(RADIATOR) Question about Radiator Support.

Wyman Miles wm63 at cornell.edu
Thu Jan 5 08:10:31 CST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Works flawlessly for us, using precisely the setup you describe.

We have an <AuthBy FILE> clause pointing to a file with "anonymous" as a 
valid user.  Following that is an <AuthBy KRB5> clause pointing to the KDC.

SecureW2 is pre-configured to accept the Thawte certificate that signed 
Radiator's cert.



- --On Wednesday, January 04, 2006 8:43 PM -0800 Joon Yun
<joon at berkeley.edu> 
wrote:

> Hi Hugh,
>
> I've scoured the web and the Radiator archives but non of it seems to
> help me get the EAP/TTLS-PAP with Kerberos in the background using the
> SecureW2 windows supplicant working. It works perfectly fine if under
> the TunnelbyTTLS handler the method is Authby FILE but the Kerberos  auth
> is never ever called when configured for Authby KRB5. I've tried  this
> with the outer authentication both set and also not set as  anonymous
> with the same results. I've appended 2 traces and my config  file. Any
> help would be much appreciated.
>
> Regards,
> Joon Yun
> UC Berkeley
>
>
>
> ****Trace 4 with outter identity NOT set to anonymous****
>
> [ndrl5] ~/Radiator-Locked-3.13> perl radiusd -config radius.cfg
> Wed Jan  4 20:24:55 2006: DEBUG: Finished reading configuration file
> 'radius.cfg'
> Wed Jan  4 20:24:55 2006: DEBUG: Reading dictionary file './dictionary'
> Wed Jan  4 20:24:55 2006: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Wed Jan  4 20:24:55 2006: DEBUG: Creating accounting port 0.0.0.0:1646
> Wed Jan  4 20:24:55 2006: NOTICE: Server started: Radiator 3.13 on
> ndrl5.berkeley.edu
>
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 109
> Authentic:  <255><191>u_ <178><23>><141><129>><235><19><252><235>1
> Attributes:
>          NAS-IP-Address = 128.32.231.226
>          NAS-Port = 50002
>          NAS-Port-Type = Ethernet
>          User-Name = "joon"
>          Called-Station-Id = "00-12-7F-E3-48-42"
>          Calling-Station-Id = "00-C0-4F-80-36-EA"
>          Service-Type = Framed-User
>          Framed-MTU = 1500
>          EAP-Message = <2><0><0><9><1>joon
>          Message-Authenticator =
> 3<156><210><18>&<226>uz63#<19><146>]<180><132>
>
> Wed Jan  4 20:25:59 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:25:59 2006: DEBUG:  Deleting session for joon,
> 128.32.231.226, 50002
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with EAP: code 2, 0, 9
> Wed Jan  4 20:25:59 2006: DEBUG: Response type 1
> Wed Jan  4 20:25:59 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  TTLS
> Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Access challenged for joon: EAP TTLS
> Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 109
> Authentic:  <255><191>u_ <178><23>><141><129>><235><19><252><235>1
> Attributes:
>          EAP-Message = <1><1><0><6><21>
>          Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 110
> Authentic:  Aj'=7'O<9><211><174>8<134><22><241>n^
> Attributes:
>          NAS-IP-Address = 128.32.231.226
>          NAS-Port = 50002
>          NAS-Port-Type = Ethernet
>          User-Name = "joon"
>          Called-Station-Id = "00-12-7F-E3-48-42"
>          Calling-Station-Id = "00-C0-4F-80-36-EA"
>          Service-Type = Framed-User
>          Framed-MTU = 1500
>          EAP-Message =  <2><1><0><<21><128><0><0><0>2<22><3><1><0>-
> <1><0><0>)<3><1><144><1>9<0>E<194><22><218>4<190><1>_<158><170><242><201
> ><153>:
> <189><6>`rl<242>)<4><187><182><168><135><235><26><0><0><2><0><10><1><0>
>          Message-Authenticator =
> RE<2>l<233><199><159>_<175><166>L<208><186><233><202><15>
>
> Wed Jan  4 20:25:59 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:25:59 2006: DEBUG:  Deleting session for joon,
> 128.32.231.226, 50002
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with EAP: code 2, 1, 60
> Wed Jan  4 20:25:59 2006: DEBUG: Response type 21
> Wed Jan  4 20:25:59 2006: DEBUG: EAP TTLS data, 24576, 1, -1
> Wed Jan  4 20:25:59 2006: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Wed Jan  4 20:25:59 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  TTLS
> Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Access challenged for joon: EAP TTLS
> Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 110
> Authentic:  Aj'=7'O<9><211><174>8<134><22><241>n^
> Attributes:
>          EAP-Message =
> <1><2><3><242><21><192><0><0><7>x<22><3><1><0>J<2><0><0>F<3><1>C<188><15
> 9><215><28><238>u4<252>,+v<146><252>{<128>%<175><206><223><144>*<129><17
> 2><244><229><<15><244><234>x<172>
> <203>OR<227><25>ha<11>Ms<176><167><131>j<166><212><251>En<249>L<220>eH<5
> >&<:
> S<240><251><31><0><10><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2>
> <209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>
> H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU
> 1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melb
> ourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>          EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
> in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><
> 23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>
> AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Me
> lbourne1<24>0<22><6><3>U<4><10><19><15>My Test
> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0
> <13><6><9>*<134>H<134><247><13><1><1>
>          EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><23
> 4>/
> <241>.9<209><250>\y<1><149>[<215><24>e<133><15><223>d<176><132>Z<222>#<2
> 34><12>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><138>
> <6><19><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><171><1
> 54><249><220>v<17><159><2>x<29><136><148>:
> b<170><254><4><207><183><144><210><251>+<233><135>0<212>Y<207><158>N<226
> ><136><12><132><143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6
> ><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134
> ><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<12
> 9>X<13>=l?
> <174><155><170><162><189><20><25>az<19>o<202><250>|B8N<209><225><253>?
> hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<211><24
> 8>oba<
>          EAP-Message =
> JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>
> w<215><13><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254>
> <206>U?
> <214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3
> ><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4
> ><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8>
> <19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<
> 4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do no
>          Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 111
> Authentic:  <233>9<203><217><195>n<187>bo<179><7><5>C<149><232><12>
> Attributes:
>          NAS-IP-Address = 128.32.231.226
>          NAS-Port = 50002
>          NAS-Port-Type = Ethernet
>          User-Name = "joon"
>          Called-Station-Id = "00-12-7F-E3-48-42"
>          Calling-Station-Id = "00-C0-4F-80-36-EA"
>          Service-Type = Framed-User
>          Framed-MTU = 1500
>          EAP-Message = <2><2><0><6><21><0>
>          Message-Authenticator =
> <185>2Z<204><221><238><166><154>%<199><130><166><24>[{n
>
> Wed Jan  4 20:25:59 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:25:59 2006: DEBUG:  Deleting session for joon,
> 128.32.231.226, 50002
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:25:59 2006: DEBUG: Handling with EAP: code 2, 2, 6
> Wed Jan  4 20:25:59 2006: DEBUG: Response type 21
> Wed Jan  4 20:25:59 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  TTLS
> Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Access challenged for joon: EAP TTLS
> Challenge
> Wed Jan  4 20:25:59 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 111
> Authentic:  <233>9<203><217><195>n<187>bo<179><7><5>C<149><232><12>
> Attributes:
>          EAP-Message = <1><3><3><150><21><0>t use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><
> 23><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><
> 6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7>
> <19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
>          EAP-Message = roduction)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129>
> <159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<12
> 9><137><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><
> 199><214><253>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>
> '<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><145><138><1
> 43><136><127><230><<9>l<172><210><205><136><162><29>)1<4><206><11>g<163>
> <226>i@<206>o<210>,<185><173><234><3>^4<221><252><168>H<178><158><25><23
> 5><152><250>g<199><172><250>uSr<156><205>P<150>O<197><240>=a<255>_<209><
> 12><163><0>U<2><3><1><0><1><163><130><1>+0<130><1>'0<29><6><3>U<29><14><
> 4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
> <164><27>ke0<129><247><6><3>U<29>#
>          EAP-Message =
> <4><129><239>0<129><236><128><20><23><2><196>#<233><210>F0D<173>f]r<193>
> H?
> <164><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><
> 6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7>
> <19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><
> 1><0>0<12><6><3>U<29><19><4><5>0<3>
>          EAP-Message =
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><
> 0>0<3>=<202><190><236>S<216><228>o<177><242><18>hEBe<219>W<136><245>tf<2
> 02><143><160><29><220>p9<5><24>2<185>)<128><227>8<17><247>'_J<28><159>;
> _<202><254><242>+{=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><193
> ><29>-
> <228><19><184>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>DuY+<156><143>
> <225><149><237><135>ix<22>O<231><212><154><184><10>fZ<248>Va#<192><160>l
> <21><129>0<199>6<22><3><1><0><4><14><0><0><0>
>          Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:26:00 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 112
> Authentic:  2<29><159><237><28>Y<138><240>G<156><15><176><130>W<167><17>
> Attributes:
>          NAS-IP-Address = 128.32.231.226
>          NAS-Port = 50002
>          NAS-Port-Type = Ethernet
>          User-Name = "joon"
>          Called-Station-Id = "00-12-7F-E3-48-42"
>          Calling-Station-Id = "00-C0-4F-80-36-EA"
>          Service-Type = Framed-User
>          Framed-MTU = 1500
>          EAP-Message =
> <2><3><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130><0
> ><128>V_<212>(<239>y<247><171><1>PX|l<222>'<201><128><243><181>"?
> <131><137><228>q<138><244>qyG<182>3<204><1><252><152><154>m
> <202><240><8><215><253>P<197><228><230>*9<253><189><217>s<146><177><163>
> <149><143><226><18><223>p<234><138><250><221>L<166><25><167>l<129><28>3<
> 148><152><4>tVr<181>{<250><154><153>y<160>{ce<166><30>c<0><180><28>
> <4><208><245><183>$u<197><246><12>*<191>-
> <208><9><214><128><157><130><253><177><136><247>k<197><202><168>'<213><2
> >5<20><3><1><0><1><1><22><3><1><0>(<141>C<197>7m
> <138>O<163>wK<2><136><222><6><157><174>/
> <208><134><181><200><18>i<187><130><237>o<191><185><150>S<13>W<160><<147
> ><185><194><235>
>          Message-Authenticator =
> <234><233><156>`<29><138>F<252><246>}6<141><241><157>KJ
>
> Wed Jan  4 20:26:00 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:26:00 2006: DEBUG:  Deleting session for joon,
> 128.32.231.226, 50002
> Wed Jan  4 20:26:00 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:26:00 2006: DEBUG: Handling with EAP: code 2, 3, 200
> Wed Jan  4 20:26:00 2006: DEBUG: Response type 21
> Wed Jan  4 20:26:00 2006: DEBUG: EAP TTLS data, 8576, 3, 1
> Wed Jan  4 20:26:00 2006: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Wed Jan  4 20:26:00 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:26:00 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  TTLS
> Challenge
> Wed Jan  4 20:26:00 2006: DEBUG: Access challenged for joon: EAP TTLS
> Challenge
> Wed Jan  4 20:26:00 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 112
> Authentic:  2<29><159><237><28>Y<138><240>G<156><15><176><130>W<167><17>
> Attributes:
>          EAP-Message =
> <1><4><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<23><184><
> 198><217><183><0>d)<10>Y<152><242><148>3<145><160><25><180>(<232>Ic2q<25
> ><222>8<4><193>.<181>r/<254><178><210><0>U<31><129>
>          Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:26:00 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 113
> Authentic:  }<243><164><132>C<20>t<196>:<221><175>s<163>3<132><140>
> Attributes:
>          NAS-IP-Address = 128.32.231.226
>          NAS-Port = 50002
>          NAS-Port-Type = Ethernet
>          User-Name = "joon"
>          Called-Station-Id = "00-12-7F-E3-48-42"
>          Calling-Station-Id = "00-C0-4F-80-36-EA"
>          Service-Type = Framed-User
>          Framed-MTU = 1500
>          EAP-Message =
> <2><4><0>O<21><128><0><0><0>E<23><3><1><0>@,e<245>}iu<191>I<219>F<174><2
> 22>cy$<163><202>JF?
> <184><138><251>(<167>}<255><140><206><168><244><253><221>S<21><208><193>
> <29><178><178>S<182>tW<141><158>(<133>1Qt<216>W<22><137>a<251><237>5<189
> ><137><204>*?
>          Message-Authenticator =
> uiM<241><176>P<22><183><178><195><241><135><246><231><235>e
>
> Wed Jan  4 20:26:00 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:26:00 2006: DEBUG:  Deleting session for joon,
> 128.32.231.226, 50002
> Wed Jan  4 20:26:00 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:26:00 2006: DEBUG: Handling with EAP: code 2, 4, 79
> Wed Jan  4 20:26:00 2006: DEBUG: Response type 21
> Wed Jan  4 20:26:00 2006: DEBUG: EAP TTLS data, 3, 4, 3
> Wed Jan  4 20:26:00 2006: DEBUG: EAP TTLS inner authentication request
> for joon
> Wed Jan  4 20:26:00 2006: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:
> <225><173><207><189><179>I<14><131><148><211><27>/<5>T<218><2>
> Attributes:
>          User-Name = "joon"
>          User-Password = MyPassword
>
> Wed Jan  4 20:26:00 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:26:00 2006: DEBUG:  Deleting session for joon,
> 128.32.231.226,
> Wed Jan  4 20:26:00 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:26:00 2006: DEBUG: Reading users file ./users
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match with
> joon [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: No such user:
> joon [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Check item
> Service-Type expression 'Administrative-User' does not match '' in
> request: DEFAULT [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT1 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Check item
> Service-Type expression 'Login-User' does not match '' in request:
> DEFAULT1 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT2 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Check item
> Service-Type expression 'Outbound-User' does not match '' in request:
> DEFAULT2 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT3 [joon]
> Wed Jan  4 20:26:00 2006: WARNING: Could not find Identifier for
> Auth-Type 'System'
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Could not  find
> Identifier for Auth-Type 'System': DEFAULT3 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT4 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Username not
> suffixed with .ppp: DEFAULT4 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT5 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: Username not
> prefixed with P: DEFAULT5 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT6 [joon]
> Wed Jan  4 20:26:00 2006: WARNING: This AuthBy does not know how to
> check Group membership
> Wed Jan  4 20:26:00 2006: DEBUG: Radius::AuthFILE REJECT: User joon is
> not in Group group1: DEFAULT6 [joon]
> Wed Jan  4 20:26:00 2006: DEBUG: AuthBy FILE result: REJECT, User joon
> is not in Group group1
> Wed Jan  4 20:26:00 2006: INFO: Access rejected for joon: User joon is
> not in Group group1
> Wed Jan  4 20:26:00 2006: DEBUG: Returned TTLS tunnelled Diameter  Packet
> dump:
> Code:       Access-Reject
> Identifier: UNDEF
> Authentic:
> <225><173><207><189><179>I<14><131><148><211><27>/<5>T<218><2>
> Attributes:
>          Reply-Message = "Request Denied"
>
> Wed Jan  4 20:26:00 2006: DEBUG: EAP result: 1, EAP TTLS inner
> authentication redespatched to a Handler
> Wed Jan  4 20:26:00 2006: DEBUG: AuthBy FILE result: REJECT, EAP TTLS
> inner authentication redespatched to a Handler
> Wed Jan  4 20:26:00 2006: INFO: Access rejected for joon: EAP TTLS  inner
> authentication redespatched to a Handler
> Wed Jan  4 20:26:00 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Reject
> Identifier: 113
> Authentic:  }<243><164><132>C<20>t<196>:<221><175>s<163>3<132><140>
> Attributes:
>          EAP-Message = <4><4><0><4>
>          Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>          Reply-Message = "Request Denied"
>
>
>
>
> ****Trace 4 with outter identity NOT set to anonymous****
>
> [ndrl5] ~/Radiator-Locked-3.13> perl radiusd -config radius.cfg
> Wed Jan  4 20:37:58 2006: DEBUG: Finished reading configuration file
> 'radius.cfg'
> Wed Jan  4 20:37:58 2006: DEBUG: Reading dictionary file './dictionary'
> Wed Jan  4 20:37:58 2006: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Wed Jan  4 20:37:58 2006: DEBUG: Creating accounting port 0.0.0.0:1646
> Wed Jan  4 20:37:58 2006: NOTICE: Server started: Radiator 3.13 on
> ndrl5.berkeley.edu
>
>
> Wed Jan  4 20:40:06 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 119
> Authentic:
> <5><25><133>~<128>5<27><166>6<216><143><190><162><250><17><26>
> Attributes:
>          NAS-IP-Address = 128.32.231.226
>          NAS-Port = 50002
>          NAS-Port-Type = Ethernet
>          User-Name = "anonymous"
>          Called-Station-Id = "00-12-7F-E3-48-42"
>          Calling-Station-Id = "00-C0-4F-80-36-EA"
>          Service-Type = Framed-User
>          Framed-MTU = 1500
>          EAP-Message = <2><0><0><14><1>anonymous
>          Message-Authenticator =
> <151>d<10>u*J7j<248><251><235><247><169>{<180>Q
>
> Wed Jan  4 20:40:06 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:06 2006: DEBUG:  Deleting session for anonymous,
> 128.32.231.226, 50002
> Wed Jan  4 20:40:06 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 0, 14
> Wed Jan  4 20:40:07 2006: DEBUG: Response type 1
> Wed Jan  4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  TTLS
> Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 119
> Authentic:
> <5><25><133>~<128>5<27><166>6<216><143><190><162><250><17><26>
> Attributes:
>          EAP-Message = <1><1><0><6><21>
>          Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 120
> Authentic:  `<203><201><210>4(78<158><133>m<160><8>"Y<192>
> Attributes:
>          NAS-IP-Address = 128.32.231.226
>          NAS-Port = 50002
>          NAS-Port-Type = Ethernet
>          User-Name = "anonymous"
>          Called-Station-Id = "00-12-7F-E3-48-42"
>          Calling-Station-Id = "00-C0-4F-80-36-EA"
>          Service-Type = Framed-User
>          Framed-MTU = 1500
>          EAP-Message =  <2><1><0><<21><128><0><0><0>2<22><3><1><0>-
> <1><0><0>)<3><1><186><2><4><0><22>s<212><249>j<142>?
> <8><184><249><154>C<205><235><183><251>$WR<26>m<176><179><10>U<237>K<190
> ><0><0><2><0><10><1><0>
>          Message-Authenticator =
> <30>]<243><227><136>4<184><155>O<226><<16><216><245> <7>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:07 2006: DEBUG:  Deleting session for anonymous,
> 128.32.231.226, 50002
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 1, 60
> Wed Jan  4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TTLS data, 24576, 1, -1
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Wed Jan  4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  TTLS
> Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 120
> Authentic:  `<203><201><210>4(78<158><133>m<160><8>"Y<192>
> Attributes:
>          EAP-Message =
> <1><2><3><242><21><192><0><0><7>x<22><3><1><0>J<2><0><0>F<3><1>C<188><16
> 3>'<153><132><139>O<204><251><201><225>sjhu<213>~<181><245>Q<179><144>N<
> 6><31><226><154>|p<5><182>  <181><191>!
> b<172><187><244><<28><181>O<185><12><18><170><171><26>h<<176><219><190><
> 137>
> L<133><180><28><211><194><138><7><0><10><0><22><3><1><7><27><11><0><7><2
> 3><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2
> >0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><
> 3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>
> U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>          EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
> in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><
> 23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>
> AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Me
> lbourne1<24>0<22><6><3>U<4><10><19><15>My Test
> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0
> <13><6><9>*<134>H<134><247><13><1><1>
>          EAP-Message =
> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><23
> 4>/
> <241>.9<209><250>\y<1><149>[<215><24>e<133><15><223>d<176><132>Z<222>#<2
> 34><12>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><138>
> <6><19><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/
> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><171><1
> 54><249><220>v<17><159><2>x<29><136><148>:
> b<170><254><4><207><183><144><210><251>+<233><135>0<212>Y<207><158>N<226
> ><136><12><132><143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6
> ><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134
> ><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<12
> 9>X<13>=l?
> <174><155><170><162><189><20><25>az<19>o<202><250>|B8N<209><225><253>?
> hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<211><24
> 8>oba<
>          EAP-Message =
> JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>
> w<215><13><152><154>T<218><8><246><202>.<177>9s*<220><219>n"Gu<188><254>
> <206>U?
> <214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3
> ><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4
> ><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8>
> <19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<
> 4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test
> Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do no
>          Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 121
> Authentic:  <26>sSWK<154><215><195><254>a<160>s<238><229><135><231>
> Attributes:
>          NAS-IP-Address = 128.32.231.226
>          NAS-Port = 50002
>          NAS-Port-Type = Ethernet
>          User-Name = "anonymous"
>          Called-Station-Id = "00-12-7F-E3-48-42"
>          Calling-Station-Id = "00-C0-4F-80-36-EA"
>          Service-Type = Framed-User
>          Framed-MTU = 1500
>          EAP-Message = <2><2><0><6><21><0>
>          Message-Authenticator =
> <220><184><146><142><225><20><164><226><225><164>/<159><184><170><214>w
>
> Wed Jan  4 20:40:07 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:07 2006: DEBUG:  Deleting session for anonymous,
> 128.32.231.226, 50002
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 2, 6
> Wed Jan  4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan  4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  TTLS
> Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 121
> Authentic:  <26>sSWK<154><215><195><254>a<160>s<238><229><135><231>
> Attributes:
>          EAP-Message = <1><3><3><150><21><0>t use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><
> 23><13>040316080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><
> 6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7>
> <19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
>          EAP-Message = roduction)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129>
> <159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<12
> 9><137><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><
> 199><214><253>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>
> '<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><145><138><1
> 43><136><127><230><<9>l<172><210><205><136><162><29>)1<4><206><11>g<163>
> <226>i@<206>o<210>,<185><173><234><3>^4<221><252><168>H<178><158><25><23
> 5><152><250>g<199><172><250>uSr<156><205>P<150>O<197><240>=a<255>_<209><
> 12><163><0>U<2><3><1><0><1><163><130><1>+0<130><1>'0<29><6><3>U<29><14><
> 4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
> <164><27>ke0<129><247><6><3>U<29>#
>          EAP-Message =
> <4><129><239>0<129><236><128><20><23><2><196>#<233><210>F0D<173>f]r<193>
> H?
> <164><27>ke<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><
> 6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7>
> <19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><
> 1><0>0<12><6><3>U<29><19><4><5>0<3>
>          EAP-Message =
> <1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><
> 0>0<3>=<202><190><236>S<216><228>o<177><242><18>hEBe<219>W<136><245>tf<2
> 02><143><160><29><220>p9<5><24>2<185>)<128><227>8<17><247>'_J<28><159>;
> _<202><254><242>+{=P<245><215>K<160><136>qml<181><24>3<0>f<166>Q(<2><193
> ><29>-
> <228><19><184>C<139>9}r1<188>DTlK<255><15><12>TL<160><177>DuY+<156><143>
> <225><149><237><135>ix<22>O<231><212><154><184><10>fZ<248>Va#<192><160>l
> <21><129>0<199>6<22><3><1><0><4><14><0><0><0>
>          Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 122
> Authentic:  <17>u<131><229>uJ<2><244>)]zn<196>F<208><204>
> Attributes:
>          NAS-IP-Address = 128.32.231.226
>          NAS-Port = 50002
>          NAS-Port-Type = Ethernet
>          User-Name = "anonymous"
>          Called-Station-Id = "00-12-7F-E3-48-42"
>          Calling-Station-Id = "00-C0-4F-80-36-EA"
>          Service-Type = Framed-User
>          Framed-MTU = 1500
>          EAP-Message =
> <2><3><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130><0
> ><128><205>d<222><127>6<240><235><253>$_Fq<195><219><168><25><<201><234>
> <202><5><176><204><131><251>x<9><188><218><154>5<200>D<229><186>o<151><1
> 76><255><243><142><223>f8<156><175>L<252><238><197>1<187><j@<25><128>c<1
> 85><160><4>XZ<185><145><199>a,<240>S<217><236><189><213><165><5><170><15
> 7>7<239><140><159><234>%<200><20>K<181>R{<23><182><161>O<150>U<237>;
> T<137><154>5<192><236><207><238><241>E<160>4<185><183>N^<0>f<197>P<184>z
> <192>5<2><233>"(G<203><20><3><1><0><1><1><22><3><1><0>(<204><171>^<11><2
> 13><164>UP<132><227><20>J1<199><14>z1Z<236>f6<203>H<198><231><226><128>U
> <254><201><141>nfeg~S<206><222>Q
>          Message-Authenticator =
> <213><220><157>N<163><216>i~<170><137><168><171><153>bV<202>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:07 2006: DEBUG:  Deleting session for anonymous,
> 128.32.231.226, 50002
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 3, 200
> Wed Jan  4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TTLS data, 8576, 3, 1
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Wed Jan  4 20:40:07 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP  TTLS
> Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Access challenged for anonymous: EAP
> TTLS Challenge
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Challenge
> Identifier: 122
> Authentic:  <17>u<131><229>uJ<2><244>)]zn<196>F<208><204>
> Attributes:
>          EAP-Message =
> <1><4><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<231><186>
> ]<11><195><198>A<153>7<144><19><240><137><211><242>pO<150><2><10><7><195
> >7<212>6x<16><12><0><248><4>E<212><211><18><143><145><153><216><132>
>          Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Received from 128.32.231.226 port 1812 ....
> Code:       Access-Request
> Identifier: 123
> Authentic:  S<193><179>c<184>)<251><220><142>Jx<23><207><228><184><221>
> Attributes:
>          NAS-IP-Address = 128.32.231.226
>          NAS-Port = 50002
>          NAS-Port-Type = Ethernet
>          User-Name = "anonymous"
>          Called-Station-Id = "00-12-7F-E3-48-42"
>          Calling-Station-Id = "00-C0-4F-80-36-EA"
>          Service-Type = Framed-User
>          Framed-MTU = 1500
>          EAP-Message =
> <2><4><0>O<21><128><0><0><0>E<23><3><1><0>@<26><163>~<195>3_<16><224>D]<
> 214><159><16>X<186>o<216>v<183>pqv<190>3<230><138><242><165><17><160><25
> 3>3<222><25><207><205><207>o<<173><207><174><212><236>uZ<223>:
> <196><166>%0^<208>,ML<174>m<151><175>k5T
>          Message-Authenticator =
> <152><186><199>><241><250><145>"<127><253><136><169>}P"k
>
> Wed Jan  4 20:40:07 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:07 2006: DEBUG:  Deleting session for anonymous,
> 128.32.231.226, 50002
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with EAP: code 2, 4, 79
> Wed Jan  4 20:40:07 2006: DEBUG: Response type 21
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TTLS data, 3, 4, 3
> Wed Jan  4 20:40:07 2006: DEBUG: EAP TTLS inner authentication request
> for joon
> Wed Jan  4 20:40:07 2006: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  a<142><217><0>}<254>c<234><193><203>rL9<25><197><183>
> Attributes:
>          User-Name = "joon"
>          User-Password = MyPassword
>
> Wed Jan  4 20:40:07 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan  4 20:40:07 2006: DEBUG:  Deleting session for joon,
> 128.32.231.226,
> Wed Jan  4 20:40:07 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Jan  4 20:40:07 2006: DEBUG: Reading users file ./users
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match with
> joon [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: No such user:
> joon [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Check item
> Service-Type expression 'Administrative-User' does not match '' in
> request: DEFAULT [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT1 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Check item
> Service-Type expression 'Login-User' does not match '' in request:
> DEFAULT1 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT2 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Check item
> Service-Type expression 'Outbound-User' does not match '' in request:
> DEFAULT2 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT3 [joon]
> Wed Jan  4 20:40:07 2006: WARNING: Could not find Identifier for
> Auth-Type 'System'
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Could not  find
> Identifier for Auth-Type 'System': DEFAULT3 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT4 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Username not
> suffixed with .ppp: DEFAULT4 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT5 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: Username not
> prefixed with P: DEFAULT5 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT6 [joon]
> Wed Jan  4 20:40:07 2006: WARNING: This AuthBy does not know how to
> check Group membership
> Wed Jan  4 20:40:07 2006: DEBUG: Radius::AuthFILE REJECT: User joon is
> not in Group group1: DEFAULT6 [joon]
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: REJECT, User joon
> is not in Group group1
> Wed Jan  4 20:40:07 2006: INFO: Access rejected for joon: User joon is
> not in Group group1
> Wed Jan  4 20:40:07 2006: DEBUG: Returned TTLS tunnelled Diameter  Packet
> dump:
> Code:       Access-Reject
> Identifier: UNDEF
> Authentic:  a<142><217><0>}<254>c<234><193><203>rL9<25><197><183>
> Attributes:
>          Reply-Message = "Request Denied"
>
> Wed Jan  4 20:40:07 2006: DEBUG: EAP result: 1, EAP TTLS inner
> authentication redespatched to a Handler
> Wed Jan  4 20:40:07 2006: DEBUG: AuthBy FILE result: REJECT, EAP TTLS
> inner authentication redespatched to a Handler
> Wed Jan  4 20:40:07 2006: INFO: Access rejected for anonymous: EAP TTLS
> inner authentication redespatched to a Handler
> Wed Jan  4 20:40:07 2006: DEBUG: Packet dump:
> *** Sending to 128.32.231.226 port 1812 ....
> Code:       Access-Reject
> Identifier: 123
> Authentic:  S<193><179>c<184>)<251><220><142>Jx<23><207><228><184><221>
> Attributes:
>          EAP-Message = <4><4><0><4>
>          Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>          Reply-Message = "Request Denied"
>
> ******************My radius.cfg****************
> Foreground
> LogStdout
> LogDir          .
> DbDir           .
> Trace           4
>
> <Client 128.32.231.226>
> Secret  n0thing
> </Client>
>
> <Realm DEFAULT>
> <Handler TunneledByTTLS=1>
>          <AuthBy KRB5>
>                  KrbRealm BERKELEY.EDU
>          </AuthBy>
> </Handler>
>          <AuthBy FILE>
>                  Filename %D/users
>                  EAPType TTLS
>                  EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>                  EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>                  EAPTLS_CertificateType PEM
>                  EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>                  EAPTLS_PrivateKeyPassword whatever
>                  EAPTLS_MaxFragmentSize 1000
>                  AutoMPPEKeys
>                  SSLeayTrace 4
>#                EAPAnonymous %0
>          </AuthBy>
> </Realm>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



Wyman Miles
Senior Security Engineer
Cornell University, Ithaca, NY
(607) 255-8421
-----BEGIN PGP SIGNATURE-----
Version: Mulberry PGP Plugin v3.0
Comment: processed by Mulberry PGP Plugin

iQA/AwUBQ70o28RE6QfTb3V0EQIL+QCeNb8g3zNBb2nVu8WClDH5tCcBZr8AoKHB
bBUR8X/5fyTPxADsxwbTxtQZ
=NJfo
-----END PGP SIGNATURE-----

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list