(RADIATOR) error "No Handler for TTLS inner authentication"
Hugh Irvine
hugh at open.com.au
Wed Mar 15 15:12:40 CST 2006
Hello Roel -
Thanks for your mail.
As you can see from the debug, the NAS-IP-Address is not passed in
the inner request by default.
If you want to add any attribute to the inner request you need to use
a PreHandlerHook in the outer AuthBy clause.
You can add the following in a file called "nas.pl" in your %D
directory:
sub
{
my $p = ${$_[0]};
my $outer = $p->{outerRequest};
my $nas = $outer->get_attr('NAS-IP-Address');
$p->add_attr('NAS-IP-Address', $nas);
&main::log($main::LOG_DEBUG, "NAS-IP-Address = $nas");
return;
}
Then use this in your configuration file:
<AuthBy FILE>
.....
PreHandlerHook file:"nas.pl"
.....
</AuthBy>
I haven't tested the above, but you should get the idea.
hope that helps
regards
Hugh
On 16 Mar 2006, at 03:29, R.H.Hoek wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
> We are (also) using Radiator for authenticatien wireless users with
> EAP-TTLS. Because we have al lot of AccessPoints (600+), and including
> the clients via ClientListSQL, Radiator takes too lang to start
> (5min),
> I tried the next config. There is a Defaultclient with a special
> identifier. In the appropriate Handler this identifier is checked with
> the NAS-IP-Address. (in this case the fake range 10.10.108.0 ->
> 10.10.111.0) This range covers the AccessPoint IPrange.
>
> <Client DEFAULT>
> Secret 1dr8ig
> Identifier WLANATUTDEFAULT-ID
> </Client>
>
> <Handler Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
> NAS-IP-Address = /^10\.10\.10[89].*$|^10\.10\.11[01].*$/>
> # Stripoff de realm
> RewriteUsername s/^([^@]+).*/$1/
> # Stripoff leading whitespaces en zo
> RewriteUsername s/^\s*//
> # Stripoff trailing whitespaces en zo
> # Hook to set class-attrib when outerauth user is anonymous
> PreAuthHook file:"%D/hooks/anonymous.pl"
> <AuthBy FILE>
> Filename /etc/radiator/users-wlan
> EAPType TTLS
>
> .
> .
> .
> .
> </Handler>
>
> This config does not work. The whole EAP handshake works fine until
> the
> inner-authentication then I get an error -> No Handler for TTLS inner
> authentication. It looks like that with the last access-request
> packet,
> the Handler lookup is done twice. The second lookup has no
> NAS-IP-Address attribute, and the right handler is not found.
>
> Is this a bug? Is there a way to solve this problem?
> The same problem with V3.13 and V3.14.
>
> - -----------------------------logging----:
> Wed Mar 15 15:03:24 2006: DEBUG: Packet dump:
> *** Received from 10.10.110.218 port 1645 ....
> Code: Access-Request
> Identifier: 172
> Authentic: \4<20><201><210><233><193><203>7Pt<246>s<164><182><215>
> Attributes:
> User-Name = "m1234567 at utwente.nl"
> Framed-MTU = 1400
> Called-Station-Id = "0014.a8a1.4780"
> Calling-Station-Id = "0002.8a48.e0a5"
> Service-Type = Login-User
> Message-Authenticator =
> <31>:&<13>p<186><229><17><12>"<156><199><31>*<197><0>
> EAP-Message = <2><2><0><24><1>m1234567 at utwente.nl
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 296
> NAS-IP-Address = 10.10.110.218
> NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"
>
> Wed Mar 15 15:03:24 2006: DEBUG: Handling request with Handler
> 'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
> NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
> Wed Mar 15 15:03:24 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:24 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:24 2006: DEBUG: Username m1234567 added to reply
> Wed Mar 15 15:03:25 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Mar 15 15:03:25 2006: DEBUG: Handling with EAP: code 2, 2, 24
> Wed Mar 15 15:03:25 2006: DEBUG: Response type 1
> Wed Mar 15 15:03:25 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Mar 15 15:03:25 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Wed Mar 15 15:03:25 2006: DEBUG: Access challenged for m1234567: EAP
> TTLS Challenge
> Wed Mar 15 15:03:25 2006: DEBUG: Packet dump:
> *** Sending to 10.10.110.218 port 1645 ....
> Code: Access-Challenge
> Identifier: 172
> Authentic: \4<20><201><210><233><193><203>7Pt<246>s<164><182><215>
> Attributes:
> Class = "Inner-Auth=m1234567"
> EAP-Message = <1><3><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Mar 15 15:03:27 2006: DEBUG: Packet dump:
> *** Received from 10.10.110.218 port 1645 ....
> Code: Access-Request
> Identifier: 173
> Authentic: L<167><18><181><234>BP7<164><152><164> d<162>J<222>
> Attributes:
> User-Name = "m1234567 at utwente.nl"
> Framed-MTU = 1400
> Called-Station-Id = "0014.a8a1.4780"
> Calling-Station-Id = "0002.8a48.e0a5"
> Service-Type = Login-User
> Message-Authenticator =
> <221><211><131><180>z<30>A<156>m<139><19><219><128>&k<187>
> EAP-Message =
> <2><3><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)
> <3><1><0><0><2><0>&EI<142><185>C<205><155><250><12><243>2z<26><137>o<2
> 0><20><192><145>B<16><235><151>a0B<200><0><0><2><0><10><1><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 296
> NAS-IP-Address = 10.10.110.218
> NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"
>
> Wed Mar 15 15:03:27 2006: DEBUG: Handling request with Handler
> 'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
> NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
> Wed Mar 15 15:03:27 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:27 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:27 2006: DEBUG: Username m1234567 added to reply
> Wed Mar 15 15:03:27 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Mar 15 15:03:27 2006: DEBUG: Handling with EAP: code 2, 3, 60
> Wed Mar 15 15:03:28 2006: DEBUG: Response type 21
> Wed Mar 15 15:03:28 2006: DEBUG: EAP TTLS data, 24576, 3, -1
> Wed Mar 15 15:03:28 2006: DEBUG: EAP TLS SSL_accept result: -1, 2,
> 8576
> Wed Mar 15 15:03:28 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Mar 15 15:03:28 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Wed Mar 15 15:03:28 2006: DEBUG: Access challenged for m1234567: EAP
> TTLS Challenge
> Wed Mar 15 15:03:28 2006: DEBUG: Packet dump:
> *** Sending to 10.10.110.218 port 1645 ....
> Code: Access-Challenge
> Identifier: 173
> Authentic: L<167><18><181><234>BP7<164><152><164> d<162>J<222>
> Attributes:
> Class = "Inner-Auth=m1234567"
> EAP-Message =
> <1><4><4><10><21><192><0><0><13><159><22><3><1><0>J<2><0><0>F<3><1>D<2
> 4><30><176>*<244>*'<161>&
> \q<222><201>m<188>_<8>1<166><239><239><166><215><159><12><16>#<0><0><0
> ><0>
> N<208><225>IX<137>U<254><183><160><168><136><161>$<247>}
> <157><195><238><132>.<217><172><130><231>Y<13><10><235><4>><156><0><10
> ><0><22><3><1><13>B<11><0><13>><0><13>;<0><3><229>0<130><3><225>0<130>
> <2><201><160><3><2><1><2><2><16><22><H<214><216><159><11>,<27><27>6l<2
> 26><8>&<225>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><144>
> 1<11>0<9><6><3>U<4><6><19><2>NL1<28>0<26><6><3>U<4><10><19><19>Univers
> iteit
> Twente1(0&<6><3>U<4><11><19><31>UTwente Certification
> Authority1$0"<6><9>*<134>H<134><247><13><1><9><1>
> EAP-Message =
> <22><21>UTwente-CA at utwente.nl1<19>0<17><6><3>U<4><3><19><10>UTwente-
> CA0<30><23><13>040105110221Z<23><13>090103200221Z0<129><168>1<11>0<9><
> 6><3>U<4><6><19><2>NL1<18>0<16><6><3>U<4><8><19><9>Overijsel1<17>0<15>
> <6><3>U<4><7><19><8>Enschede1<28>0<26><6><3>U<4><10><19><19>Universite
> it
> Twente1<13>0<11><6><3>U<4><11><19><4>ITBE1
> $0"<6><9>*<134>H<134><247><13><1><9><1><22><21>UTwente-
> CA at utwente.nl1<31>0<29><6><3>U<4><3><19><22>meister.civ.utwente.nl0<12
> 9><159>0<13><6>
> EAP-Message =
> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><
> 129><129><0><221>*<205>()
> <8>O<128><168><154><140>w<176><190>C6<255><219><207><17><176><185>g<18
> 5><16><214>@g
> (<146>><176><30><140><245>5<166><6><226><180>Q<128><152><130><14><244>
> K<196><193>C<24><183><177>
> {<223><168>.m<30><132>q<234>vG<144>,<17><205><153>_<240>n@<200><127><1
> 86>3|<255><186><8><193>7m<213>{<30>
> {"<11>w<145><219><179><203>K<226>9<254><30><159><137>}
> <247><214><249>H"H<178>k<9>#<166><19>N<137><182><131><201><157><170><2
> 32>
> (9<169>8<1><2><3><1><0><1><163><129><160>0<129><157>0<31><6><3>U<29>#<
> 4><24>0<22><128><20>j<138><250><14><238>6d<203>w<199><191><147>>0zK<13
> 6><159><187>r0<19><6><3>U<29>%<4><12>0<10><6><8>
> +<6><1><5><5><7><3><1>0<11><6><3>U<29><15><4><4><3><2><5><224>0<29><6>
> <3>U<29><14><4><22><4><20>^1<217>|
> <255><128><228>,<29><31><245><204><242>
> EAP-Message =
> <250><27><218><174><212>6<204>09<6><3>U<29><31><4>2000.<160>,<160>*<13
> 4>(http://ca.surfnet.nl:4470/UTwente-
> CA.crl0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>
> W<220><129><224>~l(<228><210><177><164><196>
> $S<174><186>2<202>:<129>a<24><148>3<30><216><202><254><245>nDS<236><19
> 9><153><247>]Ls<209><184><237>Y<233><210><138>?<208><179><226><213>%
> <198>GA<154>
> <201>^<225><191><16>U<249><26>:<27>dr<216>V<190><186>d
> [<160><209>O<157><184>s<161><181><137><219>y<131><130>&<246>y<7>h<207>
> =Q<134>XV<181><162>
> +<220><197><178>>X"<215><176>=<238><<135><156><5>Q<172>
> 7<188><136>
> $<137>e<242>1GB<243><14><30><246><177><2>;<25>i<152><148><250>
> +<179><250><247><161><243><31><174>s<21>B]
> <19>=<134>e<251>I<244>W<226><171>{<6>]~
> EAP-Message =
> t6I<170><154><219><216><29><5><151><203>ut<1>P<175><207>4^S|'
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Mar 15 15:03:29 2006: DEBUG: Packet dump:
> *** Received from 10.10.110.218 port 1645 ....
> Code: Access-Request
> Identifier: 174
> Authentic: 3<226>h<179><174>Q<183><131>/x<9><185><243><23><211><10>
> Attributes:
> User-Name = "m1234567 at utwente.nl"
> Framed-MTU = 1400
> Called-Station-Id = "0014.a8a1.4780"
> Calling-Station-Id = "0002.8a48.e0a5"
> Service-Type = Login-User
> Message-Authenticator =
> <142>w<136><131><30>v<246><238>~<140>d/<143><127><232>y
> EAP-Message = <2><4><0><6><21><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 296
> NAS-IP-Address = 10.10.110.218
> NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"
>
> Wed Mar 15 15:03:29 2006: DEBUG: Handling request with Handler
> 'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
> NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
> Wed Mar 15 15:03:29 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:29 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:29 2006: DEBUG: Username m1234567 added to reply
> Wed Mar 15 15:03:29 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Mar 15 15:03:29 2006: DEBUG: Handling with EAP: code 2, 4, 6
> Wed Mar 15 15:03:29 2006: DEBUG: Response type 21
> Wed Mar 15 15:03:29 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Mar 15 15:03:30 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Wed Mar 15 15:03:30 2006: DEBUG: Access challenged for m1234567: EAP
> TTLS Challenge
> Wed Mar 15 15:03:30 2006: DEBUG: Packet dump:
> *** Sending to 10.10.110.218 port 1645 ....
> Code: Access-Challenge
> Identifier: 174
> Authentic: 3<226>h<179><174>Q<183><131>/x<9><185><243><23><211><10>
> Attributes:
> Class = "Inner-Auth=m1234567"
> EAP-Message =
> <1><5><4><6><21>@<234>nK<195><254>/3<146>1?<204><0><2>&Y%
> <199><158><216><8><149><194>;j!.<152><1><2><23>.<176><24><11><6><208>N
> <184><20>r<9><161><215>(#<228><137>|
> 7<187><178><208><15><245>x<15>Z<1><172><197><228><208><4><143>S<181>c<
> 0><4><163>0<130><4><159>0<130><3><135><160><3><2><1><2><2><17><0><210>
> <234><7>k<134><143><12><186>}<172>=<189>y<173>!
> 60<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><141>1<11>0<9><6
> ><3>U<4><6><19><2>NL1<16>0<14><6><3>U<4><10><19><7>SURFnet1'0%
> <6><3>U<4><11><19><30>Policy
> Certification
> Authority1%0#<6><9>*<134>H<134><247><13><1><9><1><22><22>SURFnet-
> PCA at surfnet.nl1<28>0<26><6><3>U<4><3><19><19>SURFn
> EAP-Message =
> et-PCA-Root-
> CA0<30><23><13>030408191753Z<23><13>170420194748Z0<129><144>1<11>0<9><
> 6><3>U<4><6><19><2>NL1<28>0<26><6><3>U<4><10><19><19>Universiteit
> Twente1(0&<6><3>U<4><11><19><31>UTwente Certification
> Authority1$0"<6><9>*<134>H<134><247><13><1><9><1><22><21>UTwente-
> CA at utwente.nl1<19>0<17><6><3>U<4><3><19><10>UTwente-
> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1>
> <15><0>0<130><1><10><2><130><1><1><0><192><252><15><8><9><172>Ck<15>^<
> 27><198><165><10>ia<220><194><4><222><248>l<230><26><3><132><176>
> EAP-Message =
> <241>Y7<144><22><221>+y%
> <182><1><215><128><234><167><244>6<203><149>k<195><174><162>6<159>E<16
> 9>;<232>m<221><187>x_<207><22><158>Yj<144>l<170><189>}
> <210><15><1><17>t-<170>Na^<202><129><19><241>ca<160>aT[<8>J?<174>:
> 8v<142>N<127>[<22><137>T+<141><149>!
> _<130><2><240><129><194><163><177><13><139><138><217><173><1>Ppiz<166>
> I<145><25><6><132>6<239>q<213><208><225><204><215><187><184>"0
> $u<137>h<27>V<16><171><199><156>
> $S<188><19><163><211><26><160>e:U<21><181><128><3><157>.|
> <222><177>tp<237><168><151><27>
> <165>l<249><152><229><229><31><178>
> <25><138><206>mZOWs<199><168>te<244><147><205><159><21><172><189><237>
> <168>X<147><255><192>i}]
> <190><205><238>VjP<255><192>vL<174><241><30><181>K<207><168>F<226>'<24
> 6><166>\:<9>8mnC<233><167>!
> <190>L<10>H9<2><3><1><0><1><163><129><244>0<129><241>0<15><6><3>U<29><
> 19><1><1><255><4><5>0
> EAP-Message = <3><1><1><255>0S<6><3>U<29>
> <4>L0J0H<6><11>+<6><1><4><1><136>4<20><131>}<1>0907<6><8>
> +<6><1><5><5><7><2><1><22>+https://ca.surfnet.nl:4430/PKI/PCA-
> CPS.html09<6><3>U<29><31><4>2000.<160>,<160>*<134>(http://
> ca.surfnet.nl:4470/UTwente-
> CA.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><1><134>0<31><6><3>U<
> 29>#<4><24>0<22><128><20><173><27><192>A<15><227><134><23><227><6>
> (<180><2>K&<131><170><147><241><169>0<29><6><3>U<29><14><4><22><4><20>
> j<138><250><14><238>6d<203>w<199><191><147>>0zK<136><159><187>r0<13><6
> ><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><16><147><240
> ><159><139>
> EAP-Message =
> 2P<240>Y<255><240><11><192>W<0>"<243>2$<31><15><223><228>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Mar 15 15:03:30 2006: DEBUG: Packet dump:
> *** Received from 10.10.110.218 port 1645 ....
> Code: Access-Request
> Identifier: 175
> Authentic: 6<152><148><225><11><225>LOF<204><200><229>'<141><203>/
> Attributes:
> User-Name = "m1234567 at utwente.nl"
> Framed-MTU = 1400
> Called-Station-Id = "0014.a8a1.4780"
> Calling-Station-Id = "0002.8a48.e0a5"
> Service-Type = Login-User
> Message-Authenticator = h<169>|Q}<20><184>)__(nn<242><202>8
> EAP-Message = <2><5><0><6><21><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 296
> NAS-IP-Address = 10.10.110.218
> NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"
>
> Wed Mar 15 15:03:30 2006: DEBUG: Handling request with Handler
> 'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
> NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
> Wed Mar 15 15:03:30 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:30 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:30 2006: DEBUG: Username m1234567 added to reply
> Wed Mar 15 15:03:31 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Mar 15 15:03:31 2006: DEBUG: Handling with EAP: code 2, 5, 6
> Wed Mar 15 15:03:31 2006: DEBUG: Response type 21
> Wed Mar 15 15:03:31 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Mar 15 15:03:31 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Wed Mar 15 15:03:31 2006: DEBUG: Access challenged for m1234567: EAP
> TTLS Challenge
> Wed Mar 15 15:03:31 2006: DEBUG: Packet dump:
> *** Sending to 10.10.110.218 port 1645 ....
> Code: Access-Challenge
> Identifier: 175
> Authentic: 6<152><148><225><11><225>LOF<204><200><229>'<141><203>/
> Attributes:
> Class = "Inner-Auth=m1234567"
> EAP-Message =
> <1><6><4><6><21>@<214><212><30>
> +<168><4><246><231><158>E<162><215><146><228>8c<152><1><29><168><201>t
> <241><175><161><251>g<147>;<171>?
> <207><229><26><228><216>c_<223>Y<147><136><25><224>C<134><154><135><6>
> <228><167><220><204><24><150><226><3><193>T<152>H8<178>^<225><133><183
> ><130>~<25><211><223>
> <237><171><27>.`<236>z<127><17><134>MO:<137>zes<25>)
> <164><151><212><0><183><220><250>-
> J9<251><127><234>F<211><191><178><198>^o
> \&<241><166><184><135>F<246>j4<15>q<132><246><216><188>k<143>ru
> {<249><189><9><224><147>7
> F
> $<163>z<182><255><224><198><<253>zF<209><128><169><162><210>H<156><131
> ><135>N<243><245><225>M<137>J<129><209><227><26><10><182>><221><5><199
> ><149><222>6OjKc<11>8<3><211><16>n<31><24>>q<0><127><246>o<177><192>z<
> 15><223>mB<208><132>L,O<235><192>G4<232><249>]<250>?
> xS<160><140>s<248>1M<144>3<137><131><230><0><4><170>0<130><4><166>0<13
> 0><3><142><160><3><2>
> EAP-Message =
> <1><2><2><17><0><248><244>Wq<161><181><252><216><19><31>9<135>QB<219><
> 200>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><141>1<11>0<9
> ><6><3>U<4><6><19><2>NL1<16>0<14><6><3>U<4><10><19><7>SURFnet1'0%
> <6><3>U<4><11><19><30>Policy
> Certification
> Authority1%0#<6><9>*<134>H<134><247><13><1><9><1><22><22>SURFnet-
> PCA at surfnet.nl1<28>0<26><6><3>U<4><3><19><19>SURFnet-PCA-Root-
> CA0<30><23><13>030218215526Z<23><13>170424192002Z0<129><141>1<11>0<9><
> 6><3>U<4><6><19><2>NL1<16>0<14><6><3>U<4><10><19><7>SURFnet1'0%<6><3>U
> EAP-Message = <4><11><19><30>Policy Certification
> Authority1%0#<6><9>*<134>H<134><247><13><1><9><1><22><22>SURFnet-
> PCA at surfnet.nl1<28>0<26><6><3>U<4><3><19><19>SURFnet-PCA-Root-
> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1>
> <15><0>0<130><1><10><2><130><1><1><0><144><234><179>E><198><169><140>d
> <220><227><237><252><218><254><250><241><132>b3<5><244><148>\<255>)
> <182><246><160>vFe<231><145>N<239><127><20><207><188><228>[<170>-%
> <231><130>)
> l<213>i<230><239>L9<199><128>ph><253><150><222><208><155><197><228>a<1
> 83>K<3><2><179><21><2>&<217><219><204>8<127><154><199><208><215><160><
> 245><198><199><162><254><31>>j*
> {<220><27>L<200>9<167><231>1<142><239>X<254>6E;J<156>[<158>gu
> EAP-Message =
> L<26>"\<154><195>5<173>S<238><194><25>BF.#<212><165>J<226><240>;<160><
> 137>7<129>)
> Y<143><210><193>^<206><128><12>_<13>"V<195>N<222><242><26><20><209><18
> 4><239><136><129><238><214><220>Q<204>A
> [<134><254>9:Y.<146><20><148>z<232><153><250><153>ZD<236><213><235><0>
> b`<166><130><139><255><143><19><6>T<213><245>F0<138><160><<154>#B<162>
> <8>X<201><216><149>}
> <195><12><193><18><193><255><24><212>r<162>t<204>Z<20>S<<24><229><212>
> 0,<195><236><184>t<245><252>Q<235><163>6<224><214><225>u<2><3><1><0><1
> ><163><129><254>0<129><251>0B<6><3>U<29><31><4>;
> 0907<160>5<160>3<134>1http://ca.surfnet.nl:4470/SURFnet-PCA-Root-
> CA.crl0<17><6><9>`<134>H<1><134><248>B<1><1><4><4><3><2><0><7>0<15><6>
> <3>U<29><19><1><1><255><4><5>0<3><1><1>
> EAP-Message = <255>0A<6><3>U<29> <4>:0806<6><11>+<6>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Mar 15 15:03:31 2006: DEBUG: Packet dump:
> *** Received from 10.10.110.218 port 1645 ....
> Code: Access-Request
> Identifier: 176
> Authentic: L<225>7<241><237><129>OPBN<198>Fz<165><243><19>
> Attributes:
> User-Name = "m1234567 at utwente.nl"
> Framed-MTU = 1400
> Called-Station-Id = "0014.a8a1.4780"
> Calling-Station-Id = "0002.8a48.e0a5"
> Service-Type = Login-User
> Message-Authenticator =
> <149><20>1<156>-<223><15><160>Qma:<201><205>u~
> EAP-Message = <2><6><0><6><21><0>
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 296
> NAS-IP-Address = 10.10.110.218
> NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"
>
> Wed Mar 15 15:03:32 2006: DEBUG: Handling request with Handler
> 'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
> NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
> Wed Mar 15 15:03:32 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:32 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:32 2006: DEBUG: Username m1234567 added to reply
> Wed Mar 15 15:03:32 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Mar 15 15:03:32 2006: DEBUG: Handling with EAP: code 2, 6, 6
> Wed Mar 15 15:03:32 2006: DEBUG: Response type 21
> Wed Mar 15 15:03:32 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Mar 15 15:03:32 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Wed Mar 15 15:03:32 2006: DEBUG: Access challenged for m1234567: EAP
> TTLS Challenge
> Wed Mar 15 15:03:33 2006: DEBUG: Packet dump:
> *** Sending to 10.10.110.218 port 1645 ....
> Code: Access-Challenge
> Identifier: 176
> Authentic: L<225>7<241><237><129>OPBN<198>Fz<165><243><19>
> Attributes:
> Class = "Inner-Auth=m1234567"
> EAP-Message =
> <1><7><1><165><21><0><1><4><1><136>4<20><131>}<1>0'0%<6><8>
> +<6><1><5><5><7><2><1><22><25>1.3.6.1.4.1.1076.20.509.10<14><6><3>U<29
> ><15><1><1><255><4><4><3><2><1><6>0<31><6><3>U<29>#<4><24>0<22><128><2
> 0><173><27><192>A<15><227><134><23><227><6>
> (<180><2>K&<131><170><147><241><169>0<29><6><3>U<29><14><4><22><4><20>
> <173><27><192>A<15><227><134><23><227><6>
> (<180><2>K&<131><170><147><241><169>0<13><6><9>*<134>H<134><247><13><1
> ><1><5><5><0><3><130><1><1><0>C<199><3><23>'<130>U<177><131><170><26>1
> <236><225><31><233><29><144><173><212>
> [<241><198>j<137><202>p<172>_<221>M<180>#i<252><200><189><169><243>W<2
> 47>0&<169>9dLF<193><218><254><141><185><230><201><203><155>o<129><246>
> s<223><175><158><196>kCf<172>|J<232><213>!
> ut<186><208>Uiv<229>E1u<10><242><238>FL<253><22><143>[<16>$<6>
> EAP-Message =
> <9><198><185><206><23>]
> <243><229><180>c<238><130>=kh<148>g:<251><209>z<225><15>N<182>_9d<248>
> I9X<183><217><227>*t<133>?
> p<155><8><201>tK<20><230><30>=<151><144><136><242>M"<177><174>*<245><1
> 52>d<241><131><171><147>v<233>c<158><251>v<235>#<181><214>6a<196><255>
> <5><160><222><189>~<246>/<5>@<197>$<153><236><152>x%
> <22><149>G<217><165><229><149><221><188>owm<133><146><235><239><15><26
> ><207><211>t_k<146><218><27><209><183>q<222>U<181><7><147><178>kg><254
> >O<8>6<250><13><253>
> ~o<215><179><16><128><4><153>zJ<251><186><160><222><163><195><186><245
> ><22><3><1><0><4><14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Mar 15 15:03:34 2006: DEBUG: Packet dump:
> *** Received from 10.10.110.218 port 1645 ....
> Code: Access-Request
> Identifier: 177
> Authentic: <184><187><5><208><246><151>4<194>Jzo=<142><139><202><229>
> Attributes:
> User-Name = "m1234567 at utwente.nl"
> Framed-MTU = 1400
> Called-Station-Id = "0014.a8a1.4780"
> Calling-Station-Id = "0002.8a48.e0a5"
> Service-Type = Login-User
> Message-Authenticator =
> m<216>#<203><160><141><8>oH<164>5<158>^W<14>P
> EAP-Message =
> <2><7><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130>
> <0><128>i<253><207><20>E<215><170>TWb*<239><181><220><172><12><139><18
> 4><146>LRPW<223><243><153>nq<252>><0>1<234><179>:<153><14><227>DBS<30>
> <210><207>
> $-1<225><152><174>o<130><17><172>g<241>D<13><232><226><229>p<130><255>
> b<28><173>><145><238><202>J<179><11>'.<202><8><136><195><236><227><31>
> bj<10>uGo5<21><192>}
> <202>c<241><170><244>x<28>X<231>3<222><151><173>G<19><169><9>8e
> [.<245><154><146>V<23><178>/<194><238><4><14>
> {<202>.<20><3><1><0><1><1><22><3><1><0>(5<2><245>e<225><15>H<253>&
> {,<242>+<201><13>E|<22><144>U<166><176><23>}
> c<240><195><146>E<175><17>l<231><4>P<252><29>Qnm
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 296
> NAS-IP-Address = 10.10.110.218
> NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"
>
> Wed Mar 15 15:03:35 2006: DEBUG: Handling request with Handler
> 'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
> NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
> Wed Mar 15 15:03:35 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:35 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:35 2006: DEBUG: Username m1234567 added to reply
> Wed Mar 15 15:03:35 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Mar 15 15:03:35 2006: DEBUG: Handling with EAP: code 2, 7, 200
> Wed Mar 15 15:03:35 2006: DEBUG: Response type 21
> Wed Mar 15 15:03:35 2006: DEBUG: EAP TTLS data, 8576, 7, 3
> Wed Mar 15 15:03:35 2006: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Wed Mar 15 15:03:35 2006: DEBUG: EAP result: 3, EAP TTLS Challenge
> Wed Mar 15 15:03:36 2006: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Wed Mar 15 15:03:36 2006: DEBUG: Access challenged for m1234567: EAP
> TTLS Challenge
> Wed Mar 15 15:03:36 2006: DEBUG: Packet dump:
> *** Sending to 10.10.110.218 port 1645 ....
> Code: Access-Challenge
> Identifier: 177
> Authentic: <184><187><5><208><246><151>4<194>Jzo=<142><139><202><229>
> Attributes:
> Class = "Inner-Auth=m1234567"
> EAP-Message =
> <1><8><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>
> (<129>T<176><228><179><132><214><232>Z<144><158><167><6><203><27><241>
> ~<133><17><219><158><165>=<8><246>K<182>q<228><21><228>!=RZ
> +<167><205><225>I
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Wed Mar 15 15:03:39 2006: DEBUG: Packet dump:
> *** Received from 10.10.110.218 port 1645 ....
> Code: Access-Request
> Identifier: 178
> Authentic: I<208><188>%q<6>9<207><157>n<250><7><151>R<199><28>
> Attributes:
> User-Name = "m1234567 at utwente.nl"
> Framed-MTU = 1400
> Called-Station-Id = "0014.a8a1.4780"
> Calling-Station-Id = "0002.8a48.e0a5"
> Service-Type = Login-User
> Message-Authenticator =
> <136><185><230><188><253><139>6<184>6<203><194>k<194><201><207><161>
> EAP-Message =
> <2><8><0>W<21><128><0><0><0>M<23><3><1><0>H<181>-
> <181><152><152><157><30><148><21><29>co<236>7<238><170><238>2<202><167
> >*MT<128><18><232><238><240>^X<202>"<179>^<9><11>^<194><220>:W<23><249
> ><160><1><142><134><2><22>~K<21>nw8}
> Q<146><209>-:k<222>65<227><142><223><30><171>7v
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 296
> NAS-IP-Address = 10.10.110.218
> NAS-Identifier = "ap-matrix-3.wlan.utwente.nl"
>
> Wed Mar 15 15:03:39 2006: DEBUG: Handling request with Handler
> 'Realm=utwente.nl, Client-Identifier=/^WLANATUTDEFAULT-ID$/,
> NAS-IP-Address = /^130\.89\.12[89].*$|^130\.89\.13[01].*$/'
> Wed Mar 15 15:03:39 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:39 2006: DEBUG: Rewrote user name to m1234567
> Wed Mar 15 15:03:39 2006: DEBUG: Username m1234567 added to reply
> Wed Mar 15 15:03:39 2006: DEBUG: Handling with Radius::AuthFILE:
> Wed Mar 15 15:03:39 2006: DEBUG: Handling with EAP: code 2, 8, 87
> Wed Mar 15 15:03:40 2006: DEBUG: Response type 21
> Wed Mar 15 15:03:40 2006: DEBUG: EAP TTLS data, 3, 8, 7
> Wed Mar 15 15:03:40 2006: DEBUG: EAP TTLS inner authentication request
> for m1234567 at utwente.nl
> Wed Mar 15 15:03:40 2006: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: 2<22><243>,<154>X<251><11><174>w<180><253><200>K<247><180>
> Attributes:
> User-Name = "m1234567 at utwente.nl"
> User-Password = <geheim>
>
> Wed Mar 15 15:03:40 2006: DEBUG: EAP result: 1, No Handler for TTLS
> inner authentication
> Wed Mar 15 15:03:40 2006: DEBUG: AuthBy FILE result: REJECT, No
> Handler
> for TTLS inner authentication
> Wed Mar 15 15:03:40 2006: INFO: Access rejected for m1234567: No
> Handler
> for TTLS inner authentication
> Wed Mar 15 15:03:40 2006: DEBUG: Packet dump:
> *** Sending to 10.10.110.218 port 1645 ....
> Code: Access-Reject
> Identifier: 178
> Authentic: I<208><188>%q<6>9<207><157>n<250><7><151>R<199><28>
> Attributes:
> Class = "Inner-Auth=m1234567"
> Reply-Message = "Request Denied"
>
>
>
>
>
> - --
>
> Groeten,
>
> Roel H.Hoek,
> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
> Universiteit Twente, Postbus 217, 7500 AE Enschede
> kmr SP 422, telefoon: 053 - 489 4598, fax: 053 - 489 2383
> e-mail: R.H.Hoek at UTwente.NL http://www.utwente.nl/itbe
> Jabber/Googletalk: rhhoek at gmail.com
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFEGEDjJwlRSGnYBcYRAmM+AJ43GPcp0X9NBF12PB87jczssR7OfwCg1myu
> NZNwU8O06AY2zUJWrSyDCVU=
> =uDrP
> -----END PGP SIGNATURE-----
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list