(RADIATOR) Re: RE : (RADIATOR) PEAP/MSCHAP-V2 and realms
Hugh Irvine
hugh at open.com.au
Wed Oct 5 06:36:55 CDT 2005
Hello Stephane -
There are a number of problems with what you are trying to do.
The first problem is that you cannot rewrite a username that is to be
used with MS-CHAP. This is a limitation of MS-CHAP.
Instead of using RewriteUsername's and Realm's, you should just do
something like this:
<Handler User-Name = /^FR-MX-COM/, TunnelledByPEAP = 1>
.....
</Handler>
<Handler User-Name = /^US-MX-COM/, TunnelledByPEAP = 1>
.....
</Handler>
<Handler Called-Station-Id = /MX_WIFI/>
.....
</Handler>
Hope that helps.
regards
Hugh
On 5 Oct 2005, at 11:46, DELORT Stephane wrote:
> Hello Hugh,
>
>
> here is a copy of the the trace 4 debug.
>
> Before you read it, you should know that the check of the Realm is
> OK if it is done in the first handler to be called : <Handler
> Called-Station-Id=/MX_WIFI/ , Realm=FR-MX-COM>
> The problem there is that we cannot change or select the domain
> controller to be used since there is no link between this handler
> and the one responsible of the LSA part.
>
>
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 52
> Authentic: <6><165><135>=Y<221>[2o<181>@<131>r&<146><0>
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> EAP-Message = <2><1><0><25><1>FR-MX-COM\fruser
> User-Name = "FR-MX-COM\fruser"
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator =
> <246><238><155><1><198><151><247>>c,<23>p<225>^<137><193>
>
> Wed Oct 5 10:35:24 2005: DEBUG: Rewrote user name to fruser at FR-MX-COM
> Wed Oct 5 10:35:24 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:24 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for FR-MX-COM\fruser, 172.21.20.202,
> Wed Oct 5 10:35:24 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:24 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='FR-MX-COM\fruser'':
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with EAP: code 2, 1, 25
> Wed Oct 5 10:35:24 2005: DEBUG: Response type 1
> Wed Oct 5 10:35:24 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: Access challenged for fruser at FR-MX-
> COM: EAP PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 52
> Authentic: <6><165><135>=Y<221>[2o<181>@<131>r&<146><0>
> Attributes:
> EAP-Message = <1><2><0><6><25>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 53
> Authentic: <16><157><137><195>"<223>B@\<190><229>y[<200><194><190>
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "FR-MX-COM\fruser"
> EAP-Message =
> <2><2><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>CC<144>M_<1
> 41>+dj<26>D6<18>{857'<179>D<223><133><213><254>II
> 1<237>s<180><248><0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><
> 6><0><19><0><18><0>c<1><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator =
> <181>2<147><174>q<254>W<147>z<0>3<131><225><195><9><25>
>
> Wed Oct 5 10:35:24 2005: DEBUG: Rewrote user name to fruser at FR-MX-COM
> Wed Oct 5 10:35:24 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:24 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for FR-MX-COM\fruser, 172.21.20.202,
> Wed Oct 5 10:35:24 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:24 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='FR-MX-COM\fruser'':
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with EAP: code 2, 2, 80
> Wed Oct 5 10:35:24 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:24 2005: DEBUG: EAP TLS SSL_accept result: -1, 2,
> 8576
> Wed Oct 5 10:35:24 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: Access challenged for fruser at FR-MX-
> COM: EAP PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 53
> Authentic: <16><157><137><195>"<223>B@\<190><229>y[<200><194><190>
> Attributes:
> EAP-Message =
> <1><3><3><242><25><192><0><0><4><147><22><3><1><0>J<2><0><0>F<3><1>CC<
> 144>L<234><250><213><199><9><9>h<128><191>9<29>h<236><158><31>Z<157>u<
> 237>3<145>o8<129><234><30><165>% )C(<202><201><191><147>B<253>}
> <208><164><244>5<155>=N<216>F<222>o<151>8T<188><247><210>R
> \<132><19><169><0><4><0><22><3><1><3><152><11><0><3><148><0><3><145><0
> ><3><142>0<130><3><138>0<130><2>r<2><1><12>0<13><6><9>*<134>H<134><247
> ><13><1><1><4><5><0>0<129><134>1<11>0<9><6><3>U<4><6><19><2>FR1<12>0<1
> 0><6><3>U<4><8><19><3>IDF1<14>0<12><6><3>U<4><7><19><5>Paris1<19>0<17>
> <6><3>U<4><10><19><10>MX S.A.
> 1<16>0<14><6><3>U<4><11><19><7>systeam1<16>0<14><6><3>U<4><3><19><7>sy
> steam1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>sys
> EAP-Message =
> team at MX.com0<30><23><13>050809075749Z<23><13>100808075749Z0<129><144>1
> <11>0<9><6><3>U<4><6><19><2>FR1<12>0<10><6><3>U<4><8><19><3>IDF1<14>0<
> 12><6><3>U<4><7><19><5>Paris1<21>0<19><6><3>U<4><10><19><12>MX
> S.A.S.
> 1<16>0<14><6><3>U<4><11><19><7>systeam1<24>0<22><6><3>U<4><3><19><15>S
> tephane Delort1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>fruser at MX.com0<130><1
> >
> 0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><13><0>0<130
> ><1><8><2><130><1><1><0><217>7M<225><241><138>:<189><229><184>u.<249><
> 1><29>3pUT<7>Z<171>~!<171>a<248>
> EAP-Message =
> <14><161><255><7>^<169><254>OoA<137><137><179><26><15><202><220><167><
> 169><228><3><202><17><231><134><241><11><255><161>Dw<146>_<23><198>"n<
> 180>TJ<209><216><212>RFx^/<148><172><154>S<133>|<233>\=:,<237>\<25>%
> <228>!^n5@<25><169><216><229>l<15><200><187><135><171>)
> q<20>'m<18><5>'<127><158><179><139><208><6><139><22><220>6a<173><24>g<
> 147><239>V(d<190>m<196><249><182>G}<7>wx<14><163><233><238>?
> <162><151><238><202><211>}m<206>l<237><239><29><193>&
> +S<147><235><178><8><228>v<209><202>s<186><229>5|
> W<159><155><25><208><251><221><201>J<248><149><170><16>HZ<153><31><187
> >
> $ov<247><160><162><27>:<235><209><211><146><138>4<<167>t<224><244>B"<2
> 14><148>J<138><149>[<248>S<189><203>rF)<173><226><29><132><163>%<TC
> $R<154><11><147><213><207>
> (\M<226><227><225><237>s<151><222>#<2><1><3>0<13><6><9>*<134>H<134><24
> 7><13><1><1><4><5><0><3><130><1><1><0><0>
> EAP-Message = O<31><133><169><249><221>|
> Eg<129><158><242><134><201><9>1<205><6><133><253>h<171>
> \<153><231><229><147>Y<204><149><192><30><164>&<18>@<135><168><1><137>
> <175>*t<9>D<241><239><244><198>]
> <1><144>YW<220><0><241>=<131><246><217><248>W<219>J<152><151><212>t<13
> 2><4><139><220><209><10><149>q<18><207><8>u<197>
> $<225>Y<247><10><147>`vjq^x<150>%
> <153><228>L<31><160>63'<30><4><222><187><227><255>=<128>B<222><207><14
> 4><208><254><251><191><155><170><0><139>WZI<24><161>O.`*<189>j<194><<1
> 39>;<252>"\<21><20><226><171><130>
> [<196><156><238>_<6>Y<151><244><221><133>T3<215><207><228><242><178>J<
> 185><192>*<254>C<169>9)<180><248>)<168><173><224>/'}
> <254>w1f<189><177><12>@n<150>R<8>f<205><196>c<15>4t:<139><10><11><26>V
> <228>P<250><222><187><138><210><222>
> {8n<202><255>m<182>n<<156>j<13><30><9><143>t<238><214><177><182><233><
> 8>w<194><137><230><234><21><254><227>lFA1<133>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 54
> Authentic: '<146><140><160>c<254><208>Yt<208><4><30>k<7><20><255>
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "FR-MX-COM\fruser"
> EAP-Message = <2><3><0><6><25><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator =
> <161><165>,<28><211><139><216><<23><18>h<144>X<245>`<204>
>
> Wed Oct 5 10:35:24 2005: DEBUG: Rewrote user name to fruser at FR-MX-COM
> Wed Oct 5 10:35:24 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:24 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for FR-MX-COM\fruser, 172.21.20.202,
> Wed Oct 5 10:35:24 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:24 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='FR-MX-COM\fruser'':
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with EAP: code 2, 3, 6
> Wed Oct 5 10:35:24 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:24 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: Access challenged for fruser at FR-MX-
> COM: EAP PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 54
> Authentic: '<146><140><160>c<254><208>Yt<208><4><30>k<7><20><255>
> Attributes:
> EAP-Message =
> <1><4><0><177><25><0><207><154><204><141><22><3><1><0><162><13><0><0><
> 154><2><1><2><0><149><0><147>0<129><144>1<11>0<9><6><3>U<4><6><19><2>F
> R1<12>0<10><6><3>U<4><8><19><3>IDF1<14>0<12><6><3>U<4><7><19><5>Paris1
> <21>0<19><6><3>U<4><10><19><12>MX S.A.S.
> 1<16>0<14><6><3>U<4><11><19><7>systeam1<24>0<22><6><3>U<4><3><19><15>S
> tephane Delort1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>fruser at MX.com<14><0><
> 0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 55
> Authentic: E<160><201>1/<168><200><22><14><216><21><151>2_c<132>
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "FR-MX-COM\fruser"
> EAP-Message =
> <2><4><1>G<25><128><0><0><1>=<22><3><1><1><13><11><0><0><3><0><0><0><1
> 6><0><1><2><1><0><139><138><228><219><164><25><13><211>J<194><196><144
> >g6<132><232>
> [<232><16>RI<193>B<231><140><164><143>7<250><178><226><173>-
> i<157>5<196><253><228><220>]<215>am<21><189><218>?
> <24><147><132><167><243>e<178>f
> ["<247><192><222><241><11><220>J<206><142><186>ec<195><212><21>DWL<8>
> <185><144>a<162><201><255><199><220>9<150><218><251><3>t<194><248>p<19
> ><193><29><154>$<229><230>Lh?<146>I<0>j<152>T<212><140><157><143>!
> <139>l<7>%;<27>1<246><216><245><175><226><189><130>\<25>
> $<204>o<143><28><241><148>xC<187><16>
> $<132><247>1K<188>C<222><157><134>>}
> <198><20><142>q<234><7><188><148><198><238>nQ<195><192><163><227><195>
> <19>k<211><203><234><197><232><155><10><239><21>.jX<231><203>
> $<137><141>@<22>b<237>o:<218><249><173>&u<235><220>W)
> <173>p<29>l<144><143><252><194>?<244><182><204><130><3><154><247>95
> EAP-Message = ~c<254><178>
> $<155><174>j<147><182>@<211><183><148><205>
> [<185><176>t<247><244><5><248><208><232><253>1<21>|
> <182><31><209><20><3><1><0><1><1><22><3><1><0>
> <15><201><30><242>c<167><148><154>`lV<159><2><10>rO=u<225>#<178><226><
> 30>\<164>5<201><251>A<_<251>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator =
> <0>V<246>ub<141>Tc<144><178><251><238><137>K<16><237>
>
> Wed Oct 5 10:35:24 2005: DEBUG: Rewrote user name to fruser at FR-MX-COM
> Wed Oct 5 10:35:24 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:24 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for FR-MX-COM\fruser, 172.21.20.202,
> Wed Oct 5 10:35:24 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:24 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='FR-MX-COM\fruser'':
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with EAP: code 2, 4, 327
> Wed Oct 5 10:35:24 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:24 2005: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Wed Oct 5 10:35:24 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: Access challenged for fruser at FR-MX-
> COM: EAP PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 55
> Authentic: E<160><201>1/<168><200><22><14><216><21><151>2_c<132>
> Attributes:
> EAP-Message = <1><5><0>5<25><128><0><0><0>
> +<20><3><1><0><1><1><22><3><1><0> <158>^o_|a<219><161>)
> <231>W7r<244>]^<17><165><172>!<208>:.<250>rcKRQF<195>D
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 56
> Authentic: P<12><174>g}3<212><20>5'<148><189>8Z<26><178>
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "FR-MX-COM\fruser"
> EAP-Message = <2><5><0><6><25><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator = <198>
> {<21>r<174>&9<8><160>b<205><194><184><218><229>t
>
> Wed Oct 5 10:35:24 2005: DEBUG: Rewrote user name to fruser at FR-MX-COM
> Wed Oct 5 10:35:24 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:24 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for FR-MX-COM\fruser, 172.21.20.202,
> Wed Oct 5 10:35:24 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:24 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='FR-MX-COM\fruser'':
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with EAP: code 2, 5, 6
> Wed Oct 5 10:35:24 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:24 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: Access challenged for fruser at FR-MX-
> COM: EAP PEAP Challenge
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 56
> Authentic: P<12><174>g}3<212><20>5'<148><189>8Z<26><178>
> Attributes:
> EAP-Message =
> <1><6><0><28><25><0><23><3><1><0><17><16><31>*<21><183><214>J<244><153
> ><239><17><190>\<153><16><237><233>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 57
> Authentic: !<174><197><253>vk<146><242>K<191>}C}<132><239><192>
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "FR-MX-COM\fruser"
> EAP-Message = <2><6><0>0<25><0><23><3><1><0>%
> <4>i<130>R<128><151><2><160><28>]3<10><221>fR<241><13>U<139><231>
> (<247><224><24><129><144><222>O<141><206><9><192>\<251>wT<178>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator =
> 7<243>5n<207><209>11k<226><143><207><209><7><138>d
>
> Wed Oct 5 10:35:24 2005: DEBUG: Rewrote user name to fruser at FR-MX-COM
> Wed Oct 5 10:35:24 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:24 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for FR-MX-COM\fruser, 172.21.20.202,
> Wed Oct 5 10:35:24 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:24 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='FR-MX-COM\fruser'':
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with EAP: code 2, 6, 48
> Wed Oct 5 10:35:24 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:24 2005: DEBUG: EAP PEAP inner authentication
> request for FR-MX-COM\fruser
> Wed Oct 5 10:35:24 2005: DEBUG: PEAP Tunnelled request Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: q<218>9<193>d<224>x]<173>!<235><175><207><<206><
> Attributes:
> EAP-Message = <2><6><0><21><1>FR-MX-COM\fruser
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> User-Name = "FR-MX-COM\fruser"
> NAS-IP-Address = 172.21.20.202
> NAS-Identifier = "Trapeze"
> Calling-Station-Id = "00-04-23-6D-E4-78"
>
> Wed Oct 5 10:35:24 2005: DEBUG: Handling request with Handler ''
> Wed Oct 5 10:35:24 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for , 172.21.20.202,
> Wed Oct 5 10:35:24 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with Radius::AuthSQL
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with Radius::AuthSQL:
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with EAP: code 2, 6, 21
> Wed Oct 5 10:35:24 2005: DEBUG: Response type 1
> Wed Oct 5 10:35:24 2005: DEBUG: EAP result: 1, EAP authentication
> is not permitted.
> Wed Oct 5 10:35:24 2005: DEBUG: AuthBy SQL result: REJECT, EAP
> authentication is not permitted.
> Wed Oct 5 10:35:24 2005: INFO: Access rejected for FR-MX-COM
> \fruser: EAP authentication is not permitted.
> Wed Oct 5 10:35:24 2005: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redespatched to a Handler
> Wed Oct 5 10:35:24 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP inner authentication redespatched to a Handler
> Wed Oct 5 10:35:24 2005: DEBUG: Access challenged for fruser at FR-MX-
> COM: EAP PEAP inner authentication redespatched to a Handler
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 57
> Authentic: !<174><197><253>vk<146><242>K<191>}C}<132><239><192>
> Attributes:
> EAP-Message =
> <1><7><0>&<25><0><23><3><1><0><27>v<255><192><202><218><186><214><14>R
> :J<231>y<246><171>n<140><197><7><252><226>#<18>=\<18><127>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 58
> Authentic: m<224><249><160><6><153>9Yr<140><185><30>q<134>%<255>
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "FR-MX-COM\fruser"
> EAP-Message =
> <2><7><0>&<25><0><23><3><1><0><27><179>&<198><202><144>%
> <242>eR<151>QC<26><1><166><160>X<240><178>><25>o<18>Hd<146><197>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator =
> <174><31>Z<30><209>uGQ<148><149><141><204><150><250><255>K
>
> Wed Oct 5 10:35:24 2005: DEBUG: Rewrote user name to fruser at FR-MX-COM
> Wed Oct 5 10:35:24 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:24 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for FR-MX-COM\fruser, 172.21.20.202,
> Wed Oct 5 10:35:24 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:24 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='FR-MX-COM\fruser'':
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:24 2005: DEBUG: Handling with EAP: code 2, 7, 38
> Wed Oct 5 10:35:24 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:24 2005: DEBUG: EAP result: 1, PEAP Authentication
> Failure
> Wed Oct 5 10:35:24 2005: DEBUG: AuthBy FILE result: REJECT, PEAP
> Authentication Failure
> Wed Oct 5 10:35:24 2005: INFO: Access rejected for fruser at FR-MX-
> COM: PEAP Authentication Failure
> Wed Oct 5 10:35:24 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Reject
> Identifier: 58
> Authentic: m<224><249><160><6><153>9Yr<140><185><30>q<134>%<255>
> Attributes:
> EAP-Message = <4><7><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
>
> Wed Oct 5 10:35:37 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 59
> Authentic:
> (<199><255><177><0><245><252><150>M<182>p<23>5<158><236><4>
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> EAP-Message = <2><1><0><25><1>US-MX-COM\ususer
> User-Name = "US-MX-COM\ususer"
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator =
> <19><223><167><146>j;<233><141>G`dJ~<19><166>F
>
> Wed Oct 5 10:35:37 2005: DEBUG: Rewrote user name to ususer at US-MX-COM
> Wed Oct 5 10:35:37 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:37 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for US-MX-COM\ususer, 172.21.20.202,
> Wed Oct 5 10:35:37 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:37 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='US-MX-COM\ususer'':
> Wed Oct 5 10:35:37 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:37 2005: DEBUG: Handling with EAP: code 2, 1, 25
> Wed Oct 5 10:35:37 2005: DEBUG: Response type 1
> Wed Oct 5 10:35:37 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: Access challenged for ususer at US-MX-
> COM: EAP PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 59
> Authentic:
> (<199><255><177><0><245><252><150>M<182>p<23>5<158><236><4>
> Attributes:
> EAP-Message = <1><2><0><6><25>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:37 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 60
> Authentic: 8<163><200><218>7<139>!<11>c<208><155><232><12><195>B<1>
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "US-MX-COM\ususer"
> EAP-Message =
> <2><2><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>CC<144>ZV<2
> 07><174>Oy<<216><3>%
> 2<242><128><29><130>3<187><22>p<164><151><202><218>"?
> <17><2><169><213><0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><
> 6><0><19><0><18><0>c<1><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator = <137><187><144><237>5<5>|
> <160><195><182>wc<250> <20>s
>
> Wed Oct 5 10:35:37 2005: DEBUG: Rewrote user name to ususer at US-MX-COM
> Wed Oct 5 10:35:37 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:37 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for US-MX-COM\ususer, 172.21.20.202,
> Wed Oct 5 10:35:37 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:37 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='US-MX-COM\ususer'':
> Wed Oct 5 10:35:37 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:37 2005: DEBUG: Handling with EAP: code 2, 2, 80
> Wed Oct 5 10:35:37 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:37 2005: DEBUG: EAP TLS SSL_accept result: -1, 2,
> 8576
> Wed Oct 5 10:35:37 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: Access challenged for ususer at US-MX-
> COM: EAP PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 60
> Authentic: 8<163><200><218>7<139>!<11>c<208><155><232><12><195>B<1>
> Attributes:
> EAP-Message =
> <1><3><3><242><25><192><0><0><4><147><22><3><1><0>J<2><0><0>F<3><1>CC<
> 144>Y`i<6><137>d<154>#<30>\a<210><179>_<5><13><13>+<151>!
> r`<215><6><217><23><244><129><202>
> K<217>m"<247>5Nn<229>;:<4>V<151>20<204><24>"T<231><131>*<152><137>"N<2
> 26><12>Y<242>z<0><4><0><22><3><1><3><152><11><0><3><148><0><3><145><0>
> <3><142>0<130><3><138>0<130><2>r<2><1><12>0<13><6><9>*<134>H<134><247>
> <13><1><1><4><5><0>0<129><134>1<11>0<9><6><3>U<4><6><19><2>FR1<12>0<10
> ><6><3>U<4><8><19><3>IDF1<14>0<12><6><3>U<4><7><19><5>Paris1<19>0<17><
> 6><3>U<4><10><19><10>MX S.A.
> 1<16>0<14><6><3>U<4><11><19><7>systeam1<16>0<14><6><3>U<4><3><19><7>sy
> steam1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>sys
> EAP-Message =
> team at MX.com0<30><23><13>050809075749Z<23><13>100808075749Z0<129><144>1
> <11>0<9><6><3>U<4><6><19><2>FR1<12>0<10><6><3>U<4><8><19><3>IDF1<14>0<
> 12><6><3>U<4><7><19><5>Paris1<21>0<19><6><3>U<4><10><19><12>MX
> S.A.S.
> 1<16>0<14><6><3>U<4><11><19><7>systeam1<24>0<22><6><3>U<4><3><19><15>S
> tephane Delort1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>fruser at MX.com0<130><1
> >
> 0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><13><0>0<130
> ><1><8><2><130><1><1><0><217>7M<225><241><138>:<189><229><184>u.<249><
> 1><29>3pUT<7>Z<171>~!<171>a<248>
> EAP-Message =
> <14><161><255><7>^<169><254>OoA<137><137><179><26><15><202><220><167><
> 169><228><3><202><17><231><134><241><11><255><161>Dw<146>_<23><198>"n<
> 180>TJ<209><216><212>RFx^/<148><172><154>S<133>|<233>\=:,<237>\<25>%
> <228>!^n5@<25><169><216><229>l<15><200><187><135><171>)
> q<20>'m<18><5>'<127><158><179><139><208><6><139><22><220>6a<173><24>g<
> 147><239>V(d<190>m<196><249><182>G}<7>wx<14><163><233><238>?
> <162><151><238><202><211>}m<206>l<237><239><29><193>&
> +S<147><235><178><8><228>v<209><202>s<186><229>5|
> W<159><155><25><208><251><221><201>J<248><149><170><16>HZ<153><31><187
> >
> $ov<247><160><162><27>:<235><209><211><146><138>4<<167>t<224><244>B"<2
> 14><148>J<138><149>[<248>S<189><203>rF)<173><226><29><132><163>%<TC
> $R<154><11><147><213><207>
> (\M<226><227><225><237>s<151><222>#<2><1><3>0<13><6><9>*<134>H<134><24
> 7><13><1><1><4><5><0><3><130><1><1><0><0>
> EAP-Message = O<31><133><169><249><221>|
> Eg<129><158><242><134><201><9>1<205><6><133><253>h<171>
> \<153><231><229><147>Y<204><149><192><30><164>&<18>@<135><168><1><137>
> <175>*t<9>D<241><239><244><198>]
> <1><144>YW<220><0><241>=<131><246><217><248>W<219>J<152><151><212>t<13
> 2><4><139><220><209><10><149>q<18><207><8>u<197>
> $<225>Y<247><10><147>`vjq^x<150>%
> <153><228>L<31><160>63'<30><4><222><187><227><255>=<128>B<222><207><14
> 4><208><254><251><191><155><170><0><139>WZI<24><161>O.`*<189>j<194><<1
> 39>;<252>"\<21><20><226><171><130>
> [<196><156><238>_<6>Y<151><244><221><133>T3<215><207><228><242><178>J<
> 185><192>*<254>C<169>9)<180><248>)<168><173><224>/'}
> <254>w1f<189><177><12>@n<150>R<8>f<205><196>c<15>4t:<139><10><11><26>V
> <228>P<250><222><187><138><210><222>
> {8n<202><255>m<182>n<<156>j<13><30><9><143>t<238><214><177><182><233><
> 8>w<194><137><230><234><21><254><227>lFA1<133>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:37 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 61
> Authentic: S%h<145>}<239><227><246>|<221>3<247>x<14><146>d
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "US-MX-COM\ususer"
> EAP-Message = <2><3><0><6><25><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator = <12>2<162><134>-
> <159>c<19>e<225><6><204><193><145><131>~
>
> Wed Oct 5 10:35:37 2005: DEBUG: Rewrote user name to ususer at US-MX-COM
> Wed Oct 5 10:35:37 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:37 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for US-MX-COM\ususer, 172.21.20.202,
> Wed Oct 5 10:35:37 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:37 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='US-MX-COM\ususer'':
> Wed Oct 5 10:35:37 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:37 2005: DEBUG: Handling with EAP: code 2, 3, 6
> Wed Oct 5 10:35:37 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:37 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: Access challenged for ususer at US-MX-
> COM: EAP PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 61
> Authentic: S%h<145>}<239><227><246>|<221>3<247>x<14><146>d
> Attributes:
> EAP-Message =
> <1><4><0><177><25><0><207><154><204><141><22><3><1><0><162><13><0><0><
> 154><2><1><2><0><149><0><147>0<129><144>1<11>0<9><6><3>U<4><6><19><2>F
> R1<12>0<10><6><3>U<4><8><19><3>IDF1<14>0<12><6><3>U<4><7><19><5>Paris1
> <21>0<19><6><3>U<4><10><19><12>MX S.A.S.
> 1<16>0<14><6><3>U<4><11><19><7>systeam1<24>0<22><6><3>U<4><3><19><15>S
> tephane Delort1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>fruser at MX.com<14><0><
> 0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:37 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 62
> Authentic: (T<29><1>|l<215><166><20>p<149><231><25>Fe<148>
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "US-MX-COM\ususer"
> EAP-Message =
> <2><4><1>G<25><128><0><0><1>=<22><3><1><1><13><11><0><0><3><0><0><0><1
> 6><0><1><2><1><0><189><253><141><1><18>qb<25><129><21><251><30><17>
> $<228><232><246>9<226>><195><138><132>A<5>S<244>Q!
> d,w<218>=<23><173><177>4o,<181><17>cr<135><12>=<158><242><143><231>Dc<
> 197><143><220><223><170>b<5><181>0<208><234><135>.<4><23><180><207><24
> 2><243><155><163> <205><3><200>Ui<209>o}V^<10><165>J
> \<27><205><133><20><145><186><136>><25><238><236><252>.Q<207><168><224
> ><162><245><209><31><134>*"<31><181>A<247>v<150><14><156><26>v<0><140>
> <231><184><17><20><8><10>Y<249><164><16><237>h<224><10><151>
> +<198><171>T<179><26>m5S-
> G<237><143><17><227>*5<243><223>nK<4>s<255>Oq<253><216><24>=<155><23>`
> <191><10><253>#<202><138><167><0><184><192>Y<237><222><177><184><11><1
> 6>7<251><145>/w<218><226><157>9<139>n<189><161>(<139>]
> <153><198><21><30>W1<162><180><161><136>,<160><224>*N{R<242>
> EAP-Message = <169><181><4><4><241><200><128><187><234><195><228>}
> <132>~]
> <217>G<9><224><149><237><203>&<140><181><143>#<159><199>7<179>2<20><3>
> <1><0><1><1><22><3><1><0> <225>S<199>M\4<129>\<176>;@<219><1><20>
> {<210>k<21>Fn<0><172>}<197><155>q<204><15><200><253>&y
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator =
> <13><142><20><10><141><151>:<253><25><193><134><184><188>8<216><218>
>
> Wed Oct 5 10:35:37 2005: DEBUG: Rewrote user name to ususer at US-MX-COM
> Wed Oct 5 10:35:37 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:37 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for US-MX-COM\ususer, 172.21.20.202,
> Wed Oct 5 10:35:37 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:37 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='US-MX-COM\ususer'':
> Wed Oct 5 10:35:37 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:37 2005: DEBUG: Handling with EAP: code 2, 4, 327
> Wed Oct 5 10:35:37 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:37 2005: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Wed Oct 5 10:35:37 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: Access challenged for ususer at US-MX-
> COM: EAP PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 62
> Authentic: (T<29><1>|l<215><166><20>p<149><231><25>Fe<148>
> Attributes:
> EAP-Message = <1><5><0>5<25><128><0><0><0>
> +<20><3><1><0><1><1><22><3><1><0>
> <221>@<194><187>Z<129>kF<254><129><220>#<190><xK<28><144>B:b<5><145>lz
> <249><167><159><128>R{<235>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:37 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 63
> Authentic: fS<221><w<133><170><197>7O<236><26><29><19><163>K
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "US-MX-COM\ususer"
> EAP-Message = <2><5><0><6><25><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator = <24><190><144>|
> <174><229><29><246><232><9><127><241><170>M<233><251>
>
> Wed Oct 5 10:35:37 2005: DEBUG: Rewrote user name to ususer at US-MX-COM
> Wed Oct 5 10:35:37 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:37 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for US-MX-COM\ususer, 172.21.20.202,
> Wed Oct 5 10:35:37 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:37 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='US-MX-COM\ususer'':
> Wed Oct 5 10:35:37 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:37 2005: DEBUG: Handling with EAP: code 2, 5, 6
> Wed Oct 5 10:35:37 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:37 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: Access challenged for ususer at US-MX-
> COM: EAP PEAP Challenge
> Wed Oct 5 10:35:37 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 63
> Authentic: fS<221><w<133><170><197>7O<236><26><29><19><163>K
> Attributes:
> EAP-Message =
> <1><6><0><28><25><0><23><3><1><0><17><206><136><220>n<252><209>Ij<127>
> <204><235><153><230><144><127><234>O
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:38 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 64
> Authentic: 7<245><244><210>p<189>i<163>M<231><212><160>b>xY
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "US-MX-COM\ususer"
> EAP-Message = <2><6><0>0<25><0><23><3><1><0>%<7>
> \<230><194><208><136><174><150><240><214><140><6>/<146>!
> <20><5><248>u<214><198><143><151><173>6<164>
> $<174>II0<213><235><238><208>sC
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator = <0><149><254><30><218><7><184>
> [<253>J<249><203>mRq%
>
> Wed Oct 5 10:35:38 2005: DEBUG: Rewrote user name to ususer at US-MX-COM
> Wed Oct 5 10:35:38 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:38 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for US-MX-COM\ususer, 172.21.20.202,
> Wed Oct 5 10:35:38 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:38 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='US-MX-COM\ususer'':
> Wed Oct 5 10:35:38 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:38 2005: DEBUG: Handling with EAP: code 2, 6, 48
> Wed Oct 5 10:35:38 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:38 2005: DEBUG: EAP PEAP inner authentication
> request for US-MX-COM\ususer
> Wed Oct 5 10:35:38 2005: DEBUG: PEAP Tunnelled request Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic:
> <0><171><222><212>A<162>W<182><131><188><149><198><173><20>h<182>
> Attributes:
> EAP-Message = <2><6><0><21><1>US-MX-COM\ususer
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> User-Name = "US-MX-COM\ususer"
> NAS-IP-Address = 172.21.20.202
> NAS-Identifier = "Trapeze"
> Calling-Station-Id = "00-04-23-6D-E4-78"
>
> Wed Oct 5 10:35:38 2005: DEBUG: Handling request with Handler ''
> Wed Oct 5 10:35:38 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for , 172.21.20.202,
> Wed Oct 5 10:35:38 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:38 2005: DEBUG: Handling with Radius::AuthSQL
> Wed Oct 5 10:35:38 2005: DEBUG: Handling with Radius::AuthSQL:
> Wed Oct 5 10:35:38 2005: DEBUG: Handling with EAP: code 2, 6, 21
> Wed Oct 5 10:35:38 2005: DEBUG: Response type 1
> Wed Oct 5 10:35:38 2005: DEBUG: EAP result: 1, EAP authentication
> is not permitted.
> Wed Oct 5 10:35:38 2005: DEBUG: AuthBy SQL result: REJECT, EAP
> authentication is not permitted.
> Wed Oct 5 10:35:38 2005: INFO: Access rejected for US-MX-COM
> \ususer: EAP authentication is not permitted.
> Wed Oct 5 10:35:38 2005: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redespatched to a Handler
> Wed Oct 5 10:35:38 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP inner authentication redespatched to a Handler
> Wed Oct 5 10:35:38 2005: DEBUG: Access challenged for ususer at US-MX-
> COM: EAP PEAP inner authentication redespatched to a Handler
> Wed Oct 5 10:35:38 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Challenge
> Identifier: 64
> Authentic: 7<245><244><210>p<189>i<163>M<231><212><160>b>xY
> Attributes:
> EAP-Message =
> <1><7><0>&<25><0><23><3><1><0><27><221><140><25>L<13><220><157><202><1
> 82>A2, <153><7><1><137>J<133>?<0><0><188><251><0><249><243>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Oct 5 10:35:38 2005: DEBUG: Packet dump:
> *** Received from 172.21.20.202 port 20005 ....
> Code: Access-Request
> Identifier: 65
> Authentic: ;H<160>T3<190><11><253>r@`<242>0<31>3C
> Attributes:
> NAS-Port-Id = "1/1"
> Calling-Station-Id = "00-04-23-6D-E4-78"
> Called-Station-Id = "00-0B-0E-13-17-41:MX_WIFI"
> Service-Type = Framed-User
> User-Name = "US-MX-COM\ususer"
> EAP-Message =
> <2><7><0>&<25><0><23><3><1><0><27><152><128><171><30>z0<209><27><179><
> 138><27>A<166><228><231>uW<160>d<2>&<222>Y<171><11><198>}
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.20.202
> Message-Authenticator = <245>B|
> tG<28>.<198><27>w<241><192><142><237><202><241>
>
> Wed Oct 5 10:35:38 2005: DEBUG: Rewrote user name to ususer at US-MX-COM
> Wed Oct 5 10:35:38 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Wed Oct 5 10:35:38 2005: DEBUG: GUEST_SESSION_DB Deleting session
> for US-MX-COM\ususer, 172.21.20.202,
> Wed Oct 5 10:35:38 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and FRAMEDIPADDRESS='00-04-23-6D-
> E4-78'':
> Wed Oct 5 10:35:38 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='US-MX-COM\ususer'':
> Wed Oct 5 10:35:38 2005: DEBUG: Handling with Radius::AuthFILE:
> Wed Oct 5 10:35:38 2005: DEBUG: Handling with EAP: code 2, 7, 38
> Wed Oct 5 10:35:38 2005: DEBUG: Response type 25
> Wed Oct 5 10:35:38 2005: DEBUG: EAP result: 1, PEAP Authentication
> Failure
> Wed Oct 5 10:35:38 2005: DEBUG: AuthBy FILE result: REJECT, PEAP
> Authentication Failure
> Wed Oct 5 10:35:38 2005: INFO: Access rejected for ususer at US-MX-
> COM: PEAP Authentication Failure
> Wed Oct 5 10:35:38 2005: DEBUG: Packet dump:
> *** Sending to 172.21.20.202 port 20005 ....
> Code: Access-Reject
> Identifier: 65
> Authentic: ;H<160>T3<190><11><253>r@`<242>0<31>3C
> Attributes:
> EAP-Message = <4><7><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
>
>
> Regards,
>
> Stéphane
>
>
>
>
>
>
>
> De: Hugh Irvine [mailto:hugh at open.com.au]
> Date: mer. 05/10/2005 10:24
> À: DELORT Stephane
> Cc: radiator at open.com.au; ZOUAIN Fatek
> Objet : Re: (RADIATOR) PEAP/MSCHAP-V2 and realms
>
>
> Salut Stephane -
>
> Could you please send us a copy of the trace 4 debug showing what is
> happening?
>
> regards
>
> Hugh
>
>
> On 5 Oct 2005, at 11:08, DELORT Stephane wrote:
>
> > Hello all,
> >
> > my company have different agencies in different country. Each
> > agency has its own active directory with its own domain.
> > So, we've got fr.murex.com for france and us.murex.com for the us.
> >
> > I would like to authenticate the users in their realms.
> >
> > In order to do this I did :
> >
> > **********************************************
> >
> > ...
> >
> > # Tried with and without
> > RewriteUsername s/^(.*)\\(.*)/$2\@$1/
> >
> >
> > # FR corporate users
> >
> > <Handler TunnelledByPEAP=1, realm=FR-MX-COM>
> > AuthByPolicy ContinueWhileAccept
> > AuthBy CheckMacAddress
> > AuthBy CheckCorporateUsersFR
> > </Handler>
> >
> > <AuthBy LSA>
> > Identifier CheckCorporateUsersFR
> >
> > Group wifi
> > DomainController frdomaincontroller
> > EAPType MSCHAP-V2
> > </AuthBy>
> >
> >
> > # US corporate users
> >
> > <Handler TunnelledByPEAP=1, realm=US-MX-COM >
> > AuthByPolicy ContinueWhileAccept
> > AuthBy CheckMacAddress
> > AuthBy CheckCorporateUsersUS
> > </Handler>
> >
> > <AuthBy LSA>
> > Identifier CheckCorporateUsersUS
> > DomainController usdomaincontroller
> > EAPType MSCHAP-V2
> > AddToReply TRPZ-VLAN-Name = mx_corpo
> > </AuthBy>
> >
> >
> >
> > <Handler Called-Station-Id=/MX_WIFI/ >
> > MaxSessions 1
> > <AuthBy FILE>
> > EAPAnonymous %0
> >
> > EAPType PEAP
> > EAPTLS_CAFile %D/certificates/certifs_murex/mycert.crt
> >
> > EAPTLS_CertificateFile %D/certificates/certifs_murex/
> > mycert.crt
> > EAPTLS_CertificateType PEM
> >
> > EAPTLS_PrivateKeyFile %D/certificates/certifs_murex/
> mycert.key
> > EAPTLS_PrivateKeyPassword murex
> >
> > EAPTLS_MaxFragmentSize 1000
> > AutoMPPEKeys
> > SSLeayTrace 4
> > EAPTLS_SessionResumptionLimit 120
> > EAPTLS_PEAPVersion 0
> >
> > </AuthBy>
> > </Handler>
> >
> >
> > *************************************************
> >
> > Stil, this does not work.
> > Is there a mean to accomplish what I want without having to
> > authenticate the users against the central domain controller ?
> >
> > If I use the central domain controller (the 'father' of US-MX-COM
> > and FR-MX-COM), what happens when two users have the same login and
> > password ?
> >
> >
> > Best regards,
> > Stéphane
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list