(RADIATOR) OpenLDAP directory + samba supporting EAP-TTLS and PEAP-MSCHAP-V2
Rogier Krieger
rkrieger at gmail.com
Thu Mar 29 09:16:15 CST 2007
Dear list,
As part of a test setup, I am trying to extend our (working) EAP-TTLS
authentication to also support EAP-PEAP-MSCHAP-V2. This is done using
Radiator 3.17 on a clean OpenBSD installation, extended with the
necessary Perl and LDAP packages.
We want to support multiple EAP types primarily as a service to users
who tend to have a plethora of different equipment. That equipment may
not always work well with TTLS, hence we would like a a secondary
option (PEAP).
We are trying to authenticate users against LM/NT hashes present in
our OpenLDAP back-end but seem to come accross MSCHAP-V2
authentication failures.
Background:
Our OpenLDAP backend stores user names and other account data. We
store encrypted (salted SHA) passwords in the userPassword, but also
have NT and LM hash'ed passwords available in the sambaLMPassword and
sambaNTPassword attributes. Samba provides the synchronisation between
all these attributes. Switching to a cleartext userPassword is not a
viable option.
Given the manual, I cannot use EncryptedPasswordAttr either as it
would prevent CHAP authentication. I would like PasswordAttr to use
the LDAP sambaNTPassword or sambaLMPassword attributes. For now, I am
unable to get MSCHAP-V2 authentication going successfully against
these attributes.
Expected issue:
I suspect the problem lies in the contents of the sambaLMPassword and
sambaNTPassword attributes (in that they only contain the hash and do
not start with {nthash} or similar prefix. As long as there is a
plaintext userPassword, authenticating against that field works. For
production, however, plaintext passwords are a no-go.
Is there a way to make Radiator realise that it deals with NT/LM
hashes in those fields without changing the actual LDAP backend's
data? As a side note: I wish using winbindd were an option. Winbindd
seems to have issues compiling on my OpenBSD system; likely due to
GNU'isms.
For the sake of completeness, I included the present test setup
configuration and a trace (from a PalmOS client).
Any insight would be greatly appreciated,
Rogier Krieger
Radiator configuration:
# cat /etc/radiator/radius.cfg
# Global options
# ==============
#
# Debugging directives
# Run the server in the background by default
#Foreground
#
# Default trace level for day-to-day production use
#Trace 4
Trace 3
# Logging directives
# Log directory & file name
LogDir /var/log/radius
LogFile %L/%Y%m-radius.log
# Primary directory/file locations
DbDir /etc/radiator/db
# Privilege settings
# Effective user running the daemon
#User _radiator
# Effective group running the daemon
#Group _radiator
# Networking directives
# Address to bind to
#BindAddress
#
# Listening ports for requests
AuthPort 1812,1645
AcctPort 1813,1646
#
# Authentication settings
# =======================
<AuthBy LDAP2>
Identifier Iverdahl-LDAP
# Generic configuration
UsernameMatchesWithoutRealm
HoldServerConnection
# LDAP Bind details
Host ldap.iverdahl.net
Version 3
AuthDN cn=radius,ou=a3,ou=services,dc=iverdahl,dc=net
AuthPassword *blanked*
# These entries are *only* for LDAP debugging purposes
#AuthDN cn=admin,ou=ldap,ou=services,dc=iverdahl,dc=net
#AuthPassword *blanked*
# LDAP SSL/TLS settings
UseSSL
SSLCAFile %D/x509/ca/Iverdahl.net-CA-cacert.pem
# LDAP Information retrieval
ServerChecksPassword
BaseDN ou=iverdahl,ou=people,dc=iverdahl,dc=net
UsernameAttr uid
PasswordAttr sambaNTPassword
#PasswordAttr sambaLMPassword
#PasswordAttr userPassword
# EAP Type settings
EAPType MSCHAP-V2
# Quick-fix for VLAN issues
StripFromReply Tunnel-Type, Tunnel-Medium-Type, Tunnel-Private-Group-ID
AddToReply Tunnel-Type=1:VLAN, \
Tunnel-Medium-Type=1:802, \
Tunnel-Private-Group-ID=1:801
</AuthBy>
# Generic EAP outer authentication
<AuthBy FILE>
Identifier Generic-File
# Username source(s)
Filename %D/users.EAP-outer
# EAP Type settings
EAPType TTLS, PEAP
# EAP TLS settings
EAPTLS_CAFile %D/x509/ca/Iverdahl.net-CA-cacert.pem
EAPTLS_CertificateFile %D/x509/certs/radius.iverdahl.net-cert.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/x509/keys/radius.iverdahl.net-key.pem
EAPTLS_PrivateKeyPassword *blanked*
EAPTLS_MaxFragmentSize 1024
# EAP-PEAP settings
EAPTLS_PEAPVersion 0
#EAPTLS_PEAPBrokenV1Label
# MPPE key distribution
AutoMPPEKeys
</AuthBy>
#
# Realms & Handlers
# =================
<Handler TunnelledByTTLS=1, Realm=iverdahl.net>
RewriteUsername s/^([^@]+).*/$1/
AuthBy Iverdahl-LDAP
</Handler>
<Handler TunnelledByPEAP=1, Realm=iverdahl.net>
#RewriteUsername s/^([^@]+).*/$1/
AuthBy Iverdahl-LDAP
</Handler>
<Handler TunnelledByPEAP=1>
#RewriteUsername s/^([^@]+).*/$1/
AuthBy Iverdahl-LDAP
</Handler>
<Handler Realm=/iverdahl.net/i>
RewriteUsername s/^([^@]+).*/$1/
# Authentication policy
AuthByPolicy ContinueWhileReject
# Provide EAP outer authentication settings
AuthBy Generic-File
# Fall-back LDAP authentication (for later; non-EAP)
AuthBy Iverdahl-LDAP
</Handler>
#
# Client settings
# ===============
# Default client connections
<Client DEFAULT>
Secret *blanked*
</Client>
# Settings for localhost connections
<Client localhost>
Secret *blanked*
DupInterval 0
</Client>
# Settings for Linksys WAP54G AP
<Client ap01.iverdahl.lan>
Secret *blanked*
DupInterval 0
</Client>
# Settings for Cisco Aironet 1200
<Client 10.0.0.20>
Secret *blanked*
#DupInterval 0
</Client>
-------------- next part --------------
Script started on Thu Mar 29 16:48:47 2007
root at karres:/root# tail -fn 3 /var/log/radius/200703-radius.log �
Thu Mar 29 16:48:34 2007: NOTICE: Server started: Radiator 3.17 on karres.iverdahl.net
Thu Mar 29 16:48:35 2007: INFO: Trace level changed to 4
Thu Mar 29 16:48:35 2007: INFO: Trace level increased to 4
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 141
Authentic: <164>yY=<161><187><195><27><144><200><146><29><222><173><226>a
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = <182><222><169><134><221>v{S!<12><17><185><223><128><196>i
EAP-Message = <2><2><0><27><1>anonymous at iverdahl.net
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:14 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:14 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:14 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:14 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:14 2007: DEBUG: Handling with EAP: code 2, 2, 27
Thu Mar 29 16:49:14 2007: DEBUG: Response type 1
Thu Mar 29 16:49:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
Thu Mar 29 16:49:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Access challenged for anonymous: EAP TTLS Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1645 ....
Code: Access-Challenge
Identifier: 141
Authentic: <164>yY=<161><187><195><27><144><200><146><29><222><173><226>a
Attributes:
EAP-Message = <1><3><0><6><21>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 142
Authentic: R/T<5>_<168><137>Ki`<B<208>t6<208>
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = <160><186>4?<241><232><205><246>b<192><252>%,<183><8><27>
EAP-Message = <2><3><0><6><3><25>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:14 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:14 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:14 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:14 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:14 2007: DEBUG: Handling with EAP: code 2, 3, 6
Thu Mar 29 16:49:14 2007: DEBUG: Response type 3
Thu Mar 29 16:49:14 2007: INFO: EAP Nak desires type 25
Thu Mar 29 16:49:14 2007: DEBUG: Resuming session for Radius::Context=HASH(0x7e370450)
Thu Mar 29 16:49:14 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Access challenged for anonymous: EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1645 ....
Code: Access-Challenge
Identifier: 142
Authentic: R/T<5>_<168><137>Ki`<B<208>t6<208>
Attributes:
EAP-Message = <1><4><0><6><25>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 143
Authentic: <178>(<139>*<195>Q#<226><227><254>R<213>A<179><170><134>
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = <134>f<23><154><207><207>W<221><161>T<6>!<159><177>d}
EAP-Message = <2><4><0>j<25><0><22><3><1><0>_<1><0><0>[<3><1>F<11><209><201><156><185>T,M<179><4>h<131><18><174><224><202><160>6<146><163><131><216><177><151>@<252><246><240><196>l<244><0><0>4<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/<0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><17><0><8><0><6><0><3><1><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:14 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:14 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:14 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:14 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:14 2007: DEBUG: Handling with EAP: code 2, 4, 106
Thu Mar 29 16:49:14 2007: DEBUG: Response type 25
Thu Mar 29 16:49:14 2007: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Thu Mar 29 16:49:14 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Access challenged for anonymous: EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1645 ....
Code: Access-Challenge
Identifier: 143
Authentic: <178>(<139>*<195>Q#<226><227><254>R<213>A<179><170><134>
Attributes:
EAP-Message = <1><5><4><10><25><192><0><0><14><180><22><3><1><0>J<2><0><0>F<3><1>F<11><209><234>{<147><26><240><225><4>#<228><236><4> <195>z<25><137>;N<129> d<6>aQvJ|<190><210> &<156>A<194><199><11><251><21><2><171><222><223>7<154>x<135>Z<253>8zEo<151><219><21><10><245><199>~/<231><24><0>5<0><22><3><1><14>W<11><0><14>S<0><14>P<0><7><26>0<130><7><22>0<130><4><254><160><3><2><1><2><2><1><13>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><150>1<11>0<9><6><3>U<4><6><19><2>NL1<11>0<9><6><3>U<4><8><19><2>ZH1<14>0<12><6><3>U<4><7><19><5>Delft1<21>0<19><6><3>U<4><10><19><12>Iverdahl.net1<21>0<19><6><3>U<4><11><19><12>PKI services1<24>0<22><6><3>U<4><3><19><15>Iverdahl.net CA1
EAP-Message = "0 <6><9>*<134>H<134><247><13><1><9><1><22><19> *blanked* 0<30><23><13>061208132011Z<23><13>160131132011Z0v1<11>0<9><6><3>U<4><6><19><2>NL1<11>0<9><6><3>U<4><8><19><2>ZH1<14>0<12><6><3>U<4><7><19><5>Delft1<21>0<19><6><3>U<4><10><19><12>Iverdahl.net1<21>0<19><6><3>U<4><11><19><12>PKI services1<28>0<26><6><3>U<4><3><19><19>radius.iverdahl.net0<130><2>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><2><15><0>0<130><2><10><2><130><2><1><0><162>E<244>C<250>B<209>><6><196><231><133><182><222><186><234><157><226>r<230><129><215>>><190><180><253><146>"<175><253><215><182>
EAP-Message = <253><255><190><8>nz<174><213>J<192>5<239><189><243><175>0<28><128><180><2>B<156><175>o<190>6<221>l<201>'/<232>t<203><250>T<249><23><20><1>v<130><13><206><244>5<167><229><-fgq<191><205>2bz<168><195>!<9><181><253>~<131><236><129><225><156>1<247><165>W<167><154><178>r<180><137>Z<250>E<187><189><152><21>n<152><142><230><132><176>teG<156>/AXzn<25><8><130><161>[U<12><238>><3>PU'<9><136><158>KM0<174><203>9<18><172>i<212>v<149><147>e<137><137><230>i<208><161>Q<150><144><191><165><182><173>0?<166><217><215><129>G<6><31>vo<14>a<8><202><146><190><127><175>]<5>a<235><172>^<131><209>h<135><212><156><138>i;}<31><194>[~5<233><202><195><236>)<243><16>it<18><140><209><0><10><129><155>T<217><129><146>*<222>k<230><239><245><2>of<132><133><178><21>7<143><13><179>`<250><133><151>]t<151><156><148><250><208><209>:<10><225>x<173><235>D><183><226>ar<239><187><180><5><218><136><0>
EAP-Message = <133><238><232><205><135>m<147><147>rI<11>O<203><251><226><11>#<203>k<186><222><221><208><198>l<12><249><166><199><143><144>7<227><205><226><167><139>bq<184><12>{<192><234><31>fJ<248><147><16>yPf5<246>$gl<199><134><245>D<11><155><249><242><183><<7>K<7>|aI<227>N<210><178>j!<23><188><150><17><136><20><227>'<148><3><238><190><205>iPs<155>k<134><230><216><133><163><19>DE<234><139><190><221><156><21><189>#ji<188>\+<244>O<220>mv"Y<2><169>QO<208>D/<246><128>1<246><216>2<243><17><133><28><231><129><16><221><236><6><167><237><238><197><174>d<151><219>Z<171><171>j<184>9<17>7<217>><163><143><241><26>M<152><18>"<173>>B<177>0<18>"<160>T<30><219>|<151>qw<191><229><4>l<23>A<174>I<173><154><233><31><239><154><226>)`7<13>8<155>8<241>w<152><152>=<11>)o//<199><158>$<31><2><3><1><0><1><163><130><1><140>0<130><1><136>0<9><6><3>U<29><19><4><2>0<0>0<17><6>
EAP-Message = <9>`<134>H<1><134><248>B<1><1><4><4><3><2><6>@0.<6><9>`<134>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 144
Authentic: <3><174><186>f<253><146>j<155><224><143>w.d<200>.T
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = <141>h<27>&<185><165>O!<222><137>l<187><170>V<8>t
EAP-Message = <2><5><0><6><25><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:14 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:14 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:14 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:14 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:14 2007: DEBUG: Handling with EAP: code 2, 5, 6
Thu Mar 29 16:49:14 2007: DEBUG: Response type 25
Thu Mar 29 16:49:14 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Access challenged for anonymous: EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1645 ....
Code: Access-Challenge
Identifier: 144
Authentic: <3><174><186>f<253><146>j<155><224><143>w.d<200>.T
Attributes:
EAP-Message = <1><6><4><6><25>@H<1><134><248>B<1><13><4>!<22><31>Iverdahl.net server certificate0<29><6><3>U<29><14><4><22><4><20><21><154>K<183><227><154><12>S<153><233><233><194><203>w<162>-<231>V<205><159>0<129><203><6><3>U<29>#<4><129><195>0<129><192><128><20>c<183><241><132><132><128>[b <180><20>V<154><227><146><188><7><220>7<14><161><129><156><164><129><153>0<129><150>1<11>0<9><6><3>U<4><6><19><2>NL1<11>0<9><6><3>U<4><8><19><2>ZH1<14>0<12><6><3>U<4><7><19><5>Delft1<21>0<19><6><3>U<4><10><19><12>Iverdahl.net1<21>0<19><6><3>U<4><11><19><12>PKI services1<24>0<22><6><3>U<4><3><19><15>Iverdahl.net CA1"0 <6><9>*<134>H<134><247><13><1><9><1>
EAP-Message = <22><19> *blanked* <130><9><0><240><241>5<171>P<227>j<163>0<30><6><3>U<29><18><4><23>0<21><129><19> *blanked* 0<30><6><3>U<29><17><4><23>0<21><130><19>radius.iverdahl.net0<11><6><3>U<29><15><4><4><3><2><5><160>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><2><1><0><130>%<242>WzSx<169><251><21><148>x<230>t<18><184><178>QK<166><19>:<27><232><254>X<168><213><147>@<245>'n$<230><157><222><129><255><152>Vc-V<165><246><188><233>[$g<201>R<140><166><165>P<156><161><189>p<215><159><211><251><193><26><191><180><201>=<194>14><169><31>9d<202>[l<21><161><199><205>V<174>m<252><145>uAp?<186>g<213>S<163><214>#<147><22><166>x4<191><142><147><218><207><197><7><171><206>cxXG83<205><192>
EAP-Message = <129><150><149><149><247>pU:<147><31><227>'@<164><21><233>^tJnY<154><10><175><140><197><202><16><16>1<5><4><176>(<250><134><23>lYI<230><175><20><13><167>+Z<190>F<156><173>Q<241><7><162><14>]<163><167><194>UCx<137><147><199><171><221><246>r3<251>e<253><12>4<229><186><4><212>}<171>r<127><209><157>h<134>ZF<245>N<131>R<240>C9<147><154>#j<252>s<25>%<216><250><206><28><152><230>I<28><156>_<240><191><164>6$5f<30><139>&E<157><201><166>><180><<252><220>=v<139>V<241><214>B<248><198>c<165><11><24><237><238>'V<22><132><186><139><163><154><16><206>:<214><221>b<235><175><10><15><165><144><173><139><141>Pi<249><3>L<213>@G<241><128>}Q<215>+<E<238>d<178><234><10>z<145>?<217>d<212><206>1B)?<200><135>~2<246>Oc2<175><141><0><177><13><144><4><223>,<175><162>!<29><146><21><209><0><246><229><180>9<131><5><225><27><179>1<143>_No<147><27><251>,<156>So;<138>U
EAP-Message = <196><137>g<143>C+]<133><129>uV<131>U{>4<217><11><220>f-<146><18><174>]p<166><253><13>o<150><18>+<183><212><15><186>/F<246><193>V<228><23><168>F<25>z<218><27>r<233><222><199><147>7<157>g<131>,%-<153>YF<206><149>[<206><242><241><135><250><255><183><131><146><13><162><180><211><179><213><234><254><19>Wi<14>jnU&<224>B0<246><142><255>R<240><147><12><232>LEo<134><149><229><246>&|nd7<8>R!-<208><218>$<183>K<213>k<133>m<144><210>a.<132>W<0><7>00<130><7>,0<130><5><20><160><3><2><1><2><2><9><0><240><241>5<171>P<227>j<163>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><150>1<11>0<9><6><3>U<4><6><19><2>NL1<11>0<9><6><3>U<4><8><19><2>ZH1<14>0<12><6><3>U<4><7><19><5>Delft1<21>0<19><6><3>U<4><10><19><12>Iverdahl.net1<21>0<19><6><3>U<4>
EAP-Message = <11><19><12>PKI services1<24>0
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 145
Authentic: :<208>PYed><156>O<194><182><151>N<222>&<241>
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = <138>U<129><192>H<161>)<182>x<171><133><181><201><218><15>V
EAP-Message = <2><6><0><6><25><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:14 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:14 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:14 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:14 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:14 2007: DEBUG: Handling with EAP: code 2, 6, 6
Thu Mar 29 16:49:14 2007: DEBUG: Response type 25
Thu Mar 29 16:49:14 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Access challenged for anonymous: EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1645 ....
Code: Access-Challenge
Identifier: 145
Authentic: :<208>PYed><156>O<194><182><151>N<222>&<241>
Attributes:
EAP-Message = <1><7><4><6><25>@<22><6><3>U<4><3><19><15>Iverdahl.net CA1"0 <6><9>*<134>H<134><247><13><1><9><1><22><19> *blanked* 0<30><23><13>060814145406Z<23><13>251231145406Z0<129><150>1<11>0<9><6><3>U<4><6><19><2>NL1<11>0<9><6><3>U<4><8><19><2>ZH1<14>0<12><6><3>U<4><7><19><5>Delft1<21>0<19><6><3>U<4><10><19><12>Iverdahl.net1<21>0<19><6><3>U<4><11><19><12>PKI services1<24>0<22><6><3>U<4><3><19><15>Iverdahl.net CA1"0 <6><9>*<134>H<134><247><13><1><9><1><22><19> *blanked* 0<130><2>
EAP-Message = "0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><2><15><0>0<130><2><10><2><130><2><1><0><212><245>q<142><23><240><236><131><203><18><195><231><177><138>jo<<156><219>vk<223>*F<255>`W<250><206><1><173><197>)z2<187>t<161>j<216><230><248><3><131><25><20><241><204>Rf<189>O<225><234><5><228><232>W at r<207>T<219>Zm<244><29><227><20><224><22><253>&Y<152><178>c<178><131><181><255>0<127>Rf<14>O<205><230>`<255><196><225>e<152><226>Qf<231><254>yk<231><173><130>*<17><214><190>O<20><191><255>`xW<205><138>$<20>X<209>8<145><184><214><135>&<12><214>3<231><228><220><167><17><185>ja<255>d.h<187><201>>S<198>v<7><134><173><222>S'kW;6<23>4<149><146>D<197>V<253><220><175>B<196>Kx<169>U<9><217><205><194><166><166>5;"d<179><253>b<140><150><247><250><138><135><228>&<252>@<210>,<167><250><171><7>-<222><139>H<230><183><233>#j<151><247>~X~@<242><183>%-
EAP-Message = rN<187><233><134><251><206>['<240>v<188>8)C&9<135><241>xN<197>.{_<204>e<215><150><15><226>A<191>w|<251>\6=<218><180>5nc<219><142><194><181><159><168><185>Y<209><19><29>}<220>qX<4><248><222><236>N<211>@<177>u<21><161><213><15>EJ\d<154><29>?%<138>m<8><177><164><157> <20><182>?<244><248><26><203><134><252><210><194><235><185>+<210><141><135>O<224><199><173>3#$<165><134><12><20>~<145><5><134><174><129>0<218><136><141><129><134><248>S*<228><215><136><212><29>Mh<155>#<166><252><213><139><230>?<153><166>?<178><16><19><221>'><238><231>\o<220><157><26><192><25>t<180>H<174><245>`A$<204>J><246><139><209><192>"*<227>`<215><185><235><196><2><141><248><162><255><180><152>3,<170><215>I<187>J at 3<141>=<208><211><192><210>]<214><27><<189>/<128><132><189><208><183><169>L<151><196><20><22><191>Z<223><172><154><252><204><140>-+<234><186><144><26>t$<231>l<12><17><229><157><224><242>r<20><28>=
EAP-Message = W<233><183>#<240>=<177>\<178><2>u<239>Q<220><154>><252>N5<242><242><5>s<179><193>^v<211>c<135><223>-^<240>=#<2><3><1><0><1><163><130><1>y0<130><1>u0<29><6><3>U<29><14><4><22><4><20>c<183><241><132><132><128>[b <180><20>V<154><227><146><188><7><220>7<14>0<129><203><6><3>U<29>#<4><129><195>0<129><192><128><20>c<183><241><132><132><128>[b <180><20>V<154><227><146><188><7><220>7<14><161><129><156><164><129><153>0<129><150>1<11>0<9><6><3>U<4><6><19><2>NL1<11>0<9><6><3>U<4><8><19><2>ZH1<14>0<12><6><3>U<4><7><19><5>Delft1<21>0<19><6><3>U<4><10><19><12>Iverdahl.net1<21>0<19><6><3>U<4><11><19><12>PKI services1<24>0<22><6><3>U<4><3><19><15>Iverdahl.net CA1"0 <6><9>*<134>H<134><247><13><1><9>
EAP-Message = <1><22><19>ca at pki.iverdahl
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 146
Authentic: j{<241>F7<247><24>7<220>g<143><226>)<172>~<147>
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = T<129><231><19>i$<142><155><12><204><154>K%><152>u
EAP-Message = <2><7><0><6><25><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:14 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:14 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:14 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:14 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:14 2007: DEBUG: Handling with EAP: code 2, 7, 6
Thu Mar 29 16:49:14 2007: DEBUG: Response type 25
Thu Mar 29 16:49:14 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Access challenged for anonymous: EAP PEAP Challenge
Thu Mar 29 16:49:14 2007: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1645 ....
Code: Access-Challenge
Identifier: 146
Authentic: j{<241>F7<247><24>7<220>g<143><226>)<172>~<147>
Attributes:
EAP-Message = <1><8><2><186><25><0>.net<130><9><0><240><241>5<171>P<227>j<163>0<15><6><3>U<29><19><1><1><255><4><5>0<3><1><1><255>0<17><6><9>`<134>H<1><134><248>B<1><1><4><4><3><2><0><7>0<9><6><3>U<29><18><4><2>0<0>0*<6><9>`<134>H<1><134><248>B<1><13><4><29><22><27>Iverdahl.net CA certificate0<30><6><3>U<29><17><4><23>0<21><129><19> *blanked* 0<11><6><3>U<29><15><4><4><3><2><1><6>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><2><1><0>6:<178><14><211> m<160>F<159>u<253><161>TDQ<228>y2<183><243><237><221>:<187>,<135><171><135><159><231>h<180><140><144><23><176><148><181><240><179>s<221>E<199>yIpNl<183>L<10><232><230>t$Mm+<202><231>a<31>d<237><11><14><196>h<12><212><142>`<17><202>
EAP-Message = <13><127>=<153><148><16><169>1<226><><179>><28>WQ<203>m<20><167>X<174><217><167>9<31>Y<168>R<150><255><183><13><212><151><254><211><240>Dx<208><211><230>z<166>l<239>DU<235><17>1<163>vL<224><247>Y<163><245><183><233><25><159>{Lhm<147><13><162>j<147>*<243><210><27><206>t<238>5<143><237><207><15><212>p<248>gk<204><165><16>}<253><132><225><226>;<156><150><6><237>8:<227><166><197>l2<179><163><146>p<147><190><9><150><184>wO<1>7E<148><189><167>p<225>!<188>[<219><8><199><16><252><169><27>+<244><163><142>@<233><174><133><212><31><142><3>"<29>}g<20>}<131><20><249><17>T<252><247>Y<251>6<137><219><137>G<194><228><153><243><144><195>! #P<236><25><209>r<166>0<248><154><20><225>2<235><187><139>3<144><16><25>[<5>ws<205>%7<158>KE<204><139><233>f<193>>~<28><219>\<140><26><223><146><224>M<219><215>`~<162><226>v<200><138><214><15><229>y<160>H;<189><145><18><160>8~<21><175>D<4><169><30>
EAP-Message = <139><3>Lm:<199>:<164><198><134><240><27>|<135>O<208><172><180><219><134><241>j<244>:<6><195><244><182><138><175><160><210><238>{<128>b=y <245><14><189><205><169><178><147><212>J<221><237>F<1><241>m<196><187><18><250>.<186>iz<137><237>M<178>s<21>3.<149><223>C{<175><242><152>j<130><25>5e<151><150>B<252><142><200>7)<229><225><154><160>o<2><249><29><170>d<17><252>Ay<135><27><131>F_k<132>/<215>P.!<231>Q.3<212><233><196><211>6x<210>&}<228><251><200>M<177>M<140>(<216>7<128>^<203>E<238><193><134>v<225><30><224><9><31><145><132><15>)<26><204><223>pC<133><173><240><127>d<190>x<24>2tr<179><240><176><5><128><156><135><154>)<223><203><22><3><1><0><4><14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 29 16:49:15 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 147
Authentic: <243><188><201><129>g<179><250><251><180><255>LY<130>0<165>H
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = }<210><175><129>B<159>\<210><142><10><194><141>T<29><220><209>
EAP-Message = <2><8><2>L<25><0><22><3><1><2><6><16><0><2><2><2><0><155><174><140>n<28><148>)!<192><217>j<206><192><231><176><3><205>w<250><202><3><29><27><17>+.<252>c<155><255><191><239>Av<193><148><26>;#<229><25><219><12>|<148><19>.<132><7><176><204><211>c<1><145><139><235>l<18><228><196><237>N<153><246>"<128><246>f<224>_a`<23><4><198><13>lg<234><212><128><210>F<1>VI<161><24><25>XB`e<135><170><223>^N<217><181><165><4> X<20><21>7Vz<198>_<18><132><127><167><202><230>B<219>;_<130><177><179><138>xI<219><3><22><157>IY><253><28><130><154><187>yEv9p]<203><174><170>!p^<8>#<143><233>P<244>u<231>3<10><149><178><156><8>L<184><20><216><207>+qVcI<194>><148><255><142><28><19><151><221> <222>SiZw<239><132>a<j<162>\<209>U<235><207><18><133><187><30><188><214>b<16>T]<145><204><190>"q<243><174><136><233>|x=F<228>Zxi<232><3><249>K1<20>|
EAP-Message = !-<251>6?<206><181>d'<143><24><187>AA<21>X<167><178><237><177><134><197>'<0>9<143><6><18><251><219><129><8><140><175><165>D<174><147>C<204><145><185>:^<134><150>[Q<179>a<203><166>/<234><230>*<16>*3<235>B\U<212><242><199><155>A<161><10>B<223>6<181><223><247><220>`<205><223>O<140><151>a<167><198><13><8><150><163><30><165>[J*<31><196><232>:<213>-v<196>:E<0><164>6<2>8<188><225><160><210>!<22><212><1><210><232>O<156><234>v]><236><20><192>Ju3<153><231>t<133><206><1><179>RP<4><128><228>a<145>i<2>7<198><189><30>,<19><30><220>D|<186><247>&<15>+<166><184><204><145><234><216><220><165><213><167><10><174><247><2>3hX'~<188><147><231><237>i<242><217><229><250><231>g]5<222>V<204><216>q<182>G<221><<4><249><192><175><129><2><253><147><29>r<171><30><209><156><173><252>C<243><248><21><214>?<204><150><8>m<216>K`<252>b<190>;<8><251>g<131><132><184>*<169><194><210><156><223><176><4><231>:
EAP-Message = }<165>T<145><30><211><18><163>D:<233>D<18><172><130><130><25>;<150><129>q<223>R<20><3><1><0><1><1><22><3><1><0>0T<188><227>A<17><28>z y<132><132>W.<152>G<9><205>/ f{q<134>ExZTz<162><143><228><184>I<238>q<136>8^<19><231>v<1>"<4><225><180>'<230>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:15 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:15 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:15 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:15 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:15 2007: DEBUG: Handling with EAP: code 2, 8, 588
Thu Mar 29 16:49:15 2007: DEBUG: Response type 25
Thu Mar 29 16:49:15 2007: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Thu Mar 29 16:49:15 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
Thu Mar 29 16:49:15 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Thu Mar 29 16:49:15 2007: DEBUG: Access challenged for anonymous: EAP PEAP Challenge
Thu Mar 29 16:49:15 2007: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1645 ....
Code: Access-Challenge
Identifier: 147
Authentic: <243><188><201><129>g<179><250><251><180><255>LY<130>0<165>H
Attributes:
EAP-Message = <1><9><0>E<25><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0<153><220><153><139>4<135><222><5>3<208>nV*}<200><189><217>7<17>+<153><161>d~j<225><232><204><137>_<0>tE~+!zE<135>[<255><24><135><185><197><15><190><8>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 29 16:49:15 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 148
Authentic: R<3>Wh<30>#<27><156><219><229><29><136><198><144><196><8>
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = <209><7><220><252><168><200>.(<186><169><163>*<193><251>p<221>
EAP-Message = <2><9><0><6><25><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:15 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:15 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:15 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:15 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:15 2007: DEBUG: Handling with EAP: code 2, 9, 6
Thu Mar 29 16:49:15 2007: DEBUG: Response type 25
Thu Mar 29 16:49:15 2007: DEBUG: EAP result: 3, EAP PEAP Challenge
Thu Mar 29 16:49:15 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Thu Mar 29 16:49:15 2007: DEBUG: Access challenged for anonymous: EAP PEAP Challenge
Thu Mar 29 16:49:15 2007: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1645 ....
Code: Access-Challenge
Identifier: 148
Authentic: R<3>Wh<30>#<27><156><219><229><29><136><198><144><196><8>
Attributes:
EAP-Message = <1><10><0>+<25><0><23><3><1><0> <192><151><216>(LL<1><133><154>\<129><16>5<213><228><237><217><196><21><1><17><21><129><185>J<219><172>-<238><151>ZI
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 29 16:49:15 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 149
Authentic: <164>X<150><130>m<187><214>V<24><239><246>n<13><131>N
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = Q<<5>'<2>:s<8><201><226>YX<145><21><148><174>
EAP-Message = <2><10><0>`<25><0><23><3><1><0> <20><167><168>5<139><232>|<196><170>7<252>i<151><23><243><6<217>DE8<187><226><242><202><255>:<145><2><128><27>r<23><3><1><0>0<187>E<144>(<176>^#<206>9J<199><134><142>P<189><155><237>,<175><198>K=<193>5<171>\&<157><247><230><228><185>Ql<191>M<136>"<7><217><192>n<137><14><9><149><200><173>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:15 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:15 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:15 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:15 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:15 2007: DEBUG: Handling with EAP: code 2, 10, 96
Thu Mar 29 16:49:15 2007: DEBUG: Response type 25
Thu Mar 29 16:49:15 2007: DEBUG: EAP PEAP inner authentication request for anonymous
Thu Mar 29 16:49:15 2007: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <215><201><227><172><162><160><30><236>0G<18>I<0>p<188><197>
Attributes:
EAP-Message = <2><10><0><18><1>test at iverdahl.net
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = 10.0.0.20
NAS-Port = 271
Calling-Station-Id = "000b.6c52.1a49"
Thu Mar 29 16:49:15 2007: DEBUG: Handling request with Handler 'TunnelledByPEAP=1'
Thu Mar 29 16:49:15 2007: DEBUG: Deleting session for anonymous, 10.0.0.20, 271
Thu Mar 29 16:49:15 2007: DEBUG: Handling with Radius::AuthLDAP2: Iverdahl-LDAP
Thu Mar 29 16:49:15 2007: DEBUG: Handling with EAP: code 2, 10, 18
Thu Mar 29 16:49:15 2007: DEBUG: Response type 1
Thu Mar 29 16:49:15 2007: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Thu Mar 29 16:49:15 2007: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP MSCHAP-V2 Challenge
Thu Mar 29 16:49:15 2007: DEBUG: Access challenged for anonymous: EAP MSCHAP-V2 Challenge
Thu Mar 29 16:49:15 2007: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: <215><201><227><172><162><160><30><236>0G<18>I<0>p<188><197>
Attributes:
EAP-Message = <1><11><0>-<26><1><11><0>(<16><134><170>}c<167>z<<1><176><5>+<237><168><188><0>&karres.iverdahl.net
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 29 16:49:15 2007: DEBUG: EAP result: 3, EAP PEAP inner authentication redespatched to a Handler
Thu Mar 29 16:49:15 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication redespatched to a Handler
Thu Mar 29 16:49:15 2007: DEBUG: Access challenged for anonymous: EAP PEAP inner authentication redespatched to a Handler
Thu Mar 29 16:49:15 2007: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1645 ....
Code: Access-Challenge
Identifier: 149
Authentic: <164>X<150><130>m<187><214>V<24><239><246>n<13><131>N
Attributes:
EAP-Message = <1><11><0>K<25><0><23><3><1><0>@<10><228><226><219><216>Q<138><29>[<187>b<238>D;<146><163><5><135>g<199><215><160><153>C<215><3>ic<148><29><9><207><128>v<23>Pw<207><195><179><165><15><254>m<192><227>&H,E<30><210>k<187>(\<149>r<144><165><21>1<28><160>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 29 16:49:15 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 150
Authentic: <155><17><190><150><219><227><27><249><215><244><208> <181>\<157>e
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = o<239>iq]<248><231>8<13><201><193>b<15><22><171><192>
EAP-Message = <2><11><0><144><25><0><23><3><1><0> r<27>.<222><230>sS<188>G<172>}QK<16><135>A<14><234>Zr<195><184><137><189>?7<189><218><153><247><144>.<23><3><1><0>`a<202>4e<164>.<179><180> \x<141>32<148>U<6><238><157>C<179>O<159><148><182>9<174><4>5<191><191>pD<171>=<138><145><23>a<200><185><202><189>[1<227>w<187><209><150>N<14><142><0><176>v<238><172>L<136>3<211><137><198>=<145>.f<234><21><240><242><9><223><8><132>%j<215><243>Yf<156><143><163><214>+<189><17>L<131><227>n<24><200>A
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:15 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:15 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:15 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:15 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:15 2007: DEBUG: Handling with EAP: code 2, 11, 144
Thu Mar 29 16:49:15 2007: DEBUG: Response type 25
Thu Mar 29 16:49:15 2007: DEBUG: EAP PEAP inner authentication request for anonymous
Thu Mar 29 16:49:15 2007: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <147>w<20>)y.<172>><253>Zo<212>Q<221>><15>
Attributes:
EAP-Message = <2><11><0>H<26><2><11><0>G1<131><194><148><187>6<164><139>e<142>_V<12>u<190><241><195><0><0><0><0><0><0><0><0><215><214>(<188><18>,O<148><141>9<242><160><215><130><137><134><28><169><141>z<215><184><239><148><0>test at iverdahl.net
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = 10.0.0.20
NAS-Port = 271
Calling-Station-Id = "000b.6c52.1a49"
Thu Mar 29 16:49:15 2007: DEBUG: Handling request with Handler 'TunnelledByPEAP=1'
Thu Mar 29 16:49:15 2007: DEBUG: Deleting session for anonymous, 10.0.0.20, 271
Thu Mar 29 16:49:15 2007: DEBUG: Handling with Radius::AuthLDAP2: Iverdahl-LDAP
Thu Mar 29 16:49:15 2007: DEBUG: Handling with EAP: code 2, 11, 72
Thu Mar 29 16:49:15 2007: DEBUG: Response type 26
Thu Mar 29 16:49:15 2007: INFO: Connecting to ldap.iverdahl.net:636
Thu Mar 29 16:49:15 2007: INFO: Attempting to bind to LDAP server ldap.iverdahl.net:636
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got result for cn=Test User,ou=iverdahl,ou=people,dc=iverdahl,dc=net
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got cn: Test User
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got objectClass: inetOrgPerson posixAccount sambaSamAccount
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got givenName: Test
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got sn: User
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got uid: test
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got uidNumber: 32768
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got gidNumber: 32768
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got sambaSID: S-1-5-21-595785950-2068657906-429534836-9198
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got sambaPrimaryGroupSID: S-1-5-21-595785950-2068657906-429534836-9199
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got sambaPwdCanChange: 1175178988
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got sambaPwdMustChange: 2147483647
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got sambaLMPassword: 4260FF3B6552CC27417EAF50CFAC29C3
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got sambaNTPassword: 62125874FC293DDE1B90A4A96684BF45
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got sambaPasswordHistory: 0000000000000000000000000000000000000000000000000000000000000000
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got sambaPwdLastSet: 1175178988
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got sambaAcctFlags: [U ]
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got displayName: PEAP Test user
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got gecos: PEAP Test user
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got userPassword: peaptest
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got homeDirectory: /nonexistent
Thu Mar 29 16:49:16 2007: DEBUG: LDAP got loginShell: /sbin/nologin
Thu Mar 29 16:49:16 2007: DEBUG: Radius::AuthLDAP2 looks for match with test [anonymous]
Thu Mar 29 16:49:16 2007: DEBUG: Radius::AuthLDAP2 ACCEPT: : test [anonymous]
Thu Mar 29 16:49:16 2007: DEBUG: EAP result: 1, EAP MSCHAP-V2 Authentication failure
Thu Mar 29 16:49:16 2007: DEBUG: AuthBy LDAP2 result: REJECT, EAP MSCHAP-V2 Authentication failure
Thu Mar 29 16:49:16 2007: INFO: Access rejected for anonymous: EAP MSCHAP-V2 Authentication failure
Thu Mar 29 16:49:16 2007: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Reject
Identifier: UNDEF
Authentic: <147>w<20>)y.<172>><253>Zo<212>Q<221>><15>
Attributes:
EAP-Message = <4><11><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Thu Mar 29 16:49:16 2007: DEBUG: EAP result: 3, EAP PEAP inner authentication redespatched to a Handler
Thu Mar 29 16:49:16 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication redespatched to a Handler
Thu Mar 29 16:49:16 2007: DEBUG: Access challenged for anonymous: EAP PEAP inner authentication redespatched to a Handler
Thu Mar 29 16:49:16 2007: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1645 ....
Code: Access-Challenge
Identifier: 150
Authentic: <155><17><190><150><219><227><27><249><215><244><208> <181>\<157>e
Attributes:
EAP-Message = <1><12><0>+<25><0><23><3><1><0> +<139><21>6<134><14><181> B<196><2><249><129><164>j<198>r<28>GC<233><128>)<175><187><187>tk<130><209>&A
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 29 16:49:16 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 151
Authentic: <8>v<129><25>m<3>RH<249><1><15>E<252><163><218>
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = ><170><4>~<25><20><130><22><232>h<30><166><240>b<141><9>
EAP-Message = <2><12><0>P<25><0><23><3><1><0> -><248><147>><173><6>Fd9:<205><152><31>o<146><188>WL%]<250><177><197><170><31>p<227>[<189>70<23><3><1><0> u<188><207> <194><135><142><249><127><199><194>p<190>1g<137><145>e<206><168><149>v<143>G~<207>7M\<174>0<29>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:16 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:16 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:16 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:16 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:16 2007: DEBUG: Handling with EAP: code 2, 12, 80
Thu Mar 29 16:49:16 2007: DEBUG: Response type 25
Thu Mar 29 16:49:16 2007: DEBUG: EAP result: 1, PEAP Authentication Failure
Thu Mar 29 16:49:16 2007: DEBUG: AuthBy FILE result: REJECT, PEAP Authentication Failure
Thu Mar 29 16:49:16 2007: DEBUG: Handling with Radius::AuthLDAP2: Iverdahl-LDAP
Thu Mar 29 16:49:16 2007: DEBUG: Handling with EAP: code 2, 12, 80
Thu Mar 29 16:49:16 2007: DEBUG: Response type 25
Thu Mar 29 16:49:16 2007: DEBUG: EAP result: 2, TLS not initialised
Thu Mar 29 16:49:16 2007: DEBUG: AuthBy LDAP2 result: IGNORE, TLS not initialised
Thu Mar 29 16:49:21 2007: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1645 ....
Code: Access-Request
Identifier: 151
Authentic: <8>v<129><25>m<3>RH<249><1><15>E<252><163><218>
Attributes:
User-Name = "anonymous at iverdahl.net"
Framed-MTU = 1400
Called-Station-Id = "0012.dabf.8180"
Calling-Station-Id = "000b.6c52.1a49"
Service-Type = Login-User
Message-Authenticator = ><170><4>~<25><20><130><22><232>h<30><166><240>b<141><9>
EAP-Message = <2><12><0>P<25><0><23><3><1><0> -><248><147>><173><6>Fd9:<205><152><31>o<146><188>WL%]<250><177><197><170><31>p<227>[<189>70<23><3><1><0> u<188><207> <194><135><142><249><127><199><194>p<190>1g<137><145>e<206><168><149>v<143>G~<207>7M\<174>0<29>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 271
NAS-IP-Address = 10.0.0.20
Thu Mar 29 16:49:21 2007: DEBUG: Handling request with Handler 'Realm=/iverdahl.net/i'
Thu Mar 29 16:49:21 2007: DEBUG: Rewrote user name to anonymous
Thu Mar 29 16:49:21 2007: DEBUG: Deleting session for anonymous at iverdahl.net, 10.0.0.20, 271
Thu Mar 29 16:49:21 2007: DEBUG: Handling with Radius::AuthFILE: Generic-File
Thu Mar 29 16:49:21 2007: DEBUG: Handling with EAP: code 2, 12, 80
Thu Mar 29 16:49:21 2007: DEBUG: Response type 25
Thu Mar 29 16:49:21 2007: DEBUG: EAP result: 2, TLS not initialised
Thu Mar 29 16:49:21 2007: DEBUG: AuthBy FILE result: IGNORE, TLS not initialised
^C
root at karres:/root# ^D
Script done on Thu Mar 29 16:49:25 2007
More information about the radiator
mailing list