(RADIATOR) Question about Radiator Support.
Hugh Irvine
hugh at open.com.au
Thu Jan 5 01:40:09 CST 2006
Hello Joon -
Your configuration file is not correct - it should look like this:
Foreground
LogStdout
LogDir .
DbDir .
Trace 4
<Client 128.32.231.226>
Secret n0thing
</Client>
<Handler TunneledByTTLS=1>
<AuthBy KRB5>
KrbRealm BERKELEY.EDU
</AuthBy>
</Handler>
<Handler>
<AuthBy FILE>
Filename %D/users
EAPType TTLS
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
SSLeayTrace 4
# EAPAnonymous %0
</AuthBy>
</Handler>
You should not mix Realms and Handlers in the same configuration file.
regards
Hugh
On 5 Jan 2006, at 15:43, Joon Yun wrote:
> Hi Hugh,
>
> I've scoured the web and the Radiator archives but non of it seems
> to help me get the EAP/TTLS-PAP with Kerberos in the background
> using the SecureW2 windows supplicant working. It works perfectly
> fine if under the TunnelbyTTLS handler the method is Authby FILE
> but the Kerberos auth is never ever called when configured for
> Authby KRB5. I've tried this with the outer authentication both set
> and also not set as anonymous with the same results. I've appended
> 2 traces and my config file. Any help would be much appreciated.
>
> Regards,
> Joon Yun
> UC Berkeley
>
>
>
> ****Trace 4 with outter identity NOT set to anonymous****
>
> [ndrl5] ~/Radiator-Locked-3.13> perl radiusd -config radius.cfg
> Wed Jan 4 20:24:55 2006: DEBUG: Finished reading configuration
> file 'radius.cfg'
> Wed Jan 4 20:24:55 2006: DEBUG: Reading dictionary file './
> dictionary'
> Wed Jan 4 20:24:55 2006: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Wed Jan 4 20:24:55 2006: DEBUG: Creating accounting port 0.0.0.0:1646
> Wed Jan 4 20:24:55 2006: NOTICE: Server started: Radiator 3.13 on
> ndrl5.berkeley.edu
>
> Wed Jan 4 20:25:59 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code: Access-Request
> Identifier: 109
> Authentic: <255><191>u_ <178><23>><141><129>><235><19><252><235>1
> Attributes:
> NAS-IP-Address = 128.32.231.226
> NAS-Port = 50002
> NAS-Port-Type = Ethernet
> User-Name = "joon"
> Called-Station-Id = "00-12-7F-E3-48-42"
> Calling-Station-Id = "00-C0-4F-80-36-EA"
> Service-Type = Framed-User
> Framed-MTU = 1500
> EAP-Message = <2><0><0><9><1>joon
> Message-Authenticator = 3<156><210><18>&<226>uz63#<19><146>]
> <180><132>
>
> Wed Jan 4 20:25:59 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:25:59 2006: DEBUG: Deleting session for joon,
> 128.32.231.226, 50002
> Wed Jan 4 20:25:59 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:25:59 2006: DEBUG: Handling with EAP: code 2, 0, 9
> Wed Jan 4 20:25:59 2006: DEBUG: Response type 1
> Wed Jan 4 20:25:59 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 4 20:25:59 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS Challenge
> Wed Jan 4 20:25:59 2006: DEBUG: Access challenged for joon: EAP
> TTLS Challenge
> Wed Jan 4 20:25:59 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code: Access-Challenge
> Identifier: 109
> Authentic: <255><191>u_ <178><23>><141><129>><235><19><252><235>1
> Attributes:
> EAP-Message = <1><1><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 4 20:25:59 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code: Access-Request
> Identifier: 110
> Authentic: Aj'=7'O<9><211><174>8<134><22><241>n^
> Attributes:
> NAS-IP-Address = 128.32.231.226
> NAS-Port = 50002
> NAS-Port-Type = Ethernet
> User-Name = "joon"
> Called-Station-Id = "00-12-7F-E3-48-42"
> Calling-Station-Id = "00-C0-4F-80-36-EA"
> Service-Type = Framed-User
> Framed-MTU = 1500
> EAP-Message = <2><1><0><<21><128><0><0><0>2<22><3><1><0>-
> <1><0><0>)
> <3><1><144><1>9<0>E<194><22><218>4<190><1>_<158><170><242><201><153>:<
> 189><6>`rl<242>)<4><187><182><168><135><235><26><0><0><2><0><10><1><0>
> Message-Authenticator =
> RE<2>l<233><199><159>_<175><166>L<208><186><233><202><15>
>
> Wed Jan 4 20:25:59 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:25:59 2006: DEBUG: Deleting session for joon,
> 128.32.231.226, 50002
> Wed Jan 4 20:25:59 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:25:59 2006: DEBUG: Handling with EAP: code 2, 1, 60
> Wed Jan 4 20:25:59 2006: DEBUG: Response type 21
> Wed Jan 4 20:25:59 2006: DEBUG: EAP TTLS data, 24576, 1, -1
> Wed Jan 4 20:25:59 2006: DEBUG: EAP TLS SSL_accept result: -1, 2,
> 8576
> Wed Jan 4 20:25:59 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 4 20:25:59 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS Challenge
> Wed Jan 4 20:25:59 2006: DEBUG: Access challenged for joon: EAP
> TTLS Challenge
> Wed Jan 4 20:25:59 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code: Access-Challenge
> Identifier: 110
> Authentic: Aj'=7'O<9><211><174>8<134><22><241>n^
> Attributes:
> EAP-Message =
> <1><2><3><242><21><192><0><0><7>x<22><3><1><0>J<2><0><0>F<3><1>C<188><
> 159><215><28><238>u4<252>,+v<146><252>{<128>%
> <175><206><223><144>*<129><172><244><229><<15><244><234>x<172>
> <203>OR<227><25>ha<11>Ms<176><167><131>j<166><212><251>En<249>L<220>eH
> <5>&<:S<240><251><31><0><10><0><22><3><1><7><27><11><0><7><23><0><7><2
> 0><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6
> ><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4>
> <6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4>
> <7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not
> use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30
> ><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19
> ><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19
> ><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test Company1%
> 0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6>
> <9>*<134>H<134><247><13><1><1>
> EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><
> 234>/<241>.9<209><250>\y<1><149>
> [<215><24>e<133><15><223>d<176><132>Z<222>#<234><12>%
> <133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19
> ><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)
> <246>J<195><171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254
> ><4><207><183><144><210><251>
> +<233><135>0<212>Y<207><158>N<226><136><12><132><143><250><182><218>W<
> 2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>
> +<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><
> 3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?
> <174><155><170><162><189><20><25>az<19>o<202><250>|
> B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%
> <182><29><179>p<211><248>oba<
> EAP-Message = JP<13>p<12>
> +<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13
> ><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254><206>U?
> <214>)
> <181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><16
> 2><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><
> 5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8>
> <19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>
> U<4><10><19><21>OSC Demo Certificates1!
> 0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-
> <6><3>U<4><3><19>&OSC Test CA (do no
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 4 20:25:59 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code: Access-Request
> Identifier: 111
> Authentic: <233>9<203><217><195>n<187>bo<179><7><5>C<149><232><12>
> Attributes:
> NAS-IP-Address = 128.32.231.226
> NAS-Port = 50002
> NAS-Port-Type = Ethernet
> User-Name = "joon"
> Called-Station-Id = "00-12-7F-E3-48-42"
> Calling-Station-Id = "00-C0-4F-80-36-EA"
> Service-Type = Framed-User
> Framed-MTU = 1500
> EAP-Message = <2><2><0><6><21><0>
> Message-Authenticator = <185>2Z<204><221><238><166><154>%
> <199><130><166><24>[{n
>
> Wed Jan 4 20:25:59 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:25:59 2006: DEBUG: Deleting session for joon,
> 128.32.231.226, 50002
> Wed Jan 4 20:25:59 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:25:59 2006: DEBUG: Handling with EAP: code 2, 2, 6
> Wed Jan 4 20:25:59 2006: DEBUG: Response type 21
> Wed Jan 4 20:25:59 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 4 20:25:59 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS Challenge
> Wed Jan 4 20:25:59 2006: DEBUG: Access challenged for joon: EAP
> TTLS Challenge
> Wed Jan 4 20:25:59 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code: Access-Challenge
> Identifier: 111
> Authentic: <233>9<203><217><195>n<187>bo<179><7><5>C<149><232><12>
> Attributes:
> EAP-Message = <1><3><3><150><21><0>t use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30
> ><23><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U
> <4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U
> <4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
> EAP-Message = roduction)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<12
> 9><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>
> 0<129><137><2><129><129><0><204><181>%
> Q<192>7g0<140><153>0xg<240><152><248><199><214><253>W<7><220>|
> fd<163><137>%
> F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239
> ><179>H<237>K<182>mo<155><145><138><143><136><127><230><<9>l<172><210>
> <205><136><162><29>)
> 1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<221><252><1
> 68>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O<
> 197><240>=a<255>_<209><12><163><0>U<2><3><1><0><1><163><130><1>
> +0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0
> D<173>f]r<193>H?<164><27>ke0<129><247><6><3>U<29>#
> EAP-Message =
> <4><129><239>0<129><236><128><20><23><2><196>#<233><210>F0D<173>f]
> r<193>H?
> <164><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4
> ><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4
> ><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)
> 1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130
> ><1><0>0<12><6><3>U<29><19><4><5>0<3>
> EAP-Message =
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129
> ><0>0<3>=<202><190><236>S<216><228>o<177><242><18>hEBe<219>W<136><245>
> tf<202><143><160><29><220>p9<5><24>2<185>)
> <128><227>8<17><247>'_J<28><159>;_<202><254><242>+
> {=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><193><29>-
> <228><19><184>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>DuY
> +<156><143><225><149><237><135>ix<22>O<231><212><154><184><10>fZ<248>V
> a#<192><160>l<21><129>0<199>6<22><3><1><0><4><14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 4 20:26:00 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code: Access-Request
> Identifier: 112
> Authentic:
> 2<29><159><237><28>Y<138><240>G<156><15><176><130>W<167><17>
> Attributes:
> NAS-IP-Address = 128.32.231.226
> NAS-Port = 50002
> NAS-Port-Type = Ethernet
> User-Name = "joon"
> Called-Station-Id = "00-12-7F-E3-48-42"
> Calling-Station-Id = "00-C0-4F-80-36-EA"
> Service-Type = Framed-User
> Framed-MTU = 1500
> EAP-Message =
> <2><3><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130>
> <0><128>V_<212>(<239>y<247><171><1>PX|l<222>'<201><128><243><181>"?
> <131><137><228>q<138><244>qyG<182>3<204><1><252><152><154>m
> <202><240><8><215><253>P<197><228><230>*9<253><189><217>s<146><177><16
> 3><149><143><226><18><223>p<234><138><250><221>L<166><25><167>l<129><2
> 8>3<148><152><4>tVr<181>{<250><154><153>y<160>
> {ce<166><30>c<0><180><28> <4><208><245><183>$u<197><246><12>*<191>-
> <208><9><214><128><157><130><253><177><136><247>k<197><202><168>'<213>
> <2>5<20><3><1><0><1><1><22><3><1><0>(<141>C<197>7m
> <138>O<163>wK<2><136><222><6><157><174>/
> <208><134><181><200><18>i<187><130><237>o<191><185><150>S<13>W<160><<1
> 47><185><194><235>
> Message-Authenticator =
> <234><233><156>`<29><138>F<252><246>}6<141><241><157>KJ
>
> Wed Jan 4 20:26:00 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:26:00 2006: DEBUG: Deleting session for joon,
> 128.32.231.226, 50002
> Wed Jan 4 20:26:00 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:26:00 2006: DEBUG: Handling with EAP: code 2, 3, 200
> Wed Jan 4 20:26:00 2006: DEBUG: Response type 21
> Wed Jan 4 20:26:00 2006: DEBUG: EAP TTLS data, 8576, 3, 1
> Wed Jan 4 20:26:00 2006: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Wed Jan 4 20:26:00 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 4 20:26:00 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS Challenge
> Wed Jan 4 20:26:00 2006: DEBUG: Access challenged for joon: EAP
> TTLS Challenge
> Wed Jan 4 20:26:00 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code: Access-Challenge
> Identifier: 112
> Authentic:
> 2<29><159><237><28>Y<138><240>G<156><15><176><130>W<167><17>
> Attributes:
> EAP-Message =
> <1><4><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>
> (<23><184><198><217><183><0>d)
> <10>Y<152><242><148>3<145><160><25><180>
> (<232>Ic2q<25><222>8<4><193>.<181>r/<254><178><210><0>U<31><129>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 4 20:26:00 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code: Access-Request
> Identifier: 113
> Authentic: }<243><164><132>C<20>t<196>:<221><175>s<163>3<132><140>
> Attributes:
> NAS-IP-Address = 128.32.231.226
> NAS-Port = 50002
> NAS-Port-Type = Ethernet
> User-Name = "joon"
> Called-Station-Id = "00-12-7F-E3-48-42"
> Calling-Station-Id = "00-C0-4F-80-36-EA"
> Service-Type = Framed-User
> Framed-MTU = 1500
> EAP-Message =
> <2><4><0>O<21><128><0><0><0>E<23><3><1><0>@,e<245>}
> iu<191>I<219>F<174><222>cy$<163><202>JF?<184><138><251>(<167>}
> <255><140><206><168><244><253><221>S<21><208><193><29><178><178>S<182>
> tW<141><158>(<133>1Qt<216>W<22><137>a<251><237>5<189><137><204>*?
> Message-Authenticator =
> uiM<241><176>P<22><183><178><195><241><135><246><231><235>e
>
> Wed Jan 4 20:26:00 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:26:00 2006: DEBUG: Deleting session for joon,
> 128.32.231.226, 50002
> Wed Jan 4 20:26:00 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:26:00 2006: DEBUG: Handling with EAP: code 2, 4, 79
> Wed Jan 4 20:26:00 2006: DEBUG: Response type 21
> Wed Jan 4 20:26:00 2006: DEBUG: EAP TTLS data, 3, 4, 3
> Wed Jan 4 20:26:00 2006: DEBUG: EAP TTLS inner authentication
> request for joon
> Wed Jan 4 20:26:00 2006: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: <225><173><207><189><179>I<14><131><148><211><27>/
> <5>T<218><2>
> Attributes:
> User-Name = "joon"
> User-Password = MyPassword
>
> Wed Jan 4 20:26:00 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:26:00 2006: DEBUG: Deleting session for joon,
> 128.32.231.226,
> Wed Jan 4 20:26:00 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:26:00 2006: DEBUG: Reading users file ./users
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match
> with joon [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: No such
> user: joon [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Check
> item Service-Type expression 'Administrative-User' does not match
> '' in request: DEFAULT [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT1 [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Check
> item Service-Type expression 'Login-User' does not match '' in
> request: DEFAULT1 [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT2 [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Check
> item Service-Type expression 'Outbound-User' does not match '' in
> request: DEFAULT2 [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT3 [joon]
> Wed Jan 4 20:26:00 2006: WARNING: Could not find Identifier for
> Auth-Type 'System'
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Could not
> find Identifier for Auth-Type 'System': DEFAULT3 [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT4 [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Username
> not suffixed with .ppp: DEFAULT4 [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT5 [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Username
> not prefixed with P: DEFAULT5 [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT6 [joon]
> Wed Jan 4 20:26:00 2006: WARNING: This AuthBy does not know how to
> check Group membership
> Wed Jan 4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: User joon
> is not in Group group1: DEFAULT6 [joon]
> Wed Jan 4 20:26:00 2006: DEBUG: AuthBy FILE result: REJECT, User
> joon is not in Group group1
> Wed Jan 4 20:26:00 2006: INFO: Access rejected for joon: User joon
> is not in Group group1
> Wed Jan 4 20:26:00 2006: DEBUG: Returned TTLS tunnelled Diameter
> Packet dump:
> Code: Access-Reject
> Identifier: UNDEF
> Authentic: <225><173><207><189><179>I<14><131><148><211><27>/
> <5>T<218><2>
> Attributes:
> Reply-Message = "Request Denied"
>
> Wed Jan 4 20:26:00 2006: DEBUG: EAP result: 1, EAP TTLS inner
> authentication redespatched to a Handler
> Wed Jan 4 20:26:00 2006: DEBUG: AuthBy FILE result: REJECT, EAP
> TTLS inner authentication redespatched to a Handler
> Wed Jan 4 20:26:00 2006: INFO: Access rejected for joon: EAP TTLS
> inner authentication redespatched to a Handler
> Wed Jan 4 20:26:00 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code: Access-Reject
> Identifier: 113
> Authentic: }<243><164><132>C<20>t<196>:<221><175>s<163>3<132><140>
> Attributes:
> EAP-Message = <4><4><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
>
>
>
>
> ****Trace 4 with outter identity NOT set to anonymous****
>
> [ndrl5] ~/Radiator-Locked-3.13> perl radiusd -config radius.cfg
> Wed Jan 4 20:37:58 2006: DEBUG: Finished reading configuration
> file 'radius.cfg'
> Wed Jan 4 20:37:58 2006: DEBUG: Reading dictionary file './
> dictionary'
> Wed Jan 4 20:37:58 2006: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Wed Jan 4 20:37:58 2006: DEBUG: Creating accounting port 0.0.0.0:1646
> Wed Jan 4 20:37:58 2006: NOTICE: Server started: Radiator 3.13 on
> ndrl5.berkeley.edu
>
>
> Wed Jan 4 20:40:06 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code: Access-Request
> Identifier: 119
> Authentic:
> <5><25><133>~<128>5<27><166>6<216><143><190><162><250><17><26>
> Attributes:
> NAS-IP-Address = 128.32.231.226
> NAS-Port = 50002
> NAS-Port-Type = Ethernet
> User-Name = "anonymous"
> Called-Station-Id = "00-12-7F-E3-48-42"
> Calling-Station-Id = "00-C0-4F-80-36-EA"
> Service-Type = Framed-User
> Framed-MTU = 1500
> EAP-Message = <2><0><0><14><1>anonymous
> Message-Authenticator =
> <151>d<10>u*J7j<248><251><235><247><169>{<180>Q
>
> Wed Jan 4 20:40:06 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:40:06 2006: DEBUG: Deleting session for anonymous,
> 128.32.231.226, 50002
> Wed Jan 4 20:40:06 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 0, 14
> Wed Jan 4 20:40:07 2006: DEBUG: Response type 1
> Wed Jan 4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: Access challenged for anonymous:
> EAP TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code: Access-Challenge
> Identifier: 119
> Authentic:
> <5><25><133>~<128>5<27><166>6<216><143><190><162><250><17><26>
> Attributes:
> EAP-Message = <1><1><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code: Access-Request
> Identifier: 120
> Authentic: `<203><201><210>4(78<158><133>m<160><8>"Y<192>
> Attributes:
> NAS-IP-Address = 128.32.231.226
> NAS-Port = 50002
> NAS-Port-Type = Ethernet
> User-Name = "anonymous"
> Called-Station-Id = "00-12-7F-E3-48-42"
> Calling-Station-Id = "00-C0-4F-80-36-EA"
> Service-Type = Framed-User
> Framed-MTU = 1500
> EAP-Message = <2><1><0><<21><128><0><0><0>2<22><3><1><0>-
> <1><0><0>)<3><1><186><2><4><0><22>s<212><249>j<142>?
> <8><184><249><154>C<205><235><183><251>
> $WR<26>m<176><179><10>U<237>K<190><0><0><2><0><10><1><0>
> Message-Authenticator = <30>]
> <243><227><136>4<184><155>O<226><<16><216><245> <7>
>
> Wed Jan 4 20:40:07 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:40:07 2006: DEBUG: Deleting session for anonymous,
> 128.32.231.226, 50002
> Wed Jan 4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 1, 60
> Wed Jan 4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan 4 20:40:07 2006: DEBUG: EAP TTLS data, 24576, 1, -1
> Wed Jan 4 20:40:07 2006: DEBUG: EAP TLS SSL_accept result: -1, 2,
> 8576
> Wed Jan 4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: Access challenged for anonymous:
> EAP TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code: Access-Challenge
> Identifier: 120
> Authentic: `<203><201><210>4(78<158><133>m<160><8>"Y<192>
> Attributes:
> EAP-Message =
> <1><2><3><242><21><192><0><0><7>x<22><3><1><0>J<2><0><0>F<3><1>C<188><
> 163>'<153><132><139>O<204><251><201><225>sjhu<213>~<181><245>Q<179><14
> 4>N<6><31><226><154>|p<5><182> <181><191>!
> b<172><187><244><<28><181>O<185><12><18><170><171><26>h<<176><219><190
> ><137>
> L<133><180><28><211><194><138><7><0><10><0><22><3><1><7><27><11><0><7>
> <23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><
> 1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<
> 9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<1
> 6><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not
> use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30
> ><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19
> ><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19
> ><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test Company1%
> 0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6>
> <9>*<134>H<134><247><13><1><1>
> EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><
> 234>/<241>.9<209><250>\y<1><149>
> [<215><24>e<133><15><223>d<176><132>Z<222>#<234><12>%
> <133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19
> ><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)
> <246>J<195><171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254
> ><4><207><183><144><210><251>
> +<233><135>0<212>Y<207><158>N<226><136><12><132><143><250><182><218>W<
> 2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>
> +<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><
> 3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?
> <174><155><170><162><189><20><25>az<19>o<202><250>|
> B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%
> <182><29><179>p<211><248>oba<
> EAP-Message = JP<13>p<12>
> +<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13
> ><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254><206>U?
> <214>)
> <181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><16
> 2><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><
> 5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8>
> <19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>
> U<4><10><19><21>OSC Demo Certificates1!
> 0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-
> <6><3>U<4><3><19>&OSC Test CA (do no
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code: Access-Request
> Identifier: 121
> Authentic: <26>sSWK<154><215><195><254>a<160>s<238><229><135><231>
> Attributes:
> NAS-IP-Address = 128.32.231.226
> NAS-Port = 50002
> NAS-Port-Type = Ethernet
> User-Name = "anonymous"
> Called-Station-Id = "00-12-7F-E3-48-42"
> Calling-Station-Id = "00-C0-4F-80-36-EA"
> Service-Type = Framed-User
> Framed-MTU = 1500
> EAP-Message = <2><2><0><6><21><0>
> Message-Authenticator =
> <220><184><146><142><225><20><164><226><225><164>/
> <159><184><170><214>w
>
> Wed Jan 4 20:40:07 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:40:07 2006: DEBUG: Deleting session for anonymous,
> 128.32.231.226, 50002
> Wed Jan 4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 2, 6
> Wed Jan 4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan 4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: Access challenged for anonymous:
> EAP TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code: Access-Challenge
> Identifier: 121
> Authentic: <26>sSWK<154><215><195><254>a<160>s<238><229><135><231>
> Attributes:
> EAP-Message = <1><3><3><150><21><0>t use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30
> ><23><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U
> <4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U
> <4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
> EAP-Message = roduction)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<12
> 9><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>
> 0<129><137><2><129><129><0><204><181>%
> Q<192>7g0<140><153>0xg<240><152><248><199><214><253>W<7><220>|
> fd<163><137>%
> F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239
> ><179>H<237>K<182>mo<155><145><138><143><136><127><230><<9>l<172><210>
> <205><136><162><29>)
> 1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<221><252><1
> 68>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O<
> 197><240>=a<255>_<209><12><163><0>U<2><3><1><0><1><163><130><1>
> +0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0
> D<173>f]r<193>H?<164><27>ke0<129><247><6><3>U<29>#
> EAP-Message =
> <4><129><239>0<129><236><128><20><23><2><196>#<233><210>F0D<173>f]
> r<193>H?
> <164><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4
> ><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4
> ><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)
> 1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130
> ><1><0>0<12><6><3>U<29><19><4><5>0<3>
> EAP-Message =
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129
> ><0>0<3>=<202><190><236>S<216><228>o<177><242><18>hEBe<219>W<136><245>
> tf<202><143><160><29><220>p9<5><24>2<185>)
> <128><227>8<17><247>'_J<28><159>;_<202><254><242>+
> {=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><193><29>-
> <228><19><184>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>DuY
> +<156><143><225><149><237><135>ix<22>O<231><212><154><184><10>fZ<248>V
> a#<192><160>l<21><129>0<199>6<22><3><1><0><4><14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code: Access-Request
> Identifier: 122
> Authentic: <17>u<131><229>uJ<2><244>)]zn<196>F<208><204>
> Attributes:
> NAS-IP-Address = 128.32.231.226
> NAS-Port = 50002
> NAS-Port-Type = Ethernet
> User-Name = "anonymous"
> Called-Station-Id = "00-12-7F-E3-48-42"
> Calling-Station-Id = "00-C0-4F-80-36-EA"
> Service-Type = Framed-User
> Framed-MTU = 1500
> EAP-Message =
> <2><3><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130>
> <0><128><205>d<222><127>6<240><235><253>
> $_Fq<195><219><168><25><<201><234><202><5><176><204><131><251>x<9><188
> ><218><154>5<200>D<229><186>o<151><176><255><243><142><223>f8<156><175
> >L<252><238><197>1<187><j@<25><128>c<185><160><4>XZ<185><145><199>a,<2
> 40>S<217><236><189><213><165><5><170><157>7<239><140><159><234>%
> <200><20>K<181>R
> {<23><182><161>O<150>U<237>;T<137><154>5<192><236><207><238><241>E<160
> >4<185><183>N^<0>f<197>P<184>z<192>5<2><233>"(G<203><20><3><1><0><1><1
> ><22><3><1><0>
> (<204><171>^<11><213><164>UP<132><227><20>J1<199><14>z1Z<236>f6<203>H<
> 198><231><226><128>U<254><201><141>nfeg~S<206><222>Q
> Message-Authenticator =
> <213><220><157>N<163><216>i~<170><137><168><171><153>bV<202>
>
> Wed Jan 4 20:40:07 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:40:07 2006: DEBUG: Deleting session for anonymous,
> 128.32.231.226, 50002
> Wed Jan 4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 3, 200
> Wed Jan 4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan 4 20:40:07 2006: DEBUG: EAP TTLS data, 8576, 3, 1
> Wed Jan 4 20:40:07 2006: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Wed Jan 4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: Access challenged for anonymous:
> EAP TTLS Challenge
> Wed Jan 4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code: Access-Challenge
> Identifier: 122
> Authentic: <17>u<131><229>uJ<2><244>)]zn<196>F<208><204>
> Attributes:
> EAP-Message =
> <1><4><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>
> (<231><186>]
> <11><195><198>A<153>7<144><19><240><137><211><242>pO<150><2><10><7><19
> 5>7<212>6x<16><12><0><248><4>E<212><211><18><143><145><153><216><132>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan 4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code: Access-Request
> Identifier: 123
> Authentic: S<193><179>c<184>)
> <251><220><142>Jx<23><207><228><184><221>
> Attributes:
> NAS-IP-Address = 128.32.231.226
> NAS-Port = 50002
> NAS-Port-Type = Ethernet
> User-Name = "anonymous"
> Called-Station-Id = "00-12-7F-E3-48-42"
> Calling-Station-Id = "00-C0-4F-80-36-EA"
> Service-Type = Framed-User
> Framed-MTU = 1500
> EAP-Message =
> <2><4><0>O<21><128><0><0><0>E<23><3><1><0>@<26><163>~<195>3_<16><224>D
> ]
> <214><159><16>X<186>o<216>v<183>pqv<190>3<230><138><242><165><17><160>
> <253>3<222><25><207><205><207>o<<173><207><174><212><236>uZ<223>:<196>
> <166>%0^<208>,ML<174>m<151><175>k5T
> Message-Authenticator =
> <152><186><199>><241><250><145>"<127><253><136><169>}P"k
>
> Wed Jan 4 20:40:07 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:40:07 2006: DEBUG: Deleting session for anonymous,
> 128.32.231.226, 50002
> Wed Jan 4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 4, 79
> Wed Jan 4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan 4 20:40:07 2006: DEBUG: EAP TTLS data, 3, 4, 3
> Wed Jan 4 20:40:07 2006: DEBUG: EAP TTLS inner authentication
> request for joon
> Wed Jan 4 20:40:07 2006: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: a<142><217><0>}<254>c<234><193><203>rL9<25><197><183>
> Attributes:
> User-Name = "joon"
> User-Password = MyPassword
>
> Wed Jan 4 20:40:07 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 4 20:40:07 2006: DEBUG: Deleting session for joon,
> 128.32.231.226,
> Wed Jan 4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan 4 20:40:07 2006: DEBUG: Reading users file ./users
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match
> with joon [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: No such
> user: joon [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Check
> item Service-Type expression 'Administrative-User' does not match
> '' in request: DEFAULT [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT1 [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Check
> item Service-Type expression 'Login-User' does not match '' in
> request: DEFAULT1 [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT2 [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Check
> item Service-Type expression 'Outbound-User' does not match '' in
> request: DEFAULT2 [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT3 [joon]
> Wed Jan 4 20:40:07 2006: WARNING: Could not find Identifier for
> Auth-Type 'System'
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Could not
> find Identifier for Auth-Type 'System': DEFAULT3 [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT4 [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Username
> not suffixed with .ppp: DEFAULT4 [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT5 [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Username
> not prefixed with P: DEFAULT5 [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT6 [joon]
> Wed Jan 4 20:40:07 2006: WARNING: This AuthBy does not know how to
> check Group membership
> Wed Jan 4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: User joon
> is not in Group group1: DEFAULT6 [joon]
> Wed Jan 4 20:40:07 2006: DEBUG: AuthBy FILE result: REJECT, User
> joon is not in Group group1
> Wed Jan 4 20:40:07 2006: INFO: Access rejected for joon: User joon
> is not in Group group1
> Wed Jan 4 20:40:07 2006: DEBUG: Returned TTLS tunnelled Diameter
> Packet dump:
> Code: Access-Reject
> Identifier: UNDEF
> Authentic: a<142><217><0>}<254>c<234><193><203>rL9<25><197><183>
> Attributes:
> Reply-Message = "Request Denied"
>
> Wed Jan 4 20:40:07 2006: DEBUG: EAP result: 1, EAP TTLS inner
> authentication redespatched to a Handler
> Wed Jan 4 20:40:07 2006: DEBUG: AuthBy FILE result: REJECT, EAP
> TTLS inner authentication redespatched to a Handler
> Wed Jan 4 20:40:07 2006: INFO: Access rejected for anonymous: EAP
> TTLS inner authentication redespatched to a Handler
> Wed Jan 4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code: Access-Reject
> Identifier: 123
> Authentic: S<193><179>c<184>)
> <251><220><142>Jx<23><207><228><184><221>
> Attributes:
> EAP-Message = <4><4><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
>
> ******************My radius.cfg****************
> Foreground
> LogStdout
> LogDir .
> DbDir .
> Trace 4
>
> <Client 128.32.231.226>
> Secret n0thing
> </Client>
>
> <Realm DEFAULT>
> <Handler TunneledByTTLS=1>
> <AuthBy KRB5>
> KrbRealm BERKELEY.EDU
> </AuthBy>
> </Handler>
> <AuthBy FILE>
> Filename %D/users
> EAPType TTLS
> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> EAPTLS_PrivateKeyPassword whatever
> EAPTLS_MaxFragmentSize 1000
> AutoMPPEKeys
> SSLeayTrace 4
> # EAPAnonymous %0
> </AuthBy>
> </Realm>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list