(RADIATOR) error "No Handler for TTLS inner authentication"

R.H.Hoek r.h.hoek at utwente.nl
Wed Mar 15 10:29:23 CST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

We are (also) using Radiator for authenticatien wireless users with
EAP-TTLS. Because we have al lot of AccessPoints (600+), and including
the clients via ClientListSQL, Radiator takes too lang to start (5min),
I tried the next config. There is a Defaultclient with a special
identifier. In the appropriate Handler this identifier is checked with
the NAS-IP-Address. (in this case the fake range 10.10.108.0 ->
10.10.111.0) This range covers the AccessPoint IPrange.

<Client DEFAULT>
        Secret 1dr8ig
        Identifier WLANATUTDEFAULT-ID
</Client>

<Handler Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^10\.10\.10[89].*$|^10\.10\.11[01].*$/>
        # Stripoff de realm
        RewriteUsername s/^([^@]+).*/$1/
        # Stripoff leading whitespaces en zo
        RewriteUsername s/^\s*//
        # Stripoff trailing whitespaces en zo
        # Hook to set class-attrib when outerauth user is anonymous
        PreAuthHook file:"%D/hooks/anonymous.pl"
        <AuthBy FILE>
                Filename /etc/radiator/users-wlan
                EAPType TTLS

.
.
.
.
</Handler>

This config does not work. The whole EAP handshake works fine until the
inner-authentication then I get an error -> No Handler for TTLS inner
authentication. It looks like that with the last access-request packet,
the Handler lookup is done twice. The second lookup has no
NAS-IP-Address attribute, and the right handler is not found.

Is this a bug? Is there a way to solve this problem?
The same problem with V3.13 and V3.14.

- -----------------------------logging----:
Wed Mar 15 15:03:24 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 172
Authentic:  \4<20><201><210><233><193><203>7Pt<246>s<164><182><215>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
<31>:&<13>p<186><229><17><12>"<156><199><31>*<197><0>
        EAP-Message = <2><2><0><24><1>m1234567 at utwente.nl
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:24 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:24 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:24 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:24 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:25 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:25 2006: DEBUG: Handling with EAP: code 2, 2, 24
Wed Mar 15 15:03:25 2006: DEBUG: Response type 1
Wed Mar 15 15:03:25 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:25 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:25 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:25 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 172
Authentic:  \4<20><201><210><233><193><203>7Pt<246>s<164><182><215>
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message = <1><3><0><6><21>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:27 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 173
Authentic:  L<167><18><181><234>BP7<164><152><164> d<162>J<222>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
<221><211><131><180>z<30>A<156>m<139><19><219><128>&k<187>
        EAP-Message =
<2><3><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1><0><0><2><0>&EI<142><185>C<205><155><250><12><243>2z<26><137>o<20><20><192><145>B<16><235><151>a0B<200><0><0><2><0><10><1><0>
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:27 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:27 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:27 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:27 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:27 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:27 2006: DEBUG: Handling with EAP: code 2, 3, 60
Wed Mar 15 15:03:28 2006: DEBUG: Response type 21
Wed Mar 15 15:03:28 2006: DEBUG: EAP TTLS data, 24576, 3, -1
Wed Mar 15 15:03:28 2006: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Wed Mar 15 15:03:28 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:28 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:28 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:28 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 173
Authentic:  L<167><18><181><234>BP7<164><152><164> d<162>J<222>
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message =
<1><4><4><10><21><192><0><0><13><159><22><3><1><0>J<2><0><0>F<3><1>D<24><30><176>*<244>*'<161>&\q<222><201>m<188>_<8>1<166><239><239><166><215><159><12><16>#<0><0><0><0>
N<208><225>IX<137>U<254><183><160><168><136><161>$<247>}<157><195><238><132>.<217><172><130><231>Y<13><10><235><4>><156><0><10><0><22><3><1><13>B<11><0><13>><0><13>;<0><3><229>0<130><3><225>0<130><2><201><160><3><2><1><2><2><16><22><H<214><216><159><11>,<27><27>6l<226><8>&<225>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><144>1<11>0<9><6><3>U<4><6><19><2>NL1<28>0<26><6><3>U<4><10><19><19>Universiteit
Twente1(0&<6><3>U<4><11><19><31>UTwente Certification
Authority1$0"<6><9>*<134>H<134><247><13><1><9><1>
        EAP-Message =
<22><21>UTwente-CA at utwente.nl1<19>0<17><6><3>U<4><3><19><10>UTwente-CA0<30><23><13>040105110221Z<23><13>090103200221Z0<129><168>1<11>0<9><6><3>U<4><6><19><2>NL1<18>0<16><6><3>U<4><8><19><9>Overijsel1<17>0<15><6><3>U<4><7><19><8>Enschede1<28>0<26><6><3>U<4><10><19><19>Universiteit
Twente1<13>0<11><6><3>U<4><11><19><4>ITBE1$0"<6><9>*<134>H<134><247><13><1><9><1><22><21>UTwente-CA at utwente.nl1<31>0<29><6><3>U<4><3><19><22>meister.civ.utwente.nl0<129><159>0<13><6>
        EAP-Message =
<9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><221>*<205>()<8>O<128><168><154><140>w<176><190>C6<255><219><207><17><176><185>g<185><16><214>@g(<146>><176><30><140><245>5<166><6><226><180>Q<128><152><130><14><244>K<196><193>C<24><183><177>{<223><168>.m<30><132>q<234>vG<144>,<17><205><153>_<240>n@<200><127><186>3|<255><186><8><193>7m<213>{<30>{"<11>w<145><219><179><203>K<226>9<254><30><159><137>}<247><214><249>H"H<178>k<9>#<166><19>N<137><182><131><201><157><170><232>(9<169>8<1><2><3><1><0><1><163><129><160>0<129><157>0<31><6><3>U<29>#<4><24>0<22><128><20>j<138><250><14><238>6d<203>w<199><191><147>>0zK<136><159><187>r0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<11><6><3>U<29><15><4><4><3><2><5><224>0<29><6><3>U<29><14><4><22><4><20>^1<217>|<255><128><228>,<29><31><245><204><242>
        EAP-Message =
<250><27><218><174><212>6<204>09<6><3>U<29><31><4>2000.<160>,<160>*<134>(http://ca.surfnet.nl:4470/UTwente-CA.crl0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>W<220><129><224>~l(<228><210><177><164><196>$S<174><186>2<202>:<129>a<24><148>3<30><216><202><254><245>nDS<236><199><153><247>]Ls<209><184><237>Y<233><210><138>?<208><179><226><213>%<198>GA<154>
<201>^<225><191><16>U<249><26>:<27>dr<216>V<190><186>d[<160><209>O<157><184>s<161><181><137><219>y<131><130>&<246>y<7>h<207>=Q<134>XV<181><162>+<220><197><178>>X"<215><176>=<238><<135><156><5>Q<172>
7<188><136>$<137>e<242>1GB<243><14><30><246><177><2>;<25>i<152><148><250>+<179><250><247><161><243><31><174>s<21>B]<19>=<134>e<251>I<244>W<226><171>{<6>]~
        EAP-Message =
t6I<170><154><219><216><29><5><151><203>ut<1>P<175><207>4^S|'
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:29 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 174
Authentic:  3<226>h<179><174>Q<183><131>/x<9><185><243><23><211><10>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
<142>w<136><131><30>v<246><238>~<140>d/<143><127><232>y
        EAP-Message = <2><4><0><6><21><0>
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:29 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:29 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:29 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:29 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:29 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:29 2006: DEBUG: Handling with EAP: code 2, 4, 6
Wed Mar 15 15:03:29 2006: DEBUG: Response type 21
Wed Mar 15 15:03:29 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:30 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:30 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:30 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 174
Authentic:  3<226>h<179><174>Q<183><131>/x<9><185><243><23><211><10>
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message =
<1><5><4><6><21>@<234>nK<195><254>/3<146>1?<204><0><2>&Y%<199><158><216><8><149><194>;j!.<152><1><2><23>.<176><24><11><6><208>N<184><20>r<9><161><215>(#<228><137>|7<187><178><208><15><245>x<15>Z<1><172><197><228><208><4><143>S<181>c<0><4><163>0<130><4><159>0<130><3><135><160><3><2><1><2><2><17><0><210><234><7>k<134><143><12><186>}<172>=<189>y<173>!60<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><141>1<11>0<9><6><3>U<4><6><19><2>NL1<16>0<14><6><3>U<4><10><19><7>SURFnet1'0%<6><3>U<4><11><19><30>Policy
Certification
Authority1%0#<6><9>*<134>H<134><247><13><1><9><1><22><22>SURFnet-PCA at surfnet.nl1<28>0<26><6><3>U<4><3><19><19>SURFn
        EAP-Message =
et-PCA-Root-CA0<30><23><13>030408191753Z<23><13>170420194748Z0<129><144>1<11>0<9><6><3>U<4><6><19><2>NL1<28>0<26><6><3>U<4><10><19><19>Universiteit
Twente1(0&<6><3>U<4><11><19><31>UTwente Certification
Authority1$0"<6><9>*<134>H<134><247><13><1><9><1><22><21>UTwente-CA at utwente.nl1<19>0<17><6><3>U<4><3><19><10>UTwente-CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><192><252><15><8><9><172>Ck<15>^<27><198><165><10>ia<220><194><4><222><248>l<230><26><3><132><176>
        EAP-Message =
<241>Y7<144><22><221>+y%<182><1><215><128><234><167><244>6<203><149>k<195><174><162>6<159>E<169>;<232>m<221><187>x_<207><22><158>Yj<144>l<170><189>}<210><15><1><17>t-<170>Na^<202><129><19><241>ca<160>aT[<8>J?<174>:8v<142>N<127>[<22><137>T+<141><149>!_<130><2><240><129><194><163><177><13><139><138><217><173><1>Ppiz<166>I<145><25><6><132>6<239>q<213><208><225><204><215><187><184>"0$u<137>h<27>V<16><171><199><156>$S<188><19><163><211><26><160>e:U<21><181><128><3><157>.|<222><177>tp<237><168><151><27>
<165>l<249><152><229><229><31><178>
<25><138><206>mZOWs<199><168>te<244><147><205><159><21><172><189><237><168>X<147><255><192>i}]<190><205><238>VjP<255><192>vL<174><241><30><181>K<207><168>F<226>'<246><166>\:<9>8mnC<233><167>!<190>L<10>H9<2><3><1><0><1><163><129><244>0<129><241>0<15><6><3>U<29><19><1><1><255><4><5>0
        EAP-Message = <3><1><1><255>0S<6><3>U<29>
<4>L0J0H<6><11>+<6><1><4><1><136>4<20><131>}<1>0907<6><8>+<6><1><5><5><7><2><1><22>+https://ca.surfnet.nl:4430/PKI/PCA-CPS.html09<6><3>U<29><31><4>2000.<160>,<160>*<134>(http://ca.surfnet.nl:4470/UTwente-CA.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><1><134>0<31><6><3>U<29>#<4><24>0<22><128><20><173><27><192>A<15><227><134><23><227><6>(<180><2>K&<131><170><147><241><169>0<29><6><3>U<29><14><4><22><4><20>j<138><250><14><238>6d<203>w<199><191><147>>0zK<136><159><187>r0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><16><147><240><159><139>
        EAP-Message =
2P<240>Y<255><240><11><192>W<0>"<243>2$<31><15><223><228>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:30 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 175
Authentic:  6<152><148><225><11><225>LOF<204><200><229>'<141><203>/
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator = h<169>|Q}<20><184>)__(nn<242><202>8
        EAP-Message = <2><5><0><6><21><0>
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:30 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:30 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:30 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:30 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:31 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:31 2006: DEBUG: Handling with EAP: code 2, 5, 6
Wed Mar 15 15:03:31 2006: DEBUG: Response type 21
Wed Mar 15 15:03:31 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:31 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:31 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:31 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 175
Authentic:  6<152><148><225><11><225>LOF<204><200><229>'<141><203>/
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message =
<1><6><4><6><21>@<214><212><30>+<168><4><246><231><158>E<162><215><146><228>8c<152><1><29><168><201>t<241><175><161><251>g<147>;<171>?<207><229><26><228><216>c_<223>Y<147><136><25><224>C<134><154><135><6><228><167><220><204><24><150><226><3><193>T<152>H8<178>^<225><133><183><130>~<25><211><223>
<237><171><27>.`<236>z<127><17><134>MO:<137>zes<25>)<164><151><212><0><183><220><250>-J9<251><127><234>F<211><191><178><198>^o\&<241><166><184><135>F<246>j4<15>q<132><246><216><188>k<143>ru{<249><189><9><224><147>7
F$<163>z<182><255><224><198><<253>zF<209><128><169><162><210>H<156><131><135>N<243><245><225>M<137>J<129><209><227><26><10><182>><221><5><199><149><222>6OjKc<11>8<3><211><16>n<31><24>>q<0><127><246>o<177><192>z<15><223>mB<208><132>L,O<235><192>G4<232><249>]<250>?xS<160><140>s<248>1M<144>3<137><131><230><0><4><170>0<130><4><166>0<130><3><142><160><3><2>
        EAP-Message =
<1><2><2><17><0><248><244>Wq<161><181><252><216><19><31>9<135>QB<219><200>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><141>1<11>0<9><6><3>U<4><6><19><2>NL1<16>0<14><6><3>U<4><10><19><7>SURFnet1'0%<6><3>U<4><11><19><30>Policy
Certification
Authority1%0#<6><9>*<134>H<134><247><13><1><9><1><22><22>SURFnet-PCA at surfnet.nl1<28>0<26><6><3>U<4><3><19><19>SURFnet-PCA-Root-CA0<30><23><13>030218215526Z<23><13>170424192002Z0<129><141>1<11>0<9><6><3>U<4><6><19><2>NL1<16>0<14><6><3>U<4><10><19><7>SURFnet1'0%<6><3>U
        EAP-Message = <4><11><19><30>Policy Certification
Authority1%0#<6><9>*<134>H<134><247><13><1><9><1><22><22>SURFnet-PCA at surfnet.nl1<28>0<26><6><3>U<4><3><19><19>SURFnet-PCA-Root-CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><144><234><179>E><198><169><140>d<220><227><237><252><218><254><250><241><132>b3<5><244><148>\<255>)<182><246><160>vFe<231><145>N<239><127><20><207><188><228>[<170>-%<231><130>)l<213>i<230><239>L9<199><128>ph><253><150><222><208><155><197><228>a<183>K<3><2><179><21><2>&<217><219><204>8<127><154><199><208><215><160><245><198><199><162><254><31>>j*{<220><27>L<200>9<167><231>1<142><239>X<254>6E;J<156>[<158>gu
        EAP-Message =
L<26>"\<154><195>5<173>S<238><194><25>BF.#<212><165>J<226><240>;<160><137>7<129>)Y<143><210><193>^<206><128><12>_<13>"V<195>N<222><242><26><20><209><184><239><136><129><238><214><220>Q<204>A[<134><254>9:Y.<146><20><148>z<232><153><250><153>ZD<236><213><235><0>b`<166><130><139><255><143><19><6>T<213><245>F0<138><160><<154>#B<162><8>X<201><216><149>}<195><12><193><18><193><255><24><212>r<162>t<204>Z<20>S<<24><229><212>0,<195><236><184>t<245><252>Q<235><163>6<224><214><225>u<2><3><1><0><1><163><129><254>0<129><251>0B<6><3>U<29><31><4>;0907<160>5<160>3<134>1http://ca.surfnet.nl:4470/SURFnet-PCA-Root-CA.crl0<17><6><9>`<134>H<1><134><248>B<1><1><4><4><3><2><0><7>0<15><6><3>U<29><19><1><1><255><4><5>0<3><1><1>
        EAP-Message = <255>0A<6><3>U<29> <4>:0806<6><11>+<6>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:31 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 176
Authentic:  L<225>7<241><237><129>OPBN<198>Fz<165><243><19>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
<149><20>1<156>-<223><15><160>Qma:<201><205>u~
        EAP-Message = <2><6><0><6><21><0>
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:32 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:32 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:32 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:32 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:32 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:32 2006: DEBUG: Handling with EAP: code 2, 6, 6
Wed Mar 15 15:03:32 2006: DEBUG: Response type 21
Wed Mar 15 15:03:32 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:32 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:32 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:33 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 176
Authentic:  L<225>7<241><237><129>OPBN<198>Fz<165><243><19>
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message =
<1><7><1><165><21><0><1><4><1><136>4<20><131>}<1>0'0%<6><8>+<6><1><5><5><7><2><1><22><25>1.3.6.1.4.1.1076.20.509.10<14><6><3>U<29><15><1><1><255><4><4><3><2><1><6>0<31><6><3>U<29>#<4><24>0<22><128><20><173><27><192>A<15><227><134><23><227><6>(<180><2>K&<131><170><147><241><169>0<29><6><3>U<29><14><4><22><4><20><173><27><192>A<15><227><134><23><227><6>(<180><2>K&<131><170><147><241><169>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>C<199><3><23>'<130>U<177><131><170><26>1<236><225><31><233><29><144><173><212>[<241><198>j<137><202>p<172>_<221>M<180>#i<252><200><189><169><243>W<247>0&<169>9dLF<193><218><254><141><185><230><201><203><155>o<129><246>s<223><175><158><196>kCf<172>|J<232><213>!ut<186><208>Uiv<229>E1u<10><242><238>FL<253><22><143>[<16>$<6>
        EAP-Message =
<9><198><185><206><23>]<243><229><180>c<238><130>=kh<148>g:<251><209>z<225><15>N<182>_9d<248>I9X<183><217><227>*t<133>?p<155><8><201>tK<20><230><30>=<151><144><136><242>M"<177><174>*<245><152>d<241><131><171><147>v<233>c<158><251>v<235>#<181><214>6a<196><255><5><160><222><189>~<246>/<5>@<197>$<153><236><152>x%<22><149>G<217><165><229><149><221><188>owm<133><146><235><239><15><26><207><211>t_k<146><218><27><209><183>q<222>U<181><7><147><178>kg><254>O<8>6<250><13><253>
~o<215><179><16><128><4><153>zJ<251><186><160><222><163><195><186><245><22><3><1><0><4><14><0><0><0>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:34 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 177
Authentic:  <184><187><5><208><246><151>4<194>Jzo=<142><139><202><229>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
m<216>#<203><160><141><8>oH<164>5<158>^W<14>P
        EAP-Message =
<2><7><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130><0><128>i<253><207><20>E<215><170>TWb*<239><181><220><172><12><139><184><146>LRPW<223><243><153>nq<252>><0>1<234><179>:<153><14><227>DBS<30><210><207>$-1<225><152><174>o<130><17><172>g<241>D<13><232><226><229>p<130><255>b<28><173>><145><238><202>J<179><11>'.<202><8><136><195><236><227><31>bj<10>uGo5<21><192>}<202>c<241><170><244>x<28>X<231>3<222><151><173>G<19><169><9>8e[.<245><154><146>V<23><178>/<194><238><4><14>{<202>.<20><3><1><0><1><1><22><3><1><0>(5<2><245>e<225><15>H<253>&{,<242>+<201><13>E|<22><144>U<166><176><23>}c<240><195><146>E<175><17>l<231><4>P<252><29>Qnm
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:35 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:35 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:35 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:35 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:35 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:35 2006: DEBUG: Handling with EAP: code 2, 7, 200
Wed Mar 15 15:03:35 2006: DEBUG: Response type 21
Wed Mar 15 15:03:35 2006: DEBUG: EAP TTLS data, 8576, 7, 3
Wed Mar 15 15:03:35 2006: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Wed Mar 15 15:03:35 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:36 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:36 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:36 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 177
Authentic:  <184><187><5><208><246><151>4<194>Jzo=<142><139><202><229>
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message =
<1><8><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<129>T<176><228><179><132><214><232>Z<144><158><167><6><203><27><241>~<133><17><219><158><165>=<8><246>K<182>q<228><21><228>!=RZ+<167><205><225>I
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:39 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 178
Authentic:  I<208><188>%q<6>9<207><157>n<250><7><151>R<199><28>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
<136><185><230><188><253><139>6<184>6<203><194>k<194><201><207><161>
        EAP-Message =
<2><8><0>W<21><128><0><0><0>M<23><3><1><0>H<181>-<181><152><152><157><30><148><21><29>co<236>7<238><170><238>2<202><167>*MT<128><18><232><238><240>^X<202>"<179>^<9><11>^<194><220>:W<23><249><160><1><142><134><2><22>~K<21>nw8}Q<146><209>-:k<222>65<227><142><223><30><171>7v
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:39 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:39 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:39 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:39 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:39 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:39 2006: DEBUG: Handling with EAP: code 2, 8, 87
Wed Mar 15 15:03:40 2006: DEBUG: Response type 21
Wed Mar 15 15:03:40 2006: DEBUG: EAP TTLS data, 3, 8, 7
Wed Mar 15 15:03:40 2006: DEBUG: EAP TTLS inner authentication request
for m1234567 at utwente.nl
Wed Mar 15 15:03:40 2006: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  2<22><243>,<154>X<251><11><174>w<180><253><200>K<247><180>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        User-Password = <geheim>

Wed Mar 15 15:03:40 2006: DEBUG: EAP result: 1, No Handler for TTLS
inner authentication
Wed Mar 15 15:03:40 2006: DEBUG: AuthBy FILE result: REJECT, No Handler
for TTLS inner authentication
Wed Mar 15 15:03:40 2006: INFO: Access rejected for m1234567: No Handler
for TTLS inner authentication
Wed Mar 15 15:03:40 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Reject
Identifier: 178
Authentic:  I<208><188>%q<6>9<207><157>n<250><7><151>R<199><28>
Attributes:
        Class = "Inner-Auth=m1234567"
        Reply-Message = "Request Denied"





- --

Groeten,

Roel H.Hoek,
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
kmr SP 422, telefoon: 053 - 489 4598,  fax: 053 - 489 2383
e-mail: R.H.Hoek at UTwente.NL http://www.utwente.nl/itbe
Jabber/Googletalk: rhhoek at gmail.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEGEDjJwlRSGnYBcYRAmM+AJ43GPcp0X9NBF12PB87jczssR7OfwCg1myu
NZNwU8O06AY2zUJWrSyDCVU=
=uDrP
-----END PGP SIGNATURE-----

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list