088: 1 - error:1408F455:SSL
> routines:SSL3_GET_RECORD:decryption failed or bad
> record mac
>
> Tue Oct  4 14:58:51 2005: DEBUG: EAP result: 1, EAP
> PEAP TLS read failed
> Tue Oct  4 14:58:51 2005: DEBUG: AuthBy FILE result:
> REJECT, EAP PEAP TLS read failed
> Tue Oct  4 14:58:51 2005: INFO: Access rejected for
> WB\wb12345: EAP PEAP TLS read failed
> Tue Oct  4 14:58:52 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Reject
> Identifier: 62
> Authentic:
> <136><176><23><227><206><9>y<215><184>p<221>f<168>Y<213>g
> Attributes:
> 	Reply-Message = "Request Denied"
>
> --- Hugh Irvine <hugh at open.com.au> wrote:
> > Hello Slava -
> >
> > EAP authentication involves a number of exchanges
> > between the client
> > and Radiator as you can see from the debug. The
> > initial exchanges all
> > go the the default Handler, and these exchanges do
> > not complete
> > successfully so you never actually see the "inner"
> > request. It is
> > only the "inner" request that is processed by the
> > <Handler
> > TunnelledByPEAP=1> and since you never see an
> > "inner" request, you
> > never see a query to AD.
> >
> > There are a couple of things wrong from what I can
> > see. The first
> > appears to be a Perl crash, which you can verify by
> > running radiusd
> > from the command line like this:
> >
> >          cd \your\Radiator\distribution
> >
> >          perl radiusd -foreground -log_stdout -trace
> > 4 -
> > config_file .....
> >
> > where ...... is the name of your configuration file.
> >
> > This will show you any error messages from Perl, so
> > you can see what
> > is wrong.
> >
> > You are also receiving a vendor-specific attribute
> > for vendor 14179,
> > which is this vendor:
> >
> > 14179
> >    Airespace, Inc (formerly Black Storm Networks)
> >      Bhautik Doshi
> >        bdoshi at airespace.com
> >
> > (see
> > http://www.iana.org/assignments/enterprise-numbers)
> >
> > You should contact Airespace and ask them for their
> > vendor-specific
> > attribute definitions.
> >
> > When you receive the definitions, please send us a
> > copy so we can add
> > them to the standard Radiator distribution.
> >
> > regards
> >
> > Hugh
> >
> > On 26 Sep 2005, at 12:48, Veaceslav Revutchi wrote:
> > > Thanks, Mike, Hugh. Enabling that policy for
> > > administrator fixed the priviledge problem.
> > >
> > > I'm one step further, but I'm stuck  at something
> >
> > else
> >
> > > now. In short I'm  trying authenticate wireless
> > > clients against Active Directory. Radiator is
> >
> > running
> >
> > > on an XP machine part of the "WB" domain. In the
> >
> > logs
> >
> > > I'm seeing my auth. requests being handled by the
> >
> > null
> >
> > > handler "Handling request with Handler ''" and
> > > Ethereal shows no communication between Radiator
> >
> > and
> >
> > > AD. I am attaching my config and the log file. In
> >
> > the
> >
> > > log you can see authentication attempts for user
> > > "wb12345" part of "WB" domain.
> > > 10.220.7.205 is the wireless controller.
> > > 10.220.115.196 is the AD server.
> > > Any hints appreciated.
> > >
> > > --------- begin radius.cfg ---------------
> > > Foreground
> > > LogStdout
> > > LogDir          c:/Program Files/Radiator
> > > DbDir           c:/Program Files/Radiator
> > >
> > > # This will log at DEBUG level: very verbose
> > > # User a lower trace level in production systems,
> > > typically use 3
> > > Trace           4
> > >
> > > # You will probably want to add other Clients to
> >
> > suit
> >
> > > your site,
> > > # one for each NAS you want to work with. This
> >
> > will
> >
> > > work
> > > # at least with radpwtst running on the local
> >
> > machine
> >
> > > <Client DEFAULT>
> > >         Secret  mysecret
> > >         DupInterval 0
> > > </Client>
> > >
> > > <Handler TunnelledByPEAP=1>
> > >         <AuthBy LSA>
> > >         Domain  WB
> > >         DomainController 10.220.115.196
> > >         EAPType MSCHAP-V2
> > >         </AuthBy>
> > > </Handler>
> > > <Handler>
> > >         <AuthBy FILE>
> > >         Filename %D/users
> > >         EAPType PEAP
> > >         EAPTLS_CAFile
> > > %D/certificates/demoCA/cacert.pem
> > >         EAPTLS_CertificateFile
> > > %D/certificates/cert-srv.pem
> > >         EAPTLS_CertificateType PEM
> > >         EAPTLS_PrivateKeyFile
> > > %D/certificates/cert-srv.pem
> > >         EAPTLS_PrivateKeyPassword whatever
> > >         EAPTLS_MaxFragmentSize 1000
> > >         SSLeayTrace 4
> > >         </AuthBy>
> > > </Handler>
> > >
> > > -------------- end radius.cfg ------------
> > >
> > > ---------- begin logfile -----------------
> > > ...
> > > Sun Sep 25 17:05:43 2005: DEBUG: Finished reading
> > > configuration file 'C:\Program
> > > Files\Radiator\radius.cfg'
> > > Sun Sep 25 17:05:43 2005: DEBUG: Reading
> >
> > dictionary
> >
> > > file 'c:/Program Files/Radiator/dictionary'
> > > Sun Sep 25 17:05:43 2005: DEBUG: Creating
> > > authentication port 0.0.0.0:1645
> > > Sun Sep 25 17:05:43 2005: DEBUG: Creating
> >
> > accounting
> >
> > > port 0.0.0.0:1646
> > > Sun Sep 25 17:05:43 2005: NOTICE: Server started:
> > > Radiator 3.13 on rocks (LOCKED)
> > > Sun Sep 25 17:06:01 2005: ERR: Attribute number 1
> > > (vendor 14179) is not defined in your dictionary
> > > Sun Sep 25 17:06:02 2005: DEBUG: Packet dump:
> > > *** Received from 10.220.7.205 port 1024 ....
> > > Code:       Access-Request
> > > Identifier: 35
> > > Authentic:
> >
> > <207>qf<235>{<205>7<27><196><224>N<236><189>Ta<151>
> >
> > > Attributes:
> > >     User-Name = "WB\wb195291"
> > >     Calling-Station-Id = "00:0C:41:DD:C5:1C"
> > >     Called-Station-Id = "00:0B:85:24:BA:E0:radi"
> > >     NAS-Port = 1
> > >     NAS-IP-Address = 10.220.7.205
> > >     NAS-Identifier = "wlc-fh1"
> > >     Service-Type = Framed-User
> > >     Framed-MTU = 1300
> > >     NAS-Port-Type = Wireless-IEEE-802-11
> > >     Tunnel-Type = 0:VLAN
> > >     Tunnel-Medium-Type = 0:802
> > >     Tunnel-Private-Group-ID = 90
> > >     EAP-Message = <2><0><0><16><1>WB\wb195291
> > >     Message-Authenticator =
> > > <252><207><30><246><238><249><238>
> > > {<142><30><162><251><183><231><26><242>
> > >
> > > Sun Sep 25 17:06:02 2005: DEBUG: Handling request
> >
> > with
> >
> > > Handler ''
> > > Sun Sep 25 17:06:02 2005: DEBUG:  Deleting session
> >
> > for
> >
> > > WB\wb195291, 10.220.7.205, 1
> > > Sun Sep 25 17:06:02 2005: DEBUG: Handling with
> > > Radius::AuthFILE:
> > > Sun Sep 25 17:06:02 2005: DEBUG: Handling with
> >
> > EAP:
> > > code 2, 0, 16
> > > Sun Sep 25 17:06:02 2005: DEBUG: Response type 1
> > > Sun Sep 25 17:06:04 2005: DEBUG: EAP result: 3,
> >
> > EAP
> >
> > > PEAP Challenge
> > > Sun Sep 25 17:06:04 2005: DEBUG: AuthBy FILE
> >
> > result:
> > > CHALLENGE, EAP PEAP Challenge
> > > Sun Sep 25 17:06:04 2005: DEBUG: Access challenged
> >
> > for
> >
> > > WB\wb195291: EAP PEAP Challenge
> > > Sun Sep 25 17:06:04 2005: DEBUG: Packet dump:
> > > *** Sending to 10.220.7.205 port 1024 ....
>
> === message truncated ===
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list