(RADIATOR) eap-peap mschapv2 (again)
Hugh Irvine
hugh at open.com.au
Sun Dec 30 17:32:11 CST 2007
Hello Bob -
My reading of the Radiator manual ("doc/ref.html" section 12.1.2) and
looking at the code, indicates your password should look like this:
#
# Uncomment the one you wish to use
#
#r2d2 User-Password = "adV1cespwd"
r2d2 User-Password = {nthash}7E27EAC953911661F8CE9CD888AE540B
Service-Type = Framed-User
hope that helps - and Happy New Year!
regards
Hugh
On 31 Dec 2007, at 09:41, Bob Shafer wrote:
> Hugh,
>
> The only choice I have is Sun's LDAP.
>
> I've seen examples of others using non-MS solutions on this list,
> and other places, so I'm not worried about that part, at least yet.
>
> In the mean time, what is wrong with the configuration that I'm
> using to test eap-peap mschapv5 using configuration files?
>
> Once I get that working I still need to talk the LDAP gods into
> letting me stuff the nthash password into LDAP. And I can guarantee
> you that I'll have an easier time of that if I can demonstrate that
> it does work with NTHASH's in a file.
>
> Thanks,
>
> Bob
>
> Hugh Irvine wrote:
>> Hello Bob -
>> Which LDAP server are you going to be using?
>> If it is Active Directory, you should run Radiator on Windows and
>> use the AuthBy LSA clause.
>> See the example configuration files in "goodies/lsa_eap_peap.cfg"
>> and "goodies/las_eap_multi.cfg"
>> regards
>> Hugh
>> On 31 Dec 2007, at 00:53, Bob Shafer wrote:
>>> Dear list,
>>>
>>> Like a bad penny, I have returned, for at least one more time.
>>>
>>> A couple of times in the last year I've raised questions here about
>>> theoretical scenarios involving eap-peap mschapv2 and ldap.
>>>
>>> I finally am trying to actually *do* something rather than just talk
>>> about it....
>>>
>>> In hopes of walking before running, I thought I'd start by trying
>>> to use AUTHBY FILE before I attempted AUTHBY LDAP.
>>>
>>> I used the goodies/eap-peap.cfg file as a basis for the test and
>>> the test server certificate provided. I'm using 3.17.1 with
>>> current patches.
>>>
>>> The configuration file I've attached allows my test clients,
>>> appropriately configured, to authenticate with EAP-TTLS PAP and an
>>> NTHASH encrypted password.
>>>
>>> They also authenticate with EAP-PEAP MSCHAPV2 and an unencrypted
>>> password is the users file.
>>>
>>> But, and here is lies my problem, they all fail with the
>>> appropriate NTHASH encrypted version of the password.
>>>
>>> Because it is for test purposes only, I've included the password
>>> I used
>>> in both the nthash and clear text in the users file, which I've also
>>> attached
>>>
>>> Finally, there is a logfile with debug 4 enabled.
>>>
>>> Let me know if you need anything more.
>>>
>>> Any help that others can offer will be greatly appreciated.
>>>
>>> Thanks,
>>>
>>> Bob Shafer
>>> University of Denver
>>>
>>> # eap_peap.cfg
>>> #
>>> # Example Radiator configuration file.
>>> # This very simple file will allow you to get started with
>>> # PEAP authentication as used by Windows XP (starting with SP1)
>>> # We suggest you start simple, prove to yourself that it
>>> # works and then develop a more complicated configuration.
>>> #
>>> # This example will authenticate from a standard users file in
>>> # the current directory.
>>> # It will accept requests from any client and try to handle request
>>> # for any realm.
>>> # And it will print out what its doing in great detail.
>>> #
>>> # In order to authenticate, the clients user name must be in ./users
>>> # (the password is irrelevant for EAP TLS).
>>> #
>>> # In order to test this, you can user the sample test certificates
>>> # supplied with Radiator. For production, you
>>> # WILL need to install a real valid server certificate and
>>> # key for Radiator to use. Runs with openssl on Unix and Windows.
>>> #
>>> # See radius.cfg for more complete examples of features and
>>> # syntax, and refer to the reference manual for a complete
>>> description
>>> # of all the features and syntax.
>>> #
>>> # Requires Net_SSLeay.pm-1.21 or later from CPAN.
>>> # Requires openssl 0.9.7beta3 or later from www.openssl.org
>>> # Requires Digest-HMAC from CPAN
>>> # Requires Digest-SHA1 from CPAN
>>> #
>>> # You should consider this file to be a starting point only
>>> # $Id: eap_peap.cfg,v 1.12 2006/11/09 04:54:31 mikem Exp $
>>>
>>> LogDir /var/log/radius
>>> DbDir /etc/radiator
>>> # User a lower trace level in production systems:
>>> Trace 4
>>>
>>> # You will probably want to add other Clients to suit your site,
>>> # one for each NAS you want to work with
>>> <Client DEFAULT>
>>> Secret Secret Stuff
>>> DupInterval 0
>>> </Client>
>>>
>>> <Handler TunnelledByTTLS=1>
>>> <AuthBy FILE>
>>> Filename %D/users
>>>
>>> # This tells the PEAP client what types of inner EAP
>>> requests
>>> # we will honour
>>> EAPType MSCHAP-V2
>>> </AuthBy>
>>> </Handler>
>>>
>>> <Handler TunnelledByPEAP=1>
>>> <AuthBy FILE>
>>> UsernameMatchesWithoutRealm
>>> Filename %D/users
>>>
>>> # This tells the PEAP client what types of inner EAP
>>> requests
>>> # we will honour
>>> EAPType MSCHAP-V2
>>> </AuthBy>
>>> # This hook fixes the problem with some implementations of
>>> PEAP, where the
>>> # accounting requests have the User-Name of anonymous,
>>> instead of the real
>>> # users name. After authenticating the inner TTLS request, the
>>> # PostAuthHook caches the _real_ user name in an SQL table,
>>> # The PreProcessingHook replaces the 'anonymous' user name in
>>> # accounting requests with the
>>> # real user name that was previously cached for the NAS and
>>> NAS-Port.
>>> # You can see the correct real User-Name logged in the
>>> AcctLogFileName
>>> # Must be used in conjunction with PreProcessingHook below
>>> # PostAuthHook file:"goodies/eap_anon_hook.pl"
>>> </Handler>
>>>
>>>
>>> # The original PEAP request from a NAS will be sent to a matching
>>> # Realm or Handler in the usual way, where it will be unpacked
>>> and the inner authentication
>>> # extracted.
>>> # The inner authentication request will be sent again to a matching
>>> # Realm or Handler. The special check item TunnelledByPEAP=1 can
>>> be used to select
>>> # a specific handler, or else you can use EAPAnonymous to set a
>>> username and realm
>>> # which can be used to select a Realm clause for the inner request.
>>> # This allows you to select an inner authentication method based
>>> on Realm, and/or the
>>> # fact that they were tunnelled. You can therfore act just as a
>>> PEAP server, or also
>>> # act as the AAA/H home server, and authenticate PEAP requests
>>> locally or proxy
>>> # them to another remote server based on the realm of the inner
>>> authenticaiton request.
>>> # In this basic example, both the inner and outer authentication
>>> are authenticated
>>> # from a file by AuthBy FILE
>>> <Handler>
>>> <AuthBy FILE>
>>> # The username of the outer authentication
>>> # must be in this file to get anywhere. In this example,
>>> # it requires an entry for 'anonymous' which is the
>>> standard username
>>> # in the outer requests, and it also requires an entry
>>> for the
>>> # actual user name who is trying to connect (ie the
>>> 'Login name' entered
>>> # in the Funk Odyssey 'Edit Profile Properties' page
>>> Filename %D/users
>>>
>>> # EAPType sets the EAP type(s) that Radiator will honour.
>>> # Options are: MD5-Challenge, One-Time-Password
>>> # Generic-Token, TLS, TTLS, PEAP, MSCHAP-V2
>>> # Multiple types can be comma separated. With the default
>>> (most
>>> # preferred) type given first
>>> EAPType TTLS, PEAP
>>>
>>> # EAPTLS_CAFile is the name of a file of CA certificates
>>> # in PEM format. The file can contain several CA
>>> certificates
>>> # Radiator will first look in EAPTLS_CAFile then in
>>> # EAPTLS_CAPath, so there usually is no need to set both
>>> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>>>
>>> # EAPTLS_CAPath is the name of a directory containing CA
>>> # certificates in PEM format. The files each contain one
>>> # CA certificate. The files are looked up by the CA
>>> # subject name hash value
>>> # EAPTLS_CAPath
>>>
>>> # EAPTLS_CertificateFile is the name of a file containing
>>> # the servers certificate. EAPTLS_CertificateType
>>> # specifies the type of the file. Can be PEM or ASN1
>>> # defaults to ASN1
>>> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>>> EAPTLS_CertificateType PEM
>>>
>>> # EAPTLS_PrivateKeyFile is the name of the file containing
>>> # the servers private key. It is sometimes in the same file
>>> # as the server certificate (EAPTLS_CertificateFile)
>>> # If the private key is encrypted (usually the case)
>>> # then EAPTLS_PrivateKeyPassword is the key to descrypt it
>>> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>>> EAPTLS_PrivateKeyPassword whatever
>>>
>>> # EAPTLS_RandomFile is an optional file containing
>>> # randdomness
>>> # EAPTLS_RandomFile %D/certificates/random
>>>
>>> # EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
>>> # size that will be replied by Radiator. It must be small
>>> # enough to fit in a single Radius request (ie less than
>>> 4096)
>>> # and still leave enough space for other attributes
>>> # Aironet APs seem to need a smaller MaxFragmentSize
>>> # (eg 1024) than the default of 2048. Others need even
>>> smaller sizes.
>>> EAPTLS_MaxFragmentSize 1024
>>>
>>> # EAPTLS_DHFile if set specifies the DH group file. It
>>> # may be required if you need to use ephemeral DH keys.
>>> # EAPTLS_DHFile %D/certificates/cert/dh
>>>
>>> # If EAPTLS_CRLCheck is set and the client presents a
>>> certificate
>>> # then Radiator will look for a certificate revocation
>>> list (CRL)
>>> # for the certificate issuer
>>> # when authenticating each client. If a CRL file is not
>>> found, or
>>> # if the CRL says the certificate has neen revoked, the
>>> authentication will
>>> # fail with an error:
>>> # SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>>> # One or more CRLs can be named with the EAPTLS_CRLFile
>>> parameter.
>>> # Alternatively, CRLs may follow a file naming convention:
>>> # the hash of the issuer subject name
>>> # and a suffix that depends on the serial number.
>>> # eg ab1331b2.r0, ab1331b2.r1 etc.
>>> # You can find out the hash of the issuer name in a CRL with
>>> # openssl crl -in crl.pem -hash -noout
>>> # CRLs with tis name convention
>>> # will be searched in EAPTLS_CAPath, else in the openssl
>>> # certificates directory typically /usr/local/openssl/certs/
>>> # CRLs are expected to be in PEM format.
>>> # A CRL files can be generated with openssl like this:
>>> # openssl ca -gencrl -revoke cert-clt.pem
>>> # openssl ca -gencrl -out crl.pem
>>> # Use of these flags requires Net_SSLeay-1.21 or later
>>> #EAPTLS_CRLCheck
>>> #EAPTLS_CRLFile %D/certificates/crl.pem
>>> #EAPTLS_CRLFile %D/certificates/revocations.pem
>>> # Some clients, depending on their configuration,
>>> may require you to specify
>>> # MPPE send and receive keys. This _will_ be required if
>>> you select
>>> # 'Keys will be generated automatically for data privacy'
>>> in the Funk Odyssey
>>> # client Network Properties dialog.
>>> # Automatically sets MS-MPPE-Send-Key and MS-MPPE-Recv-Key
>>> # in the final Access-Accept
>>> AutoMPPEKeys
>>>
>>> # You can enable some warning messages from the Net::SSLeay
>>> # module by setting SSLeayTrace to an integer from 1 to 4
>>> # 1=ciphers, 2=trace, 3=dump data
>>> SSLeayTrace 4
>>>
>>> # You can configure the User-Name that will be used for
>>> the inner
>>> # authentication. Defaults to 'anonymous'. This can be
>>> useful
>>> # when proxying the inner authentication. If tehre is a
>>> realm, it can
>>> # be used to choose a local Realm to handle the inner
>>> authentication.
>>> # %0 is replaced with the EAP identitiy
>>> # EAPAnonymous anonymous at some.other.realm
>>>
>>> # You can enable or disable support for TTLS Session
>>> Resumption and
>>> # PEAP Fast Reconnect with the EAPTLS_SessionResumption
>>> flag.
>>> # Default is enabled
>>> #EAPTLS_SessionResumption 0
>>>
>>> # You can limit how long after the initial session that a
>>> session can be resumed
>>> # with EAPTLS_SessionResumptionLimit (time in seconds).
>>> Defaults to 43200
>>> # (12 hours)
>>> #EAPTLS_SessionResumptionLimit 10
>>>
>>> # You can control which version of the draft PEAP
>>> protocol to honour
>>> # with EAPTLS_PEAPVersion. Defaults to 1. Set it to 0 for
>>> unusual clients,
>>> # such as Funk Odyssey Client 2.22 or later. For Funk
>>> Odyssey
>>> # version 4, use EAPTLS_PEAPVersion 1,
>>> # but set EAPTLS_PEAPBrokenV1Label below
>>> EAPTLS_PEAPVersion 0
>>>
>>> # You can make PEAP Version 1 support compatible with
>>> # nonstandard PEAP V1 clients that use the old broken TLS
>>> encryption labels that
>>> # appear to be used frequently, due to Microsofts use of
>>> the incorrect
>>> # label in its V0 client. You should use this with Funk
>>> Odyssey
>>> # Client version 4 when EAPTLS_PEAPVersion is set to 1
>>> #EAPTLS_PEAPBrokenV1Label
>>> </AuthBy>
>>>
>>> # This hook fixes the problem with some implementations of
>>> PEAP, where the
>>> # accounting requests have the User-Name of anonymous,
>>> instead of the real
>>> # users name. After authenticating the inner TTLS request, the
>>> # PostAuthHook caches the _real_ user name in an SQL table,
>>> # The PreProcessingHook replaces the 'anonymous' user name in
>>> # accounting requests with the
>>> # real user name that was previously cached for the NAS and
>>> NAS-Port.
>>> # You can see the correct real User-Name logged in the
>>> AcctLogFileName
>>> # Must be used in conjunction with PostAuthHook above
>>> # PreProcessingHook file:"goodies/eap_anon_hook.pl"
>>> </Handler>
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Received from 192.168.2.1 port 3402 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic: V;U<3><135><153>\<2><246>B<173><195>M'<161><186>
>>> Attributes:
>>> User-Name = "r2d2"
>>> NAS-IP-Address = 192.168.2.1
>>> Called-Station-Id = "001a70ec5073"
>>> Calling-Station-Id = "001a70d45b78"
>>> NAS-Identifier = "001a70ec5073"
>>> NAS-Port = 55
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><0><0><9><1>r2d2
>>> Message-Authenticator = <169><128><219>;
>>> 6<200><245>Dh<187><19><236><230><134>7W
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>> 192.168.2.1, 55
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 0, 9
>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 1
>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE,
>>> EAP TTLS Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>> TTLS Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Sending to 192.168.2.1 port 3402 ....
>>> Code: Access-Challenge
>>> Identifier: 0
>>> Authentic: V;U<3><135><153>\<2><246>B<173><195>M'<161><186>
>>> Attributes:
>>> EAP-Message = <1><1><0><6><21>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Received from 192.168.2.1 port 3404 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic:
>>> <166>;<210><247>"<199><27><192><<173><18>j<157><155><199><141>
>>> Attributes:
>>> User-Name = "r2d2"
>>> NAS-IP-Address = 192.168.2.1
>>> Called-Station-Id = "001a70ec5073"
>>> Calling-Station-Id = "001a70d45b78"
>>> NAS-Identifier = "001a70ec5073"
>>> NAS-Port = 55
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><1><0><6><3><25>
>>> Message-Authenticator = U<16><204><147><239><171><242>A<21>
>>> <173><238>]<18>R<186>
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>> 192.168.2.1, 55
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 1, 6
>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 3
>>> Sat Dec 29 14:02:54 2007: INFO: EAP Nak desires type 25
>>> Sat Dec 29 14:02:54 2007: DEBUG: Resuming session for
>>> Radius::Context=HASH(0x889621c)
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE,
>>> EAP PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>> PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Sending to 192.168.2.1 port 3404 ....
>>> Code: Access-Challenge
>>> Identifier: 0
>>> Authentic:
>>> <166>;<210><247>"<199><27><192><<173><18>j<157><155><199><141>
>>> Attributes:
>>> EAP-Message = <1><2><0><6><25>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Received from 192.168.2.1 port 3406 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic: "<143>ht<209><238><239><233>(H<6><200><134>7<11>"
>>> Attributes:
>>> User-Name = "r2d2"
>>> NAS-IP-Address = 192.168.2.1
>>> Called-Station-Id = "001a70ec5073"
>>> Calling-Station-Id = "001a70d45b78"
>>> NAS-Identifier = "001a70ec5073"
>>> NAS-Port = 55
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message =
>>> <2><2><0>d<25><128><0><0><0>Z<22><3><1><0>U<1><0><0>Q<3><1><0><0><0>
>>> <3><16><247>O_<164><237><227><252><234>8<241>AY<196>FJ<138>^}C<24>
>>> ({<150>n<130>y<27><0><0>*<0><22><0><19><0><10><0>f<0><7><0><5><0><4>
>>> <0>e<0>d<0>c<0>b<0>a<0>`<0><21><0><18><0><9><0><20><0><17><0><8><0><
>>> 6><0><3><1><0>
>>> Message-Authenticator =
>>> <249><179>A<211><226><202><207><218><10><11><135>l<201>`<8>A
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>> 192.168.2.1, 55
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 2, 100
>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 25
>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP TLS SSL_accept result: -1,
>>> 2, 8576
>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE,
>>> EAP PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>> PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Sending to 192.168.2.1 port 3406 ....
>>> Code: Access-Challenge
>>> Identifier: 0
>>> Authentic: "<143>ht<209><238><239><233>(H<6><200><134>7<11>"
>>> Attributes:
>>> EAP-Message =
>>> <1><3><4><10><25><192><0><0><7><186><22><3><1><0>J<2><0><0>F<3><1>Gv
>>> <181><254><184>_<226><223><218><162><159><188><241>3<0>lX<177>'<238>
>>> (<13><229>Q7<187>{&<150><254><163>G
>>> <142><217>7<15>z<250><194><167><128>Wke@;.<171>r<200>
>>> {bG<12><229><169><6><199><2><210><30>;
>>> \<164><0><10><0><22><3><1><7>]
>>> <11><0><7>Y<0><7>V<0><3><3>0<130><2><255>0<130><2>h<160><3><2><1><2>
>>> <2><9><0><208><227>h|<201>
>>> [<0><174>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1
>>> <11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria
>>> 1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><
>>> 21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certifi
>>> EAP-Message = cate Section1/0-<6><3>U<4><3><19>&OSC Test CA
>>> (do not use in production)1
>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<
>>> 30><23><13>060404231320Z<23><13>080403231320Z0<129><158>1<11>0<9><6>
>>> <3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><
>>> 6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>> Section1%0#
>>> EAP-Message =
>>> <6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6>
>>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2
>>> ><129><129><0><176>Rk<222><248>e<193><194><2>wM<169>
>>> (<212>hQ<241>5<146>;<241>q<239><191>O<154><160>%
>>> <150><172>"<180>W<196><221><17>w~v<169><204><201>g;<150><216><198><3
>>> 0>f<163>"b<15><189><231><223><254>-t<231>/
>>> B<30>"@<226><180>7<135><231><245><174><222><232>`<160><21><138>w
>>> $<205>B<13><207><22><240>E<166>YAy<236>2!<241><1><30>>
>>> (W<137><25><211><17>C<224>A<187><157><232><222>V<156><14><239><141>F
>>> <193>v<18><25>Z|<207><213>u%
>>> W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>
>>> +<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0
>>> ><3><129><129><0>=U<184><192>!#q@<160><138><243>)
>>> EAP-Message = <212><217><226><7>$<147><203>]
>>> w<228>qD<19>`<186><133><210><144><8>Iy.<29>w<143><176><171><198><13>
>>> 7_<14>V<9><3><181><29><130><148><192>w<197><157><6><196>K<186>rJ*<17
>>> ><247><253><4><200><174><224>Ns<243><227>z<252><190>kfm<225><234><20
>>> 6><250><4><252><21><19>u
>>> 9<225><208><200>&<226>7<250>iB`H=<217><207><207>i<180><173>c<21>C<21
>>> 2><13>Ve<238><19><4>-0n<142>#<3><239><251><25>~<0><4>M0<130><4>I0<13
>>> 0><3><178><160><3><2><1><2><2><9><0><208><227>h|<201>
>>> [<0><172>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1
>>> <11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria
>>> 1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><
>>> 21>OSC Demo Certificates1!0<31><6><3>U<4>
>>> EAP-Message = <11><19><24>Test Certificate Se
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Received from 192.168.2.1 port 3408 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic: n<168>!-<214>L<230>4-H<180><2><20><231><172><177>
>>> Attributes:
>>> User-Name = "r2d2"
>>> NAS-IP-Address = 192.168.2.1
>>> Called-Station-Id = "001a70ec5073"
>>> Calling-Station-Id = "001a70d45b78"
>>> NAS-Identifier = "001a70ec5073"
>>> NAS-Port = 55
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><3><0><6><25><0>
>>> Message-Authenticator = |><145><188><16><140><215><195>yy,]
>>> G<4>=k
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>> 192.168.2.1, 55
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 3, 6
>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 25
>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE,
>>> EAP PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>> PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Sending to 192.168.2.1 port 3408 ....
>>> Code: Access-Challenge
>>> Identifier: 0
>>> Authentic: n<168>!-<214>L<230>4-H<180><2><20><231><172><177>
>>> Attributes:
>>> EAP-Message = <1><4><3><192><25><0>ction1/0-
>>> <6><3>U<4><3><19>&OSC Test CA (do not use in production)1
>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<
>>> 30><23><13>060404231320Z<23><13>080403231320Z0<129><202>1<11>0<9><6>
>>> <3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><
>>> 6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>> Section1/0-<6>
>>> EAP-Message = <3>U<4><3><19>&OSC Test CA (do not use in
>>> production)1
>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<
>>> 129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141
>>> ><0>0<129><137><2><129><129><0><217><133><240>Q<185><135><212><238><
>>> 223>D<143><14><241><220><192><131><153>x.<141><213><28>6<229>p<204><
>>> 202><140><215>
>>> (<186>u<156><136><22><183> ;UM<143>u<166>E<235><221><18><9><201><186
>>> ><26><142><15><236><29>RxS<172><204><208><130>/
>>> I<12><155><7>&y=<247><132>'<252><164>t<149>`<19><147>#<27><200><10><
>>> 196>K<252>!Yo<241>2e<155><8>i<190>-)<180>.<164>X-
>>> <232><30><22><12><29><239><150><5><189><31><249><224><0>zv<242><216>
>>> )<187>c<246>Sl<227><2><3><1><0><1><163><130><1>30<130><1>/
>>> 0<29><6><3>U
>>> EAP-Message = <29><14><4><22><4><20><252><4><246><5>
>>> \3<27><8>km<204><27><210>H<246>
>>> [<191>8<191><252>0<129><255><6><3>U<29>#<4><129><247>0<129><244><128
>>> ><20><252><4><246><5>\3<27><8>km<204><27><210>H<246>
>>> [<191>8<191><252><161><129><208><164><129><205>0<129><202>1<11>0<9><
>>> 6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16
>>> ><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>>> production)1 0<30><6><9>*<134>H<134><247><13><1><9>
>>> EAP-Message =
>>> <1><22><17>mikem at open.com.au<130><9><0><208><227>h|<201>
>>> [<0><172>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H
>>> <134><247><13><1><1><4><5><0><3><129><129><0>YY<173>5?
>>> K<135><228>25<175>IJ<247><7>H<160>]
>>> <139><220><15><153>1<235><190><245><199><136><134>P<144><18>X<191>X<
>>> 9><153><140>)<11>`<183><239>N)Hew<181><177><135><218>}
>>> <252><216><210><134>a<167>K<249><172><210><214><223>!
>>> 4E<155><236><245><141><191><152>wN<224>&<29>&
>>> {<241><161>Kq<206><137><15>~<127><167><134>;<186><127>Mm<162>s<253><
>>> 253>p<167>8<169><223><184><216><214><214><27><175><150><1><17>f<188>
>>> <157>l<246><219><231>R<242>(n<225><197><22><3><1><0><4><14><0><0><0>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Received from 192.168.2.1 port 3410 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic: <247><176><159>vp<28><224>j<151><130><210>s+'<18><227>
>>> Attributes:
>>> User-Name = "r2d2"
>>> NAS-IP-Address = 192.168.2.1
>>> Called-Station-Id = "001a70ec5073"
>>> Calling-Station-Id = "001a70d45b78"
>>> NAS-Identifier = "001a70ec5073"
>>> NAS-Port = 55
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message =
>>> <2><4><0><200><25><128><0><0><0><190><22><3><1><0><134><16><0><0><13
>>> 0><0><128>=<18><168>*W<182><223><201><208>if5<26><205>-
>>> E<132><209>ZUF<157><22><237>w<171><222>v<211><156>vSS
>>> 5<191><152><246>c<5><165>p(<160>*<10><142>;<137><153><148><194>!
>>> <133>R<255><15><235><251><175>"<238>97O<248><240><16><248><136><128>
>>> <31>Z<238><8><139><226>q<31><12><178><214><253>A<143><169><128><9>|8
>>> <157>'A<242>s<22><19><214><231>v<26><197>P<193><229><166>s<212><174>
>>> <193><25><226>P<236><222><207>^<10><202>Bn
>>> ('<191><136><182><192>v<20><3><1><0><1><1><22><3><1><0>
>>> (\Kc<247><245><192>"<142>6<243>4<166><182>U<241>d1_}<166>
>>> (<240><134><156><5><4><243>S)<26><17><210>ov<148><153><187><232>
>>> $<233>
>>> Message-Authenticator = <197>j<242>Y<199><169>O<215>7,Bv<202>a
>>> $<249>
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>> 192.168.2.1, 55
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 4, 200
>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 25
>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE,
>>> EAP PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>> PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Sending to 192.168.2.1 port 3410 ....
>>> Code: Access-Challenge
>>> Identifier: 0
>>> Authentic: <247><176><159>vp<28><224>j<151><130><210>s+'<18><227>
>>> Attributes:
>>> EAP-Message =
>>> <1><5><0>=<25><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>
>>> (<25><242>m<170>!t<224>d$Z<252><226><131><215><199>?
>>> `<199>7<221><139>n<254><21><182><238>7<211>w at 4<133><175>*w<161>*<214
>>> >9W
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Received from 192.168.2.1 port 3412 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic: <28><145><1>\<19><182>3kUoi<169><254><1><183>y
>>> Attributes:
>>> User-Name = "r2d2"
>>> NAS-IP-Address = 192.168.2.1
>>> Called-Station-Id = "001a70ec5073"
>>> Calling-Station-Id = "001a70d45b78"
>>> NAS-Identifier = "001a70ec5073"
>>> NAS-Port = 55
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><5><0><6><25><0>
>>> Message-Authenticator =
>>> E<245><147>Z<146>Z<148>CAp4g<23><141><146><133>
>>>
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>> 192.168.2.1, 55
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 5, 6
>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 25
>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE,
>>> EAP PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>> PEAP Challenge
>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>> *** Sending to 192.168.2.1 port 3412 ....
>>> Code: Access-Challenge
>>> Identifier: 0
>>> Authentic: <28><145><1>\<19><182>3kUoi<169><254><1><183>y
>>> Attributes:
>>> EAP-Message =
>>> <1><6><0>#<25><0><23><3><1><0><24><218>Q<239>m<218><1><212><28><214>
>>> <237><165>=<3><220><217><174><143><181>/~k<222><232>>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>> *** Received from 192.168.2.1 port 3414 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic:
>>> j<208><243><133>4j<205>*<12><235><251><190><157><128>P<10>
>>> Attributes:
>>> User-Name = "r2d2"
>>> NAS-IP-Address = 192.168.2.1
>>> Called-Station-Id = "001a70ec5073"
>>> Calling-Station-Id = "001a70d45b78"
>>> NAS-Identifier = "001a70ec5073"
>>> NAS-Port = 55
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><6><0>+<25><0><23><3><1><0>
>>> dE<138><217>gl<146>xYb<207>+<250><21><14>A{<163><150><216>df at 3}
>>> (W<150><24><170><7><15>
>>> Message-Authenticator =
>>> (<0>><174><133>6n<180>W1<11><<186>e<149><17>
>>>
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling request with Handler ''
>>> Sat Dec 29 14:02:55 2007: DEBUG: Deleting session for r2d2,
>>> 192.168.2.1, 55
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with EAP: code 2, 6, 43
>>> Sat Dec 29 14:02:55 2007: DEBUG: Response type 25
>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP PEAP inner authentication
>>> request for anonymous
>>> Sat Dec 29 14:02:55 2007: DEBUG: PEAP Tunnelled request Packet dump:
>>> Code: Access-Request
>>> Identifier: UNDEF
>>> Authentic: <150><170>12,<128>N{U<220>8TRV<201><177>
>>> Attributes:
>>> EAP-Message = <2><6><0><5><1>r2d2
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>> User-Name = "anonymous"
>>> NAS-IP-Address = 192.168.2.1
>>> NAS-Identifier = "001a70ec5073"
>>> NAS-Port = 55
>>> Calling-Station-Id = "001a70d45b78"
>>>
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling request with Handler
>>> 'TunnelledByPEAP=1'
>>> Sat Dec 29 14:02:55 2007: DEBUG: Deleting session for anonymous,
>>> 192.168.2.1, 55
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with EAP: code 2, 6, 5
>>> Sat Dec 29 14:02:55 2007: DEBUG: Response type 1
>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP result: 3, EAP MSCHAP-V2
>>> Challenge
>>> Sat Dec 29 14:02:55 2007: DEBUG: AuthBy FILE result: CHALLENGE,
>>> EAP MSCHAP-V2 Challenge
>>> Sat Dec 29 14:02:55 2007: DEBUG: Access challenged for anonymous:
>>> EAP MSCHAP-V2 Challenge
>>> Sat Dec 29 14:02:55 2007: DEBUG: Returned PEAP tunnelled packet
>>> dump:
>>> Code: Access-Challenge
>>> Identifier: UNDEF
>>> Authentic: <150><170>12,<128>N{U<220>8TRV<201><177>
>>> Attributes:
>>> EAP-Message =
>>> <1><7><0><30><26><1><7><0><25><16><138>u<175><154>j<168>E<213><206>}
>>> 8<3><198><182><224><kale
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP result: 3, EAP PEAP inner
>>> authentication redespatched to a Handler
>>> Sat Dec 29 14:02:55 2007: DEBUG: AuthBy FILE result: CHALLENGE,
>>> EAP PEAP inner authentication redespatched to a Handler
>>> Sat Dec 29 14:02:55 2007: DEBUG: Access challenged for r2d2: EAP
>>> PEAP inner authentication redespatched to a Handler
>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>> *** Sending to 192.168.2.1 port 3414 ....
>>> Code: Access-Challenge
>>> Identifier: 0
>>> Authentic:
>>> j<208><243><133>4j<205>*<12><235><251><190><157><128>P<10>
>>> Attributes:
>>> EAP-Message =
>>> <1><7><0>;<25><0><23><3><1><0>0<131><213><165>U<240><4>~<155>S><183>
>>> <163>^<15>x8<187>4,<129><13>i<220>B<9>x0S<142><148>3<219>
>>> {<17><22><1><134>6<210><182><6><137><144>U<212><234><133><23>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>> *** Received from 192.168.2.1 port 3416 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic: R<159><211><143><151>cm<149><195><139>4<5><150>,?<165>
>>> Attributes:
>>> User-Name = "r2d2"
>>> NAS-IP-Address = 192.168.2.1
>>> Called-Station-Id = "001a70ec5073"
>>> Calling-Station-Id = "001a70d45b78"
>>> NAS-Identifier = "001a70ec5073"
>>> NAS-Port = 55
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><7><0>[<25><0><23><3><1><0>P9<253><12>h%
>>> _<133><210><165><146><229>N<141>pE}
>>> <255>F3<133><159><14><26><194><128>Z~<148>m<245><216><18>Q<28><244><
>>> 128>J\I/<233>C^Sq<230>D<139><231>e<165><254>_{%
>>> <19><171><10><20><236><238><129>6<218><192>'9<174><3><156>c<208><168
>>> ><166>8<25>r9<24>t
>>> Message-Authenticator = <225>i<25>,SV)
>>> <210>D<1>ST<250><151><174>3
>>>
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling request with Handler ''
>>> Sat Dec 29 14:02:55 2007: DEBUG: Deleting session for r2d2,
>>> 192.168.2.1, 55
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with EAP: code 2, 7, 91
>>> Sat Dec 29 14:02:55 2007: DEBUG: Response type 25
>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP PEAP inner authentication
>>> request for anonymous
>>> Sat Dec 29 14:02:55 2007: DEBUG: PEAP Tunnelled request Packet dump:
>>> Code: Access-Request
>>> Identifier: UNDEF
>>> Authentic: ><28><1><170><197><229>D@^<170>h<183><9><186><235><164>
>>> Attributes:
>>> EAP-Message = <2><7><0>;<26><2><7><0>:
>>> 1<205>V*,<8><31>Q<24>w:l<255><206><22><144><233><0><0><0><0><0><0><0
>>> ><0><17><211><201>X<201><175>V<179><244><29><171>y<161><209><235><15
>>> 8><168><166>^"<242><5><165><156><0>r2d2
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>> User-Name = "anonymous"
>>> NAS-IP-Address = 192.168.2.1
>>> NAS-Identifier = "001a70ec5073"
>>> NAS-Port = 55
>>> Calling-Station-Id = "001a70d45b78"
>>>
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling request with Handler
>>> 'TunnelledByPEAP=1'
>>> Sat Dec 29 14:02:55 2007: DEBUG: Deleting session for anonymous,
>>> 192.168.2.1, 55
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with EAP: code 2, 7, 59
>>> Sat Dec 29 14:02:55 2007: DEBUG: Response type 26
>>> Sat Dec 29 14:02:55 2007: DEBUG: Radius::AuthFILE looks for match
>>> with r2d2 [anonymous]
>>> Sat Dec 29 14:02:55 2007: DEBUG: Radius::AuthFILE ACCEPT: : r2d2
>>> [anonymous]
>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP result: 1, EAP MSCHAP-V2
>>> Authentication failure
>>> Sat Dec 29 14:02:55 2007: DEBUG: AuthBy FILE result: REJECT, EAP
>>> MSCHAP-V2 Authentication failure
>>> Sat Dec 29 14:02:55 2007: INFO: Access rejected for anonymous:
>>> EAP MSCHAP-V2 Authentication failure
>>> Sat Dec 29 14:02:55 2007: DEBUG: Returned PEAP tunnelled packet
>>> dump:
>>> Code: Access-Reject
>>> Identifier: UNDEF
>>> Authentic: ><28><1><170><197><229>D@^<170>h<183><9><186><235><164>
>>> Attributes:
>>> EAP-Message = <4><7><0><4>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>> Reply-Message = "Request Denied"
>>>
>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP result: 3, EAP PEAP inner
>>> authentication redespatched to a Handler
>>> Sat Dec 29 14:02:55 2007: DEBUG: AuthBy FILE result: CHALLENGE,
>>> EAP PEAP inner authentication redespatched to a Handler
>>> Sat Dec 29 14:02:55 2007: DEBUG: Access challenged for r2d2: EAP
>>> PEAP inner authentication redespatched to a Handler
>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>> *** Sending to 192.168.2.1 port 3416 ....
>>> Code: Access-Challenge
>>> Identifier: 0
>>> Authentic: R<159><211><143><151>cm<149><195><139>4<5><150>,?<165>
>>> Attributes:
>>> EAP-Message = <1><8><0>+<25><0><23><3><1><0> &;=
>>> [<20><161><224><208><160>mX<231><198><5>
>>> \m<11><195><229><209><0><228><20>~<129><224><148>W<140>.b
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>> *** Received from 192.168.2.1 port 3418 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic: <235>aS<135><190>*K5<148><221><245>y<204><10>Zc
>>> Attributes:
>>> User-Name = "r2d2"
>>> NAS-IP-Address = 192.168.2.1
>>> Called-Station-Id = "001a70ec5073"
>>> Calling-Station-Id = "001a70d45b78"
>>> NAS-Identifier = "001a70ec5073"
>>> NAS-Port = 55
>>> Framed-MTU = 1400
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> EAP-Message = <2><8><0>
>>> +<25><0><23><3><1><0> :D96<175><12><25><246>d6<216>J<236>fo<152><176
>>> ><239><229><255>,{Sy<130><7>w<22>9<232>NX
>>> Message-Authenticator =
>>> <215>A<210><254><232>O<203><140><148><8><227>\-<224><17>
>>>
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling request with Handler ''
>>> Sat Dec 29 14:02:55 2007: DEBUG: Deleting session for r2d2,
>>> 192.168.2.1, 55
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with Radius::AuthFILE:
>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with EAP: code 2, 8, 43
>>> Sat Dec 29 14:02:55 2007: DEBUG: Response type 25
>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP result: 1, PEAP
>>> Authentication Failure
>>> Sat Dec 29 14:02:55 2007: DEBUG: AuthBy FILE result: REJECT, PEAP
>>> Authentication Failure
>>> Sat Dec 29 14:02:55 2007: INFO: Access rejected for r2d2: PEAP
>>> Authentication Failure
>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>> *** Sending to 192.168.2.1 port 3418 ....
>>> Code: Access-Reject
>>> Identifier: 0
>>> Authentic: <235>aS<135><190>*K5<148><221><245>y<204><10>Zc
>>> Attributes:
>>> EAP-Message = <4><8><0><4>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>> Reply-Message = "Request Denied"
>>> #
>>> # Uncomment the one you wish to use
>>> #
>>> #r2d2 User-Password = "adV1cespwd"
>>> #r2d2 User-Password = {NTHASH}
>>> 7E27EAC953911661F8CE9CD888AE540B
>>> Service-Type = Framed-User
>> NB:
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/
>> archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list