(RADIATOR) EAP/PEAP issue, Radiator doesn't talk to AD (was: how do I fix "Could not AdjustPrivilege SE_TCB_PRIVILEGE"?)

Hugh Irvine hugh at open.com.au
Sun Sep 25 22:59:27 CDT 2005


Hello Slava -

EAP authentication involves a number of exchanges between the client  
and Radiator as you can see from the debug. The initial exchanges all  
go the the default Handler, and these exchanges do not complete  
successfully so you never actually see the "inner" request. It is  
only the "inner" request that is processed by the <Handler  
TunnelledByPEAP=1> and since you never see an "inner" request, you  
never see a query to AD.

There are a couple of things wrong from what I can see. The first  
appears to be a Perl crash, which you can verify by running radiusd  
from the command line like this:

         cd \your\Radiator\distribution

         perl radiusd -foreground -log_stdout -trace 4 - 
config_file .....

where ...... is the name of your configuration file.

This will show you any error messages from Perl, so you can see what  
is wrong.

You are also receiving a vendor-specific attribute for vendor 14179,  
which is this vendor:

14179
   Airespace, Inc (formerly Black Storm Networks)
     Bhautik Doshi
       bdoshi at airespace.com

(see http://www.iana.org/assignments/enterprise-numbers)

You should contact Airespace and ask them for their vendor-specific  
attribute definitions.

When you receive the definitions, please send us a copy so we can add  
them to the standard Radiator distribution.

regards

Hugh


On 26 Sep 2005, at 12:48, Veaceslav Revutchi wrote:


> Thanks, Mike, Hugh. Enabling that policy for
> administrator fixed the priviledge problem.
>
> I'm one step further, but I'm stuck  at something else
> now. In short I'm  trying authenticate wireless
> clients against Active Directory. Radiator is running
> on an XP machine part of the "WB" domain. In the logs
> I'm seeing my auth. requests being handled by the null
> handler "Handling request with Handler ''" and
> Ethereal shows no communication between Radiator and
> AD. I am attaching my config and the log file. In the
> log you can see authentication attempts for user
> "wb12345" part of "WB" domain.
> 10.220.7.205 is the wireless controller.
> 10.220.115.196 is the AD server.
> Any hints appreciated.
>
> --------- begin radius.cfg ---------------
> Foreground
> LogStdout
> LogDir          c:/Program Files/Radiator
> DbDir           c:/Program Files/Radiator
>
> # This will log at DEBUG level: very verbose
> # User a lower trace level in production systems,
> typically use 3
> Trace           4
>
> # You will probably want to add other Clients to suit
> your site,
> # one for each NAS you want to work with. This will
> work
> # at least with radpwtst running on the local machine
> <Client DEFAULT>
>         Secret  mysecret
>         DupInterval 0
> </Client>
>
> <Handler TunnelledByPEAP=1>
>         <AuthBy LSA>
>         Domain  WB
>         DomainController 10.220.115.196
>         EAPType MSCHAP-V2
>         </AuthBy>
> </Handler>
> <Handler>
>         <AuthBy FILE>
>         Filename %D/users
>         EAPType PEAP
>         EAPTLS_CAFile
> %D/certificates/demoCA/cacert.pem
>         EAPTLS_CertificateFile
> %D/certificates/cert-srv.pem
>         EAPTLS_CertificateType PEM
>         EAPTLS_PrivateKeyFile
> %D/certificates/cert-srv.pem
>         EAPTLS_PrivateKeyPassword whatever
>         EAPTLS_MaxFragmentSize 1000
>         SSLeayTrace 4
>         </AuthBy>
> </Handler>
>
> -------------- end radius.cfg ------------
>
> ---------- begin logfile -----------------
> ...
> Sun Sep 25 17:05:43 2005: DEBUG: Finished reading
> configuration file 'C:\Program
> Files\Radiator\radius.cfg'
> Sun Sep 25 17:05:43 2005: DEBUG: Reading dictionary
> file 'c:/Program Files/Radiator/dictionary'
> Sun Sep 25 17:05:43 2005: DEBUG: Creating
> authentication port 0.0.0.0:1645
> Sun Sep 25 17:05:43 2005: DEBUG: Creating accounting
> port 0.0.0.0:1646
> Sun Sep 25 17:05:43 2005: NOTICE: Server started:
> Radiator 3.13 on rocks (LOCKED)
> Sun Sep 25 17:06:01 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:06:02 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 35
> Authentic:
> <207>qf<235>{<205>7<27><196><224>N<236><189>Ta<151>
> Attributes:
>     User-Name = "WB\wb195291"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BA:E0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message = <2><0><0><16><1>WB\wb195291
>     Message-Authenticator =
> <252><207><30><246><238><249><238> 
> {<142><30><162><251><183><231><26><242>
>
> Sun Sep 25 17:06:02 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:06:02 2005: DEBUG:  Deleting session for
> WB\wb195291, 10.220.7.205, 1
> Sun Sep 25 17:06:02 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:06:02 2005: DEBUG: Handling with EAP:
> code 2, 0, 16
> Sun Sep 25 17:06:02 2005: DEBUG: Response type 1
> Sun Sep 25 17:06:04 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Sun Sep 25 17:06:04 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Sun Sep 25 17:06:04 2005: DEBUG: Access challenged for
> WB\wb195291: EAP PEAP Challenge
> Sun Sep 25 17:06:04 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 35
> Authentic:
> <207>qf<235>{<205>7<27><196><224>N<236><189>Ta<151>
> Attributes:
>     EAP-Message = <1><1><0><6><25>!
>     Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sun Sep 25 17:06:04 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:06:05 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 35
> Authentic:
> <207>qf<235>{<205>7<27><196><224>N<236><189>Ta<151>
> Attributes:
>     User-Name = "WB\wb195291"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BA:E0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message = <2><0><0><16><1>WB\wb195291
>     Message-Authenticator =
> <252><207><30><246><238><249><238> 
> {<142><30><162><251><183><231><26><242>
>
> Sun Sep 25 17:06:05 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:06:05 2005: DEBUG:  Deleting session for
> WB\wb195291, 10.220.7.205, 1
> Sun Sep 25 17:06:05 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:06:05 2005: DEBUG: Handling with EAP:
> code 2, 0, 16
> Sun Sep 25 17:06:05 2005: DEBUG: Response type 1
> Sun Sep 25 17:06:05 2005: DEBUG: Resuming session for
> Radius::Context=HASH(0x1e0e4f4)
>
> Sun Sep 25 17:06:05 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Sun Sep 25 17:06:05 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Sun Sep 25 17:06:05 2005: DEBUG: Access challenged for
> WB\wb195291: EAP PEAP Challenge
> Sun Sep 25 17:06:05 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 35
> Authentic:
> <207>qf<235>{<205>7<27><196><224>N<236><189>Ta<151>
> Attributes:
>     EAP-Message = <1><1><0><6><25>!
>     Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sun Sep 25 17:06:05 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:06:06 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 36
> Authentic:
> <219><254><14><29><134><236>8k<22><205>(*<138>u<1><252>
> Attributes:
>     User-Name = "WB\wb195291"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BA:E0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message =
> <2><1><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>C7;qO<135>< 
> 28><223><30>?<211>#<199><136><149><148><224><185>zC 
> [<147>D<197>D<28><174> 
> $<204><224><177><17><0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3>< 
> 0><6><0><19><0><18><0>c<1><0>
>     Message-Authenticator =
> <218><238>d<12><203><237><133><176>^<135><133>y<187>W<167><255>
>
> Sun Sep 25 17:06:06 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:06:06 2005: DEBUG:  Deleting session for
> WB\wb195291, 10.220.7.205, 1
> Sun Sep 25 17:06:06 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:06:06 2005: DEBUG: Handling with EAP:
> code 2, 1, 80
> Sun Sep 25 17:06:06 2005: DEBUG: Response type 25
> Sun Sep 25 17:06:06 2005: DEBUG: EAP TLS SSL_accept
> result: -1, 2, 8576
> Sun Sep 25 17:06:06 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Sun Sep 25 17:06:06 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Sun Sep 25 17:06:06 2005: DEBUG: Access challenged for
> WB\wb195291: EAP PEAP Challenge
> Sun Sep 25 17:06:07 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 36
> Authentic:
> <219><254><14><29><134><236>8k<22><205>(*<138>u<1><252>
> Attributes:
>     EAP-Message =
> <1><2><3><242><25><192><0><0><8>Q<22><3><1><0>J<2><0><0>F<3><1>C7;n<22 
> 5><148>8N`<141><199><132><183>Ps/ 
> <228>#<238>5b<150><136><19><240><182><171>j+K<202><223>
> <233><235>b<237><172><171>}<135><195><187>`<163><188>4
> <255><11>7<194><215><0><148><185><0>C<139><165><13><148>h<128> 
> (<0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<130><2 
> ><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247> 
> <13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15 
> ><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1< 
> 30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Sec
>     EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30 
> ><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19 
> ><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19 
> ><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
> Test
> Company1% 
> 0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6> 
> <9>*<134>H<134><247><13><1><1>
>     EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214>< 
> 234>/<241>.9<209><250>\y<1><149> 
> [<215><24>e<133><15><223>d<176><132>Z<222>#<234><12>% 
> <133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19 
> ><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/ 
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>) 
> <246>J<195><171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254 
> ><4><207><183><144><210><251> 
> +<233><135>0<212>Y<207><158>N<226><136><12><132><143><250><182><218>W< 
> 2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8> 
> +<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>< 
> 3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l? 
> <174><155><170><162><189><20><25>az<19>o<202><250>| 
> B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>% 
> <182><29><179>p<211><248>oba<
>     EAP-Message =
> JP<13>p<12> 
> +<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13 
> ><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254><206>U? 
> <214>) 
> <181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><16 
> 2><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4>< 
> 5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8> 
> <19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3> 
> U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do no
>     Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sun Sep 25 17:06:39 2005: DEBUG: Finished reading
> configuration file 'C:\Program
> Files\Radiator\radius.cfg'
> Sun Sep 25 17:06:39 2005: DEBUG: Reading dictionary
> file 'c:/Program Files/Radiator/dictionary'
> Sun Sep 25 17:06:40 2005: DEBUG: Creating
> authentication port 0.0.0.0:1645
> Sun Sep 25 17:06:40 2005: DEBUG: Creating accounting
> port 0.0.0.0:1646
> Sun Sep 25 17:06:40 2005: NOTICE: Server started:
> Radiator 3.13 on rocks (LOCKED)
> Sun Sep 25 17:07:00 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:07:00 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 38
> Authentic:
> <146>t<30><249><145><252>S<163>m_<205>)a<163>|<153>
> Attributes:
>     User-Name = "WB\wb12345"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BF:F0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message = <2><0><0><15><1>WB\wb12345
>     Message-Authenticator =
> `/G<147>G<8>hM<27><159><215><6>r<221><191><21>
>
> Sun Sep 25 17:07:00 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:07:00 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Sun Sep 25 17:07:01 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:07:01 2005: DEBUG: Handling with EAP:
> code 2, 0, 15
> Sun Sep 25 17:07:01 2005: DEBUG: Response type 1
> Sun Sep 25 17:07:03 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Sun Sep 25 17:07:03 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Sun Sep 25 17:07:03 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Sun Sep 25 17:07:03 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 38
> Authentic:
> <146>t<30><249><145><252>S<163>m_<205>)a<163>|<153>
> Attributes:
>     EAP-Message = <1><1><0><6><25>!
>     Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sun Sep 25 17:07:03 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:07:04 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 38
> Authentic:
> <146>t<30><249><145><252>S<163>m_<205>)a<163>|<153>
> Attributes:
>     User-Name = "WB\wb12345"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BF:F0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message = <2><0><0><15><1>WB\wb12345
>     Message-Authenticator =
> `/G<147>G<8>hM<27><159><215><6>r<221><191><21>
>
> Sun Sep 25 17:07:04 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:07:04 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Sun Sep 25 17:07:04 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:07:04 2005: DEBUG: Handling with EAP:
> code 2, 0, 15
> Sun Sep 25 17:07:04 2005: DEBUG: Response type 1
> Sun Sep 25 17:07:04 2005: DEBUG: Resuming session for
> Radius::Context=HASH(0x1e0e4f4)
>
> Sun Sep 25 17:07:04 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Sun Sep 25 17:07:04 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Sun Sep 25 17:07:04 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Sun Sep 25 17:07:04 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 38
> Authentic:
> <146>t<30><249><145><252>S<163>m_<205>)a<163>|<153>
> Attributes:
>     EAP-Message = <1><1><0><6><25>!
>     Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sun Sep 25 17:07:04 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:07:05 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 39
> Authentic:  [2h<10><127><4><129>\+<214>c<8>Yf<6>R
> Attributes:
>     User-Name = "WB\wb12345"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BF:F0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message =
> <2><1><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>C7;<172><14 
> 8> 
> (d<152><19>~hW<10><3><131><231>~8P<195><0><229><216>~<9>Va<9><21><135> 
> 7- 
> <0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18>< 
> 0>c<1><0>
>     Message-Authenticator =
> J<177><248><221><236><236><222>"<240>*7<150><162>w<241><232>
>
> Sun Sep 25 17:07:05 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:07:05 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Sun Sep 25 17:07:05 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:07:05 2005: DEBUG: Handling with EAP:
> code 2, 1, 80
> Sun Sep 25 17:07:05 2005: DEBUG: Response type 25
> Sun Sep 25 17:07:05 2005: DEBUG: EAP TLS SSL_accept
> result: -1, 2, 8576
> Sun Sep 25 17:07:05 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Sun Sep 25 17:07:05 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Sun Sep 25 17:07:05 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Sun Sep 25 17:07:06 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 39
> Authentic:  [2h<10><127><4><129>\+<214>c<8>Yf<6>R
> Attributes:
>     EAP-Message =
> <1><2><3><242><25><192><0><0><8>Q<22><3><1><0>J<2><0><0>F<3><1>C7;<169 
> >R"=f<227><248>#@<170>(<19>BCG<4>[`f*x<254><140><27><174>Z<3><240>
>  <202>[g<163><170><235>4'<9><215><200>
> <142><170><220><6>, 
> $<139>&W<11><129>I<231>R&<194>R<19>'<200><0><4><0><22><3><1><7><27><11 
> ><0><7><23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1> 
> <2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202> 
> 1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1 
> <18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21> 
> OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Sec
>     EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30 
> ><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19 
> ><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19 
> ><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
> Test
> Company1% 
> 0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6> 
> <9>*<134>H<134><247><13><1><1>
>     EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214>< 
> 234>/<241>.9<209><250>\y<1><149> 
> [<215><24>e<133><15><223>d<176><132>Z<222>#<234><12>% 
> <133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19 
> ><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/ 
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>) 
> <246>J<195><171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254 
> ><4><207><183><144><210><251> 
> +<233><135>0<212>Y<207><158>N<226><136><12><132><143><250><182><218>W< 
> 2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8> 
> +<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>< 
> 3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l? 
> <174><155><170><162><189><20><25>az<19>o<202><250>| 
> B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>% 
> <182><29><179>p<211><248>oba<
>     EAP-Message =
> JP<13>p<12> 
> +<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13 
> ><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254><206>U? 
> <214>) 
> <181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><16 
> 2><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4>< 
> 5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8> 
> <19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3> 
> U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do no
>     Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sun Sep 25 17:07:06 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:07:06 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 39
> Authentic:  [2h<10><127><4><129>\+<214>c<8>Yf<6>R
> Attributes:
>     User-Name = "WB\wb12345"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BF:F0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message =
> <2><1><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>C7;<172><14 
> 8> 
> (d<152><19>~hW<10><3><131><231>~8P<195><0><229><216>~<9>Va<9><21><135> 
> 7- 
> <0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18>< 
> 0>c<1><0>
>     Message-Authenticator =
> J<177><248><221><236><236><222>"<240>*7<150><162>w<241><232>
>
> Sun Sep 25 17:07:06 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:07:06 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Sun Sep 25 17:07:06 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:07:06 2005: DEBUG: Handling with EAP:
> code 2, 1, 80
> Sun Sep 25 17:07:06 2005: DEBUG: Response type 25
> Sun Sep 25 17:07:06 2005: DEBUG: EAP TLS SSL_accept
> result: -1, 2, 8576
> Sun Sep 25 17:07:06 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Sun Sep 25 17:07:07 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Sun Sep 25 17:07:07 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Sun Sep 25 17:07:07 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 39
> Authentic:  [2h<10><127><4><129>\+<214>c<8>Yf<6>R
> Attributes:
>     EAP-Message = <1><2><3><238><25>@t use in
> production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30 
> ><23><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U 
> <4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U 
> <4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in p
>     EAP-Message = roduction)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<12 
> 9><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0> 
> 0<129><137><2><129><129><0><204><181>% 
> Q<192>7g0<140><153>0xg<240><152><248><199><214><253>W<7><220>| 
> fd<163><137>% 
> F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239 
> ><179>H<237>K<182>mo<155><145><138><143><136><127><230><<9>l<172><210> 
> <205><136><162><29>) 
> 1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<221><252><1 
> 68>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O< 
> 197><240>=a<255>_<209><12><163><0>U<2><3><1><0><1><163><130><1> 
> +0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0 
> D<173>f]r<193>H?<164><27>ke0<129><247><6><3>U<29>#
>     EAP-Message =
> <4><129><239>0<129><236><128><20><23><2><196>#<233><210>F0D<173>f] 
> r<193>H? 
> <164><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4 
> ><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4 
> ><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130 
> ><1><0>0<12><6><3>U<29><19><4><5>0<3>
>     EAP-Message =
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129 
> ><0>0<3>=<202><190><236>S<216><228>o<177><242><18>hEBe<219>W<136><245> 
> tf<202><143><160><29><220>p9<5><24>2<185>) 
> <128><227>8<17><247>'_J<28><159>;_<202><254><242>+ 
> {=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><193><29>- 
> <228><19><184>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>DuY 
> +<156><143><225><149><237><135>ix<22>O<231><212><154><184><10>fZ<248>V 
> a#<192><160>l<21><129>0<199>6<22><3><1><0><221><13><0><0><213><3><1><2 
> ><5><0><207><0><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<1 
> 5><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1 
> <30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certi
>     Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sun Sep 25 17:07:07 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:07:07 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 40
> Authentic:
> <1>qB<170><255>"<242><225><20><189><199>H<208><144><9><184>
> Attributes:
>     User-Name = "WB\wb12345"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BF:F0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message = <2><2><0><6><25><0>
>     Message-Authenticator =
> <225><187>?M<192><8><24><248><187><255><160><172>}<209><142><164>
>
> Sun Sep 25 17:07:07 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:07:07 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Sun Sep 25 17:07:08 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:07:08 2005: DEBUG: Handling with EAP:
> code 2, 2, 6
> Sun Sep 25 17:07:08 2005: DEBUG: Response type 25
> Sun Sep 25 17:07:08 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Sun Sep 25 17:07:08 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Sun Sep 25 17:07:08 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Sun Sep 25 17:07:08 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 40
> Authentic:
> <1>qB<170><255>"<242><225><20><189><199>H<208><144><9><184>
> Attributes:
>     EAP-Message =
> <1><3><3><238><25>@ficates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<14> 
> <0><0><0><22><3><1><0>J<2><0><0>F<3><1>C7;<170><218>D<27>0Bh<138><130> 
> <151>wA"4<151>f<233><205><227><231>^H4`<225><214><175>]<241>
> !<6>W at _<241><207><24><199>Y<226><130>2<198><10><240><21>b<222>F
> t4<228>y% 
> <<143><210><217>3<27><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20 
> ><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6> 
> <9>*<134>H<134>
>     EAP-Message =
> <247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17 
> >0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbou 
> rne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30 
> ><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U
>     EAP-Message =
> <4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U 
> <4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
> Test
> Company1% 
> 0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6> 
> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2>< 
> 129><129><0><216>4<7><6><214><234>/<241>.9<209><250>\y<1><149> 
> [<215><24>e<133><15><223>d<176><132>Z<222>#<234><12>% 
> <133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19 
> ><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/ 
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>) 
> <246>J<195><171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254 
> ><4><207><183><144><210><251>+<233><135>0
>     EAP-Message =
> <212>Y<207><158>N<226><136><12><132><143><250><182><218>W<2><3><1><0>< 
> 1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8> 
> +<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>< 
> 3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l? 
> <174><155><170><162><189><20><25>az<19>o<202><250>| 
> B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>% 
> <182><29><179>p<211><248>oba<JP<13>p<12> 
> +<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13 
> ><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254><206>U? 
> <214>) 
> <181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><16 
> 2><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4>< 
> 5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
>     Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sun Sep 25 17:07:08 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:07:09 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 40
> Authentic:
> <1>qB<170><255>"<242><225><20><189><199>H<208><144><9><184>
> Attributes:
>     User-Name = "WB\wb12345"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BF:F0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message = <2><2><0><6><25><0>
>     Message-Authenticator =
> <225><187>?M<192><8><24><248><187><255><160><172>}<209><142><164>
>
> Sun Sep 25 17:07:09 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:07:09 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Sun Sep 25 17:07:09 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:07:09 2005: DEBUG: Handling with EAP:
> code 2, 2, 6
> Sun Sep 25 17:07:09 2005: DEBUG: Response type 25
> Sun Sep 25 17:07:09 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Sun Sep 25 17:07:09 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Sun Sep 25 17:07:09 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Sun Sep 25 17:07:09 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 40
> Authentic:
> <1>qB<170><255>"<242><225><20><189><199>H<208><144><9><184>
> Attributes:
>     EAP-Message =
> <1><3><3><238><25>@U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9 
> >Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30 
> ><23><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U 
> <4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victo
>     EAP-Message =
> ria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19> 
> <21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<12 
> 9><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0> 
> 0<129><137><2><129><129><0><204><181>% 
> Q<192>7g0<140><153>0xg<240><152><248><199><214><253>W<7><220>| 
> fd<163><137>% 
> F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164>
>     EAP-Message =
> <239><179>H<237>K<182>mo<155><145><138><143><136><127><230><<9>l<172>< 
> 210><205><136><162><29>) 
> 1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<221><252><1 
> 68>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O< 
> 197><240>=a<255>_<209><12><163><0>U<2><3><1><0><1><163><130><1> 
> +0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0 
> D<173>f]r<193>H? 
> <164><27>ke0<129><247><6><3>U<29>#<4><129><239>0<129><236><128><20><23 
> ><2><196>#<233><210>F0D<173>f]r<193>H? 
> <164><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4 
> ><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4 
> ><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0
>     EAP-Message = <31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130 
> ><1><0>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134 
> ><247><13><1><1><4><5><0><3><129><129><0>0<3>=<202><190><236>S<216><22 
> 8>o<177><242><18>hEBe<219>W<136><245>tf<202><143><160><29><220>p9<5><2 
> 4>2<185>)<128><227>8<17><247>'_J<28><159>;_<202><254><242>+ 
> {=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><193><29>- 
> <228><19><184>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>D
>     Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sun Sep 25 17:07:10 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:07:10 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 41
> Authentic:  <202>4<129><205>
> OU<160><18>%x<132>"<195><198>>
> Attributes:
>     User-Name = "WB\wb12345"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BF:F0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message = <2><3><0><6><25><0>
>     Message-Authenticator =
> <181><246><187><220>y<253><140><185>p<129><180><F<9><192>!
>
> Sun Sep 25 17:07:10 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:07:10 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Sun Sep 25 17:07:10 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:07:10 2005: DEBUG: Handling with EAP:
> code 2, 3, 6
> Sun Sep 25 17:07:10 2005: DEBUG: Response type 25
> Sun Sep 25 17:07:10 2005: DEBUG: EAP result: 3, EAP
> PEAP Challenge
> Sun Sep 25 17:07:10 2005: DEBUG: AuthBy FILE result:
> CHALLENGE, EAP PEAP Challenge
> Sun Sep 25 17:07:10 2005: DEBUG: Access challenged for
> WB\wb12345: EAP PEAP Challenge
> Sun Sep 25 17:07:11 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Challenge
> Identifier: 41
> Authentic:  <202>4<129><205>
> OU<160><18>%x<132>"<195><198>>
> Attributes:
>     EAP-Message =
> <1><4><1><8><25><0>uY 
> +<156><143><225><149><237><135>ix<22>O<231><212><154><184><10>fZ<248>V 
> a#<192><160>l<21><129>0<199>6<22><3><1><0><221><13><0><0><213><3><1><2 
> ><5><0><207><0><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<1 
> 5><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1 
> <30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA
> (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open
>     EAP-Message = .com.au<14><0><0><0>
>     Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sun Sep 25 17:07:11 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:07:11 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 41
> Authentic:  <202>4<129><205>
> OU<160><18>%x<132>"<195><198>>
> Attributes:
>     User-Name = "WB\wb12345"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BF:F0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message = <2><3><0><6><25><0>
>     Message-Authenticator =
> <181><246><187><220>y<253><140><185>p<129><180><F<9><192>!
>
> Sun Sep 25 17:07:11 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:07:11 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Sun Sep 25 17:07:11 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:07:11 2005: DEBUG: Handling with EAP:
> code 2, 3, 6
> Sun Sep 25 17:07:11 2005: DEBUG: Response type 25
> Sun Sep 25 17:07:11 2005: DEBUG: EAP result: 2, EAP
> PEAP Nothing to read or write
> Sun Sep 25 17:07:11 2005: DEBUG: AuthBy FILE result:
> IGNORE, EAP PEAP Nothing to read or write
> Sun Sep 25 17:07:11 2005: ERR: Attribute number 1
> (vendor 14179) is not defined in your dictionary
> Sun Sep 25 17:07:12 2005: DEBUG: Packet dump:
> *** Received from 10.220.7.205 port 1024 ....
> Code:       Access-Request
> Identifier: 42
> Authentic:
> <21>/<143>0<255><157><216><24>`<216><160><141>-<168>E<19>
> Attributes:
>     User-Name = "WB\wb12345"
>     Calling-Station-Id = "00:0C:41:DD:C5:1C"
>     Called-Station-Id = "00:0B:85:24:BF:F0:radi"
>     NAS-Port = 1
>     NAS-IP-Address = 10.220.7.205
>     NAS-Identifier = "wlc-fh1"
>     Service-Type = Framed-User
>     Framed-MTU = 1300
>     NAS-Port-Type = Wireless-IEEE-802-11
>     Tunnel-Type = 0:VLAN
>     Tunnel-Medium-Type = 0:802
>     Tunnel-Private-Group-ID = 90
>     EAP-Message =
> <2><4><0><17><25><128><0><0><0><7><21><3><1><0><2><2>/
>     Message-Authenticator = q<135>F<11>G
> <227>{<167><154>N at s,V<195>
>
> Sun Sep 25 17:07:12 2005: DEBUG: Handling request with
> Handler ''
> Sun Sep 25 17:07:12 2005: DEBUG:  Deleting session for
> WB\wb12345, 10.220.7.205, 1
> Sun Sep 25 17:07:12 2005: DEBUG: Handling with
> Radius::AuthFILE:
> Sun Sep 25 17:07:12 2005: DEBUG: Handling with EAP:
> code 2, 4, 17
> Sun Sep 25 17:07:12 2005: DEBUG: Response type 25
> Sun Sep 25 17:07:12 2005: DEBUG: EAP TLS SSL_accept
> result: 0, 1, 8576
> Sun Sep 25 17:07:12 2005: ERR: EAP PEAP TLS Handshake
> unsuccessful:  3168: 1 - error:14094417:SSL
> routines:SSL3_READ_BYTES:sslv3 alert illegal parameter
>
> Sun Sep 25 17:07:12 2005: DEBUG: EAP result: 1, EAP
> PEAP TLS Handshake unsuccessful
> Sun Sep 25 17:07:12 2005: DEBUG: AuthBy FILE result:
> REJECT, EAP PEAP TLS Handshake unsuccessful
> Sun Sep 25 17:07:12 2005: INFO: Access rejected for
> WB\wb12345: EAP PEAP TLS Handshake unsuccessful
> Sun Sep 25 17:07:12 2005: DEBUG: Packet dump:
> *** Sending to 10.220.7.205 port 1024 ....
> Code:       Access-Reject
> Identifier: 42
> Authentic:
> <21>/<143>0<255><157><216><24>`<216><160><141>-<168>E<19>
> Attributes:
>     Reply-Message = "Request Denied"
> -------------- end logfile -------------------
>
>
>
>
> --- Mike McCauley <mikem at open.com.au> wrote:
>
>
>
>> Hello Slava,
>>
>> Have you enabled the 'Act as part of the operating
>> system' security policy for
>> the user who runs Radiator (usually administrator)
>>
>> Cheers.
>>
>>
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list