(RADIATOR) EAP-TTLS

Steffen Hedegaard ged at mdb.ku.dk
Mon Nov 19 11:40:24 CST 2007


Sorry for the late answer, the flu got me.
The before mentioned 3.14 radius was on another site, but I tried installing
an identical version on one of the two servers, and It works with the same
config files, so that should rule out my configuration. Which brings me to
suspect the installation/perl version and or modules are at fault.
Both setups run on Windows server 2003.

Non working setup:
  radiator 3.17.1 patched 
  activeperl 5.8.8.820
    with modules
    install http://www.open.com.au/radiator/free-downloads/Win32-Lsa.ppd
    install http://www.roth.net/perl/packages/win32-daemon.ppd
And openssl was installed in order to support net_SSLeay

Working Setup:
 Radiator 3.14 patched
 Activelperl 5.6.1.638 
  Modules:
   install --location=http://www.open.com.au/radiator/free-downloads
Win32-Lsa
   install http://theoryx5.uwinnipeg.ca/ppmpackages/Net_SSLeay.pm.ppd


Any suggestions as to what might be wrong with my 3.17.1 installation? Shall
I just try reverting to using activeperl 5.6 allthough 5.8 is the
recommended version now?
The anonymized trace4 debug from the perlk 5.6 radiator 3.14 installation
working logon has been attached as textfile.

Best regards
Steffen Hedegaard 


-----Oprindelig meddelelse-----
Fra: Hugh Irvine [mailto:hugh at open.com.au] 
Sendt: 9. november 2007 03:44
Til: Steffen Hedegaard
Cc: radiator at open.com.au
Emne: ***SPAM*** Re: (RADIATOR) EAP-TTLS


Hello Steffen -

Could you try this without the username rewrite? I suspect this may  
be the problem.

Please send the trace 4 debug showing what happens, together with the  
trace 4 debug from the other system.

thanks and regards

Hugh


On 8 Nov 2007, at 23:58, Steffen Hedegaard wrote:

> Hi, i Am having some problems with a radiator 3.17.1 patched  
> 18-6-07 setup
> used for eap-ttls-pap authentication. I get so far as the server  
> sends (and
> the client receives) an access-accept package, and then the  
> authentication
> process just seems to start over. I have another radiator server  
> running
> 3.15, which works with the same config file settings (minus the  
> username
> rewrite).
> Radiator is installed as a service on a windows 2003 server with  
> activeperl
> 5.8.8.820.
>
> The config file, and trace 4 debug of a session, is at the end of  
> the mail.
>
> Best regard
> Steffen Hedegaard
>
>
>
>
>
>
> Foreground
> LogStdout
> LogDir	C:\Program Files\Radiator
> DbDir		C:\Program Files\Radiator
> DictionaryFile C:\Program Files\Radiator\dictionary
> AuthPort 1812
> AcctPort 1813
>
>
> ###  Logginf options ###
>
> # User a lower trace level in production systems:
> Trace 		4
>
> <AuthLog FILE>
> Identifier accountinglog
> LogSuccess 1
> LogFailure 1
> SuccessFormat %l : %n : %N : %{NAS-Identifier} : OK
> FailureFormat %l : %n : %N : %{NAS-Identifier} : Failed
> Filename c:\program files\radiator\authlog
> </AuthLog>
>
>
>
> ###################################################################### 
> ####
> #                            
> Clients                                      #
> ###################################################################### 
> ####
>
>
> # JanP
> <Client radius.another.dom.ain>
> 	Secret mysecret
> 	DupInterval 0
> </client>
>
> <Client radius2.another.dom.ain>
> 	Secret mysecret
> 	DupInterval 0
> </client>
>
>
> ###################################################################### 
> ####
> #               Authentication metoder og  
> viderestillinger               #
> ###################################################################### 
> ####
>
>
> ###  EAP-TTLS ###
>
> <AuthBy FILE>
> # auth af ydre request med eap-ttls, anonymous bruger
> Identifier AD-sund-ttls
> Filename C:/Program Files/Radiator/users
> EAPType TTLS
> EAPTLS_CAFile C:/Program Files/Radiator/radiusparent.cert
> EAPTLS_CertificateType PEM
> EAPTLS_CertificateFile C:/Program Files/Radiator/ 
> radius_my_dom_ain.cert
> EAPTLS_PrivateKeyFile C:/Program Files/Radiator/radius_my_dom_ain.key
> EAPTLS_PrivateKeyPassword
> EAPTLS_MaxFragmentSize 1000
> AutoMPPEKeys
> SSLeayTrace 4
> </AuthBy>
>
> <AuthBy LSA>
> # Auth af brugere i Active Directory domænet my.root.dom.ain, inner  
> request
> Identifier AD-sund2-ttls
> EAPType PAP
> #AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
> </AuthBy>
>
>
>
>
> ### Forespørgsler der ryger til JanP
>
> <AuthBy RADIUS>
> Identifier EDUROAM
> Host radius.xxx.xx.xx
> Secret mysecret
> FailureBackoffTime 10
> Retries 0
> RetryTimeout 6
> AuthPort 1812
> AcctPort 1813
> </AuthBy>
>
>
> ###################################################################### 
> ####
> #                               
> Handlers                                  #
> ###################################################################### 
> ####
>
> ###  EAP-TTLS
> <Handler TunnelledByTTLS=1>
> #nner request, vil altid være et lokalt domæne når vi når hertil.
> RejectHasReason
> #rewriter til @my.root.dom.ain
> RewriteUsername s/^([^@]+).*/$1\@my.root.dom.ain/
> AuthBy AD-sund2-ttls
> AuthLog accountinglog
> </Handler>
>
> <Handler User-Name=anonymous at my.dom.ain>
> #outer request, matcher username at my.dom.ain
> AuthBy AD-sund-ttls
> </Handler>
>
>
> ### Vidersendelse til central ku server
> <Handler>
> #default handler sender alt andet videre til janp's servere.
> AuthBy EDUROAM
> AuthLog accountinglog
> </Handler>
>
>
>
>
>
>
>
>
>
>
> Thu Nov  1 14:30:44 2007: DEBUG: Finished reading configuration file
> 'C:\Program Files\Radiator\radius.cfg'
> Thu Nov  1 14:30:44 2007: DEBUG: Reading dictionary file 'C:\Program
> Files\Radiator\dictionary'
> Thu Nov  1 14:30:44 2007: DEBUG: Creating authentication port  
> 0.0.0.0:1812
> Thu Nov  1 14:30:44 2007: DEBUG: Creating accounting port 0.0.0.0:1813
> Thu Nov  1 14:30:44 2007: NOTICE: Server started: Radiator 3.17.1  
> on Rad1
> Thu Nov  1 14:31:34 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 15
> Authentic:  <184><232><231>mn^<171><152>.<246><230><178>8Q)H
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
> 	Message-Authenticator =
> <149><191><24><8><156>h<21>I<153>n<16><235><16><152>Fm
> 	Proxy-State = 18
>
> Thu Nov  1 14:31:34 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:31:34 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:31:34 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:31:34 2007: DEBUG: Handling with EAP: code 2, 1, 25
> Thu Nov  1 14:31:34 2007: DEBUG: Response type 1
> Thu Nov  1 14:31:36 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:31:36 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:31:36 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:31:36 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 15
> Authentic:  <184><232><231>mn^<171><152>.<246><230><178>8Q)H
> Attributes:
> 	EAP-Message = <1><2><0><6><21>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 18
>
> Thu Nov  1 14:31:36 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 16
> Authentic:  uh<29><168><201>q<249>`t<217><162><239><135><140>pt
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message =
> <2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>) 
> <3><1>J<241><161><235><
> 236>N<201><153>:<166>V8<246><165><214>| 
> <202><158><229><130><155><243>=<169><
> 157>~|<163>-<159>G<4><0><0><2><0><10><1><0>
> 	Message-Authenticator =
> x"<240>E<192>5<209><181>9<226><178>DU<1>f<242>
> 	Proxy-State = 19
>
> Thu Nov  1 14:31:36 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:31:36 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:31:36 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:31:36 2007: DEBUG: Handling with EAP: code 2, 2, 60
> Thu Nov  1 14:31:36 2007: DEBUG: Response type 21
> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS data, 24576, 2, -1
> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2,  
> 8576
> Thu Nov  1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:31:37 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 16
> Authentic:  uh<29><168><201>q<249>`t<217><162><239><135><140>pt
> Attributes:
> 	EAP-Message =
> <1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G)< 
> 213>9<
> 239><248><230>z<147><174>K<18><158><190><247> 
> \<16><209><169><240>7<180>ro<22
> 8>!<146><188><196><169><198><252>
> +<187><195>Q<235><253><233><10>q<181>A<4><201><181><24><10><137><255>d 
> 1<19>6
> <230>>K1<244><26><129>] 
> ><225><0><10><0><22><3><1><6>q<11><0><6>m<0><6>j<0><3
>> @0<130><3><0<130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6><9 
>> >*<134
>> H<134><247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0 
>> <14><6
>> <3>U<4><10><19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure  
>> Certificate
> Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
> 	EAP-Message =
> <11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius.m 
> y.dom.
> ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19> 
> (See
> www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain  
> Control
> Validated - QuickSSL
> Premium(R) 
> 1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2> 
>> <129><
> 129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>) 
> <172><188
>> <235><227><220><135><233><15><24><197>
> 	EAP-Message =
> <11><5>]<181><173>J<129><161>v<202>,Z<20>L_ 
> $<127>5<129><169><246>L<196><179>
> <230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/ 
> <192><147><158>!<1
> 53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>? 
> B<182><224><173
>> }<253><30>u<<16>$#c<132>l<24><146>`<151>-! 
>> <207><140>E<240>1<208>N<155>2k0<1
> 75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3> 
> U<29><
> 15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>mu 
> <198>\
> <205><133>'h| 
> <146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
> 3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/ 
> secureca.crl0<31><6><3>U
> <29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
> <16>O3<152><144><159><212>0
> 	EAP-Message =
> <29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8> 
> +<6><1><5><5><
> 7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0 
> >N<12>
> g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>) 
> <159><178><168><
> 15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>} 
> <2><177><20>}<209>
> hoJ<199>- 
> <234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
> 56>T<176><137>MN<201>
> c<207><244>a-<230>@Y) 
> <134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
>> <184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3> 
>> $0<130><3>
> 0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134> 
> H<134>
> <247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6> 
> <3>U<4
>> <10><19><7>Equifax1-0+
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 19
>
> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 17
> Authentic:  c<1><217>.+<16><23><19><157><3>9Z<209>?<28>a
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message = <2><3><0><6><21><0>
> 	Message-Authenticator =
> <130><166><173>(}<229>#I<189><171>}6<247>><139><247>
> 	Proxy-State = 20
>
> Thu Nov  1 14:31:37 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:31:37 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 3, 6
> Thu Nov  1 14:31:37 2007: DEBUG: Response type 21
> Thu Nov  1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:31:37 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 17
> Authentic:  c<1><217>.+<16><23><19><157><3>9Z<209>?<28>a
> Attributes:
> 	EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
> Certificate
> Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6> 
> <3>U<4
>> <6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0 
>> +<6><3>U<4><11><19>$Eq
> uifax Secure Certificate
> Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3> 
> <129><
> 141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>- 
> <31><8>m<
> 145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>| 
> <206><159><5><224>
> <184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<128 
> ><191>
> B<2><142><254><221><1>
> 	EAP-Message =
> <9><236><225><0><20>O<252><251><240><12><221>C<186> 
> [+<225><31><128>p<153><21
>> W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175> 
>> +<214><238
>> cE 
>> {<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185>< 
>> 2><3
>> <1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c< 
>> 160>a<
> 164>_0] 
> 1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
> 1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
> Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19> 
> 0<17><
> 129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6>< 
> 3>U<29
>> #<4><24>0<22><128><20>H<230>h<249>+<210><178>
> 	EAP-Message = <149><215>G<216>#
> <16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<24 
> 9>+<21
> 0><178><149><215>G<216>#
> <16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<2 
> 6><6><
> 9>*<134>H<134><246>} 
> <7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
> *<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>) 
> <234><252><247><2
> 22><181><206><2><185><23><181><133><209><185><227><224><149><204>% 
> 1<13><0><1
> 66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n<1 
> 52><23
> 8><168><255>Z<200><211>U<178>fqW<222><192>! 
> <235>=*<167>#I<1><4><134>B{<252><
> 238><127><162><22>R<181>gg<211>@<219>;&X<178> 
> (w=<174><20>wa<214><250>*f'<160
>> <13><250><167>s\<234>p<241><148>!eD_<250><252><239>) 
>> h<169><162><135>y<239>y
> <239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 20
>
> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 18
> Authentic:  <14>R<206><208>5<28><171>SiU<251><167>/2\<249>
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message =
> <2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130> 
> <0><12
> 8><1>`h<199><199><4>^<174><164><151>~<244><171><132><133>zt<133>@<250> 
> <10><2
> 43><24>9<231><201>XW 
> (<20><247>u1<175><15><158>D<23><177><176><227>J<239><136
>> |"<173><240><127><29><199><248>W<132><170>x<168><25> 
>> \.<152>C<12><136><224><
> 239><133>1<25><196><139>.<30><209><^ju<129><138><167><139><167>C<18><1 
> 36><6>
> <24><127><227><18><199><174><10><21><4><170><184> 
> (<244><169>Yr<132><156><227
>> <<221><28><19><247>J| 
>> <5>]"<140>2=<216><249>Y<239><248>xH<187><4><20><3><1><
> 0><1><1><22><3><1><0> 
> (<31><254><195>~<195><146><185><240>5k<199><139><148><0
>> <28><16><243><22>-Y<147><228>m<248><242><168>c<232>"<179>Bz<18>n 
>> \<134><145>
> <165><181>i
> 	Message-Authenticator =
> zbh<164>S<136><217><166><154><208><159>l<253><168>[<228>
> 	Proxy-State = 21
>
> Thu Nov  1 14:31:37 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:31:37 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 4, 200
> Thu Nov  1 14:31:37 2007: DEBUG: Response type 21
> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS data, 8576, 4, 2
> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
> Thu Nov  1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:31:37 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 18
> Authentic:  <14>R<206><208>5<28><171>SiU<251><167>/2\<249>
> Attributes:
> 	EAP-Message =
> <1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0> 
> (<245><169><31>
> <244><212><232><243><148><251><200>F<149><246><205>) 
> <16><167><153><242><189>
> <28>q8<236>3`i<233><172><186><142>P:<129><176>D'<5>?<30>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 21
>
> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 19
> Authentic:  <4><5><212><138><228>ocOQb<222>+y<127>y<20>
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message =
> <2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<226><170><167>mQ<193><138> 
> <224>(
> <16><27><252>iq<140><231>Y03:<187>7/aQ5<148>| 
> <250><226>o<170><154><7>=W<243>
> <142>!}<251>a<178>J<133><240><145>^]<156>] 
> <183><190>M<219><176><18>Z<1>h<142
>> f<150><153>#<229><207><182><234>"<139><205>
> 	Message-Authenticator =
> <170><219>/+<139><233>{<224><149>><222><137>$<228>t<238>
> 	Proxy-State = 22
>
> Thu Nov  1 14:31:37 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:31:37 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 5, 87
> Thu Nov  1 14:31:37 2007: DEBUG: Response type 21
> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS data, 3, 5, 4
> Thu Nov  1 14:31:37 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       UNDEF
> Identifier: UNDEF
> Authentic:  UNDEF
> Attributes:
> 	User-Name = "test at my.dom.ain"
> 	User-Password = ******
>
> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS inner authentication  
> request for
> test at my.dom.ain
> Thu Nov  1 14:31:37 2007: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1'
> Thu Nov  1 14:31:37 2007: DEBUG: Rewrote user name to
> test at my.rewrite.dom.ain
> Thu Nov  1 14:31:37 2007: DEBUG:  Deleting session for  
> test at my.dom.ain,
> 192.168.199.12,
> Thu Nov  1 14:31:37 2007: DEBUG: Handling with Radius::AuthLSA:
> AD-sund2-ttls
> Thu Nov  1 14:31:37 2007: DEBUG: Radius::AuthLSA looks for match with
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov  1 14:31:37 2007: DEBUG: Radius::AuthLSA ACCEPT: :
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov  1 14:31:37 2007: DEBUG: AuthBy LSA result: ACCEPT,
> Thu Nov  1 14:31:37 2007: DEBUG: Access accepted for  
> test at my.rewrite.dom.ain
> Thu Nov  1 14:31:37 2007: DEBUG: Returned TTLS tunnelled Diameter  
> Packet
> dump:
> Code:       Access-Accept
> Identifier: UNDEF
> Authentic:  <5><252><249>X<204><131>ID<189><166><190><8><230>J<2><4>
> Attributes:
>
> Thu Nov  1 14:31:37 2007: DEBUG: EAP result: 0, EAP TTLS inner
> authentication redespatched to a Handler
> Thu Nov  1 14:31:37 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP  
> TTLS inner
> authentication redespatched to a Handler
> Thu Nov  1 14:31:37 2007: DEBUG: Access accepted for  
> anonymous at my.dom.ain
> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Accept
> Identifier: 19
> Authentic:  <4><5><212><138><228>ocOQb<222>+y<127>y<20>
> Attributes:
> 	MS-MPPE-Send-Key =
> <235><175><237>1RP<249>W<221>=<7>1<142><30><170><170><138><19>zU<228>< 
> 156>"<
> 13>o<10><8><15>? 
> m<4><220><158>zV<141><133><255><174><211><197>0<171><20>2<13
> 6><212><6><167><130>
> 	MS-MPPE-Recv-Key =
> <172>Y8<244><3><157><251>9<135><238><208><212><161>G<17>D<194>H<225>r< 
> 142>X<
> 207>f<147>! 
> <217>5G<231><24><166>U<215>DGX<240>U<12><129><129><230><245><174>
> gV<237><15>l
> 	EAP-Message = <3><5><0><4>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 22
>
> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 20
> Authentic:  b<31><141><147><153><179>d,><138><239>o<134><12>^l
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
> 	Message-Authenticator =
> <0><175><221>u<174>A<156>Qu<151><195>*c<12>Q<137>
> 	Proxy-State = 23
>
> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 1, 25
> Thu Nov  1 14:32:14 2007: DEBUG: Response type 1
> Thu Nov  1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 20
> Authentic:  b<31><141><147><153><179>d,><138><239>o<134><12>^l
> Attributes:
> 	EAP-Message = <1><2><0><6><21>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 23
>
> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 21
> Authentic:  <144><159><203><151>in<181><136><141>oR<146>b*<238>Y
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message =
> <2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1>6/ 
> <139><140>$!<16
> 1>x_<222><143><183><248><232>n<147><<190><158><187><235><2>t<209><231> 
> d"<194
>> E<144><4>0<0><0><2><0><10><1><0>
> 	Message-Authenticator =
> <143>`s<187>w<138>E<253><179><204><11>q<252><202><253><245>
> 	Proxy-State = 24
>
> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 2, 60
> Thu Nov  1 14:32:14 2007: DEBUG: Response type 21
> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS data, 24576, 2, -1
> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2,  
> 8576
> Thu Nov  1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 21
> Authentic:  <144><159><203><151>in<181><136><141>oR<146>b*<238>Y
> Attributes:
> 	EAP-Message =
> <1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G)< 
> 213>^K
> w[Tan.^<9><255>G<253>e<157><214><198> <172>2<9><239>P<27>Rp[:<205>
> S<13>4HW<13><128><213> 
> {<167>4L=<3><175><6><15><134><192><252><180>6<204><19>
> <1><229><251><15><171><163>R5<0><10><0><22><3><1><6>q<11><0><6>m<0><6> 
> j<0><3
>> @0<130><3><0<130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6><9 
>> >*<134
>> H<134><247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0 
>> <14><6
>> <3>U<4><10><19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure  
>> Certificate
> Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
> 	EAP-Message =
> <11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius.m 
> y.dom.
> ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19> 
> (See
> www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain  
> Control
> Validated - QuickSSL
> Premium(R) 
> 1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2> 
>> <129><
> 129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>) 
> <172><188
>> <235><227><220><135><233><15><24><197>
> 	EAP-Message =
> <11><5>]<181><173>J<129><161>v<202>,Z<20>L_ 
> $<127>5<129><169><246>L<196><179>
> <230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/ 
> <192><147><158>!<1
> 53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>? 
> B<182><224><173
>> }<253><30>u<<16>$#c<132>l<24><146>`<151>-! 
>> <207><140>E<240>1<208>N<155>2k0<1
> 75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3> 
> U<29><
> 15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>mu 
> <198>\
> <205><133>'h| 
> <146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
> 3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/ 
> secureca.crl0<31><6><3>U
> <29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
> <16>O3<152><144><159><212>0
> 	EAP-Message =
> <29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8> 
> +<6><1><5><5><
> 7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0 
> >N<12>
> g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>) 
> <159><178><168><
> 15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>} 
> <2><177><20>}<209>
> hoJ<199>- 
> <234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
> 56>T<176><137>MN<201>
> c<207><244>a-<230>@Y) 
> <134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
>> <184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3> 
>> $0<130><3>
> 0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134> 
> H<134>
> <247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6> 
> <3>U<4
>> <10><19><7>Equifax1-0+
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 24
>
> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 22
> Authentic:   
> <201><0><251><16><177><140>~<13><171><23><253><139>&n<176>k
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message = <2><3><0><6><21><0>
> 	Message-Authenticator =
> <2><149>^<128><194><247>iY<128><172><181><183>C<218>E<127>
> 	Proxy-State = 25
>
> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 3, 6
> Thu Nov  1 14:32:14 2007: DEBUG: Response type 21
> Thu Nov  1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 22
> Authentic:   
> <201><0><251><16><177><140>~<13><171><23><253><139>&n<176>k
> Attributes:
> 	EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
> Certificate
> Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6> 
> <3>U<4
>> <6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0 
>> +<6><3>U<4><11><19>$Eq
> uifax Secure Certificate
> Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3> 
> <129><
> 141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>- 
> <31><8>m<
> 145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>| 
> <206><159><5><224>
> <184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<128 
> ><191>
> B<2><142><254><221><1>
> 	EAP-Message =
> <9><236><225><0><20>O<252><251><240><12><221>C<186> 
> [+<225><31><128>p<153><21
>> W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175> 
>> +<214><238
>> cE 
>> {<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185>< 
>> 2><3
>> <1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c< 
>> 160>a<
> 164>_0] 
> 1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
> 1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
> Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19> 
> 0<17><
> 129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6>< 
> 3>U<29
>> #<4><24>0<22><128><20>H<230>h<249>+<210><178>
> 	EAP-Message = <149><215>G<216>#
> <16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<24 
> 9>+<21
> 0><178><149><215>G<216>#
> <16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<2 
> 6><6><
> 9>*<134>H<134><246>} 
> <7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
> *<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>) 
> <234><252><247><2
> 22><181><206><2><185><23><181><133><209><185><227><224><149><204>% 
> 1<13><0><1
> 66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n<1 
> 52><23
> 8><168><255>Z<200><211>U<178>fqW<222><192>! 
> <235>=*<167>#I<1><4><134>B{<252><
> 238><127><162><22>R<181>gg<211>@<219>;&X<178> 
> (w=<174><20>wa<214><250>*f'<160
>> <13><250><167>s\<234>p<241><148>!eD_<250><252><239>) 
>> h<169><162><135>y<239>y
> <239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 25
>
> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 23
> Authentic:   
> <144><191><212>.<230><252><158><181><146><210><132>W<129>7<189>H
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message =
> <2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130> 
> <0><12
> 8>]<157><4><134>v=<162><129>Z<164><28>v<215>:b<221><199><192><182>| 
> X<213>I<1
> 47>C<140>rh<9><171><221>V<14><16><131><137><206><248><150><136><6><214 
> >hW<18
> 7><167>DP#<146><132><194>U<1><3><244><160><142>4<161><209><141>v] 
> B<236><8><1
> 6><222><156><4><205><220><6><163><237><241><16>,! 
> <251>f<215><171><170>MP<143
>> <204><147><192><201><181><4>rL<171>1<159>M<244><15>Y<31><129>DX<201>< 
>> 127><1
> 67><204><128><208>? 
> U<31><253><242><222><142>A`v<142>j<199><24>,<20><3><1><0>
> <1><1><22><3><1><0>(=!<205><136>$_<215>>h<220><171><4>K<234><233>i] 
> <220><195
>> X<137><224>Z 
>> +#q8<219><167><236><233><169><184><183><242><209><131><179><153
>> <133>
> 	Message-Authenticator =
> <243><229><190><11>_<250><129><186><14>'<177>r<201><238>*0
> 	Proxy-State = 26
>
> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 4, 200
> Thu Nov  1 14:32:14 2007: DEBUG: Response type 21
> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS data, 8576, 4, 2
> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
> Thu Nov  1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 23
> Authentic:   
> <144><191><212>.<230><252><158><181><146><210><132>W<129>7<189>H
> Attributes:
> 	EAP-Message =
> <1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0> 
> ({<134><13><148
>> <188>s<189><7><15>^<186><146><131><255><2><227><211>1e<188><21><142>Q 
>> <215><
> 134>N2<140><162><203><240><249><180><201><9>z[<157>+<141>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 26
>
> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 24
> Authentic:  <192><17><216>P)<175><27><145><171>.<169>A<155><181>y<11>
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message =
> <2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<207><235>) 
> K<16>=<193><236>f<205>
> <15><148><8>A<147><214><142><211><220><21>TJ<135><183>I,<217><145>&;<2 
> ><<151
>> Z<145>x<26><181><163><152><129><142><142>`x<29>I:<247>2- 
>> B<224>p<22><131><17
>> <247><221><203><203><202><248><254><15><220><232>"M,A<158>
> 	Message-Authenticator =
> s<247>U<31><6><253><133>e<203>C;<29><15><24><17><183>
> 	Proxy-State = 27
>
> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 5, 87
> Thu Nov  1 14:32:14 2007: DEBUG: Response type 21
> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS data, 3, 5, 4
> Thu Nov  1 14:32:14 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       UNDEF
> Identifier: UNDEF
> Authentic:  UNDEF
> Attributes:
> 	User-Name = "test at my.dom.ain"
> 	User-Password = ******
>
> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS inner authentication  
> request for
> test at my.dom.ain
> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1'
> Thu Nov  1 14:32:14 2007: DEBUG: Rewrote user name to
> test at my.rewrite.dom.ain
> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for  
> test at my.dom.ain,
> 192.168.199.12,
> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthLSA:
> AD-sund2-ttls
> Thu Nov  1 14:32:14 2007: DEBUG: Radius::AuthLSA looks for match with
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov  1 14:32:14 2007: DEBUG: Radius::AuthLSA ACCEPT: :
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy LSA result: ACCEPT,
> Thu Nov  1 14:32:14 2007: DEBUG: Access accepted for  
> test at my.rewrite.dom.ain
> Thu Nov  1 14:32:14 2007: DEBUG: Returned TTLS tunnelled Diameter  
> Packet
> dump:
> Code:       Access-Accept
> Identifier: UNDEF
> Authentic:
> <219><13><5><149><152><154><127>r<2><176>5<131><222><243><232><252>
> Attributes:
>
> Thu Nov  1 14:32:14 2007: DEBUG: EAP result: 0, EAP TTLS inner
> authentication redespatched to a Handler
> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP  
> TTLS inner
> authentication redespatched to a Handler
> Thu Nov  1 14:32:14 2007: DEBUG: Access accepted for  
> anonymous at my.dom.ain
> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Accept
> Identifier: 24
> Authentic:  <192><17><216>P)<175><27><145><171>.<169>A<155><181>y<11>
> Attributes:
> 	MS-MPPE-Send-Key =
> <173><127>|<231>;<251>- 
> <1>7<173>D<188><229>T<241>`<207>j'<221><231><183>PJ<2
> 22><168><178><221><130>:<17><1><161>O<12><236><179>1C<251><18>xs,<143> 
> <28><2
> 34>}<169><196>
> 	MS-MPPE-Recv-Key =
> <128><139>'`} 
> L<199><144><163><160><29><211><251>B<247>4<250>9P<229><247><159
>> <0>`U<19><19><132><253><133><132>`<139><220>4<197>0<220>`g\<228>)? 
>> ~<29>*g<1
> 90><191>
> 	EAP-Message = <3><5><0><4>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 27
>
> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 25
> Authentic:   
> <176><222><204><233><130><228>"<154>S<209>.<186>z<134><163>,
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
> 	Message-Authenticator =
> <173>g<156><4>{<3><169>i<185>j<148>R<235><193><24><145>
> 	Proxy-State = 28
>
> Thu Nov  1 14:32:51 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:32:51 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 1, 25
> Thu Nov  1 14:32:51 2007: DEBUG: Response type 1
> Thu Nov  1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:32:51 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 25
> Authentic:   
> <176><222><204><233><130><228>"<154>S<209>.<186>z<134><163>,
> Attributes:
> 	EAP-Message = <1><2><0><6><21>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 28
>
> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 26
> Authentic:   
> <246><164><13><232><195><229>&<190><220>q<9><190><144><165>U<
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message =
> <2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>) 
> <3><1>F<186><230><0><23
> 4><178><16>h|| 
> <6><25><145><189><232><138><193><160><194>p<240><239><14><24><
> 197><246>r<246><206>GV<154><0><0><2><0><10><1><0>
> 	Message-Authenticator =
> <246><249>Z<220><232><134>]<208><221>(<31>x<181><31>X<13>
> 	Proxy-State = 29
>
> Thu Nov  1 14:32:51 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:32:51 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 2, 60
> Thu Nov  1 14:32:51 2007: DEBUG: Response type 21
> Thu Nov  1 14:32:51 2007: DEBUG: EAP TTLS data, 24576, 2, -1
> Thu Nov  1 14:32:51 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2,  
> 8576
> Thu Nov  1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:32:51 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 26
> Authentic:   
> <246><164><13><232><195><229>&<190><220>q<9><190><144><165>U<
> Attributes:
> 	EAP-Message =
> <1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G)< 
> 213><1
> 31><225><182><247>9,<220><8>}*<136>] 
> i<243>B<31>jo<27>E<160>H<127>_<195><18><
> 185>]<229>
> <25>W<203><228>_<12><208>)<156><170>> 
> $<18>I';<6>g'<181><236><130>k<243>_<22>
> &+<223> 
> $<237><8><0><10><0><22><3><1><6>q<11><0><6>m<0><6>j<0><3>@0<130><3><0
> <130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6><9>*<134>H<134> 
> <247><
> 13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4 
> ><10><
> 19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
> Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
> 	EAP-Message =
> <11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius.m 
> y.dom.
> ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19> 
> (See
> www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain  
> Control
> Validated - QuickSSL
> Premium(R) 
> 1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2> 
>> <129><
> 129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>) 
> <172><188
>> <235><227><220><135><233><15><24><197>
> 	EAP-Message =
> <11><5>]<181><173>J<129><161>v<202>,Z<20>L_ 
> $<127>5<129><169><246>L<196><179>
> <230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/ 
> <192><147><158>!<1
> 53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>? 
> B<182><224><173
>> }<253><30>u<<16>$#c<132>l<24><146>`<151>-! 
>> <207><140>E<240>1<208>N<155>2k0<1
> 75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3> 
> U<29><
> 15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>mu 
> <198>\
> <205><133>'h| 
> <146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
> 3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/ 
> secureca.crl0<31><6><3>U
> <29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
> <16>O3<152><144><159><212>0
> 	EAP-Message =
> <29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8> 
> +<6><1><5><5><
> 7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0 
> >N<12>
> g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>) 
> <159><178><168><
> 15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>} 
> <2><177><20>}<209>
> hoJ<199>- 
> <234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
> 56>T<176><137>MN<201>
> c<207><244>a-<230>@Y) 
> <134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
>> <184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3> 
>> $0<130><3>
> 0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134> 
> H<134>
> <247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6> 
> <3>U<4
>> <10><19><7>Equifax1-0+
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 29
>
> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 27
> Authentic:  7<215><153>R<156><209><172>gZ<160>+zXa<252><131>
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message = <2><3><0><6><21><0>
> 	Message-Authenticator =
> MN<153>pH<19><182><179><133><136>C<8><131><5>b<232>
> 	Proxy-State = 30
>
> Thu Nov  1 14:32:51 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:32:51 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 3, 6
> Thu Nov  1 14:32:51 2007: DEBUG: Response type 21
> Thu Nov  1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:32:51 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 27
> Authentic:  7<215><153>R<156><209><172>gZ<160>+zXa<252><131>
> Attributes:
> 	EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
> Certificate
> Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6> 
> <3>U<4
>> <6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0 
>> +<6><3>U<4><11><19>$Eq
> uifax Secure Certificate
> Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3> 
> <129><
> 141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>- 
> <31><8>m<
> 145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>| 
> <206><159><5><224>
> <184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<128 
> ><191>
> B<2><142><254><221><1>
> 	EAP-Message =
> <9><236><225><0><20>O<252><251><240><12><221>C<186> 
> [+<225><31><128>p<153><21
>> W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175> 
>> +<214><238
>> cE 
>> {<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185>< 
>> 2><3
>> <1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c< 
>> 160>a<
> 164>_0] 
> 1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
> 1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
> Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19> 
> 0<17><
> 129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6>< 
> 3>U<29
>> #<4><24>0<22><128><20>H<230>h<249>+<210><178>
> 	EAP-Message = <149><215>G<216>#
> <16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<24 
> 9>+<21
> 0><178><149><215>G<216>#
> <16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<2 
> 6><6><
> 9>*<134>H<134><246>} 
> <7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
> *<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>) 
> <234><252><247><2
> 22><181><206><2><185><23><181><133><209><185><227><224><149><204>% 
> 1<13><0><1
> 66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n<1 
> 52><23
> 8><168><255>Z<200><211>U<178>fqW<222><192>! 
> <235>=*<167>#I<1><4><134>B{<252><
> 238><127><162><22>R<181>gg<211>@<219>;&X<178> 
> (w=<174><20>wa<214><250>*f'<160
>> <13><250><167>s\<234>p<241><148>!eD_<250><252><239>) 
>> h<169><162><135>y<239>y
> <239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 30
>
> Thu Nov  1 14:32:52 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 28
> Authentic:   
> 7<27><204><254><194><197>k<205><28><143>M<131><214><8><13>b
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message =
> <2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130> 
> <0><12
> 8>iX`r<167><224><224><7>l'<185>`%% 
> <227><216><252>`C<230>2<253><245><29><20><
> 138><167><179><179><145><7><181>U"<29>Z! 
> =<224>Y<130><140><241><240><0>N$<220
>> E9D<156><225><174><202><149>0<14><224><226><164>6<152>1<184><6><128>< 
>> 163><1
> 81><216>f 
> +q<139><182>k&<182>*5T<136><0><238>h<247><188><149>U<21>FAV<19>bl<2
> 23>n<153>Q<22><6>y<175><254><183><181><8><231>1<247>t<153><134><131><2 
> 52>~O<
> 14><176>R<153><238>vv^\<144><20><3><1><0><1><1><22><3><1><0> 
> (<135>M<188>"B<2
> 25>D<152>"<185><229><136><142><254><143><176>} 
> <190><247><158><13><137><248><
> 236><21>a<245><19>q5<141><248>b<237>6e<240><249><127><200>
> 	Message-Authenticator =
> k<152>C<187><28><145><255><132><136><176><18><173><180>M<133><244>
> 	Proxy-State = 31
>
> Thu Nov  1 14:32:52 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:32:52 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:32:52 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:32:52 2007: DEBUG: Handling with EAP: code 2, 4, 200
> Thu Nov  1 14:32:52 2007: DEBUG: Response type 21
> Thu Nov  1 14:32:52 2007: DEBUG: EAP TTLS data, 8576, 4, 2
> Thu Nov  1 14:32:52 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
> Thu Nov  1 14:32:52 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov  1 14:32:52 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> TTLS
> Challenge
> Thu Nov  1 14:32:52 2007: DEBUG: Access challenged for  
> anonymous at my.dom.ain:
> EAP TTLS Challenge
> Thu Nov  1 14:32:52 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Challenge
> Identifier: 28
> Authentic:   
> 7<27><204><254><194><197>k<205><28><143>M<131><214><8><13>b
> Attributes:
> 	EAP-Message =
> <1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0> 
> (g<30>u<165>>8<
> 173><7>1) 
> <212><0>re<208>i<16><193><167><14>G<10>*eBu<18><6><4><178>vl<198>D<
> 146><194>Br<23>\
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 31
>
> Thu Nov  1 14:32:52 2007: DEBUG: Packet dump:
> *** Received from 130.225.126.187 port 1814 ....
> Code:       Access-Request
> Identifier: 29
> Authentic:  <233><191><234><235>RGam<135>t<163>F<137>Vu<146>
> Attributes:
> 	NAS-IP-Address = 192.168.199.12
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Port = 0
> 	Framed-MTU = 1400
> 	User-Name = "anonymous at my.dom.ain"
> 	Calling-Station-Id = "00-90-4B-BC-05-74"
> 	Called-Station-Id = "00-11-85-50-3C-AF"
> 	NAS-Identifier = "AP420.12"
> 	EAP-Message =
> <2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<12> 
> +Bkz;<137><151><20>5<176><17>
> 9{]<27><235>PB<168><237><182><17><250><185><217><153>;<199><130>j/ 
> <217><130>
> P<133>@<237><235><165>Q<200><218>><215><171><161><22>Qh<247><6><149><1 
> 74><14
> 6><238><148> uCg=<254><160><231><17><198>z<20><212><18><172>
> 	Message-Authenticator =
> z<26>j<227><162>x<221><142>*<4><23><171><194><202>,+
> 	Proxy-State = 32
>
> Thu Nov  1 14:32:52 2007: DEBUG: Handling request with Handler
> 'User-Name=anonymous at my.dom.ain'
> Thu Nov  1 14:32:52 2007: DEBUG:  Deleting session for  
> anonymous at my.dom.ain,
> 192.168.199.12, 0
> Thu Nov  1 14:32:52 2007: DEBUG: Handling with Radius::AuthFILE:
> AD-sund-ttls
> Thu Nov  1 14:32:52 2007: DEBUG: Handling with EAP: code 2, 5, 87
> Thu Nov  1 14:32:52 2007: DEBUG: Response type 21
> Thu Nov  1 14:32:52 2007: DEBUG: EAP TTLS data, 3, 5, 4
> Thu Nov  1 14:32:52 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       UNDEF
> Identifier: UNDEF
> Authentic:  UNDEF
> Attributes:
> 	User-Name = "test at my.dom.ain"
> 	User-Password = ******
>
> Thu Nov  1 14:32:52 2007: DEBUG: EAP TTLS inner authentication  
> request for
> test at my.dom.ain
> Thu Nov  1 14:32:52 2007: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1'
> Thu Nov  1 14:32:52 2007: DEBUG: Rewrote user name to
> test at my.rewrite.dom.ain
> Thu Nov  1 14:32:52 2007: DEBUG:  Deleting session for  
> test at my.dom.ain,
> 192.168.199.12,
> Thu Nov  1 14:32:52 2007: DEBUG: Handling with Radius::AuthLSA:
> AD-sund2-ttls
> Thu Nov  1 14:32:52 2007: DEBUG: Radius::AuthLSA looks for match with
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov  1 14:32:52 2007: DEBUG: Radius::AuthLSA ACCEPT: :
> test at my.rewrite.dom.ain [test at my.dom.ain]
> Thu Nov  1 14:32:52 2007: DEBUG: AuthBy LSA result: ACCEPT,
> Thu Nov  1 14:32:52 2007: DEBUG: Access accepted for  
> test at my.rewrite.dom.ain
> Thu Nov  1 14:32:52 2007: DEBUG: Returned TTLS tunnelled Diameter  
> Packet
> dump:
> Code:       Access-Accept
> Identifier: UNDEF
> Authentic:  <216>W<218><140><136><161><245>O<29><4>'E<182>h<134>U
> Attributes:
>
> Thu Nov  1 14:32:52 2007: DEBUG: EAP result: 0, EAP TTLS inner
> authentication redespatched to a Handler
> Thu Nov  1 14:32:52 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP  
> TTLS inner
> authentication redespatched to a Handler
> Thu Nov  1 14:32:52 2007: DEBUG: Access accepted for  
> anonymous at my.dom.ain
> Thu Nov  1 14:32:52 2007: DEBUG: Packet dump:
> *** Sending to 130.225.126.187 port 1814 ....
> Code:       Access-Accept
> Identifier: 29
> Authentic:  <233><191><234><235>RGam<135>t<163>F<137>Vu<146>
> Attributes:
> 	MS-MPPE-Send-Key =
> <164><177>/l<214><2>N<217><12><219><214>'j<134>B^o_<158> 
> $:#<214><167><13>"P<
> 183><176>G<145><184>L<20>I<244><11><166>*3wo<225><231>5<12><210><254>< 
> 5><30>
> 	MS-MPPE-Recv-Key =
> <212><169>% 
> I<245><14><212><196>g<197>6H,t<239><209><136><21><142><27><147>C<
> 127>s<31><24><199><186>tN<160><166>K 
> [<161><197><233><221><205>x2<151><165>>.
> <180><185>O<195><172>
> 	EAP-Message = <3><5><0><4>
> 	Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Proxy-State = 32
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: logfile 3.14
Type: application/octet-stream
Size: 16612 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20071119/3dd44834/attachment.obj>


More information about the radiator mailing list