(RADIATOR) eap-peap mschapv2 (again)
Bob Shafer
bshafer at du.edu
Sun Dec 30 19:57:55 CST 2007
Hugh,
That was indeed the problem. Surprising what a difference case can make
:">
Thanks, and a Happy New Year to you too!
Bob
Hugh Irvine wrote:
>
> Hello Bob -
>
> My reading of the Radiator manual ("doc/ref.html" section 12.1.2) and
> looking at the code, indicates your password should look like this:
>
>
> #
> # Uncomment the one you wish to use
> #
> #r2d2 User-Password = "adV1cespwd"
>
> r2d2 User-Password = {nthash}7E27EAC953911661F8CE9CD888AE540B
> Service-Type = Framed-User
>
>
> hope that helps - and Happy New Year!
>
> regards
>
> Hugh
>
>
> On 31 Dec 2007, at 09:41, Bob Shafer wrote:
>
>> Hugh,
>>
>> The only choice I have is Sun's LDAP.
>>
>> I've seen examples of others using non-MS solutions on this list, and
>> other places, so I'm not worried about that part, at least yet.
>>
>> In the mean time, what is wrong with the configuration that I'm using
>> to test eap-peap mschapv5 using configuration files?
>>
>> Once I get that working I still need to talk the LDAP gods into
>> letting me stuff the nthash password into LDAP. And I can guarantee
>> you that I'll have an easier time of that if I can demonstrate that it
>> does work with NTHASH's in a file.
>>
>> Thanks,
>>
>> Bob
>>
>> Hugh Irvine wrote:
>>> Hello Bob -
>>> Which LDAP server are you going to be using?
>>> If it is Active Directory, you should run Radiator on Windows and use
>>> the AuthBy LSA clause.
>>> See the example configuration files in "goodies/lsa_eap_peap.cfg" and
>>> "goodies/las_eap_multi.cfg"
>>> regards
>>> Hugh
>>> On 31 Dec 2007, at 00:53, Bob Shafer wrote:
>>>> Dear list,
>>>>
>>>> Like a bad penny, I have returned, for at least one more time.
>>>>
>>>> A couple of times in the last year I've raised questions here about
>>>> theoretical scenarios involving eap-peap mschapv2 and ldap.
>>>>
>>>> I finally am trying to actually *do* something rather than just talk
>>>> about it....
>>>>
>>>> In hopes of walking before running, I thought I'd start by trying to
>>>> use AUTHBY FILE before I attempted AUTHBY LDAP.
>>>>
>>>> I used the goodies/eap-peap.cfg file as a basis for the test and the
>>>> test server certificate provided. I'm using 3.17.1 with current
>>>> patches.
>>>>
>>>> The configuration file I've attached allows my test clients,
>>>> appropriately configured, to authenticate with EAP-TTLS PAP and an
>>>> NTHASH encrypted password.
>>>>
>>>> They also authenticate with EAP-PEAP MSCHAPV2 and an unencrypted
>>>> password is the users file.
>>>>
>>>> But, and here is lies my problem, they all fail with the appropriate
>>>> NTHASH encrypted version of the password.
>>>>
>>>> Because it is for test purposes only, I've included the password I used
>>>> in both the nthash and clear text in the users file, which I've also
>>>> attached
>>>>
>>>> Finally, there is a logfile with debug 4 enabled.
>>>>
>>>> Let me know if you need anything more.
>>>>
>>>> Any help that others can offer will be greatly appreciated.
>>>>
>>>> Thanks,
>>>>
>>>> Bob Shafer
>>>> University of Denver
>>>>
>>>> # eap_peap.cfg
>>>> #
>>>> # Example Radiator configuration file.
>>>> # This very simple file will allow you to get started with
>>>> # PEAP authentication as used by Windows XP (starting with SP1)
>>>> # We suggest you start simple, prove to yourself that it
>>>> # works and then develop a more complicated configuration.
>>>> #
>>>> # This example will authenticate from a standard users file in
>>>> # the current directory.
>>>> # It will accept requests from any client and try to handle request
>>>> # for any realm.
>>>> # And it will print out what its doing in great detail.
>>>> #
>>>> # In order to authenticate, the clients user name must be in ./users
>>>> # (the password is irrelevant for EAP TLS).
>>>> #
>>>> # In order to test this, you can user the sample test certificates
>>>> # supplied with Radiator. For production, you
>>>> # WILL need to install a real valid server certificate and
>>>> # key for Radiator to use. Runs with openssl on Unix and Windows.
>>>> #
>>>> # See radius.cfg for more complete examples of features and
>>>> # syntax, and refer to the reference manual for a complete description
>>>> # of all the features and syntax.
>>>> #
>>>> # Requires Net_SSLeay.pm-1.21 or later from CPAN.
>>>> # Requires openssl 0.9.7beta3 or later from www.openssl.org
>>>> # Requires Digest-HMAC from CPAN
>>>> # Requires Digest-SHA1 from CPAN
>>>> #
>>>> # You should consider this file to be a starting point only
>>>> # $Id: eap_peap.cfg,v 1.12 2006/11/09 04:54:31 mikem Exp $
>>>>
>>>> LogDir /var/log/radius
>>>> DbDir /etc/radiator
>>>> # User a lower trace level in production systems:
>>>> Trace 4
>>>>
>>>> # You will probably want to add other Clients to suit your site,
>>>> # one for each NAS you want to work with
>>>> <Client DEFAULT>
>>>> Secret Secret Stuff
>>>> DupInterval 0
>>>> </Client>
>>>>
>>>> <Handler TunnelledByTTLS=1>
>>>> <AuthBy FILE>
>>>> Filename %D/users
>>>>
>>>> # This tells the PEAP client what types of inner EAP requests
>>>> # we will honour
>>>> EAPType MSCHAP-V2
>>>> </AuthBy>
>>>> </Handler>
>>>>
>>>> <Handler TunnelledByPEAP=1>
>>>> <AuthBy FILE>
>>>> UsernameMatchesWithoutRealm
>>>> Filename %D/users
>>>>
>>>> # This tells the PEAP client what types of inner EAP requests
>>>> # we will honour
>>>> EAPType MSCHAP-V2
>>>> </AuthBy>
>>>> # This hook fixes the problem with some implementations of PEAP,
>>>> where the
>>>> # accounting requests have the User-Name of anonymous, instead
>>>> of the real
>>>> # users name. After authenticating the inner TTLS request, the
>>>> # PostAuthHook caches the _real_ user name in an SQL table,
>>>> # The PreProcessingHook replaces the 'anonymous' user name in
>>>> # accounting requests with the
>>>> # real user name that was previously cached for the NAS and
>>>> NAS-Port.
>>>> # You can see the correct real User-Name logged in the
>>>> AcctLogFileName
>>>> # Must be used in conjunction with PreProcessingHook below
>>>> # PostAuthHook file:"goodies/eap_anon_hook.pl"
>>>> </Handler>
>>>>
>>>>
>>>> # The original PEAP request from a NAS will be sent to a matching
>>>> # Realm or Handler in the usual way, where it will be unpacked and
>>>> the inner authentication
>>>> # extracted.
>>>> # The inner authentication request will be sent again to a matching
>>>> # Realm or Handler. The special check item TunnelledByPEAP=1 can be
>>>> used to select
>>>> # a specific handler, or else you can use EAPAnonymous to set a
>>>> username and realm
>>>> # which can be used to select a Realm clause for the inner request.
>>>> # This allows you to select an inner authentication method based on
>>>> Realm, and/or the
>>>> # fact that they were tunnelled. You can therfore act just as a PEAP
>>>> server, or also
>>>> # act as the AAA/H home server, and authenticate PEAP requests
>>>> locally or proxy
>>>> # them to another remote server based on the realm of the inner
>>>> authenticaiton request.
>>>> # In this basic example, both the inner and outer authentication are
>>>> authenticated
>>>> # from a file by AuthBy FILE
>>>> <Handler>
>>>> <AuthBy FILE>
>>>> # The username of the outer authentication
>>>> # must be in this file to get anywhere. In this example,
>>>> # it requires an entry for 'anonymous' which is the standard
>>>> username
>>>> # in the outer requests, and it also requires an entry for the
>>>> # actual user name who is trying to connect (ie the 'Login
>>>> name' entered
>>>> # in the Funk Odyssey 'Edit Profile Properties' page
>>>> Filename %D/users
>>>>
>>>> # EAPType sets the EAP type(s) that Radiator will honour.
>>>> # Options are: MD5-Challenge, One-Time-Password
>>>> # Generic-Token, TLS, TTLS, PEAP, MSCHAP-V2
>>>> # Multiple types can be comma separated. With the default (most
>>>> # preferred) type given first
>>>> EAPType TTLS, PEAP
>>>>
>>>> # EAPTLS_CAFile is the name of a file of CA certificates
>>>> # in PEM format. The file can contain several CA certificates
>>>> # Radiator will first look in EAPTLS_CAFile then in
>>>> # EAPTLS_CAPath, so there usually is no need to set both
>>>> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>>>>
>>>> # EAPTLS_CAPath is the name of a directory containing CA
>>>> # certificates in PEM format. The files each contain one
>>>> # CA certificate. The files are looked up by the CA
>>>> # subject name hash value
>>>> # EAPTLS_CAPath
>>>>
>>>> # EAPTLS_CertificateFile is the name of a file containing
>>>> # the servers certificate. EAPTLS_CertificateType
>>>> # specifies the type of the file. Can be PEM or ASN1
>>>> # defaults to ASN1
>>>> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>>>> EAPTLS_CertificateType PEM
>>>>
>>>> # EAPTLS_PrivateKeyFile is the name of the file containing
>>>> # the servers private key. It is sometimes in the same file
>>>> # as the server certificate (EAPTLS_CertificateFile)
>>>> # If the private key is encrypted (usually the case)
>>>> # then EAPTLS_PrivateKeyPassword is the key to descrypt it
>>>> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>>>> EAPTLS_PrivateKeyPassword whatever
>>>>
>>>> # EAPTLS_RandomFile is an optional file containing
>>>> # randdomness
>>>> # EAPTLS_RandomFile %D/certificates/random
>>>>
>>>> # EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
>>>> # size that will be replied by Radiator. It must be small
>>>> # enough to fit in a single Radius request (ie less than 4096)
>>>> # and still leave enough space for other attributes
>>>> # Aironet APs seem to need a smaller MaxFragmentSize
>>>> # (eg 1024) than the default of 2048. Others need even
>>>> smaller sizes.
>>>> EAPTLS_MaxFragmentSize 1024
>>>>
>>>> # EAPTLS_DHFile if set specifies the DH group file. It
>>>> # may be required if you need to use ephemeral DH keys.
>>>> # EAPTLS_DHFile %D/certificates/cert/dh
>>>>
>>>> # If EAPTLS_CRLCheck is set and the client presents a
>>>> certificate
>>>> # then Radiator will look for a certificate revocation list
>>>> (CRL)
>>>> # for the certificate issuer
>>>> # when authenticating each client. If a CRL file is not
>>>> found, or
>>>> # if the CRL says the certificate has neen revoked, the
>>>> authentication will
>>>> # fail with an error:
>>>> # SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>>>> # One or more CRLs can be named with the EAPTLS_CRLFile
>>>> parameter.
>>>> # Alternatively, CRLs may follow a file naming convention:
>>>> # the hash of the issuer subject name
>>>> # and a suffix that depends on the serial number.
>>>> # eg ab1331b2.r0, ab1331b2.r1 etc.
>>>> # You can find out the hash of the issuer name in a CRL with
>>>> # openssl crl -in crl.pem -hash -noout
>>>> # CRLs with tis name convention
>>>> # will be searched in EAPTLS_CAPath, else in the openssl
>>>> # certificates directory typically /usr/local/openssl/certs/
>>>> # CRLs are expected to be in PEM format.
>>>> # A CRL files can be generated with openssl like this:
>>>> # openssl ca -gencrl -revoke cert-clt.pem
>>>> # openssl ca -gencrl -out crl.pem
>>>> # Use of these flags requires Net_SSLeay-1.21 or later
>>>> #EAPTLS_CRLCheck
>>>> #EAPTLS_CRLFile %D/certificates/crl.pem
>>>> #EAPTLS_CRLFile %D/certificates/revocations.pem
>>>> # Some clients, depending on their configuration, may
>>>> require you to specify
>>>> # MPPE send and receive keys. This _will_ be required if you
>>>> select
>>>> # 'Keys will be generated automatically for data privacy' in
>>>> the Funk Odyssey
>>>> # client Network Properties dialog.
>>>> # Automatically sets MS-MPPE-Send-Key and MS-MPPE-Recv-Key
>>>> # in the final Access-Accept
>>>> AutoMPPEKeys
>>>>
>>>> # You can enable some warning messages from the Net::SSLeay
>>>> # module by setting SSLeayTrace to an integer from 1 to 4
>>>> # 1=ciphers, 2=trace, 3=dump data
>>>> SSLeayTrace 4
>>>>
>>>> # You can configure the User-Name that will be used for the
>>>> inner
>>>> # authentication. Defaults to 'anonymous'. This can be useful
>>>> # when proxying the inner authentication. If tehre is a
>>>> realm, it can
>>>> # be used to choose a local Realm to handle the inner
>>>> authentication.
>>>> # %0 is replaced with the EAP identitiy
>>>> # EAPAnonymous anonymous at some.other.realm
>>>>
>>>> # You can enable or disable support for TTLS Session
>>>> Resumption and
>>>> # PEAP Fast Reconnect with the EAPTLS_SessionResumption flag.
>>>> # Default is enabled
>>>> #EAPTLS_SessionResumption 0
>>>>
>>>> # You can limit how long after the initial session that a
>>>> session can be resumed
>>>> # with EAPTLS_SessionResumptionLimit (time in seconds).
>>>> Defaults to 43200
>>>> # (12 hours)
>>>> #EAPTLS_SessionResumptionLimit 10
>>>>
>>>> # You can control which version of the draft PEAP protocol
>>>> to honour
>>>> # with EAPTLS_PEAPVersion. Defaults to 1. Set it to 0 for
>>>> unusual clients,
>>>> # such as Funk Odyssey Client 2.22 or later. For Funk Odyssey
>>>> # version 4, use EAPTLS_PEAPVersion 1,
>>>> # but set EAPTLS_PEAPBrokenV1Label below
>>>> EAPTLS_PEAPVersion 0
>>>>
>>>> # You can make PEAP Version 1 support compatible with
>>>> # nonstandard PEAP V1 clients that use the old broken TLS
>>>> encryption labels that
>>>> # appear to be used frequently, due to Microsofts use of the
>>>> incorrect
>>>> # label in its V0 client. You should use this with Funk Odyssey
>>>> # Client version 4 when EAPTLS_PEAPVersion is set to 1
>>>> #EAPTLS_PEAPBrokenV1Label
>>>> </AuthBy>
>>>>
>>>> # This hook fixes the problem with some implementations of PEAP,
>>>> where the
>>>> # accounting requests have the User-Name of anonymous, instead
>>>> of the real
>>>> # users name. After authenticating the inner TTLS request, the
>>>> # PostAuthHook caches the _real_ user name in an SQL table,
>>>> # The PreProcessingHook replaces the 'anonymous' user name in
>>>> # accounting requests with the
>>>> # real user name that was previously cached for the NAS and
>>>> NAS-Port.
>>>> # You can see the correct real User-Name logged in the
>>>> AcctLogFileName
>>>> # Must be used in conjunction with PostAuthHook above
>>>> # PreProcessingHook file:"goodies/eap_anon_hook.pl"
>>>> </Handler>
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Received from 192.168.2.1 port 3402 ....
>>>> Code: Access-Request
>>>> Identifier: 0
>>>> Authentic: V;U<3><135><153>\<2><246>B<173><195>M'<161><186>
>>>> Attributes:
>>>> User-Name = "r2d2"
>>>> NAS-IP-Address = 192.168.2.1
>>>> Called-Station-Id = "001a70ec5073"
>>>> Calling-Station-Id = "001a70d45b78"
>>>> NAS-Identifier = "001a70ec5073"
>>>> NAS-Port = 55
>>>> Framed-MTU = 1400
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> EAP-Message = <2><0><0><9><1>r2d2
>>>> Message-Authenticator =
>>>> <169><128><219>;6<200><245>Dh<187><19><236><230><134>7W
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>>> 192.168.2.1, 55
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 0, 9
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 1
>>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>> TTLS Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>>> TTLS Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Sending to 192.168.2.1 port 3402 ....
>>>> Code: Access-Challenge
>>>> Identifier: 0
>>>> Authentic: V;U<3><135><153>\<2><246>B<173><195>M'<161><186>
>>>> Attributes:
>>>> EAP-Message = <1><1><0><6><21>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Received from 192.168.2.1 port 3404 ....
>>>> Code: Access-Request
>>>> Identifier: 0
>>>> Authentic:
>>>> <166>;<210><247>"<199><27><192><<173><18>j<157><155><199><141>
>>>> Attributes:
>>>> User-Name = "r2d2"
>>>> NAS-IP-Address = 192.168.2.1
>>>> Called-Station-Id = "001a70ec5073"
>>>> Calling-Station-Id = "001a70d45b78"
>>>> NAS-Identifier = "001a70ec5073"
>>>> NAS-Port = 55
>>>> Framed-MTU = 1400
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> EAP-Message = <2><1><0><6><3><25>
>>>> Message-Authenticator = U<16><204><147><239><171><242>A<21>
>>>> <173><238>]<18>R<186>
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>>> 192.168.2.1, 55
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 1, 6
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 3
>>>> Sat Dec 29 14:02:54 2007: INFO: EAP Nak desires type 25
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Resuming session for
>>>> Radius::Context=HASH(0x889621c)
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>> PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>>> PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Sending to 192.168.2.1 port 3404 ....
>>>> Code: Access-Challenge
>>>> Identifier: 0
>>>> Authentic:
>>>> <166>;<210><247>"<199><27><192><<173><18>j<157><155><199><141>
>>>> Attributes:
>>>> EAP-Message = <1><2><0><6><25>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Received from 192.168.2.1 port 3406 ....
>>>> Code: Access-Request
>>>> Identifier: 0
>>>> Authentic: "<143>ht<209><238><239><233>(H<6><200><134>7<11>"
>>>> Attributes:
>>>> User-Name = "r2d2"
>>>> NAS-IP-Address = 192.168.2.1
>>>> Called-Station-Id = "001a70ec5073"
>>>> Calling-Station-Id = "001a70d45b78"
>>>> NAS-Identifier = "001a70ec5073"
>>>> NAS-Port = 55
>>>> Framed-MTU = 1400
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> EAP-Message =
>>>> <2><2><0>d<25><128><0><0><0>Z<22><3><1><0>U<1><0><0>Q<3><1><0><0><0><3><16><247>O_<164><237><227><252><234>8<241>AY<196>FJ<138>^}C<24>({<150>n<130>y<27><0><0>*<0><22><0><19><0><10><0>f<0><7><0><5><0><4><0>e<0>d<0>c<0>b<0>a<0>`<0><21><0><18><0><9><0><20><0><17><0><8><0><6><0><3><1><0>
>>>>
>>>> Message-Authenticator =
>>>> <249><179>A<211><226><202><207><218><10><11><135>l<201>`<8>A
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>>> 192.168.2.1, 55
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 2, 100
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 25
>>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
>>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>> PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>>> PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Sending to 192.168.2.1 port 3406 ....
>>>> Code: Access-Challenge
>>>> Identifier: 0
>>>> Authentic: "<143>ht<209><238><239><233>(H<6><200><134>7<11>"
>>>> Attributes:
>>>> EAP-Message =
>>>> <1><3><4><10><25><192><0><0><7><186><22><3><1><0>J<2><0><0>F<3><1>Gv<181><254><184>_<226><223><218><162><159><188><241>3<0>lX<177>'<238>(<13><229>Q7<187>{&<150><254><163>G
>>>> <142><217>7<15>z<250><194><167><128>Wke@;.<171>r<200>{bG<12><229><169><6><199><2><210><30>;\<164><0><10><0><22><3><1><7>]<11><0><7>Y<0><7>V<0><3><3>0<130><2><255>0<130><2>h<160><3><2><1><2><2><9><0><208><227>h|<201>[<0><174>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certifi
>>>> EAP-Message = cate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do
>>>> not use in production)1
>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>060404231320Z<23><13>080403231320Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>>> Section1%0#
>>>> EAP-Message =
>>>> <6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><176>Rk<222><248>e<193><194><2>wM<169>(<212>hQ<241>5<146>;<241>q<239><191>O<154><160>%<150><172>"<180>W<196><221><17>w~v<169><204><201>g;<150><216><198><30>f<163>"b<15><189><231><223><254>-t<231>/B<30>"@<226><180>7<135><231><245><174><222><232>`<160><21><138>w$<205>B<13><207><22><240>E<166>YAy<236>2!<241><1><30>>(W<137><25><211><17>C<224>A<187><157><232><222>V<156><14><239><141>F<193>v<18><25>Z|<207><213>u%W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>=U<184><192>!#q@<160><138><243>)
>>>>
>>>> EAP-Message =
>>>> <212><217><226><7>$<147><203>]w<228>qD<19>`<186><133><210><144><8>Iy.<29>w<143><176><171><198><13>7_<14>V<9><3><181><29><130><148><192>w<197><157><6><196>K<186>rJ*<17><247><253><4><200><174><224>Ns<243><227>z<252><190>kfm<225><234><206><250><4><252><21><19>u
>>>> 9<225><208><200>&<226>7<250>iB`H=<217><207><207>i<180><173>c<21>C<212><13>Ve<238><19><4>-0n<142>#<3><239><251><25>~<0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><208><227>h|<201>[<0><172>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>> Demo Certificates1!0<31><6><3>U<4>
>>>> EAP-Message = <11><19><24>Test Certificate Se
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Received from 192.168.2.1 port 3408 ....
>>>> Code: Access-Request
>>>> Identifier: 0
>>>> Authentic: n<168>!-<214>L<230>4-H<180><2><20><231><172><177>
>>>> Attributes:
>>>> User-Name = "r2d2"
>>>> NAS-IP-Address = 192.168.2.1
>>>> Called-Station-Id = "001a70ec5073"
>>>> Calling-Station-Id = "001a70d45b78"
>>>> NAS-Identifier = "001a70ec5073"
>>>> NAS-Port = 55
>>>> Framed-MTU = 1400
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> EAP-Message = <2><3><0><6><25><0>
>>>> Message-Authenticator = |><145><188><16><140><215><195>yy,]G<4>=k
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>>> 192.168.2.1, 55
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 3, 6
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 25
>>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>> PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>>> PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Sending to 192.168.2.1 port 3408 ....
>>>> Code: Access-Challenge
>>>> Identifier: 0
>>>> Authentic: n<168>!-<214>L<230>4-H<180><2><20><231><172><177>
>>>> Attributes:
>>>> EAP-Message =
>>>> <1><4><3><192><25><0>ction1/0-<6><3>U<4><3><19>&OSC Test CA (do not
>>>> use in production)1
>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>060404231320Z<23><13>080403231320Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>>> Section1/0-<6>
>>>> EAP-Message = <3>U<4><3><19>&OSC Test CA (do not use in
>>>> production)1
>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><217><133><240>Q<185><135><212><238><223>D<143><14><241><220><192><131><153>x.<141><213><28>6<229>p<204><202><140><215>(<186>u<156><136><22><183>
>>>> ;UM<143>u<166>E<235><221><18><9><201><186><26><142><15><236><29>RxS<172><204><208><130>/I<12><155><7>&y=<247><132>'<252><164>t<149>`<19><147>#<27><200><10><196>K<252>!Yo<241>2e<155><8>i<190>-)<180>.<164>X-<232><30><22><12><29><239><150><5><189><31><249><224><0>zv<242><216>)<187>c<246>Sl<227><2><3><1><0><1><163><130><1>30<130><1>/0<29><6><3>U
>>>>
>>>> EAP-Message =
>>>> <29><14><4><22><4><20><252><4><246><5>\3<27><8>km<204><27><210>H<246>[<191>8<191><252>0<129><255><6><3>U<29>#<4><129><247>0<129><244><128><20><252><4><246><5>\3<27><8>km<204><27><210>H<246>[<191>8<191><252><161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
>>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
>>>> 0<30><6><9>*<134>H<134><247><13><1><9>
>>>> EAP-Message =
>>>> <1><22><17>mikem at open.com.au<130><9><0><208><227>h|<201>[<0><172>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>YY<173>5?K<135><228>25<175>IJ<247><7>H<160>]<139><220><15><153>1<235><190><245><199><136><134>P<144><18>X<191>X<9><153><140>)<11>`<183><239>N)Hew<181><177><135><218>}<252><216><210><134>a<167>K<249><172><210><214><223>!4E<155><236><245><141><191><152>wN<224>&<29>&{<241><161>Kq<206><137><15>~<127><167><134>;<186><127>Mm<162>s<253><253>p<167>8<169><223><184><216><214><214><27><175><150><1><17>f<188><157>l<246><219><231>R<242>(n<225><197><22><3><1><0><4><14><0><0><0>
>>>>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Received from 192.168.2.1 port 3410 ....
>>>> Code: Access-Request
>>>> Identifier: 0
>>>> Authentic: <247><176><159>vp<28><224>j<151><130><210>s+'<18><227>
>>>> Attributes:
>>>> User-Name = "r2d2"
>>>> NAS-IP-Address = 192.168.2.1
>>>> Called-Station-Id = "001a70ec5073"
>>>> Calling-Station-Id = "001a70d45b78"
>>>> NAS-Identifier = "001a70ec5073"
>>>> NAS-Port = 55
>>>> Framed-MTU = 1400
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> EAP-Message =
>>>> <2><4><0><200><25><128><0><0><0><190><22><3><1><0><134><16><0><0><130><0><128>=<18><168>*W<182><223><201><208>if5<26><205>-E<132><209>ZUF<157><22><237>w<171><222>v<211><156>vSS
>>>> 5<191><152><246>c<5><165>p(<160>*<10><142>;<137><153><148><194>!<133>R<255><15><235><251><175>"<238>97O<248><240><16><248><136><128><31>Z<238><8><139><226>q<31><12><178><214><253>A<143><169><128><9>|8<157>'A<242>s<22><19><214><231>v<26><197>P<193><229><166>s<212><174><193><25><226>P<236><222><207>^<10><202>Bn('<191><136><182><192>v<20><3><1><0><1><1><22><3><1><0>(\Kc<247><245><192>"<142>6<243>4<166><182>U<241>d1_}<166>(<240><134><156><5><4><243>S)<26><17><210>ov<148><153><187><232>$<233>
>>>>
>>>> Message-Authenticator =
>>>> <197>j<242>Y<199><169>O<215>7,Bv<202>a$<249>
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>>> 192.168.2.1, 55
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 4, 200
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 25
>>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
>>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>> PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>>> PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Sending to 192.168.2.1 port 3410 ....
>>>> Code: Access-Challenge
>>>> Identifier: 0
>>>> Authentic: <247><176><159>vp<28><224>j<151><130><210>s+'<18><227>
>>>> Attributes:
>>>> EAP-Message =
>>>> <1><5><0>=<25><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<25><242>m<170>!t<224>d$Z<252><226><131><215><199>?`<199>7<221><139>n<254><21><182><238>7<211>w at 4<133><175>*w<161>*<214>9W
>>>>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Received from 192.168.2.1 port 3412 ....
>>>> Code: Access-Request
>>>> Identifier: 0
>>>> Authentic: <28><145><1>\<19><182>3kUoi<169><254><1><183>y
>>>> Attributes:
>>>> User-Name = "r2d2"
>>>> NAS-IP-Address = 192.168.2.1
>>>> Called-Station-Id = "001a70ec5073"
>>>> Calling-Station-Id = "001a70d45b78"
>>>> NAS-Identifier = "001a70ec5073"
>>>> NAS-Port = 55
>>>> Framed-MTU = 1400
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> EAP-Message = <2><5><0><6><25><0>
>>>> Message-Authenticator =
>>>> E<245><147>Z<146>Z<148>CAp4g<23><141><146><133>
>>>>
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling request with Handler ''
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Deleting session for r2d2,
>>>> 192.168.2.1, 55
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with Radius::AuthFILE:
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Handling with EAP: code 2, 5, 6
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Response type 25
>>>> Sat Dec 29 14:02:54 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>> PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Access challenged for r2d2: EAP
>>>> PEAP Challenge
>>>> Sat Dec 29 14:02:54 2007: DEBUG: Packet dump:
>>>> *** Sending to 192.168.2.1 port 3412 ....
>>>> Code: Access-Challenge
>>>> Identifier: 0
>>>> Authentic: <28><145><1>\<19><182>3kUoi<169><254><1><183>y
>>>> Attributes:
>>>> EAP-Message =
>>>> <1><6><0>#<25><0><23><3><1><0><24><218>Q<239>m<218><1><212><28><214><237><165>=<3><220><217><174><143><181>/~k<222><232>>
>>>>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>>> *** Received from 192.168.2.1 port 3414 ....
>>>> Code: Access-Request
>>>> Identifier: 0
>>>> Authentic: j<208><243><133>4j<205>*<12><235><251><190><157><128>P<10>
>>>> Attributes:
>>>> User-Name = "r2d2"
>>>> NAS-IP-Address = 192.168.2.1
>>>> Called-Station-Id = "001a70ec5073"
>>>> Calling-Station-Id = "001a70d45b78"
>>>> NAS-Identifier = "001a70ec5073"
>>>> NAS-Port = 55
>>>> Framed-MTU = 1400
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> EAP-Message = <2><6><0>+<25><0><23><3><1><0>
>>>> dE<138><217>gl<146>xYb<207>+<250><21><14>A{<163><150><216>df at 3}(W<150><24><170><7><15>
>>>>
>>>> Message-Authenticator =
>>>> (<0>><174><133>6n<180>W1<11><<186>e<149><17>
>>>>
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling request with Handler ''
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Deleting session for r2d2,
>>>> 192.168.2.1, 55
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with Radius::AuthFILE:
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with EAP: code 2, 6, 43
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Response type 25
>>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP PEAP inner authentication
>>>> request for anonymous
>>>> Sat Dec 29 14:02:55 2007: DEBUG: PEAP Tunnelled request Packet dump:
>>>> Code: Access-Request
>>>> Identifier: UNDEF
>>>> Authentic: <150><170>12,<128>N{U<220>8TRV<201><177>
>>>> Attributes:
>>>> EAP-Message = <2><6><0><5><1>r2d2
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>> User-Name = "anonymous"
>>>> NAS-IP-Address = 192.168.2.1
>>>> NAS-Identifier = "001a70ec5073"
>>>> NAS-Port = 55
>>>> Calling-Station-Id = "001a70d45b78"
>>>>
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling request with Handler
>>>> 'TunnelledByPEAP=1'
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Deleting session for anonymous,
>>>> 192.168.2.1, 55
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with Radius::AuthFILE:
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with EAP: code 2, 6, 5
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Response type 1
>>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
>>>> Sat Dec 29 14:02:55 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>> MSCHAP-V2 Challenge
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Access challenged for anonymous:
>>>> EAP MSCHAP-V2 Challenge
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Returned PEAP tunnelled packet dump:
>>>> Code: Access-Challenge
>>>> Identifier: UNDEF
>>>> Authentic: <150><170>12,<128>N{U<220>8TRV<201><177>
>>>> Attributes:
>>>> EAP-Message =
>>>> <1><7><0><30><26><1><7><0><25><16><138>u<175><154>j<168>E<213><206>}8<3><198><182><224><kale
>>>>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP result: 3, EAP PEAP inner
>>>> authentication redespatched to a Handler
>>>> Sat Dec 29 14:02:55 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>> PEAP inner authentication redespatched to a Handler
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Access challenged for r2d2: EAP
>>>> PEAP inner authentication redespatched to a Handler
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>>> *** Sending to 192.168.2.1 port 3414 ....
>>>> Code: Access-Challenge
>>>> Identifier: 0
>>>> Authentic: j<208><243><133>4j<205>*<12><235><251><190><157><128>P<10>
>>>> Attributes:
>>>> EAP-Message =
>>>> <1><7><0>;<25><0><23><3><1><0>0<131><213><165>U<240><4>~<155>S><183><163>^<15>x8<187>4,<129><13>i<220>B<9>x0S<142><148>3<219>{<17><22><1><134>6<210><182><6><137><144>U<212><234><133><23>
>>>>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>>> *** Received from 192.168.2.1 port 3416 ....
>>>> Code: Access-Request
>>>> Identifier: 0
>>>> Authentic: R<159><211><143><151>cm<149><195><139>4<5><150>,?<165>
>>>> Attributes:
>>>> User-Name = "r2d2"
>>>> NAS-IP-Address = 192.168.2.1
>>>> Called-Station-Id = "001a70ec5073"
>>>> Calling-Station-Id = "001a70d45b78"
>>>> NAS-Identifier = "001a70ec5073"
>>>> NAS-Port = 55
>>>> Framed-MTU = 1400
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> EAP-Message =
>>>> <2><7><0>[<25><0><23><3><1><0>P9<253><12>h%_<133><210><165><146><229>N<141>pE}<255>F3<133><159><14><26><194><128>Z~<148>m<245><216><18>Q<28><244><128>J\I/<233>C^Sq<230>D<139><231>e<165><254>_{%<19><171><10><20><236><238><129>6<218><192>'9<174><3><156>c<208><168><166>8<25>r9<24>t
>>>>
>>>> Message-Authenticator = <225>i<25>,SV)<210>D<1>ST<250><151><174>3
>>>>
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling request with Handler ''
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Deleting session for r2d2,
>>>> 192.168.2.1, 55
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with Radius::AuthFILE:
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with EAP: code 2, 7, 91
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Response type 25
>>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP PEAP inner authentication
>>>> request for anonymous
>>>> Sat Dec 29 14:02:55 2007: DEBUG: PEAP Tunnelled request Packet dump:
>>>> Code: Access-Request
>>>> Identifier: UNDEF
>>>> Authentic: ><28><1><170><197><229>D@^<170>h<183><9><186><235><164>
>>>> Attributes:
>>>> EAP-Message =
>>>> <2><7><0>;<26><2><7><0>:1<205>V*,<8><31>Q<24>w:l<255><206><22><144><233><0><0><0><0><0><0><0><0><17><211><201>X<201><175>V<179><244><29><171>y<161><209><235><158><168><166>^"<242><5><165><156><0>r2d2
>>>>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>> User-Name = "anonymous"
>>>> NAS-IP-Address = 192.168.2.1
>>>> NAS-Identifier = "001a70ec5073"
>>>> NAS-Port = 55
>>>> Calling-Station-Id = "001a70d45b78"
>>>>
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling request with Handler
>>>> 'TunnelledByPEAP=1'
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Deleting session for anonymous,
>>>> 192.168.2.1, 55
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with Radius::AuthFILE:
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with EAP: code 2, 7, 59
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Response type 26
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Radius::AuthFILE looks for match
>>>> with r2d2 [anonymous]
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Radius::AuthFILE ACCEPT: : r2d2
>>>> [anonymous]
>>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP result: 1, EAP MSCHAP-V2
>>>> Authentication failure
>>>> Sat Dec 29 14:02:55 2007: DEBUG: AuthBy FILE result: REJECT, EAP
>>>> MSCHAP-V2 Authentication failure
>>>> Sat Dec 29 14:02:55 2007: INFO: Access rejected for anonymous: EAP
>>>> MSCHAP-V2 Authentication failure
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Returned PEAP tunnelled packet dump:
>>>> Code: Access-Reject
>>>> Identifier: UNDEF
>>>> Authentic: ><28><1><170><197><229>D@^<170>h<183><9><186><235><164>
>>>> Attributes:
>>>> EAP-Message = <4><7><0><4>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>> Reply-Message = "Request Denied"
>>>>
>>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP result: 3, EAP PEAP inner
>>>> authentication redespatched to a Handler
>>>> Sat Dec 29 14:02:55 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>> PEAP inner authentication redespatched to a Handler
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Access challenged for r2d2: EAP
>>>> PEAP inner authentication redespatched to a Handler
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>>> *** Sending to 192.168.2.1 port 3416 ....
>>>> Code: Access-Challenge
>>>> Identifier: 0
>>>> Authentic: R<159><211><143><151>cm<149><195><139>4<5><150>,?<165>
>>>> Attributes:
>>>> EAP-Message = <1><8><0>+<25><0><23><3><1><0>
>>>> &;=[<20><161><224><208><160>mX<231><198><5>\m<11><195><229><209><0><228><20>~<129><224><148>W<140>.b
>>>>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>>> *** Received from 192.168.2.1 port 3418 ....
>>>> Code: Access-Request
>>>> Identifier: 0
>>>> Authentic: <235>aS<135><190>*K5<148><221><245>y<204><10>Zc
>>>> Attributes:
>>>> User-Name = "r2d2"
>>>> NAS-IP-Address = 192.168.2.1
>>>> Called-Station-Id = "001a70ec5073"
>>>> Calling-Station-Id = "001a70d45b78"
>>>> NAS-Identifier = "001a70ec5073"
>>>> NAS-Port = 55
>>>> Framed-MTU = 1400
>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>> EAP-Message = <2><8><0>+<25><0><23><3><1><0>
>>>> :D96<175><12><25><246>d6<216>J<236>fo<152><176><239><229><255>,{Sy<130><7>w<22>9<232>NX
>>>>
>>>> Message-Authenticator =
>>>> <215>A<210><254><232>O<203><140><148><8><227>\-<224><17>
>>>>
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling request with Handler ''
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Deleting session for r2d2,
>>>> 192.168.2.1, 55
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with Radius::AuthFILE:
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Handling with EAP: code 2, 8, 43
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Response type 25
>>>> Sat Dec 29 14:02:55 2007: DEBUG: EAP result: 1, PEAP Authentication
>>>> Failure
>>>> Sat Dec 29 14:02:55 2007: DEBUG: AuthBy FILE result: REJECT, PEAP
>>>> Authentication Failure
>>>> Sat Dec 29 14:02:55 2007: INFO: Access rejected for r2d2: PEAP
>>>> Authentication Failure
>>>> Sat Dec 29 14:02:55 2007: DEBUG: Packet dump:
>>>> *** Sending to 192.168.2.1 port 3418 ....
>>>> Code: Access-Reject
>>>> Identifier: 0
>>>> Authentic: <235>aS<135><190>*K5<148><221><245>y<204><10>Zc
>>>> Attributes:
>>>> EAP-Message = <4><8><0><4>
>>>> Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>> Reply-Message = "Request Denied"
>>>> #
>>>> # Uncomment the one you wish to use
>>>> #
>>>> #r2d2 User-Password = "adV1cespwd"
>>>> #r2d2 User-Password = {NTHASH}7E27EAC953911661F8CE9CD888AE540B
>>>> Service-Type = Framed-User
>>> NB:
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive
>>> (www.open.com.au/archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>> Have you checked the RadiusExpert wiki:
>>> http://www.open.com.au/wiki/index.php/Main_Page
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list