(RADIATOR) EAP-TTLS
Hugh Irvine
hugh at open.com.au
Thu Nov 8 20:44:04 CST 2007
Hello Steffen -
Could you try this without the username rewrite? I suspect this may
be the problem.
Please send the trace 4 debug showing what happens, together with the
trace 4 debug from the other system.
thanks and regards
Hugh
On 8 Nov 2007, at 23:58, Steffen Hedegaard wrote:
> Hi, i Am having some problems with a radiator 3.17.1 patched
> 18-6-07 setup
> used for eap-ttls-pap authentication. I get so far as the server
> sends (and
> the client receives) an access-accept package, and then the
> authentication
> process just seems to start over. I have another radiator server
> running
> 3.15, which works with the same config file settings (minus the
> username
> rewrite).
> Radiator is installed as a service on a windows 2003 server with
> activeperl
> 5.8.8.820.
>
> The config file, and trace 4 debug of a session, is at the end of
> the mail.
>
> Best regard
> Steffen Hedegaard
>
>
>
>
>
>
> Foreground
> LogStdout
> LogDir C:\Program Files\Radiator
> DbDir C:\Program Files\Radiator
> DictionaryFile C:\Program Files\Radiator\dictionary
> AuthPort 1812
> AcctPort 1813
>
>
> ### Logginf options ###
>
> # User a lower trace level in production systems:
> Trace 4
>
> <AuthLog FILE>
> Identifier accountinglog
> LogSuccess 1
> LogFailure 1
> SuccessFormat %l : %n : %N : %{NAS-Identifier} : OK
> FailureFormat %l : %n : %N : %{NAS-Identifier} : Failed
> Filename c:\program files\radiator\authlog
> </AuthLog>
>
>
>
> ######################################################################
> ####
> #
> Clients #
> ######################################################################
> ####
>
>
> # JanP
> <Client radius.another.dom.ain>
> Secret mysecret
> DupInterval 0
> </client>
>
> <Client radius2.another.dom.ain>
> Secret mysecret
> DupInterval 0
> </client>
>
>
> ######################################################################
> ####
> # Authentication metoder og
> viderestillinger #
> ######################################################################
> ####
>
>
> ### EAP-TTLS ###
>
> <AuthBy FILE>
> # auth af ydre request med eap-ttls, anonymous bruger
> Identifier AD-sund-ttls
> Filename C:/Program Files/Radiator/users
> EAPType TTLS
> EAPTLS_CAFile C:/Program Files/Radiator/radiusparent.cert
> EAPTLS_CertificateType PEM
> EAPTLS_CertificateFile C:/Program Files/Radiator/
> radius_my_dom_ain.cert
> EAPTLS_PrivateKeyFile C:/Program Files/Radiator/radius_my_dom_ain.key
> EAPTLS_PrivateKeyPassword
> EAPTLS_MaxFragmentSize 1000
> AutoMPPEKeys
> SSLeayTrace 4
> </AuthBy>
>
> <AuthBy LSA>
> # Auth af brugere i Active Directory domænet my.root.dom.ain, inner
> request
> Identifier AD-sund2-ttls
> EAPType PAP
> #AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
> </AuthBy>
>
>
>
>
> ### Forespørgsler der ryger til JanP
>
> <AuthBy RADIUS>
> Identifier EDUROAM
> Host radius.xxx.xx.xx
> Secret mysecret
> FailureBackoffTime 10
> Retries 0
> RetryTimeout 6
> AuthPort 1812
> AcctPort 1813
> </AuthBy>
>
>
> ######################################################################
> ####
> #
> Handlers #
> ######################################################################
> ####
>
> ### EAP-TTLS
> <Handler TunnelledByTTLS=1>
> #nner request, vil altid være et lokalt domæne når vi når hertil.
> RejectHasReason
> #rewriter til @my.root.dom.ain
> RewriteUsername s/^([^@]+).*/$1\@my.root.dom.ain/
> AuthBy AD-sund2-ttls
> AuthLog accountinglog
> </Handler>
>
> <Handler User-Name=anonymous at my.dom.ain>
> #outer request, matcher username at my.dom.ain
> AuthBy AD-sund-ttls
> </Handler>
>
>
> ### Vidersendelse til central ku server
> <Handler>
> #default handler sender alt andet videre til janp's servere.
> AuthBy EDUROAM
> AuthLog accountinglog
> </Handler>
>
>
>
>
>
>
>
>
>
>
> Thu Nov 1 14:30:44 2007: DEBUG: Finished reading configuration file
> 'C:\Program Files\Radiator\radius.cfg'
> Thu Nov 1 14:30:44 2007: DEBUG: Reading dictionary file 'C:\Program
> Files\Radiator\dictionary'
> Thu Nov 1 14:30:44 2007: DEBUG: Creating authentication port
> 0.0.0.0:1812
> Thu Nov 1 14:30:44 2007: DEBUG: Creating accounting port 0.0.0.0:1813
> Thu Nov 1 14:30:44 2007: NOTICE: Server started: Radiator 3.17.1
> on Rad1
> Thu Nov 1 14:31:34 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 15
> Authentic: <184><232><231>mn^<171><152>.<246><230><178>8Q)H
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
> Message-Authenticator =
> <149><191><24><8><156>h<21>I<153>n<16><235><16><152>Fm
> Proxy-State = 18
>
> Thu Nov 1 14:31:34 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:31:34 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:31:34 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:31:34 2007: DEBUG: Handling with EAP: code 2, 1, 25
> Thu Nov 1 14:31:34 2007: DEBUG: Response type 1
> Thu Nov 1 14:31:36 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:31:36 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:31:36 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:31:36 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 15
> Authentic: <184><232><231>mn^<171><152>.<246><230><178>8Q)H
> Attributes:
> EAP-Message = <1><2><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 18
>
> Thu Nov 1 14:31:36 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 16
> Authentic: uh<29><168><201>q<249>`t<217><162><239><135><140>pt
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message =
> <2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)
> <3><1>J<241><161><235><
> 236>N<201><153>:<166>V8<246><165><214>|
> <202><158><229><130><155><243>=<169><
> 157>~|<163>-<159>G<4><0><0><2><0><10><1><0>
> Message-Authenticator =
> x"<240>E<192>5<209><181>9<226><178>DU<1>f<242>
> Proxy-State = 19
>
> Thu Nov 1 14:31:36 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:31:36 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:31:36 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:31:36 2007: DEBUG: Handling with EAP: code 2, 2, 60
> Thu Nov 1 14:31:36 2007: DEBUG: Response type 21
> Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS data, 24576, 2, -1
> Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2,
> 8576
> Thu Nov 1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:31:37 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 16
> Authentic: uh<29><168><201>q<249>`t<217><162><239><135><140>pt
> Attributes:
> EAP-Message =
> <1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G)<
> 213>9<
> 239><248><230>z<147><174>K<18><158><190><247>
> \<16><209><169><240>7<180>ro<22
> 8>!<146><188><196><169><198><252>
> +<187><195>Q<235><253><233><10>q<181>A<4><201><181><24><10><137><255>d
> 1<19>6
> <230>>K1<244><26><129>]
> ><225><0><10><0><22><3><1><6>q<11><0><6>m<0><6>j<0><3
>> @0<130><3><0<130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6><9
>> >*<134
>> H<134><247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0
>> <14><6
>> <3>U<4><10><19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure
>> Certificate
> Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
> EAP-Message =
> <11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius.m
> y.dom.
> ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19>
> (See
> www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain
> Control
> Validated - QuickSSL
> Premium(R)
> 1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2>
>> <129><
> 129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>)
> <172><188
>> <235><227><220><135><233><15><24><197>
> EAP-Message =
> <11><5>]<181><173>J<129><161>v<202>,Z<20>L_
> $<127>5<129><169><246>L<196><179>
> <230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/
> <192><147><158>!<1
> 53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>?
> B<182><224><173
>> }<253><30>u<<16>$#c<132>l<24><146>`<151>-!
>> <207><140>E<240>1<208>N<155>2k0<1
> 75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3>
> U<29><
> 15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>mu
> <198>\
> <205><133>'h|
> <146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
> 3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/
> secureca.crl0<31><6><3>U
> <29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
> <16>O3<152><144><159><212>0
> EAP-Message =
> <29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>
> +<6><1><5><5><
> 7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0
> >N<12>
> g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>)
> <159><178><168><
> 15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>}
> <2><177><20>}<209>
> hoJ<199>-
> <234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
> 56>T<176><137>MN<201>
> c<207><244>a-<230>@Y)
> <134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
>> <184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3>
>> $0<130><3>
> 0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134>
> H<134>
> <247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6>
> <3>U<4
>> <10><19><7>Equifax1-0+
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 19
>
> Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 17
> Authentic: c<1><217>.+<16><23><19><157><3>9Z<209>?<28>a
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message = <2><3><0><6><21><0>
> Message-Authenticator =
> <130><166><173>(}<229>#I<189><171>}6<247>><139><247>
> Proxy-State = 20
>
> Thu Nov 1 14:31:37 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:31:37 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 3, 6
> Thu Nov 1 14:31:37 2007: DEBUG: Response type 21
> Thu Nov 1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:31:37 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 17
> Authentic: c<1><217>.+<16><23><19><157><3>9Z<209>?<28>a
> Attributes:
> EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
> Certificate
> Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6>
> <3>U<4
>> <6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0
>> +<6><3>U<4><11><19>$Eq
> uifax Secure Certificate
> Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3>
> <129><
> 141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>-
> <31><8>m<
> 145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>|
> <206><159><5><224>
> <184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<128
> ><191>
> B<2><142><254><221><1>
> EAP-Message =
> <9><236><225><0><20>O<252><251><240><12><221>C<186>
> [+<225><31><128>p<153><21
>> W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175>
>> +<214><238
>> cE
>> {<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185><
>> 2><3
>> <1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c<
>> 160>a<
> 164>_0]
> 1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
> 1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
> Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19>
> 0<17><
> 129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6><
> 3>U<29
>> #<4><24>0<22><128><20>H<230>h<249>+<210><178>
> EAP-Message = <149><215>G<216>#
> <16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<24
> 9>+<21
> 0><178><149><215>G<216>#
> <16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<2
> 6><6><
> 9>*<134>H<134><246>}
> <7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
> *<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>)
> <234><252><247><2
> 22><181><206><2><185><23><181><133><209><185><227><224><149><204>%
> 1<13><0><1
> 66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n<1
> 52><23
> 8><168><255>Z<200><211>U<178>fqW<222><192>!
> <235>=*<167>#I<1><4><134>B{<252><
> 238><127><162><22>R<181>gg<211>@<219>;&X<178>
> (w=<174><20>wa<214><250>*f'<160
>> <13><250><167>s\<234>p<241><148>!eD_<250><252><239>)
>> h<169><162><135>y<239>y
> <239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 20
>
> Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 18
> Authentic: <14>R<206><208>5<28><171>SiU<251><167>/2\<249>
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message =
> <2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130>
> <0><12
> 8><1>`h<199><199><4>^<174><164><151>~<244><171><132><133>zt<133>@<250>
> <10><2
> 43><24>9<231><201>XW
> (<20><247>u1<175><15><158>D<23><177><176><227>J<239><136
>> |"<173><240><127><29><199><248>W<132><170>x<168><25>
>> \.<152>C<12><136><224><
> 239><133>1<25><196><139>.<30><209><^ju<129><138><167><139><167>C<18><1
> 36><6>
> <24><127><227><18><199><174><10><21><4><170><184>
> (<244><169>Yr<132><156><227
>> <<221><28><19><247>J|
>> <5>]"<140>2=<216><249>Y<239><248>xH<187><4><20><3><1><
> 0><1><1><22><3><1><0>
> (<31><254><195>~<195><146><185><240>5k<199><139><148><0
>> <28><16><243><22>-Y<147><228>m<248><242><168>c<232>"<179>Bz<18>n
>> \<134><145>
> <165><181>i
> Message-Authenticator =
> zbh<164>S<136><217><166><154><208><159>l<253><168>[<228>
> Proxy-State = 21
>
> Thu Nov 1 14:31:37 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:31:37 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 4, 200
> Thu Nov 1 14:31:37 2007: DEBUG: Response type 21
> Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS data, 8576, 4, 2
> Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
> Thu Nov 1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:31:37 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 18
> Authentic: <14>R<206><208>5<28><171>SiU<251><167>/2\<249>
> Attributes:
> EAP-Message =
> <1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>
> (<245><169><31>
> <244><212><232><243><148><251><200>F<149><246><205>)
> <16><167><153><242><189>
> <28>q8<236>3`i<233><172><186><142>P:<129><176>D'<5>?<30>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 21
>
> Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 19
> Authentic: <4><5><212><138><228>ocOQb<222>+y<127>y<20>
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message =
> <2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<226><170><167>mQ<193><138>
> <224>(
> <16><27><252>iq<140><231>Y03:<187>7/aQ5<148>|
> <250><226>o<170><154><7>=W<243>
> <142>!}<251>a<178>J<133><240><145>^]<156>]
> <183><190>M<219><176><18>Z<1>h<142
>> f<150><153>#<229><207><182><234>"<139><205>
> Message-Authenticator =
> <170><219>/+<139><233>{<224><149>><222><137>$<228>t<238>
> Proxy-State = 22
>
> Thu Nov 1 14:31:37 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:31:37 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 5, 87
> Thu Nov 1 14:31:37 2007: DEBUG: Response type 21
> Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS data, 3, 5, 4
> Thu Nov 1 14:31:37 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: UNDEF
> Identifier: UNDEF
> Authentic: UNDEF
> Attributes:
> User-Name = "test at my.dom.ain"
> User-Password = ******
>
> Thu Nov 1 14:31:37 2007: DEBUG: EAP TTLS inner authentication
> request for
> test at my.dom.ain
> Thu Nov 1 14:31:37 2007: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1'
> Thu Nov 1 14:31:37 2007: DEBUG: Rewrote user name to
> test at my.rewrite.dom.ain
> Thu Nov 1 14:31:37 2007: DEBUG: Deleting session for
> test at my.dom.ain,
> 192.168.199.12,
> Thu Nov 1 14:31:37 2007: DEBUG: Handling with Radius::AuthLSA:
> AD-sund2-ttls
> Thu Nov 1 14:31:37 2007: DEBUG: Radius::AuthLSA looks for match with
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov 1 14:31:37 2007: DEBUG: Radius::AuthLSA ACCEPT: :
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov 1 14:31:37 2007: DEBUG: AuthBy LSA result: ACCEPT,
> Thu Nov 1 14:31:37 2007: DEBUG: Access accepted for
> test at my.rewrite.dom.ain
> Thu Nov 1 14:31:37 2007: DEBUG: Returned TTLS tunnelled Diameter
> Packet
> dump:
> Code: Access-Accept
> Identifier: UNDEF
> Authentic: <5><252><249>X<204><131>ID<189><166><190><8><230>J<2><4>
> Attributes:
>
> Thu Nov 1 14:31:37 2007: DEBUG: EAP result: 0, EAP TTLS inner
> authentication redespatched to a Handler
> Thu Nov 1 14:31:37 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP
> TTLS inner
> authentication redespatched to a Handler
> Thu Nov 1 14:31:37 2007: DEBUG: Access accepted for
> anonymous at my.dom.ain
> Thu Nov 1 14:31:37 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Accept
> Identifier: 19
> Authentic: <4><5><212><138><228>ocOQb<222>+y<127>y<20>
> Attributes:
> MS-MPPE-Send-Key =
> <235><175><237>1RP<249>W<221>=<7>1<142><30><170><170><138><19>zU<228><
> 156>"<
> 13>o<10><8><15>?
> m<4><220><158>zV<141><133><255><174><211><197>0<171><20>2<13
> 6><212><6><167><130>
> MS-MPPE-Recv-Key =
> <172>Y8<244><3><157><251>9<135><238><208><212><161>G<17>D<194>H<225>r<
> 142>X<
> 207>f<147>!
> <217>5G<231><24><166>U<215>DGX<240>U<12><129><129><230><245><174>
> gV<237><15>l
> EAP-Message = <3><5><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 22
>
> Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 20
> Authentic: b<31><141><147><153><179>d,><138><239>o<134><12>^l
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
> Message-Authenticator =
> <0><175><221>u<174>A<156>Qu<151><195>*c<12>Q<137>
> Proxy-State = 23
>
> Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 1, 25
> Thu Nov 1 14:32:14 2007: DEBUG: Response type 1
> Thu Nov 1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 20
> Authentic: b<31><141><147><153><179>d,><138><239>o<134><12>^l
> Attributes:
> EAP-Message = <1><2><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 23
>
> Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 21
> Authentic: <144><159><203><151>in<181><136><141>oR<146>b*<238>Y
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message =
> <2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1>6/
> <139><140>$!<16
> 1>x_<222><143><183><248><232>n<147><<190><158><187><235><2>t<209><231>
> d"<194
>> E<144><4>0<0><0><2><0><10><1><0>
> Message-Authenticator =
> <143>`s<187>w<138>E<253><179><204><11>q<252><202><253><245>
> Proxy-State = 24
>
> Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 2, 60
> Thu Nov 1 14:32:14 2007: DEBUG: Response type 21
> Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS data, 24576, 2, -1
> Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2,
> 8576
> Thu Nov 1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 21
> Authentic: <144><159><203><151>in<181><136><141>oR<146>b*<238>Y
> Attributes:
> EAP-Message =
> <1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G)<
> 213>^K
> w[Tan.^<9><255>G<253>e<157><214><198> <172>2<9><239>P<27>Rp[:<205>
> S<13>4HW<13><128><213>
> {<167>4L=<3><175><6><15><134><192><252><180>6<204><19>
> <1><229><251><15><171><163>R5<0><10><0><22><3><1><6>q<11><0><6>m<0><6>
> j<0><3
>> @0<130><3><0<130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6><9
>> >*<134
>> H<134><247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0
>> <14><6
>> <3>U<4><10><19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure
>> Certificate
> Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
> EAP-Message =
> <11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius.m
> y.dom.
> ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19>
> (See
> www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain
> Control
> Validated - QuickSSL
> Premium(R)
> 1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2>
>> <129><
> 129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>)
> <172><188
>> <235><227><220><135><233><15><24><197>
> EAP-Message =
> <11><5>]<181><173>J<129><161>v<202>,Z<20>L_
> $<127>5<129><169><246>L<196><179>
> <230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/
> <192><147><158>!<1
> 53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>?
> B<182><224><173
>> }<253><30>u<<16>$#c<132>l<24><146>`<151>-!
>> <207><140>E<240>1<208>N<155>2k0<1
> 75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3>
> U<29><
> 15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>mu
> <198>\
> <205><133>'h|
> <146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
> 3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/
> secureca.crl0<31><6><3>U
> <29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
> <16>O3<152><144><159><212>0
> EAP-Message =
> <29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>
> +<6><1><5><5><
> 7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0
> >N<12>
> g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>)
> <159><178><168><
> 15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>}
> <2><177><20>}<209>
> hoJ<199>-
> <234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
> 56>T<176><137>MN<201>
> c<207><244>a-<230>@Y)
> <134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
>> <184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3>
>> $0<130><3>
> 0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134>
> H<134>
> <247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6>
> <3>U<4
>> <10><19><7>Equifax1-0+
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 24
>
> Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 22
> Authentic:
> <201><0><251><16><177><140>~<13><171><23><253><139>&n<176>k
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message = <2><3><0><6><21><0>
> Message-Authenticator =
> <2><149>^<128><194><247>iY<128><172><181><183>C<218>E<127>
> Proxy-State = 25
>
> Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 3, 6
> Thu Nov 1 14:32:14 2007: DEBUG: Response type 21
> Thu Nov 1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 22
> Authentic:
> <201><0><251><16><177><140>~<13><171><23><253><139>&n<176>k
> Attributes:
> EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
> Certificate
> Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6>
> <3>U<4
>> <6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0
>> +<6><3>U<4><11><19>$Eq
> uifax Secure Certificate
> Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3>
> <129><
> 141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>-
> <31><8>m<
> 145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>|
> <206><159><5><224>
> <184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<128
> ><191>
> B<2><142><254><221><1>
> EAP-Message =
> <9><236><225><0><20>O<252><251><240><12><221>C<186>
> [+<225><31><128>p<153><21
>> W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175>
>> +<214><238
>> cE
>> {<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185><
>> 2><3
>> <1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c<
>> 160>a<
> 164>_0]
> 1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
> 1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
> Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19>
> 0<17><
> 129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6><
> 3>U<29
>> #<4><24>0<22><128><20>H<230>h<249>+<210><178>
> EAP-Message = <149><215>G<216>#
> <16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<24
> 9>+<21
> 0><178><149><215>G<216>#
> <16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<2
> 6><6><
> 9>*<134>H<134><246>}
> <7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
> *<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>)
> <234><252><247><2
> 22><181><206><2><185><23><181><133><209><185><227><224><149><204>%
> 1<13><0><1
> 66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n<1
> 52><23
> 8><168><255>Z<200><211>U<178>fqW<222><192>!
> <235>=*<167>#I<1><4><134>B{<252><
> 238><127><162><22>R<181>gg<211>@<219>;&X<178>
> (w=<174><20>wa<214><250>*f'<160
>> <13><250><167>s\<234>p<241><148>!eD_<250><252><239>)
>> h<169><162><135>y<239>y
> <239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 25
>
> Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 23
> Authentic:
> <144><191><212>.<230><252><158><181><146><210><132>W<129>7<189>H
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message =
> <2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130>
> <0><12
> 8>]<157><4><134>v=<162><129>Z<164><28>v<215>:b<221><199><192><182>|
> X<213>I<1
> 47>C<140>rh<9><171><221>V<14><16><131><137><206><248><150><136><6><214
> >hW<18
> 7><167>DP#<146><132><194>U<1><3><244><160><142>4<161><209><141>v]
> B<236><8><1
> 6><222><156><4><205><220><6><163><237><241><16>,!
> <251>f<215><171><170>MP<143
>> <204><147><192><201><181><4>rL<171>1<159>M<244><15>Y<31><129>DX<201><
>> 127><1
> 67><204><128><208>?
> U<31><253><242><222><142>A`v<142>j<199><24>,<20><3><1><0>
> <1><1><22><3><1><0>(=!<205><136>$_<215>>h<220><171><4>K<234><233>i]
> <220><195
>> X<137><224>Z
>> +#q8<219><167><236><233><169><184><183><242><209><131><179><153
>> <133>
> Message-Authenticator =
> <243><229><190><11>_<250><129><186><14>'<177>r<201><238>*0
> Proxy-State = 26
>
> Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 4, 200
> Thu Nov 1 14:32:14 2007: DEBUG: Response type 21
> Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS data, 8576, 4, 2
> Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
> Thu Nov 1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 23
> Authentic:
> <144><191><212>.<230><252><158><181><146><210><132>W<129>7<189>H
> Attributes:
> EAP-Message =
> <1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>
> ({<134><13><148
>> <188>s<189><7><15>^<186><146><131><255><2><227><211>1e<188><21><142>Q
>> <215><
> 134>N2<140><162><203><240><249><180><201><9>z[<157>+<141>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 26
>
> Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 24
> Authentic: <192><17><216>P)<175><27><145><171>.<169>A<155><181>y<11>
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message =
> <2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<207><235>)
> K<16>=<193><236>f<205>
> <15><148><8>A<147><214><142><211><220><21>TJ<135><183>I,<217><145>&;<2
> ><<151
>> Z<145>x<26><181><163><152><129><142><142>`x<29>I:<247>2-
>> B<224>p<22><131><17
>> <247><221><203><203><202><248><254><15><220><232>"M,A<158>
> Message-Authenticator =
> s<247>U<31><6><253><133>e<203>C;<29><15><24><17><183>
> Proxy-State = 27
>
> Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 5, 87
> Thu Nov 1 14:32:14 2007: DEBUG: Response type 21
> Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS data, 3, 5, 4
> Thu Nov 1 14:32:14 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: UNDEF
> Identifier: UNDEF
> Authentic: UNDEF
> Attributes:
> User-Name = "test at my.dom.ain"
> User-Password = ******
>
> Thu Nov 1 14:32:14 2007: DEBUG: EAP TTLS inner authentication
> request for
> test at my.dom.ain
> Thu Nov 1 14:32:14 2007: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1'
> Thu Nov 1 14:32:14 2007: DEBUG: Rewrote user name to
> test at my.rewrite.dom.ain
> Thu Nov 1 14:32:14 2007: DEBUG: Deleting session for
> test at my.dom.ain,
> 192.168.199.12,
> Thu Nov 1 14:32:14 2007: DEBUG: Handling with Radius::AuthLSA:
> AD-sund2-ttls
> Thu Nov 1 14:32:14 2007: DEBUG: Radius::AuthLSA looks for match with
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov 1 14:32:14 2007: DEBUG: Radius::AuthLSA ACCEPT: :
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov 1 14:32:14 2007: DEBUG: AuthBy LSA result: ACCEPT,
> Thu Nov 1 14:32:14 2007: DEBUG: Access accepted for
> test at my.rewrite.dom.ain
> Thu Nov 1 14:32:14 2007: DEBUG: Returned TTLS tunnelled Diameter
> Packet
> dump:
> Code: Access-Accept
> Identifier: UNDEF
> Authentic:
> <219><13><5><149><152><154><127>r<2><176>5<131><222><243><232><252>
> Attributes:
>
> Thu Nov 1 14:32:14 2007: DEBUG: EAP result: 0, EAP TTLS inner
> authentication redespatched to a Handler
> Thu Nov 1 14:32:14 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP
> TTLS inner
> authentication redespatched to a Handler
> Thu Nov 1 14:32:14 2007: DEBUG: Access accepted for
> anonymous at my.dom.ain
> Thu Nov 1 14:32:14 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Accept
> Identifier: 24
> Authentic: <192><17><216>P)<175><27><145><171>.<169>A<155><181>y<11>
> Attributes:
> MS-MPPE-Send-Key =
> <173><127>|<231>;<251>-
> <1>7<173>D<188><229>T<241>`<207>j'<221><231><183>PJ<2
> 22><168><178><221><130>:<17><1><161>O<12><236><179>1C<251><18>xs,<143>
> <28><2
> 34>}<169><196>
> MS-MPPE-Recv-Key =
> <128><139>'`}
> L<199><144><163><160><29><211><251>B<247>4<250>9P<229><247><159
>> <0>`U<19><19><132><253><133><132>`<139><220>4<197>0<220>`g\<228>)?
>> ~<29>*g<1
> 90><191>
> EAP-Message = <3><5><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 27
>
> Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 25
> Authentic:
> <176><222><204><233><130><228>"<154>S<209>.<186>z<134><163>,
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
> Message-Authenticator =
> <173>g<156><4>{<3><169>i<185>j<148>R<235><193><24><145>
> Proxy-State = 28
>
> Thu Nov 1 14:32:51 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:32:51 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 1, 25
> Thu Nov 1 14:32:51 2007: DEBUG: Response type 1
> Thu Nov 1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:32:51 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 25
> Authentic:
> <176><222><204><233><130><228>"<154>S<209>.<186>z<134><163>,
> Attributes:
> EAP-Message = <1><2><0><6><21>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 28
>
> Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 26
> Authentic:
> <246><164><13><232><195><229>&<190><220>q<9><190><144><165>U<
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message =
> <2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)
> <3><1>F<186><230><0><23
> 4><178><16>h||
> <6><25><145><189><232><138><193><160><194>p<240><239><14><24><
> 197><246>r<246><206>GV<154><0><0><2><0><10><1><0>
> Message-Authenticator =
> <246><249>Z<220><232><134>]<208><221>(<31>x<181><31>X<13>
> Proxy-State = 29
>
> Thu Nov 1 14:32:51 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:32:51 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 2, 60
> Thu Nov 1 14:32:51 2007: DEBUG: Response type 21
> Thu Nov 1 14:32:51 2007: DEBUG: EAP TTLS data, 24576, 2, -1
> Thu Nov 1 14:32:51 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2,
> 8576
> Thu Nov 1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:32:51 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 26
> Authentic:
> <246><164><13><232><195><229>&<190><220>q<9><190><144><165>U<
> Attributes:
> EAP-Message =
> <1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G)<
> 213><1
> 31><225><182><247>9,<220><8>}*<136>]
> i<243>B<31>jo<27>E<160>H<127>_<195><18><
> 185>]<229>
> <25>W<203><228>_<12><208>)<156><170>>
> $<18>I';<6>g'<181><236><130>k<243>_<22>
> &+<223>
> $<237><8><0><10><0><22><3><1><6>q<11><0><6>m<0><6>j<0><3>@0<130><3><0
> <130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6><9>*<134>H<134>
> <247><
> 13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4
> ><10><
> 19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
> Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
> EAP-Message =
> <11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius.m
> y.dom.
> ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19>
> (See
> www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain
> Control
> Validated - QuickSSL
> Premium(R)
> 1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2>
>> <129><
> 129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>)
> <172><188
>> <235><227><220><135><233><15><24><197>
> EAP-Message =
> <11><5>]<181><173>J<129><161>v<202>,Z<20>L_
> $<127>5<129><169><246>L<196><179>
> <230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/
> <192><147><158>!<1
> 53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>?
> B<182><224><173
>> }<253><30>u<<16>$#c<132>l<24><146>`<151>-!
>> <207><140>E<240>1<208>N<155>2k0<1
> 75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3>
> U<29><
> 15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>mu
> <198>\
> <205><133>'h|
> <146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
> 3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/
> secureca.crl0<31><6><3>U
> <29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
> <16>O3<152><144><159><212>0
> EAP-Message =
> <29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>
> +<6><1><5><5><
> 7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0
> >N<12>
> g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>)
> <159><178><168><
> 15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>}
> <2><177><20>}<209>
> hoJ<199>-
> <234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
> 56>T<176><137>MN<201>
> c<207><244>a-<230>@Y)
> <134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
>> <184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3>
>> $0<130><3>
> 0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134>
> H<134>
> <247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6>
> <3>U<4
>> <10><19><7>Equifax1-0+
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 29
>
> Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 27
> Authentic: 7<215><153>R<156><209><172>gZ<160>+zXa<252><131>
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message = <2><3><0><6><21><0>
> Message-Authenticator =
> MN<153>pH<19><182><179><133><136>C<8><131><5>b<232>
> Proxy-State = 30
>
> Thu Nov 1 14:32:51 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:32:51 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 3, 6
> Thu Nov 1 14:32:51 2007: DEBUG: Response type 21
> Thu Nov 1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:32:51 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:32:51 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 27
> Authentic: 7<215><153>R<156><209><172>gZ<160>+zXa<252><131>
> Attributes:
> EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
> Certificate
> Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6>
> <3>U<4
>> <6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0
>> +<6><3>U<4><11><19>$Eq
> uifax Secure Certificate
> Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3>
> <129><
> 141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>-
> <31><8>m<
> 145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>|
> <206><159><5><224>
> <184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<128
> ><191>
> B<2><142><254><221><1>
> EAP-Message =
> <9><236><225><0><20>O<252><251><240><12><221>C<186>
> [+<225><31><128>p<153><21
>> W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175>
>> +<214><238
>> cE
>> {<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185><
>> 2><3
>> <1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c<
>> 160>a<
> 164>_0]
> 1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
> 1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
> Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19>
> 0<17><
> 129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6><
> 3>U<29
>> #<4><24>0<22><128><20>H<230>h<249>+<210><178>
> EAP-Message = <149><215>G<216>#
> <16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<24
> 9>+<21
> 0><178><149><215>G<216>#
> <16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<2
> 6><6><
> 9>*<134>H<134><246>}
> <7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
> *<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>)
> <234><252><247><2
> 22><181><206><2><185><23><181><133><209><185><227><224><149><204>%
> 1<13><0><1
> 66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n<1
> 52><23
> 8><168><255>Z<200><211>U<178>fqW<222><192>!
> <235>=*<167>#I<1><4><134>B{<252><
> 238><127><162><22>R<181>gg<211>@<219>;&X<178>
> (w=<174><20>wa<214><250>*f'<160
>> <13><250><167>s\<234>p<241><148>!eD_<250><252><239>)
>> h<169><162><135>y<239>y
> <239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 30
>
> Thu Nov 1 14:32:52 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 28
> Authentic:
> 7<27><204><254><194><197>k<205><28><143>M<131><214><8><13>b
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message =
> <2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130>
> <0><12
> 8>iX`r<167><224><224><7>l'<185>`%%
> <227><216><252>`C<230>2<253><245><29><20><
> 138><167><179><179><145><7><181>U"<29>Z!
> =<224>Y<130><140><241><240><0>N$<220
>> E9D<156><225><174><202><149>0<14><224><226><164>6<152>1<184><6><128><
>> 163><1
> 81><216>f
> +q<139><182>k&<182>*5T<136><0><238>h<247><188><149>U<21>FAV<19>bl<2
> 23>n<153>Q<22><6>y<175><254><183><181><8><231>1<247>t<153><134><131><2
> 52>~O<
> 14><176>R<153><238>vv^\<144><20><3><1><0><1><1><22><3><1><0>
> (<135>M<188>"B<2
> 25>D<152>"<185><229><136><142><254><143><176>}
> <190><247><158><13><137><248><
> 236><21>a<245><19>q5<141><248>b<237>6e<240><249><127><200>
> Message-Authenticator =
> k<152>C<187><28><145><255><132><136><176><18><173><180>M<133><244>
> Proxy-State = 31
>
> Thu Nov 1 14:32:52 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:32:52 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:32:52 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:32:52 2007: DEBUG: Handling with EAP: code 2, 4, 200
> Thu Nov 1 14:32:52 2007: DEBUG: Response type 21
> Thu Nov 1 14:32:52 2007: DEBUG: EAP TTLS data, 8576, 4, 2
> Thu Nov 1 14:32:52 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
> Thu Nov 1 14:32:52 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 1 14:32:52 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> TTLS
> Challenge
> Thu Nov 1 14:32:52 2007: DEBUG: Access challenged for
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov 1 14:32:52 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Challenge
> Identifier: 28
> Authentic:
> 7<27><204><254><194><197>k<205><28><143>M<131><214><8><13>b
> Attributes:
> EAP-Message =
> <1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>
> (g<30>u<165>>8<
> 173><7>1)
> <212><0>re<208>i<16><193><167><14>G<10>*eBu<18><6><4><178>vl<198>D<
> 146><194>Br<23>\
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 31
>
> Thu Nov 1 14:32:52 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code: Access-Request
> Identifier: 29
> Authentic: <233><191><234><235>RGam<135>t<163>F<137>Vu<146>
> Attributes:
> NAS-IP-Address = 192.168.199.12
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Port = 0
> Framed-MTU = 1400
> User-Name = "anonymous at my.dom.ain"
> Calling-Station-Id = "00-90-4B-BC-05-74"
> Called-Station-Id = "00-11-85-50-3C-AF"
> NAS-Identifier = "AP420.12"
> EAP-Message =
> <2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<12>
> +Bkz;<137><151><20>5<176><17>
> 9{]<27><235>PB<168><237><182><17><250><185><217><153>;<199><130>j/
> <217><130>
> P<133>@<237><235><165>Q<200><218>><215><171><161><22>Qh<247><6><149><1
> 74><14
> 6><238><148> uCg=<254><160><231><17><198>z<20><212><18><172>
> Message-Authenticator =
> z<26>j<227><162>x<221><142>*<4><23><171><194><202>,+
> Proxy-State = 32
>
> Thu Nov 1 14:32:52 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov 1 14:32:52 2007: DEBUG: Deleting session for
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov 1 14:32:52 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov 1 14:32:52 2007: DEBUG: Handling with EAP: code 2, 5, 87
> Thu Nov 1 14:32:52 2007: DEBUG: Response type 21
> Thu Nov 1 14:32:52 2007: DEBUG: EAP TTLS data, 3, 5, 4
> Thu Nov 1 14:32:52 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code: UNDEF
> Identifier: UNDEF
> Authentic: UNDEF
> Attributes:
> User-Name = "test at my.dom.ain"
> User-Password = ******
>
> Thu Nov 1 14:32:52 2007: DEBUG: EAP TTLS inner authentication
> request for
> test at my.dom.ain
> Thu Nov 1 14:32:52 2007: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1'
> Thu Nov 1 14:32:52 2007: DEBUG: Rewrote user name to
> test at my.rewrite.dom.ain
> Thu Nov 1 14:32:52 2007: DEBUG: Deleting session for
> test at my.dom.ain,
> 192.168.199.12,
> Thu Nov 1 14:32:52 2007: DEBUG: Handling with Radius::AuthLSA:
> AD-sund2-ttls
> Thu Nov 1 14:32:52 2007: DEBUG: Radius::AuthLSA looks for match with
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov 1 14:32:52 2007: DEBUG: Radius::AuthLSA ACCEPT: :
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov 1 14:32:52 2007: DEBUG: AuthBy LSA result: ACCEPT,
> Thu Nov 1 14:32:52 2007: DEBUG: Access accepted for
> test at my.rewrite.dom.ain
> Thu Nov 1 14:32:52 2007: DEBUG: Returned TTLS tunnelled Diameter
> Packet
> dump:
> Code: Access-Accept
> Identifier: UNDEF
> Authentic: <216>W<218><140><136><161><245>O<29><4>'E<182>h<134>U
> Attributes:
>
> Thu Nov 1 14:32:52 2007: DEBUG: EAP result: 0, EAP TTLS inner
> authentication redespatched to a Handler
> Thu Nov 1 14:32:52 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP
> TTLS inner
> authentication redespatched to a Handler
> Thu Nov 1 14:32:52 2007: DEBUG: Access accepted for
> anonymous at my.dom.ain
> Thu Nov 1 14:32:52 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code: Access-Accept
> Identifier: 29
> Authentic: <233><191><234><235>RGam<135>t<163>F<137>Vu<146>
> Attributes:
> MS-MPPE-Send-Key =
> <164><177>/l<214><2>N<217><12><219><214>'j<134>B^o_<158>
> $:#<214><167><13>"P<
> 183><176>G<145><184>L<20>I<244><11><166>*3wo<225><231>5<12><210><254><
> 5><30>
> MS-MPPE-Recv-Key =
> <212><169>%
> I<245><14><212><196>g<197>6H,t<239><209><136><21><142><27><147>C<
> 127>s<31><24><199><186>tN<160><166>K
> [<161><197><233><221><205>x2<151><165>>.
> <180><185>O<195><172>
> EAP-Message = <3><5><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Proxy-State = 32
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list