(RADIATOR) Question about Radiator Support.

Hugh Irvine hugh at open.com.au
Thu Jan 5 01:40:09 CST 2006


Hello Joon -

Your configuration file is not correct - it should look like this:


Foreground
LogStdout
LogDir          .
DbDir           .
Trace           4

<Client 128.32.231.226>
Secret  n0thing
</Client>


<Handler TunneledByTTLS=1>
         <AuthBy KRB5>
                 KrbRealm BERKELEY.EDU
         </AuthBy>
</Handler>

<Handler>
         <AuthBy FILE>
                 Filename %D/users
                 EAPType TTLS
                 EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
                 EAPTLS_CertificateFile %D/certificates/cert-srv.pem
                 EAPTLS_CertificateType PEM
                 EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
                 EAPTLS_PrivateKeyPassword whatever
                 EAPTLS_MaxFragmentSize 1000
                 AutoMPPEKeys
                 SSLeayTrace 4
#                EAPAnonymous %0
         </AuthBy>
</Handler>


You should not mix Realms and Handlers in the same configuration file.

regards

Hugh


On 5 Jan 2006, at 15:43, Joon Yun wrote:

> Hi Hugh,
>
> I've scoured the web and the Radiator archives but non of it seems  
> to help me get the EAP/TTLS-PAP with Kerberos in the background  
> using the SecureW2 windows supplicant working. It works perfectly  
> fine if under the TunnelbyTTLS handler the method is Authby FILE  
> but the Kerberos auth is never ever called when configured for  
> Authby KRB5. I've tried this with the outer authentication both set  
> and also not set as anonymous with the same results. I've appended  
> 2 traces and my config file. Any help would be much appreciated.
>
> Regards,
> Joon Yun
> UC Berkeley
>
>
>
> ****Trace 4 with outter identity NOT set to anonymous****
>
> [ndrl5] ~/Radiator-Locked-3.13> perl radiusd -config radius.cfg
> Wed Jan  4 20:24:55 2006: DEBUG: Finished reading configuration  
> file 'radius.cfg'
> Wed Jan  4 20:24:55 2006: DEBUG: Reading dictionary file './ 
> dictionary'
> Wed Jan  4 20:24:55 2006: DEBUG: Creating authentication port  
> 0.0.0.0:1645
> Wed Jan  4 20:24:55 2006: DEBUG: Creating accounting port 0.0.0.0:1646
> Wed Jan  4 20:24:55 2006: NOTICE: Server started: Radiator 3.13 on  
> ndrl5.berkeley.edu
>
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 109
> Authentic:  <255><191>u_ <178><23>><141><129>><235><19><252><235>1
> Attributes:
>         NAS-IP-Address = 128.32.231.226
>         NAS-Port = 50002
>         NAS-Port-Type = Ethernet
>         User-Name = "joon"
>         Called-Station-Id = "00-12-7F-E3-48-42"
>         Calling-Station-Id = "00-C0-4F-80-36-EA"
>         Service-Type = Framed-User
>         Framed-MTU = 1500
>         EAP-Message = <2><0><0><9><1>joon
>         Message-Authenticator = 3<156><210><18>&<226>uz63#<19><146>] 
> <180><132>
>
> Wed Jan  4 20:25:59 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:25:59 2006: DEBUG:  Deleting session for joon,  
> 128.32.231.226, 50002
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with EAP: code 2, 0, 9
> Wed Jan  4 20:25:59 2006: DEBUG: Response type 1
> Wed Jan  4 20:25:59 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Access challenged for joon: EAP  
> TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 109
> Authentic:  <255><191>u_ <178><23>><141><129>><235><19><252><235>1
> Attributes:
>         EAP-Message = <1><1><0><6><21>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 110
> Authentic:  Aj'=7'O<9><211><174>8<134><22><241>n^
> Attributes:
>         NAS-IP-Address = 128.32.231.226
>         NAS-Port = 50002
>         NAS-Port-Type = Ethernet
>         User-Name = "joon"
>         Called-Station-Id = "00-12-7F-E3-48-42"
>         Calling-Station-Id = "00-C0-4F-80-36-EA"
>         Service-Type = Framed-User
>         Framed-MTU = 1500
>         EAP-Message = <2><1><0><<21><128><0><0><0>2<22><3><1><0>- 
> <1><0><0>) 
> <3><1><144><1>9<0>E<194><22><218>4<190><1>_<158><170><242><201><153>:< 
> 189><6>`rl<242>)<4><187><182><168><135><235><26><0><0><2><0><10><1><0>
>         Message-Authenticator =  
> RE<2>l<233><199><159>_<175><166>L<208><186><233><202><15>
>
> Wed Jan  4 20:25:59 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:25:59 2006: DEBUG:  Deleting session for joon,  
> 128.32.231.226, 50002
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with EAP: code 2, 1, 60
> Wed Jan  4 20:25:59 2006: DEBUG: Response type 21
> Wed Jan  4 20:25:59 2006: DEBUG: EAP TTLS data, 24576, 1, -1
> Wed Jan  4 20:25:59 2006: DEBUG: EAP TLS SSL_accept result: -1, 2,  
> 8576
> Wed Jan  4 20:25:59 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Access challenged for joon: EAP  
> TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 110
> Authentic:  Aj'=7'O<9><211><174>8<134><22><241>n^
> Attributes:
>         EAP-Message =  
> <1><2><3><242><21><192><0><0><7>x<22><3><1><0>J<2><0><0>F<3><1>C<188>< 
> 159><215><28><238>u4<252>,+v<146><252>{<128>% 
> <175><206><223><144>*<129><172><244><229><<15><244><234>x<172>  
> <203>OR<227><25>ha<11>Ms<176><167><131>j<166><212><251>En<249>L<220>eH 
> <5>&<:S<240><251><31><0><10><0><22><3><1><7><27><11><0><7><23><0><7><2 
> 0><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6 
> ><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4> 
> <6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4> 
> <7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo  
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>         EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not  
> use in production)1  
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30 
> ><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19 
> ><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19 
> ><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test Company1% 
> 0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6> 
> <9>*<134>H<134><247><13><1><1>
>         EAP-Message =  
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214>< 
> 234>/<241>.9<209><250>\y<1><149> 
> [<215><24>e<133><15><223>d<176><132>Z<222>#<234><12>% 
> <133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19 
> ><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/ 
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>) 
> <246>J<195><171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254 
> ><4><207><183><144><210><251> 
> +<233><135>0<212>Y<207><158>N<226><136><12><132><143><250><182><218>W< 
> 2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8> 
> +<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>< 
> 3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l? 
> <174><155><170><162><189><20><25>az<19>o<202><250>| 
> B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>% 
> <182><29><179>p<211><248>oba<
>         EAP-Message = JP<13>p<12> 
> +<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13 
> ><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254><206>U? 
> <214>) 
> <181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><16 
> 2><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4>< 
> 5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8> 
> <19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3> 
> U<4><10><19><21>OSC Demo Certificates1! 
> 0<31><6><3>U<4><11><19><24>Test Certificate Section1/0- 
> <6><3>U<4><3><19>&OSC Test CA (do no
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 111
> Authentic:  <233>9<203><217><195>n<187>bo<179><7><5>C<149><232><12>
> Attributes:
>         NAS-IP-Address = 128.32.231.226
>         NAS-Port = 50002
>         NAS-Port-Type = Ethernet
>         User-Name = "joon"
>         Called-Station-Id = "00-12-7F-E3-48-42"
>         Calling-Station-Id = "00-C0-4F-80-36-EA"
>         Service-Type = Framed-User
>         Framed-MTU = 1500
>         EAP-Message = <2><2><0><6><21><0>
>         Message-Authenticator = <185>2Z<204><221><238><166><154>% 
> <199><130><166><24>[{n
>
> Wed Jan  4 20:25:59 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:25:59 2006: DEBUG:  Deleting session for joon,  
> 128.32.231.226, 50002
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with EAP: code 2, 2, 6
> Wed Jan  4 20:25:59 2006: DEBUG: Response type 21
> Wed Jan  4 20:25:59 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Access challenged for joon: EAP  
> TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 111
> Authentic:  <233>9<203><217><195>n<187>bo<179><7><5>C<149><232><12>
> Attributes:
>         EAP-Message = <1><3><3><150><21><0>t use in production)1  
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30 
> ><23><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U 
> <4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U 
> <4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo  
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate  
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
>         EAP-Message = roduction)1  
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<12 
> 9><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0> 
> 0<129><137><2><129><129><0><204><181>% 
> Q<192>7g0<140><153>0xg<240><152><248><199><214><253>W<7><220>| 
> fd<163><137>% 
> F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239 
> ><179>H<237>K<182>mo<155><145><138><143><136><127><230><<9>l<172><210> 
> <205><136><162><29>) 
> 1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<221><252><1 
> 68>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O< 
> 197><240>=a<255>_<209><12><163><0>U<2><3><1><0><1><163><130><1> 
> +0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0 
> D<173>f]r<193>H?<164><27>ke0<129><247><6><3>U<29>#
>         EAP-Message =  
> <4><129><239>0<129><236><128><20><23><2><196>#<233><210>F0D<173>f] 
> r<193>H? 
> <164><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4 
> ><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4 
> ><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo  
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate  
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production) 
> 1  
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130 
> ><1><0>0<12><6><3>U<29><19><4><5>0<3>
>         EAP-Message =  
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129 
> ><0>0<3>=<202><190><236>S<216><228>o<177><242><18>hEBe<219>W<136><245> 
> tf<202><143><160><29><220>p9<5><24>2<185>) 
> <128><227>8<17><247>'_J<28><159>;_<202><254><242>+ 
> {=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><193><29>- 
> <228><19><184>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>DuY 
> +<156><143><225><149><237><135>ix<22>O<231><212><154><184><10>fZ<248>V 
> a#<192><160>l<21><129>0<199>6<22><3><1><0><4><14><0><0><0>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:26:00 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 112
> Authentic:   
> 2<29><159><237><28>Y<138><240>G<156><15><176><130>W<167><17>
> Attributes:
>         NAS-IP-Address = 128.32.231.226
>         NAS-Port = 50002
>         NAS-Port-Type = Ethernet
>         User-Name = "joon"
>         Called-Station-Id = "00-12-7F-E3-48-42"
>         Calling-Station-Id = "00-C0-4F-80-36-EA"
>         Service-Type = Framed-User
>         Framed-MTU = 1500
>         EAP-Message =  
> <2><3><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130> 
> <0><128>V_<212>(<239>y<247><171><1>PX|l<222>'<201><128><243><181>"? 
> <131><137><228>q<138><244>qyG<182>3<204><1><252><152><154>m  
> <202><240><8><215><253>P<197><228><230>*9<253><189><217>s<146><177><16 
> 3><149><143><226><18><223>p<234><138><250><221>L<166><25><167>l<129><2 
> 8>3<148><152><4>tVr<181>{<250><154><153>y<160> 
> {ce<166><30>c<0><180><28> <4><208><245><183>$u<197><246><12>*<191>- 
> <208><9><214><128><157><130><253><177><136><247>k<197><202><168>'<213> 
> <2>5<20><3><1><0><1><1><22><3><1><0>(<141>C<197>7m  
> <138>O<163>wK<2><136><222><6><157><174>/ 
> <208><134><181><200><18>i<187><130><237>o<191><185><150>S<13>W<160><<1 
> 47><185><194><235>
>         Message-Authenticator =  
> <234><233><156>`<29><138>F<252><246>}6<141><241><157>KJ
>
> Wed Jan  4 20:26:00 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:26:00 2006: DEBUG:  Deleting session for joon,  
> 128.32.231.226, 50002
> Wed Jan  4 20:26:00 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:26:00 2006: DEBUG: Handling with EAP: code 2, 3, 200
> Wed Jan  4 20:26:00 2006: DEBUG: Response type 21
> Wed Jan  4 20:26:00 2006: DEBUG: EAP TTLS data, 8576, 3, 1
> Wed Jan  4 20:26:00 2006: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Wed Jan  4 20:26:00 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:26:00 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS Challenge
> Wed Jan  4 20:26:00 2006: DEBUG: Access challenged for joon: EAP  
> TTLS Challenge
> Wed Jan  4 20:26:00 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 112
> Authentic:   
> 2<29><159><237><28>Y<138><240>G<156><15><176><130>W<167><17>
> Attributes:
>         EAP-Message =  
> <1><4><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0> 
> (<23><184><198><217><183><0>d) 
> <10>Y<152><242><148>3<145><160><25><180> 
> (<232>Ic2q<25><222>8<4><193>.<181>r/<254><178><210><0>U<31><129>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:26:00 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 113
> Authentic:  }<243><164><132>C<20>t<196>:<221><175>s<163>3<132><140>
> Attributes:
>         NAS-IP-Address = 128.32.231.226
>         NAS-Port = 50002
>         NAS-Port-Type = Ethernet
>         User-Name = "joon"
>         Called-Station-Id = "00-12-7F-E3-48-42"
>         Calling-Station-Id = "00-C0-4F-80-36-EA"
>         Service-Type = Framed-User
>         Framed-MTU = 1500
>         EAP-Message =  
> <2><4><0>O<21><128><0><0><0>E<23><3><1><0>@,e<245>} 
> iu<191>I<219>F<174><222>cy$<163><202>JF?<184><138><251>(<167>} 
> <255><140><206><168><244><253><221>S<21><208><193><29><178><178>S<182> 
> tW<141><158>(<133>1Qt<216>W<22><137>a<251><237>5<189><137><204>*?
>         Message-Authenticator =  
> uiM<241><176>P<22><183><178><195><241><135><246><231><235>e
>
> Wed Jan  4 20:26:00 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:26:00 2006: DEBUG:  Deleting session for joon,  
> 128.32.231.226, 50002
> Wed Jan  4 20:26:00 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:26:00 2006: DEBUG: Handling with EAP: code 2, 4, 79
> Wed Jan  4 20:26:00 2006: DEBUG: Response type 21
> Wed Jan  4 20:26:00 2006: DEBUG: EAP TTLS data, 3, 4, 3
> Wed Jan  4 20:26:00 2006: DEBUG: EAP TTLS inner authentication  
> request for joon
> Wed Jan  4 20:26:00 2006: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <225><173><207><189><179>I<14><131><148><211><27>/ 
> <5>T<218><2>
> Attributes:
>         User-Name = "joon"
>         User-Password = MyPassword
>
> Wed Jan  4 20:26:00 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:26:00 2006: DEBUG:  Deleting session for joon,  
> 128.32.231.226,
> Wed Jan  4 20:26:00 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:26:00 2006: DEBUG: Reading users file ./users
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match  
> with joon [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: No such  
> user: joon [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Check  
> item Service-Type expression 'Administrative-User' does not match  
> '' in request: DEFAULT [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT1 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Check  
> item Service-Type expression 'Login-User' does not match '' in  
> request: DEFAULT1 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT2 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Check  
> item Service-Type expression 'Outbound-User' does not match '' in  
> request: DEFAULT2 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT3 [joon]
> Wed Jan  4 20:26:00 2006: WARNING: Could not find Identifier for  
> Auth-Type 'System'
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Could not  
> find Identifier for Auth-Type 'System': DEFAULT3 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT4 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Username  
> not suffixed with .ppp: DEFAULT4 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT5 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Username  
> not prefixed with P: DEFAULT5 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT6 [joon]
> Wed Jan  4 20:26:00 2006: WARNING: This AuthBy does not know how to  
> check Group membership
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: User joon  
> is not in Group group1: DEFAULT6 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: AuthBy FILE result: REJECT, User  
> joon is not in Group group1
> Wed Jan  4 20:26:00 2006: INFO: Access rejected for joon: User joon  
> is not in Group group1
> Wed Jan  4 20:26:00 2006: DEBUG: Returned TTLS tunnelled Diameter  
> Packet dump:
> Code:       Access-Reject
> Identifier: UNDEF
> Authentic:  <225><173><207><189><179>I<14><131><148><211><27>/ 
> <5>T<218><2>
> Attributes:
>         Reply-Message = "Request Denied"
>
> Wed Jan  4 20:26:00 2006: DEBUG: EAP result: 1, EAP TTLS inner  
> authentication redespatched to a Handler
> Wed Jan  4 20:26:00 2006: DEBUG: AuthBy FILE result: REJECT, EAP  
> TTLS inner authentication redespatched to a Handler
> Wed Jan  4 20:26:00 2006: INFO: Access rejected for joon: EAP TTLS  
> inner authentication redespatched to a Handler
> Wed Jan  4 20:26:00 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Reject
> Identifier: 113
> Authentic:  }<243><164><132>C<20>t<196>:<221><175>s<163>3<132><140>
> Attributes:
>         EAP-Message = <4><4><0><4>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>         Reply-Message = "Request Denied"
>
>
>
>
> ****Trace 4 with outter identity NOT set to anonymous****
>
> [ndrl5] ~/Radiator-Locked-3.13> perl radiusd -config radius.cfg
> Wed Jan  4 20:37:58 2006: DEBUG: Finished reading configuration  
> file 'radius.cfg'
> Wed Jan  4 20:37:58 2006: DEBUG: Reading dictionary file './ 
> dictionary'
> Wed Jan  4 20:37:58 2006: DEBUG: Creating authentication port  
> 0.0.0.0:1645
> Wed Jan  4 20:37:58 2006: DEBUG: Creating accounting port 0.0.0.0:1646
> Wed Jan  4 20:37:58 2006: NOTICE: Server started: Radiator 3.13 on  
> ndrl5.berkeley.edu
>
>
> Wed Jan  4 20:40:06 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 119
> Authentic:   
> <5><25><133>~<128>5<27><166>6<216><143><190><162><250><17><26>
> Attributes:
>         NAS-IP-Address = 128.32.231.226
>         NAS-Port = 50002
>         NAS-Port-Type = Ethernet
>         User-Name = "anonymous"
>         Called-Station-Id = "00-12-7F-E3-48-42"
>         Calling-Station-Id = "00-C0-4F-80-36-EA"
>         Service-Type = Framed-User
>         Framed-MTU = 1500
>         EAP-Message = <2><0><0><14><1>anonymous
>         Message-Authenticator =  
> <151>d<10>u*J7j<248><251><235><247><169>{<180>Q
>
> Wed Jan  4 20:40:06 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:06 2006: DEBUG:  Deleting session for anonymous,  
> 128.32.231.226, 50002
> Wed Jan  4 20:40:06 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 0, 14
> Wed Jan  4 20:40:07 2006: DEBUG: Response type 1
> Wed Jan  4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Access challenged for anonymous:  
> EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 119
> Authentic:   
> <5><25><133>~<128>5<27><166>6<216><143><190><162><250><17><26>
> Attributes:
>         EAP-Message = <1><1><0><6><21>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 120
> Authentic:  `<203><201><210>4(78<158><133>m<160><8>"Y<192>
> Attributes:
>         NAS-IP-Address = 128.32.231.226
>         NAS-Port = 50002
>         NAS-Port-Type = Ethernet
>         User-Name = "anonymous"
>         Called-Station-Id = "00-12-7F-E3-48-42"
>         Calling-Station-Id = "00-C0-4F-80-36-EA"
>         Service-Type = Framed-User
>         Framed-MTU = 1500
>         EAP-Message = <2><1><0><<21><128><0><0><0>2<22><3><1><0>- 
> <1><0><0>)<3><1><186><2><4><0><22>s<212><249>j<142>? 
> <8><184><249><154>C<205><235><183><251> 
> $WR<26>m<176><179><10>U<237>K<190><0><0><2><0><10><1><0>
>         Message-Authenticator = <30>] 
> <243><227><136>4<184><155>O<226><<16><216><245> <7>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:07 2006: DEBUG:  Deleting session for anonymous,  
> 128.32.231.226, 50002
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 1, 60
> Wed Jan  4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TTLS data, 24576, 1, -1
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TLS SSL_accept result: -1, 2,  
> 8576
> Wed Jan  4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Access challenged for anonymous:  
> EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 120
> Authentic:  `<203><201><210>4(78<158><133>m<160><8>"Y<192>
> Attributes:
>         EAP-Message =  
> <1><2><3><242><21><192><0><0><7>x<22><3><1><0>J<2><0><0>F<3><1>C<188>< 
> 163>'<153><132><139>O<204><251><201><225>sjhu<213>~<181><245>Q<179><14 
> 4>N<6><31><226><154>|p<5><182> <181><191>! 
> b<172><187><244><<28><181>O<185><12><18><170><171><26>h<<176><219><190 
> ><137>  
> L<133><180><28><211><194><138><7><0><10><0><22><3><1><7><27><11><0><7> 
> <23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2>< 
> 1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0< 
> 9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<1 
> 6><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC  
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>         EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not  
> use in production)1  
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30 
> ><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19 
> ><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19 
> ><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test Company1% 
> 0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6> 
> <9>*<134>H<134><247><13><1><1>
>         EAP-Message =  
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214>< 
> 234>/<241>.9<209><250>\y<1><149> 
> [<215><24>e<133><15><223>d<176><132>Z<222>#<234><12>% 
> <133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19 
> ><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/ 
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>) 
> <246>J<195><171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254 
> ><4><207><183><144><210><251> 
> +<233><135>0<212>Y<207><158>N<226><136><12><132><143><250><182><218>W< 
> 2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8> 
> +<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>< 
> 3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l? 
> <174><155><170><162><189><20><25>az<19>o<202><250>| 
> B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>% 
> <182><29><179>p<211><248>oba<
>         EAP-Message = JP<13>p<12> 
> +<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13 
> ><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254><206>U? 
> <214>) 
> <181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><16 
> 2><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4>< 
> 5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8> 
> <19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3> 
> U<4><10><19><21>OSC Demo Certificates1! 
> 0<31><6><3>U<4><11><19><24>Test Certificate Section1/0- 
> <6><3>U<4><3><19>&OSC Test CA (do no
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 121
> Authentic:  <26>sSWK<154><215><195><254>a<160>s<238><229><135><231>
> Attributes:
>         NAS-IP-Address = 128.32.231.226
>         NAS-Port = 50002
>         NAS-Port-Type = Ethernet
>         User-Name = "anonymous"
>         Called-Station-Id = "00-12-7F-E3-48-42"
>         Calling-Station-Id = "00-C0-4F-80-36-EA"
>         Service-Type = Framed-User
>         Framed-MTU = 1500
>         EAP-Message = <2><2><0><6><21><0>
>         Message-Authenticator =  
> <220><184><146><142><225><20><164><226><225><164>/ 
> <159><184><170><214>w
>
> Wed Jan  4 20:40:07 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:07 2006: DEBUG:  Deleting session for anonymous,  
> 128.32.231.226, 50002
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 2, 6
> Wed Jan  4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan  4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Access challenged for anonymous:  
> EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 121
> Authentic:  <26>sSWK<154><215><195><254>a<160>s<238><229><135><231>
> Attributes:
>         EAP-Message = <1><3><3><150><21><0>t use in production)1  
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30 
> ><23><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U 
> <4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U 
> <4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo  
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate  
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
>         EAP-Message = roduction)1  
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<12 
> 9><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0> 
> 0<129><137><2><129><129><0><204><181>% 
> Q<192>7g0<140><153>0xg<240><152><248><199><214><253>W<7><220>| 
> fd<163><137>% 
> F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239 
> ><179>H<237>K<182>mo<155><145><138><143><136><127><230><<9>l<172><210> 
> <205><136><162><29>) 
> 1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<221><252><1 
> 68>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O< 
> 197><240>=a<255>_<209><12><163><0>U<2><3><1><0><1><163><130><1> 
> +0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0 
> D<173>f]r<193>H?<164><27>ke0<129><247><6><3>U<29>#
>         EAP-Message =  
> <4><129><239>0<129><236><128><20><23><2><196>#<233><210>F0D<173>f] 
> r<193>H? 
> <164><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4 
> ><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4 
> ><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo  
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate  
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production) 
> 1  
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130 
> ><1><0>0<12><6><3>U<29><19><4><5>0<3>
>         EAP-Message =  
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129 
> ><0>0<3>=<202><190><236>S<216><228>o<177><242><18>hEBe<219>W<136><245> 
> tf<202><143><160><29><220>p9<5><24>2<185>) 
> <128><227>8<17><247>'_J<28><159>;_<202><254><242>+ 
> {=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><193><29>- 
> <228><19><184>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>DuY 
> +<156><143><225><149><237><135>ix<22>O<231><212><154><184><10>fZ<248>V 
> a#<192><160>l<21><129>0<199>6<22><3><1><0><4><14><0><0><0>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 122
> Authentic:  <17>u<131><229>uJ<2><244>)]zn<196>F<208><204>
> Attributes:
>         NAS-IP-Address = 128.32.231.226
>         NAS-Port = 50002
>         NAS-Port-Type = Ethernet
>         User-Name = "anonymous"
>         Called-Station-Id = "00-12-7F-E3-48-42"
>         Calling-Station-Id = "00-C0-4F-80-36-EA"
>         Service-Type = Framed-User
>         Framed-MTU = 1500
>         EAP-Message =  
> <2><3><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130> 
> <0><128><205>d<222><127>6<240><235><253> 
> $_Fq<195><219><168><25><<201><234><202><5><176><204><131><251>x<9><188 
> ><218><154>5<200>D<229><186>o<151><176><255><243><142><223>f8<156><175 
> >L<252><238><197>1<187><j@<25><128>c<185><160><4>XZ<185><145><199>a,<2 
> 40>S<217><236><189><213><165><5><170><157>7<239><140><159><234>% 
> <200><20>K<181>R 
> {<23><182><161>O<150>U<237>;T<137><154>5<192><236><207><238><241>E<160 
> >4<185><183>N^<0>f<197>P<184>z<192>5<2><233>"(G<203><20><3><1><0><1><1 
> ><22><3><1><0> 
> (<204><171>^<11><213><164>UP<132><227><20>J1<199><14>z1Z<236>f6<203>H< 
> 198><231><226><128>U<254><201><141>nfeg~S<206><222>Q
>         Message-Authenticator =  
> <213><220><157>N<163><216>i~<170><137><168><171><153>bV<202>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:07 2006: DEBUG:  Deleting session for anonymous,  
> 128.32.231.226, 50002
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 3, 200
> Wed Jan  4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TTLS data, 8576, 3, 1
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Wed Jan  4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Access challenged for anonymous:  
> EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 122
> Authentic:  <17>u<131><229>uJ<2><244>)]zn<196>F<208><204>
> Attributes:
>         EAP-Message =  
> <1><4><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0> 
> (<231><186>] 
> <11><195><198>A<153>7<144><19><240><137><211><242>pO<150><2><10><7><19 
> 5>7<212>6x<16><12><0><248><4>E<212><211><18><143><145><153><216><132>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 123
> Authentic:  S<193><179>c<184>) 
> <251><220><142>Jx<23><207><228><184><221>
> Attributes:
>         NAS-IP-Address = 128.32.231.226
>         NAS-Port = 50002
>         NAS-Port-Type = Ethernet
>         User-Name = "anonymous"
>         Called-Station-Id = "00-12-7F-E3-48-42"
>         Calling-Station-Id = "00-C0-4F-80-36-EA"
>         Service-Type = Framed-User
>         Framed-MTU = 1500
>         EAP-Message =  
> <2><4><0>O<21><128><0><0><0>E<23><3><1><0>@<26><163>~<195>3_<16><224>D 
> ] 
> <214><159><16>X<186>o<216>v<183>pqv<190>3<230><138><242><165><17><160> 
> <253>3<222><25><207><205><207>o<<173><207><174><212><236>uZ<223>:<196> 
> <166>%0^<208>,ML<174>m<151><175>k5T
>         Message-Authenticator =  
> <152><186><199>><241><250><145>"<127><253><136><169>}P"k
>
> Wed Jan  4 20:40:07 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:07 2006: DEBUG:  Deleting session for anonymous,  
> 128.32.231.226, 50002
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 4, 79
> Wed Jan  4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TTLS data, 3, 4, 3
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TTLS inner authentication  
> request for joon
> Wed Jan  4 20:40:07 2006: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  a<142><217><0>}<254>c<234><193><203>rL9<25><197><183>
> Attributes:
>         User-Name = "joon"
>         User-Password = MyPassword
>
> Wed Jan  4 20:40:07 2006: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:07 2006: DEBUG:  Deleting session for joon,  
> 128.32.231.226,
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Reading users file ./users
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match  
> with joon [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: No such  
> user: joon [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Check  
> item Service-Type expression 'Administrative-User' does not match  
> '' in request: DEFAULT [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT1 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Check  
> item Service-Type expression 'Login-User' does not match '' in  
> request: DEFAULT1 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT2 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Check  
> item Service-Type expression 'Outbound-User' does not match '' in  
> request: DEFAULT2 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT3 [joon]
> Wed Jan  4 20:40:07 2006: WARNING: Could not find Identifier for  
> Auth-Type 'System'
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Could not  
> find Identifier for Auth-Type 'System': DEFAULT3 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT4 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Username  
> not suffixed with .ppp: DEFAULT4 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT5 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Username  
> not prefixed with P: DEFAULT5 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT6 [joon]
> Wed Jan  4 20:40:07 2006: WARNING: This AuthBy does not know how to  
> check Group membership
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: User joon  
> is not in Group group1: DEFAULT6 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: REJECT, User  
> joon is not in Group group1
> Wed Jan  4 20:40:07 2006: INFO: Access rejected for joon: User joon  
> is not in Group group1
> Wed Jan  4 20:40:07 2006: DEBUG: Returned TTLS tunnelled Diameter  
> Packet dump:
> Code:       Access-Reject
> Identifier: UNDEF
> Authentic:  a<142><217><0>}<254>c<234><193><203>rL9<25><197><183>
> Attributes:
>         Reply-Message = "Request Denied"
>
> Wed Jan  4 20:40:07 2006: DEBUG: EAP result: 1, EAP TTLS inner  
> authentication redespatched to a Handler
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: REJECT, EAP  
> TTLS inner authentication redespatched to a Handler
> Wed Jan  4 20:40:07 2006: INFO: Access rejected for anonymous: EAP  
> TTLS inner authentication redespatched to a Handler
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Reject
> Identifier: 123
> Authentic:  S<193><179>c<184>) 
> <251><220><142>Jx<23><207><228><184><221>
> Attributes:
>         EAP-Message = <4><4><0><4>
>         Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>         Reply-Message = "Request Denied"
>
> ******************My radius.cfg****************
> Foreground
> LogStdout
> LogDir          .
> DbDir           .
> Trace           4
>
> <Client 128.32.231.226>
> Secret  n0thing
> </Client>
>
> <Realm DEFAULT>
> <Handler TunneledByTTLS=1>
>         <AuthBy KRB5>
>                 KrbRealm BERKELEY.EDU
>         </AuthBy>
> </Handler>
>         <AuthBy FILE>
>                 Filename %D/users
>                 EAPType TTLS
>                 EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>                 EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>                 EAPTLS_CertificateType PEM
>                 EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>                 EAPTLS_PrivateKeyPassword whatever
>                 EAPTLS_MaxFragmentSize 1000
>                 AutoMPPEKeys
>                 SSLeayTrace 4
> #                EAPAnonymous %0
>         </AuthBy>
> </Realm>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list