(RADIATOR) error "No Handler for TTLS inner authentication" using ClientListSQL is this a general problem

Wed Mar 15 13:23:07 CST 2006

Hi,
I'm concerned about the comment about radiator being slow to start up
when you've got 600+ Access points and using ClientListSql. I'm planning
on rolling out wired dot1x auth over our campus and was going to use
ClientListSQL as a simple way of setting up all our HP switches as and
when we implement dot1X on them.
Anyone else using ClientListSqL with a large number of clients?
Alex

-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of R.H.Hoek
Sent: 15 March 2006 16:29
To: radiator at open.com.au
Subject: (RADIATOR) error "No Handler for TTLS inner authentication"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

We are (also) using Radiator for authenticatien wireless users with
EAP-TTLS. Because we have al lot of AccessPoints (600+), and including
the clients via ClientListSQL, Radiator takes too lang to start (5min),
I tried the next config. There is a Defaultclient with a special
identifier. In the appropriate Handler this identifier is checked with
the NAS-IP-Address. (in this case the fake range 10.10.108.0 ->
10.10.111.0) This range covers the AccessPoint IPrange.

<Client DEFAULT>
        Secret 1dr8ig
        Identifier WLANATUTDEFAULT-ID
</Client>

<Handler Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^10\.10\.10[89].*$|^10\.10\.11[01].*$/>
        # Stripoff de realm
        RewriteUsername s/^([^@]+).*/$1/
        # Stripoff leading whitespaces en zo
        RewriteUsername s/^\s*//
        # Stripoff trailing whitespaces en zo
        # Hook to set class-attrib when outerauth user is anonymous
        PreAuthHook file:"%D/hooks/anonymous.pl"
        <AuthBy FILE>
                Filename /etc/radiator/users-wlan
                EAPType TTLS

.
.
.
.
</Handler>

This config does not work. The whole EAP handshake works fine until the
inner-authentication then I get an error -> No Handler for TTLS inner
authentication. It looks like that with the last access-request packet,
the Handler lookup is done twice. The second lookup has no
NAS-IP-Address attribute, and the right handler is not found.

Is this a bug? Is there a way to solve this problem?
The same problem with V3.13 and V3.14.

- -----------------------------logging----:
Wed Mar 15 15:03:24 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 172
Authentic:  \4<20><201><210><233><193><203>7Pt<246>s<164><182><215>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
<31>:&<13>p<186><229><17><12>"<156><199><31>*<197><0>
        EAP-Message = <2><2><0><24><1>m1234567 at utwente.nl
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:24 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:24 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:24 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:24 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:25 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:25 2006: DEBUG: Handling with EAP: code 2, 2, 24
Wed Mar 15 15:03:25 2006: DEBUG: Response type 1
Wed Mar 15 15:03:25 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:25 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:25 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:25 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 172
Authentic:  \4<20><201><210><233><193><203>7Pt<246>s<164><182><215>
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message = <1><3><0><6><21>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:27 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 173
Authentic:  L<167><18><181><234>BP7<164><152><164> d<162>J<222>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
<221><211><131><180>z<30>A<156>m<139><19><219><128>&k<187>
        EAP-Message =
<2><3><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1><0><0><2><0>&
EI<142><185>C<205><155><250><12><243>2z<26><137>o<20><20><192><145>B<16>
<235><151>a0B<200><0><0><2><0><10><1><0>
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:27 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:27 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:27 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:27 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:27 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:27 2006: DEBUG: Handling with EAP: code 2, 3, 60
Wed Mar 15 15:03:28 2006: DEBUG: Response type 21
Wed Mar 15 15:03:28 2006: DEBUG: EAP TTLS data, 24576, 3, -1
Wed Mar 15 15:03:28 2006: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Wed Mar 15 15:03:28 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:28 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:28 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:28 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 173
Authentic:  L<167><18><181><234>BP7<164><152><164> d<162>J<222>
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message =
<1><4><4><10><21><192><0><0><13><159><22><3><1><0>J<2><0><0>F<3><1>D<24>
<30><176>*<244>*'<161>&\q<222><201>m<188>_<8>1<166><239><239><166><215><
159><12><16>#<0><0><0><0>
N<208><225>IX<137>U<254><183><160><168><136><161>$<247>}<157><195><238><
132>.<217><172><130><231>Y<13><10><235><4>><156><0><10><0><22><3><1><13>
B<11><0><13>><0><13>;<0><3><229>0<130><3><225>0<130><2><201><160><3><2><
1><2><2><16><22><H<214><216><159><11>,<27><27>6l<226><8>&<225>0<13><6><9
>*<134>H<134><247><13><1><1><5><5><0>0<129><144>1<11>0<9><6><3>U<4><6><1
9><2>NL1<28>0<26><6><3>U<4><10><19><19>Universiteit
Twente1(0&<6><3>U<4><11><19><31>UTwente Certification
Authority1$0"<6><9>*<134>H<134><247><13><1><9><1>
        EAP-Message =
<22><21>UTwente-CA at utwente.nl1<19>0<17><6><3>U<4><3><19><10>UTwente-CA0<
30><23><13>040105110221Z<23><13>090103200221Z0<129><168>1<11>0<9><6><3>U
<4><6><19><2>NL1<18>0<16><6><3>U<4><8><19><9>Overijsel1<17>0<15><6><3>U<
4><7><19><8>Enschede1<28>0<26><6><3>U<4><10><19><19>Universiteit
Twente1<13>0<11><6><3>U<4><11><19><4>ITBE1$0"<6><9>*<134>H<134><247><13>
<1><9><1><22><21>UTwente-CA at utwente.nl1<31>0<29><6><3>U<4><3><19><22>mei
ster.civ.utwente.nl0<129><159>0<13><6>
        EAP-Message =
<9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><12
9><129><0><221>*<205>()<8>O<128><168><154><140>w<176><190>C6<255><219><2
07><17><176><185>g<185><16><214>@g(<146>><176><30><140><245>5<166><6><22
6><180>Q<128><152><130><14><244>K<196><193>C<24><183><177>{<223><168>.m<
30><132>q<234>vG<144>,<17><205><153>_<240>n@<200><127><186>3|<255><186><
8><193>7m<213>{<30>{"<11>w<145><219><179><203>K<226>9<254><30><159><137>
}<247><214><249>H"H<178>k<9>#<166><19>N<137><182><131><201><157><170><23
2>(9<169>8<1><2><3><1><0><1><163><129><160>0<129><157>0<31><6><3>U<29>#<
4><24>0<22><128><20>j<138><250><14><238>6d<203>w<199><191><147>>0zK<136>
<159><187>r0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<11
><6><3>U<29><15><4><4><3><2><5><224>0<29><6><3>U<29><14><4><22><4><20>^1
<217>|<255><128><228>,<29><31><245><204><242>
        EAP-Message =
<250><27><218><174><212>6<204>09<6><3>U<29><31><4>2000.<160>,<160>*<134>
(http://ca.surfnet.nl:4470/UTwente-CA.crl0<13><6><9>*<134>H<134><247><13
><1><1><5><5><0><3><130><1><1><0>W<220><129><224>~l(<228><210><177><164>
<196>$S<174><186>2<202>:<129>a<24><148>3<30><216><202><254><245>nDS<236>
<199><153><247>]Ls<209><184><237>Y<233><210><138>?<208><179><226><213>%<
198>GA<154>
<201>^<225><191><16>U<249><26>:<27>dr<216>V<190><186>d[<160><209>O<157><
184>s<161><181><137><219>y<131><130>&<246>y<7>h<207>=Q<134>XV<181><162>+
<220><197><178>>X"<215><176>=<238><<135><156><5>Q<172>
7<188><136>$<137>e<242>1GB<243><14><30><246><177><2>;<25>i<152><148><250
>+<179><250><247><161><243><31><174>s<21>B]<19>=<134>e<251>I<244>W<226><
171>{<6>]~
        EAP-Message =
t6I<170><154><219><216><29><5><151><203>ut<1>P<175><207>4^S|'
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:29 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 174
Authentic:  3<226>h<179><174>Q<183><131>/x<9><185><243><23><211><10>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
<142>w<136><131><30>v<246><238>~<140>d/<143><127><232>y
        EAP-Message = <2><4><0><6><21><0>
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:29 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:29 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:29 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:29 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:29 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:29 2006: DEBUG: Handling with EAP: code 2, 4, 6
Wed Mar 15 15:03:29 2006: DEBUG: Response type 21
Wed Mar 15 15:03:29 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:30 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:30 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:30 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 174
Authentic:  3<226>h<179><174>Q<183><131>/x<9><185><243><23><211><10>
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message =
<1><5><4><6><21>@<234>nK<195><254>/3<146>1?<204><0><2>&Y%<199><158><216>
<8><149><194>;j!.<152><1><2><23>.<176><24><11><6><208>N<184><20>r<9><161
><215>(#<228><137>|7<187><178><208><15><245>x<15>Z<1><172><197><228><208
><4><143>S<181>c<0><4><163>0<130><4><159>0<130><3><135><160><3><2><1><2>
<2><17><0><210><234><7>k<134><143><12><186>}<172>=<189>y<173>!60<13><6><
9>*<134>H<134><247><13><1><1><5><5><0>0<129><141>1<11>0<9><6><3>U<4><6><
19><2>NL1<16>0<14><6><3>U<4><10><19><7>SURFnet1'0%<6><3>U<4><11><19><30>
Policy
Certification
Authority1%0#<6><9>*<134>H<134><247><13><1><9><1><22><22>SURFnet-PCA at sur
fnet.nl1<28>0<26><6><3>U<4><3><19><19>SURFn
        EAP-Message =
et-PCA-Root-CA0<30><23><13>030408191753Z<23><13>170420194748Z0<129><144>
1<11>0<9><6><3>U<4><6><19><2>NL1<28>0<26><6><3>U<4><10><19><19>Universit
eit
Twente1(0&<6><3>U<4><11><19><31>UTwente Certification
Authority1$0"<6><9>*<134>H<134><247><13><1><9><1><22><21>UTwente-CA at utwe
nte.nl1<19>0<17><6><3>U<4><3><19><10>UTwente-CA0<130><1>"0<13><6><9>*<13
4>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><
1><1><0><192><252><15><8><9><172>Ck<15>^<27><198><165><10>ia<220><194><4
><222><248>l<230><26><3><132><176>
        EAP-Message =
<241>Y7<144><22><221>+y%<182><1><215><128><234><167><244>6<203><149>k<19
5><174><162>6<159>E<169>;<232>m<221><187>x_<207><22><158>Yj<144>l<170><1
89>}<210><15><1><17>t-<170>Na^<202><129><19><241>ca<160>aT[<8>J?<174>:8v
<142>N<127>[<22><137>T+<141><149>!_<130><2><240><129><194><163><177><13>
<139><138><217><173><1>Ppiz<166>I<145><25><6><132>6<239>q<213><208><225>
<204><215><187><184>"0$u<137>h<27>V<16><171><199><156>$S<188><19><163><2
11><26><160>e:U<21><181><128><3><157>.|<222><177>tp<237><168><151><27>
<165>l<249><152><229><229><31><178>
<25><138><206>mZOWs<199><168>te<244><147><205><159><21><172><189><237><1
68>X<147><255><192>i}]<190><205><238>VjP<255><192>vL<174><241><30><181>K
<207><168>F<226>'<246><166>\:<9>8mnC<233><167>!<190>L<10>H9<2><3><1><0><
1><163><129><244>0<129><241>0<15><6><3>U<29><19><1><1><255><4><5>0
        EAP-Message = <3><1><1><255>0S<6><3>U<29>
<4>L0J0H<6><11>+<6><1><4><1><136>4<20><131>}<1>0907<6><8>+<6><1><5><5><7
><2><1><22>+https://ca.surfnet.nl:4430/PKI/PCA-CPS.html09<6><3>U<29><31>
<4>2000.<160>,<160>*<134>(http://ca.surfnet.nl:4470/UTwente-CA.crl0<14><
6><3>U<29><15><1><1><255><4><4><3><2><1><134>0<31><6><3>U<29>#<4><24>0<2
2><128><20><173><27><192>A<15><227><134><23><227><6>(<180><2>K&<131><170
><147><241><169>0<29><6><3>U<29><14><4><22><4><20>j<138><250><14><238>6d
<203>w<199><191><147>>0zK<136><159><187>r0<13><6><9>*<134>H<134><247><13
><1><1><5><5><0><3><130><1><1><0><16><147><240><159><139>
        EAP-Message =
2P<240>Y<255><240><11><192>W<0>"<243>2$<31><15><223><228>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:30 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 175
Authentic:  6<152><148><225><11><225>LOF<204><200><229>'<141><203>/
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator = h<169>|Q}<20><184>)__(nn<242><202>8
        EAP-Message = <2><5><0><6><21><0>
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:30 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:30 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:30 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:30 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:31 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:31 2006: DEBUG: Handling with EAP: code 2, 5, 6
Wed Mar 15 15:03:31 2006: DEBUG: Response type 21
Wed Mar 15 15:03:31 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:31 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:31 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:31 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 175
Authentic:  6<152><148><225><11><225>LOF<204><200><229>'<141><203>/
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message =
<1><6><4><6><21>@<214><212><30>+<168><4><246><231><158>E<162><215><146><
228>8c<152><1><29><168><201>t<241><175><161><251>g<147>;<171>?<207><229>
<26><228><216>c_<223>Y<147><136><25><224>C<134><154><135><6><228><167><2
20><204><24><150><226><3><193>T<152>H8<178>^<225><133><183><130>~<25><21
1><223>
<237><171><27>.`<236>z<127><17><134>MO:<137>zes<25>)<164><151><212><0><1
83><220><250>-J9<251><127><234>F<211><191><178><198>^o\&<241><166><184><
135>F<246>j4<15>q<132><246><216><188>k<143>ru{<249><189><9><224><147>7
F$<163>z<182><255><224><198><<253>zF<209><128><169><162><210>H<156><131>
<135>N<243><245><225>M<137>J<129><209><227><26><10><182>><221><5><199><1
49><222>6OjKc<11>8<3><211><16>n<31><24>>q<0><127><246>o<177><192>z<15><2
23>mB<208><132>L,O<235><192>G4<232><249>]<250>?xS<160><140>s<248>1M<144>
3<137><131><230><0><4><170>0<130><4><166>0<130><3><142><160><3><2>
        EAP-Message =
<1><2><2><17><0><248><244>Wq<161><181><252><216><19><31>9<135>QB<219><20
0>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><141>1<11>0<9><6>
<3>U<4><6><19><2>NL1<16>0<14><6><3>U<4><10><19><7>SURFnet1'0%<6><3>U<4><
11><19><30>Policy
Certification
Authority1%0#<6><9>*<134>H<134><247><13><1><9><1><22><22>SURFnet-PCA at sur
fnet.nl1<28>0<26><6><3>U<4><3><19><19>SURFnet-PCA-Root-CA0<30><23><13>03
0218215526Z<23><13>170424192002Z0<129><141>1<11>0<9><6><3>U<4><6><19><2>
NL1<16>0<14><6><3>U<4><10><19><7>SURFnet1'0%<6><3>U
        EAP-Message = <4><11><19><30>Policy Certification
Authority1%0#<6><9>*<134>H<134><247><13><1><9><1><22><22>SURFnet-PCA at sur
fnet.nl1<28>0<26><6><3>U<4><3><19><19>SURFnet-PCA-Root-CA0<130><1>"0<13>
<6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10
><2><130><1><1><0><144><234><179>E><198><169><140>d<220><227><237><252><
218><254><250><241><132>b3<5><244><148>\<255>)<182><246><160>vFe<231><14
5>N<239><127><20><207><188><228>[<170>-%<231><130>)l<213>i<230><239>L9<1
99><128>ph><253><150><222><208><155><197><228>a<183>K<3><2><179><21><2>&
<217><219><204>8<127><154><199><208><215><160><245><198><199><162><254><
31>>j*{<220><27>L<200>9<167><231>1<142><239>X<254>6E;J<156>[<158>gu
        EAP-Message =
L<26>"\<154><195>5<173>S<238><194><25>BF.#<212><165>J<226><240>;<160><13
7>7<129>)Y<143><210><193>^<206><128><12>_<13>"V<195>N<222><242><26><20><
209><184><239><136><129><238><214><220>Q<204>A[<134><254>9:Y.<146><20><1
48>z<232><153><250><153>ZD<236><213><235><0>b`<166><130><139><255><143><
19><6>T<213><245>F0<138><160><<154>#B<162><8>X<201><216><149>}<195><12><
193><18><193><255><24><212>r<162>t<204>Z<20>S<<24><229><212>0,<195><236>
<184>t<245><252>Q<235><163>6<224><214><225>u<2><3><1><0><1><163><129><25
4>0<129><251>0B<6><3>U<29><31><4>;0907<160>5<160>3<134>1http://ca.surfne
t.nl:4470/SURFnet-PCA-Root-CA.crl0<17><6><9>`<134>H<1><134><248>B<1><1><
4><4><3><2><0><7>0<15><6><3>U<29><19><1><1><255><4><5>0<3><1><1>
        EAP-Message = <255>0A<6><3>U<29> <4>:0806<6><11>+<6>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:31 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 176
Authentic:  L<225>7<241><237><129>OPBN<198>Fz<165><243><19>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
<149><20>1<156>-<223><15><160>Qma:<201><205>u~
        EAP-Message = <2><6><0><6><21><0>
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:32 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:32 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:32 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:32 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:32 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:32 2006: DEBUG: Handling with EAP: code 2, 6, 6
Wed Mar 15 15:03:32 2006: DEBUG: Response type 21
Wed Mar 15 15:03:32 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:32 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:32 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:33 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 176
Authentic:  L<225>7<241><237><129>OPBN<198>Fz<165><243><19>
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message =
<1><7><1><165><21><0><1><4><1><136>4<20><131>}<1>0'0%<6><8>+<6><1><5><5>
<7><2><1><22><25>1.3.6.1.4.1.1076.20.509.10<14><6><3>U<29><15><1><1><255
><4><4><3><2><1><6>0<31><6><3>U<29>#<4><24>0<22><128><20><173><27><192>A
<15><227><134><23><227><6>(<180><2>K&<131><170><147><241><169>0<29><6><3
>U<29><14><4><22><4><20><173><27><192>A<15><227><134><23><227><6>(<180><
2>K&<131><170><147><241><169>0<13><6><9>*<134>H<134><247><13><1><1><5><5
><0><3><130><1><1><0>C<199><3><23>'<130>U<177><131><170><26>1<236><225><
31><233><29><144><173><212>[<241><198>j<137><202>p<172>_<221>M<180>#i<25
2><200><189><169><243>W<247>0&<169>9dLF<193><218><254><141><185><230><20
1><203><155>o<129><246>s<223><175><158><196>kCf<172>|J<232><213>!ut<186>
<208>Uiv<229>E1u<10><242><238>FL<253><22><143>[<16>$<6>
        EAP-Message =
<9><198><185><206><23>]<243><229><180>c<238><130>=kh<148>g:<251><209>z<2
25><15>N<182>_9d<248>I9X<183><217><227>*t<133>?p<155><8><201>tK<20><230>
<30>=<151><144><136><242>M"<177><174>*<245><152>d<241><131><171><147>v<2
33>c<158><251>v<235>#<181><214>6a<196><255><5><160><222><189>~<246>/<5>@
<197>$<153><236><152>x%<22><149>G<217><165><229><149><221><188>owm<133><
146><235><239><15><26><207><211>t_k<146><218><27><209><183>q<222>U<181><
7><147><178>kg><254>O<8>6<250><13><253>
~o<215><179><16><128><4><153>zJ<251><186><160><222><163><195><186><245><
22><3><1><0><4><14><0><0><0>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:34 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 177
Authentic:  <184><187><5><208><246><151>4<194>Jzo=<142><139><202><229>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
m<216>#<203><160><141><8>oH<164>5<158>^W<14>P
        EAP-Message =
<2><7><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130><0
><128>i<253><207><20>E<215><170>TWb*<239><181><220><172><12><139><184><1
46>LRPW<223><243><153>nq<252>><0>1<234><179>:<153><14><227>DBS<30><210><
207>$-1<225><152><174>o<130><17><172>g<241>D<13><232><226><229>p<130><25
5>b<28><173>><145><238><202>J<179><11>'.<202><8><136><195><236><227><31>
bj<10>uGo5<21><192>}<202>c<241><170><244>x<28>X<231>3<222><151><173>G<19
><169><9>8e[.<245><154><146>V<23><178>/<194><238><4><14>{<202>.<20><3><1
><0><1><1><22><3><1><0>(5<2><245>e<225><15>H<253>&{,<242>+<201><13>E|<22
><144>U<166><176><23>}c<240><195><146>E<175><17>l<231><4>P<252><29>Qnm
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:35 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:35 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:35 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:35 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:35 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:35 2006: DEBUG: Handling with EAP: code 2, 7, 200
Wed Mar 15 15:03:35 2006: DEBUG: Response type 21
Wed Mar 15 15:03:35 2006: DEBUG: EAP TTLS data, 8576, 7, 3
Wed Mar 15 15:03:35 2006: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Wed Mar 15 15:03:35 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
Wed Mar 15 15:03:36 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
Challenge
Wed Mar 15 15:03:36 2006: DEBUG: Access challenged for m1234567: EAP
TTLS Challenge
Wed Mar 15 15:03:36 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Challenge
Identifier: 177
Authentic:  <184><187><5><208><246><151>4<194>Jzo=<142><139><202><229>
Attributes:
        Class = "Inner-Auth=m1234567"
        EAP-Message =
<1><8><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<129>T<176
><228><179><132><214><232>Z<144><158><167><6><203><27><241>~<133><17><21
9><158><165>=<8><246>K<182>q<228><21><228>!=RZ+<167><205><225>I
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Mar 15 15:03:39 2006: DEBUG: Packet dump:
*** Received from 10.10.110.218 port 1645 ....
Code:       Access-Request
Identifier: 178
Authentic:  I<208><188>%q<6>9<207><157>n<250><7><151>R<199><28>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        Framed-MTU = 1400
        Called-Station-Id = "0014.a8a1.4780"
        Calling-Station-Id = "0002.8a48.e0a5"
        Service-Type = Login-User
        Message-Authenticator =
<136><185><230><188><253><139>6<184>6<203><194>k<194><201><207><161>
        EAP-Message =
<2><8><0>W<21><128><0><0><0>M<23><3><1><0>H<181>-<181><152><152><157><30
><148><21><29>co<236>7<238><170><238>2<202><167>*MT<128><18><232><238><2
40>^X<202>"<179>^<9><11>^<194><220>:W<23><249><160><1><142><134><2><22>~
K<21>nw8}Q<146><209>-:k<222>65<227><142><223><30><171>7v
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 296
        NAS-IP-Address = 10.10.110.218
        NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"

Wed Mar 15 15:03:39 2006: DEBUG: Handling request with Handler
'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
Wed Mar 15 15:03:39 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:39 2006: DEBUG: Rewrote user name to m1234567
Wed Mar 15 15:03:39 2006: DEBUG: Username m1234567 added to reply
Wed Mar 15 15:03:39 2006: DEBUG: Handling with Radius::AuthFILE:
Wed Mar 15 15:03:39 2006: DEBUG: Handling with EAP: code 2, 8, 87
Wed Mar 15 15:03:40 2006: DEBUG: Response type 21
Wed Mar 15 15:03:40 2006: DEBUG: EAP TTLS data, 3, 8, 7
Wed Mar 15 15:03:40 2006: DEBUG: EAP TTLS inner authentication request
for m1234567 at utwente.nl
Wed Mar 15 15:03:40 2006: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  2<22><243>,<154>X<251><11><174>w<180><253><200>K<247><180>
Attributes:
        User-Name = "m1234567 at utwente.nl"
        User-Password = <geheim>

Wed Mar 15 15:03:40 2006: DEBUG: EAP result: 1, No Handler for TTLS
inner authentication
Wed Mar 15 15:03:40 2006: DEBUG: AuthBy FILE result: REJECT, No Handler
for TTLS inner authentication
Wed Mar 15 15:03:40 2006: INFO: Access rejected for m1234567: No Handler
for TTLS inner authentication
Wed Mar 15 15:03:40 2006: DEBUG: Packet dump:
*** Sending to 10.10.110.218 port 1645 ....
Code:       Access-Reject
Identifier: 178
Authentic:  I<208><188>%q<6>9<207><157>n<250><7><151>R<199><28>
Attributes:
        Class = "Inner-Auth=m1234567"
        Reply-Message = "Request Denied"

- --

Groeten,

Roel H.Hoek,
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
kmr SP 422, telefoon: 053 - 489 4598,  fax: 053 - 489 2383
e-mail: R.H.Hoek at UTwente.NL http://www.utwente.nl/itbe
Jabber/Googletalk: rhhoek at gmail.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEGEDjJwlRSGnYBcYRAmM+AJ43GPcp0X9NBF12PB87jczssR7OfwCg1myu
NZNwU8O06AY2zUJWrSyDCVU=
=uDrP
-----END PGP SIGNATURE-----

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.