(RADIATOR) EAP-TTLS

Hugh Irvine hugh at open.com.au
Mon Nov 19 15:47:43 CST 2007


Hello Steffen -

I have seen similar problems with different versions of OpenSSL.

The latest version from Shining Light does _not_ work, but the  
earlier one does.

This works (from http://www.slproweb.com/products/Win32OpenSSL.html):

	Win32_OpenSSL_v0.9.7m

this does not:

	Wind32_OpenSSL_v0.9.8g

I have recently installed Perl 5.8.8.822:

	http://www.activestate.com/store/download.aspx? 
prdGUID=81fbce82-6bd5-49bc-a915-08d58c2648ca

and Radiator 3.17.1 with latest patches on Windows with  
Win32_OpenSSL_v0.9.7m and it works fine.

hope that helps

regards

Hugh


On 20 Nov 2007, at 04:40, Steffen Hedegaard wrote:

> Sorry for the late answer, the flu got me.
> The before mentioned 3.14 radius was on another site, but I tried  
> installing
> an identical version on one of the two servers, and It works with  
> the same
> config files, so that should rule out my configuration. Which  
> brings me to
> suspect the installation/perl version and or modules are at fault.
> Both setups run on Windows server 2003.
>
> Non working setup:
>   radiator 3.17.1 patched
>   activeperl 5.8.8.820
>     with modules
>     install http://www.open.com.au/radiator/free-downloads/Win32- 
> Lsa.ppd
>     install http://www.roth.net/perl/packages/win32-daemon.ppd
> And openssl was installed in order to support net_SSLeay
>
> Working Setup:
>  Radiator 3.14 patched
>  Activelperl 5.6.1.638
>   Modules:
>    install --location=http://www.open.com.au/radiator/free-downloads
> Win32-Lsa
>    install http://theoryx5.uwinnipeg.ca/ppmpackages/Net_SSLeay.pm.ppd
>
>
> Any suggestions as to what might be wrong with my 3.17.1  
> installation? Shall
> I just try reverting to using activeperl 5.6 allthough 5.8 is the
> recommended version now?
> The anonymized trace4 debug from the perlk 5.6 radiator 3.14  
> installation
> working logon has been attached as textfile.
>
> Best regards
> Steffen Hedegaard
>
>
> -----Oprindelig meddelelse-----
> Fra: Hugh Irvine [mailto:hugh at open.com.au]
> Sendt: 9. november 2007 03:44
> Til: Steffen Hedegaard
> Cc: radiator at open.com.au
> Emne: ***SPAM*** Re: (RADIATOR) EAP-TTLS
>
>
> Hello Steffen -
>
> Could you try this without the username rewrite? I suspect this may
> be the problem.
>
> Please send the trace 4 debug showing what happens, together with the
> trace 4 debug from the other system.
>
> thanks and regards
>
> Hugh
>
>
> On 8 Nov 2007, at 23:58, Steffen Hedegaard wrote:
>
>> Hi, i Am having some problems with a radiator 3.17.1 patched
>> 18-6-07 setup
>> used for eap-ttls-pap authentication. I get so far as the server
>> sends (and
>> the client receives) an access-accept package, and then the
>> authentication
>> process just seems to start over. I have another radiator server
>> running
>> 3.15, which works with the same config file settings (minus the
>> username
>> rewrite).
>> Radiator is installed as a service on a windows 2003 server with
>> activeperl
>> 5.8.8.820.
>>
>> The config file, and trace 4 debug of a session, is at the end of
>> the mail.
>>
>> Best regard
>> Steffen Hedegaard
>>
>>
>>
>>
>>
>>
>> Foreground
>> LogStdout
>> LogDir	C:\Program Files\Radiator
>> DbDir		C:\Program Files\Radiator
>> DictionaryFile C:\Program Files\Radiator\dictionary
>> AuthPort 1812
>> AcctPort 1813
>>
>>
>> ###  Logginf options ###
>>
>> # User a lower trace level in production systems:
>> Trace 		4
>>
>> <AuthLog FILE>
>> Identifier accountinglog
>> LogSuccess 1
>> LogFailure 1
>> SuccessFormat %l : %n : %N : %{NAS-Identifier} : OK
>> FailureFormat %l : %n : %N : %{NAS-Identifier} : Failed
>> Filename c:\program files\radiator\authlog
>> </AuthLog>
>>
>>
>>
>> ##################################################################### 
>> #
>> ####
>> #
>> Clients                                      #
>> ##################################################################### 
>> #
>> ####
>>
>>
>> # JanP
>> <Client radius.another.dom.ain>
>> 	Secret mysecret
>> 	DupInterval 0
>> </client>
>>
>> <Client radius2.another.dom.ain>
>> 	Secret mysecret
>> 	DupInterval 0
>> </client>
>>
>>
>> ##################################################################### 
>> #
>> ####
>> #               Authentication metoder og
>> viderestillinger               #
>> ##################################################################### 
>> #
>> ####
>>
>>
>> ###  EAP-TTLS ###
>>
>> <AuthBy FILE>
>> # auth af ydre request med eap-ttls, anonymous bruger
>> Identifier AD-sund-ttls
>> Filename C:/Program Files/Radiator/users
>> EAPType TTLS
>> EAPTLS_CAFile C:/Program Files/Radiator/radiusparent.cert
>> EAPTLS_CertificateType PEM
>> EAPTLS_CertificateFile C:/Program Files/Radiator/
>> radius_my_dom_ain.cert
>> EAPTLS_PrivateKeyFile C:/Program Files/Radiator/radius_my_dom_ain.key
>> EAPTLS_PrivateKeyPassword
>> EAPTLS_MaxFragmentSize 1000
>> AutoMPPEKeys
>> SSLeayTrace 4
>> </AuthBy>
>>
>> <AuthBy LSA>
>> # Auth af brugere i Active Directory domænet my.root.dom.ain, inner
>> request
>> Identifier AD-sund2-ttls
>> EAPType PAP
>> #AddToReply Service-Type=Framed-User,Framed-Protocol=PPP
>> </AuthBy>
>>
>>
>>
>>
>> ### Forespørgsler der ryger til JanP
>>
>> <AuthBy RADIUS>
>> Identifier EDUROAM
>> Host radius.xxx.xx.xx
>> Secret mysecret
>> FailureBackoffTime 10
>> Retries 0
>> RetryTimeout 6
>> AuthPort 1812
>> AcctPort 1813
>> </AuthBy>
>>
>>
>> ##################################################################### 
>> #
>> ####
>> #
>> Handlers                                  #
>> ##################################################################### 
>> #
>> ####
>>
>> ###  EAP-TTLS
>> <Handler TunnelledByTTLS=1>
>> #nner request, vil altid være et lokalt domæne når vi når hertil.
>> RejectHasReason
>> #rewriter til @my.root.dom.ain
>> RewriteUsername s/^([^@]+).*/$1\@my.root.dom.ain/
>> AuthBy AD-sund2-ttls
>> AuthLog accountinglog
>> </Handler>
>>
>> <Handler User-Name=anonymous at my.dom.ain>
>> #outer request, matcher username at my.dom.ain
>> AuthBy AD-sund-ttls
>> </Handler>
>>
>>
>> ### Vidersendelse til central ku server
>> <Handler>
>> #default handler sender alt andet videre til janp's servere.
>> AuthBy EDUROAM
>> AuthLog accountinglog
>> </Handler>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Thu Nov  1 14:30:44 2007: DEBUG: Finished reading configuration file
>> 'C:\Program Files\Radiator\radius.cfg'
>> Thu Nov  1 14:30:44 2007: DEBUG: Reading dictionary file 'C:\Program
>> Files\Radiator\dictionary'
>> Thu Nov  1 14:30:44 2007: DEBUG: Creating authentication port
>> 0.0.0.0:1812
>> Thu Nov  1 14:30:44 2007: DEBUG: Creating accounting port  
>> 0.0.0.0:1813
>> Thu Nov  1 14:30:44 2007: NOTICE: Server started: Radiator 3.17.1
>> on Rad1
>> Thu Nov  1 14:31:34 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 15
>> Authentic:  <184><232><231>mn^<171><152>.<246><230><178>8Q)H
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
>> 	Message-Authenticator =
>> <149><191><24><8><156>h<21>I<153>n<16><235><16><152>Fm
>> 	Proxy-State = 18
>>
>> Thu Nov  1 14:31:34 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:31:34 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:31:34 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:31:34 2007: DEBUG: Handling with EAP: code 2, 1, 25
>> Thu Nov  1 14:31:34 2007: DEBUG: Response type 1
>> Thu Nov  1 14:31:36 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:31:36 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:31:36 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:31:36 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 15
>> Authentic:  <184><232><231>mn^<171><152>.<246><230><178>8Q)H
>> Attributes:
>> 	EAP-Message = <1><2><0><6><21>
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 18
>>
>> Thu Nov  1 14:31:36 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 16
>> Authentic:  uh<29><168><201>q<249>`t<217><162><239><135><140>pt
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message =
>> <2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)
>> <3><1>J<241><161><235><
>> 236>N<201><153>:<166>V8<246><165><214>|
>> <202><158><229><130><155><243>=<169><
>> 157>~|<163>-<159>G<4><0><0><2><0><10><1><0>
>> 	Message-Authenticator =
>> x"<240>E<192>5<209><181>9<226><178>DU<1>f<242>
>> 	Proxy-State = 19
>>
>> Thu Nov  1 14:31:36 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:31:36 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:31:36 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:31:36 2007: DEBUG: Handling with EAP: code 2, 2, 60
>> Thu Nov  1 14:31:36 2007: DEBUG: Response type 21
>> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS data, 24576, 2, -1
>> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2,
>> 8576
>> Thu Nov  1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:31:37 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 16
>> Authentic:  uh<29><168><201>q<249>`t<217><162><239><135><140>pt
>> Attributes:
>> 	EAP-Message =
>> <1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G) 
>> <
>> 213>9<
>> 239><248><230>z<147><174>K<18><158><190><247>
>> \<16><209><169><240>7<180>ro<22
>> 8>!<146><188><196><169><198><252>
>> +<187><195>Q<235><253><233><10>q<181>A<4><201><181><24><10><137><255> 
>> d
>> 1<19>6
>> <230>>K1<244><26><129>]
>>> <225><0><10><0><22><3><1><6>q<11><0><6>m<0><6>j<0><3
>>> @0<130><3><0<130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6>< 
>>> 9
>>>> *<134
>>> H<134><247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16> 
>>> 0
>>> <14><6
>>> <3>U<4><10><19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure
>>> Certificate
>> Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
>> 	EAP-Message =
>> <11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius. 
>> m
>> y.dom.
>> ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19>
>> (See
>> www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain
>> Control
>> Validated - QuickSSL
>> Premium(R)
>> 1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
>>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2 
>>> >
>>> <129><
>> 129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>)
>> <172><188
>>> <235><227><220><135><233><15><24><197>
>> 	EAP-Message =
>> <11><5>]<181><173>J<129><161>v<202>,Z<20>L_
>> $<127>5<129><169><246>L<196><179>
>> <230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/
>> <192><147><158>!<1
>> 53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>?
>> B<182><224><173
>>> }<253><30>u<<16>$#c<132>l<24><146>`<151>-!
>>> <207><140>E<240>1<208>N<155>2k0<1
>> 75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3 
>> >
>> U<29><
>> 15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>m 
>> u
>> <198>\
>> <205><133>'h|
>> <146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
>> 3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/
>> secureca.crl0<31><6><3>U
>> <29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
>> <16>O3<152><144><159><212>0
>> 	EAP-Message =
>> <29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>
>> +<6><1><5><5><
>> 7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129>< 
>> 0
>>> N<12>
>> g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>)
>> <159><178><168><
>> 15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>}
>> <2><177><20>}<209>
>> hoJ<199>-
>> <234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
>> 56>T<176><137>MN<201>
>> c<207><244>a-<230>@Y)
>> <134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
>>> <184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3>
>>> $0<130><3>
>> 0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134 
>> >
>> H<134>
>> <247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6 
>> >
>> <3>U<4
>>> <10><19><7>Equifax1-0+
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 19
>>
>> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 17
>> Authentic:  c<1><217>.+<16><23><19><157><3>9Z<209>?<28>a
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message = <2><3><0><6><21><0>
>> 	Message-Authenticator =
>> <130><166><173>(}<229>#I<189><171>}6<247>><139><247>
>> 	Proxy-State = 20
>>
>> Thu Nov  1 14:31:37 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:31:37 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 3, 6
>> Thu Nov  1 14:31:37 2007: DEBUG: Response type 21
>> Thu Nov  1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:31:37 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 17
>> Authentic:  c<1><217>.+<16><23><19><157><3>9Z<209>?<28>a
>> Attributes:
>> 	EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
>> Certificate
>> Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6 
>> >
>> <3>U<4
>>> <6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0
>>> +<6><3>U<4><11><19>$Eq
>> uifax Secure Certificate
>> Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3 
>> >
>> <129><
>> 141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>-
>> <31><8>m<
>> 145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>|
>> <206><159><5><224>
>> <184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<12 
>> 8
>>> <191>
>> B<2><142><254><221><1>
>> 	EAP-Message =
>> <9><236><225><0><20>O<252><251><240><12><221>C<186>
>> [+<225><31><128>p<153><21
>>> W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175>
>>> +<214><238
>>> cE
>>> {<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185> 
>>> <
>>> 2><3
>>> <1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c 
>>> <
>>> 160>a<
>> 164>_0]
>> 1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
>> 1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
>> Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19 
>> >
>> 0<17><
>> 129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6> 
>> <
>> 3>U<29
>>> #<4><24>0<22><128><20>H<230>h<249>+<210><178>
>> 	EAP-Message = <149><215>G<216>#
>> <16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<2 
>> 4
>> 9>+<21
>> 0><178><149><215>G<216>#
>> <16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0< 
>> 2
>> 6><6><
>> 9>*<134>H<134><246>}
>> <7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
>> *<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>)
>> <234><252><247><2
>> 22><181><206><2><185><23><181><133><209><185><227><224><149><204>%
>> 1<13><0><1
>> 66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n< 
>> 1
>> 52><23
>> 8><168><255>Z<200><211>U<178>fqW<222><192>!
>> <235>=*<167>#I<1><4><134>B{<252><
>> 238><127><162><22>R<181>gg<211>@<219>;&X<178>
>> (w=<174><20>wa<214><250>*f'<160
>>> <13><250><167>s\<234>p<241><148>!eD_<250><252><239>)
>>> h<169><162><135>y<239>y
>> <239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 20
>>
>> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 18
>> Authentic:  <14>R<206><208>5<28><171>SiU<251><167>/2\<249>
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message =
>> <2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130 
>> >
>> <0><12
>> 8><1>`h<199><199><4>^<174><164><151>~<244><171><132><133>zt<133>@<250 
>> >
>> <10><2
>> 43><24>9<231><201>XW
>> (<20><247>u1<175><15><158>D<23><177><176><227>J<239><136
>>> |"<173><240><127><29><199><248>W<132><170>x<168><25>
>>> \.<152>C<12><136><224><
>> 239><133>1<25><196><139>.<30><209><^ju<129><138><167><139><167>C<18>< 
>> 1
>> 36><6>
>> <24><127><227><18><199><174><10><21><4><170><184>
>> (<244><169>Yr<132><156><227
>>> <<221><28><19><247>J|
>>> <5>]"<140>2=<216><249>Y<239><248>xH<187><4><20><3><1><
>> 0><1><1><22><3><1><0>
>> (<31><254><195>~<195><146><185><240>5k<199><139><148><0
>>> <28><16><243><22>-Y<147><228>m<248><242><168>c<232>"<179>Bz<18>n
>>> \<134><145>
>> <165><181>i
>> 	Message-Authenticator =
>> zbh<164>S<136><217><166><154><208><159>l<253><168>[<228>
>> 	Proxy-State = 21
>>
>> Thu Nov  1 14:31:37 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:31:37 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 4, 200
>> Thu Nov  1 14:31:37 2007: DEBUG: Response type 21
>> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS data, 8576, 4, 2
>> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
>> Thu Nov  1 14:31:37 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:31:37 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:31:37 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 18
>> Authentic:  <14>R<206><208>5<28><171>SiU<251><167>/2\<249>
>> Attributes:
>> 	EAP-Message =
>> <1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>
>> (<245><169><31>
>> <244><212><232><243><148><251><200>F<149><246><205>)
>> <16><167><153><242><189>
>> <28>q8<236>3`i<233><172><186><142>P:<129><176>D'<5>?<30>
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 21
>>
>> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 19
>> Authentic:  <4><5><212><138><228>ocOQb<222>+y<127>y<20>
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message =
>> <2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<226><170><167>mQ<193><138 
>> >
>> <224>(
>> <16><27><252>iq<140><231>Y03:<187>7/aQ5<148>|
>> <250><226>o<170><154><7>=W<243>
>> <142>!}<251>a<178>J<133><240><145>^]<156>]
>> <183><190>M<219><176><18>Z<1>h<142
>>> f<150><153>#<229><207><182><234>"<139><205>
>> 	Message-Authenticator =
>> <170><219>/+<139><233>{<224><149>><222><137>$<228>t<238>
>> 	Proxy-State = 22
>>
>> Thu Nov  1 14:31:37 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:31:37 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:31:37 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:31:37 2007: DEBUG: Handling with EAP: code 2, 5, 87
>> Thu Nov  1 14:31:37 2007: DEBUG: Response type 21
>> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS data, 3, 5, 4
>> Thu Nov  1 14:31:37 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
>> Code:       UNDEF
>> Identifier: UNDEF
>> Authentic:  UNDEF
>> Attributes:
>> 	User-Name = "test at my.dom.ain"
>> 	User-Password = ******
>>
>> Thu Nov  1 14:31:37 2007: DEBUG: EAP TTLS inner authentication
>> request for
>> test at my.dom.ain
>> Thu Nov  1 14:31:37 2007: DEBUG: Handling request with Handler
>> 'TunnelledByTTLS=1'
>> Thu Nov  1 14:31:37 2007: DEBUG: Rewrote user name to
>> test at my.rewrite.dom.ain
>> Thu Nov  1 14:31:37 2007: DEBUG:  Deleting session for
>> test at my.dom.ain,
>> 192.168.199.12,
>> Thu Nov  1 14:31:37 2007: DEBUG: Handling with Radius::AuthLSA:
>> AD-sund2-ttls
>> Thu Nov  1 14:31:37 2007: DEBUG: Radius::AuthLSA looks for match with
>> test at my.rewrite.dom.ain [test at my.dom.ain]
>> Thu Nov  1 14:31:37 2007: DEBUG: Radius::AuthLSA ACCEPT: :
>> test at my.rewrite.dom.ain [test at my.dom.ain]
>> Thu Nov  1 14:31:37 2007: DEBUG: AuthBy LSA result: ACCEPT,
>> Thu Nov  1 14:31:37 2007: DEBUG: Access accepted for
>> test at my.rewrite.dom.ain
>> Thu Nov  1 14:31:37 2007: DEBUG: Returned TTLS tunnelled Diameter
>> Packet
>> dump:
>> Code:       Access-Accept
>> Identifier: UNDEF
>> Authentic:  <5><252><249>X<204><131>ID<189><166><190><8><230>J<2><4>
>> Attributes:
>>
>> Thu Nov  1 14:31:37 2007: DEBUG: EAP result: 0, EAP TTLS inner
>> authentication redespatched to a Handler
>> Thu Nov  1 14:31:37 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP
>> TTLS inner
>> authentication redespatched to a Handler
>> Thu Nov  1 14:31:37 2007: DEBUG: Access accepted for
>> anonymous at my.dom.ain
>> Thu Nov  1 14:31:37 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Accept
>> Identifier: 19
>> Authentic:  <4><5><212><138><228>ocOQb<222>+y<127>y<20>
>> Attributes:
>> 	MS-MPPE-Send-Key =
>> <235><175><237>1RP<249>W<221>=<7>1<142><30><170><170><138><19>zU<228> 
>> <
>> 156>"<
>> 13>o<10><8><15>?
>> m<4><220><158>zV<141><133><255><174><211><197>0<171><20>2<13
>> 6><212><6><167><130>
>> 	MS-MPPE-Recv-Key =
>> <172>Y8<244><3><157><251>9<135><238><208><212><161>G<17>D<194>H<225>r 
>> <
>> 142>X<
>> 207>f<147>!
>> <217>5G<231><24><166>U<215>DGX<240>U<12><129><129><230><245><174>
>> gV<237><15>l
>> 	EAP-Message = <3><5><0><4>
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 22
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 20
>> Authentic:  b<31><141><147><153><179>d,><138><239>o<134><12>^l
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
>> 	Message-Authenticator =
>> <0><175><221>u<174>A<156>Qu<151><195>*c<12>Q<137>
>> 	Proxy-State = 23
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 1, 25
>> Thu Nov  1 14:32:14 2007: DEBUG: Response type 1
>> Thu Nov  1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 20
>> Authentic:  b<31><141><147><153><179>d,><138><239>o<134><12>^l
>> Attributes:
>> 	EAP-Message = <1><2><0><6><21>
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 23
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 21
>> Authentic:  <144><159><203><151>in<181><136><141>oR<146>b*<238>Y
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message =
>> <2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1>6/
>> <139><140>$!<16
>> 1>x_<222><143><183><248><232>n<147><<190><158><187><235><2>t<209><231 
>> >
>> d"<194
>>> E<144><4>0<0><0><2><0><10><1><0>
>> 	Message-Authenticator =
>> <143>`s<187>w<138>E<253><179><204><11>q<252><202><253><245>
>> 	Proxy-State = 24
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 2, 60
>> Thu Nov  1 14:32:14 2007: DEBUG: Response type 21
>> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS data, 24576, 2, -1
>> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2,
>> 8576
>> Thu Nov  1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 21
>> Authentic:  <144><159><203><151>in<181><136><141>oR<146>b*<238>Y
>> Attributes:
>> 	EAP-Message =
>> <1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G) 
>> <
>> 213>^K
>> w[Tan.^<9><255>G<253>e<157><214><198> <172>2<9><239>P<27>Rp[:<205>
>> S<13>4HW<13><128><213>
>> {<167>4L=<3><175><6><15><134><192><252><180>6<204><19>
>> <1><229><251><15><171><163>R5<0><10><0><22><3><1><6>q<11><0><6>m<0><6 
>> >
>> j<0><3
>>> @0<130><3><0<130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6>< 
>>> 9
>>>> *<134
>>> H<134><247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16> 
>>> 0
>>> <14><6
>>> <3>U<4><10><19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure
>>> Certificate
>> Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
>> 	EAP-Message =
>> <11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius. 
>> m
>> y.dom.
>> ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19>
>> (See
>> www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain
>> Control
>> Validated - QuickSSL
>> Premium(R)
>> 1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
>>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2 
>>> >
>>> <129><
>> 129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>)
>> <172><188
>>> <235><227><220><135><233><15><24><197>
>> 	EAP-Message =
>> <11><5>]<181><173>J<129><161>v<202>,Z<20>L_
>> $<127>5<129><169><246>L<196><179>
>> <230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/
>> <192><147><158>!<1
>> 53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>?
>> B<182><224><173
>>> }<253><30>u<<16>$#c<132>l<24><146>`<151>-!
>>> <207><140>E<240>1<208>N<155>2k0<1
>> 75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3 
>> >
>> U<29><
>> 15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>m 
>> u
>> <198>\
>> <205><133>'h|
>> <146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
>> 3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/
>> secureca.crl0<31><6><3>U
>> <29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
>> <16>O3<152><144><159><212>0
>> 	EAP-Message =
>> <29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>
>> +<6><1><5><5><
>> 7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129>< 
>> 0
>>> N<12>
>> g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>)
>> <159><178><168><
>> 15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>}
>> <2><177><20>}<209>
>> hoJ<199>-
>> <234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
>> 56>T<176><137>MN<201>
>> c<207><244>a-<230>@Y)
>> <134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
>>> <184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3>
>>> $0<130><3>
>> 0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134 
>> >
>> H<134>
>> <247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6 
>> >
>> <3>U<4
>>> <10><19><7>Equifax1-0+
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 24
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 22
>> Authentic:
>> <201><0><251><16><177><140>~<13><171><23><253><139>&n<176>k
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message = <2><3><0><6><21><0>
>> 	Message-Authenticator =
>> <2><149>^<128><194><247>iY<128><172><181><183>C<218>E<127>
>> 	Proxy-State = 25
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 3, 6
>> Thu Nov  1 14:32:14 2007: DEBUG: Response type 21
>> Thu Nov  1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 22
>> Authentic:
>> <201><0><251><16><177><140>~<13><171><23><253><139>&n<176>k
>> Attributes:
>> 	EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
>> Certificate
>> Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6 
>> >
>> <3>U<4
>>> <6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0
>>> +<6><3>U<4><11><19>$Eq
>> uifax Secure Certificate
>> Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3 
>> >
>> <129><
>> 141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>-
>> <31><8>m<
>> 145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>|
>> <206><159><5><224>
>> <184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<12 
>> 8
>>> <191>
>> B<2><142><254><221><1>
>> 	EAP-Message =
>> <9><236><225><0><20>O<252><251><240><12><221>C<186>
>> [+<225><31><128>p<153><21
>>> W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175>
>>> +<214><238
>>> cE
>>> {<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185> 
>>> <
>>> 2><3
>>> <1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c 
>>> <
>>> 160>a<
>> 164>_0]
>> 1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
>> 1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
>> Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19 
>> >
>> 0<17><
>> 129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6> 
>> <
>> 3>U<29
>>> #<4><24>0<22><128><20>H<230>h<249>+<210><178>
>> 	EAP-Message = <149><215>G<216>#
>> <16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<2 
>> 4
>> 9>+<21
>> 0><178><149><215>G<216>#
>> <16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0< 
>> 2
>> 6><6><
>> 9>*<134>H<134><246>}
>> <7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
>> *<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>)
>> <234><252><247><2
>> 22><181><206><2><185><23><181><133><209><185><227><224><149><204>%
>> 1<13><0><1
>> 66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n< 
>> 1
>> 52><23
>> 8><168><255>Z<200><211>U<178>fqW<222><192>!
>> <235>=*<167>#I<1><4><134>B{<252><
>> 238><127><162><22>R<181>gg<211>@<219>;&X<178>
>> (w=<174><20>wa<214><250>*f'<160
>>> <13><250><167>s\<234>p<241><148>!eD_<250><252><239>)
>>> h<169><162><135>y<239>y
>> <239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 25
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 23
>> Authentic:
>> <144><191><212>.<230><252><158><181><146><210><132>W<129>7<189>H
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message =
>> <2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130 
>> >
>> <0><12
>> 8>]<157><4><134>v=<162><129>Z<164><28>v<215>:b<221><199><192><182>|
>> X<213>I<1
>> 47>C<140>rh<9><171><221>V<14><16><131><137><206><248><150><136><6><21 
>> 4
>>> hW<18
>> 7><167>DP#<146><132><194>U<1><3><244><160><142>4<161><209><141>v]
>> B<236><8><1
>> 6><222><156><4><205><220><6><163><237><241><16>,!
>> <251>f<215><171><170>MP<143
>>> <204><147><192><201><181><4>rL<171>1<159>M<244><15>Y<31><129>DX<201> 
>>> <
>>> 127><1
>> 67><204><128><208>?
>> U<31><253><242><222><142>A`v<142>j<199><24>,<20><3><1><0>
>> <1><1><22><3><1><0>(=!<205><136>$_<215>>h<220><171><4>K<234><233>i]
>> <220><195
>>> X<137><224>Z
>>> +#q8<219><167><236><233><169><184><183><242><209><131><179><153
>>> <133>
>> 	Message-Authenticator =
>> <243><229><190><11>_<250><129><186><14>'<177>r<201><238>*0
>> 	Proxy-State = 26
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 4, 200
>> Thu Nov  1 14:32:14 2007: DEBUG: Response type 21
>> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS data, 8576, 4, 2
>> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
>> Thu Nov  1 14:32:14 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 23
>> Authentic:
>> <144><191><212>.<230><252><158><181><146><210><132>W<129>7<189>H
>> Attributes:
>> 	EAP-Message =
>> <1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>
>> ({<134><13><148
>>> <188>s<189><7><15>^<186><146><131><255><2><227><211>1e<188><21><142> 
>>> Q
>>> <215><
>> 134>N2<140><162><203><240><249><180><201><9>z[<157>+<141>
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 26
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 24
>> Authentic:  <192><17><216>P)<175><27><145><171>.<169>A<155><181>y<11>
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message =
>> <2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<207><235>)
>> K<16>=<193><236>f<205>
>> <15><148><8>A<147><214><142><211><220><21>TJ<135><183>I,<217><145>&;< 
>> 2
>>> <<151
>>> Z<145>x<26><181><163><152><129><142><142>`x<29>I:<247>2-
>>> B<224>p<22><131><17
>>> <247><221><203><203><202><248><254><15><220><232>"M,A<158>
>> 	Message-Authenticator =
>> s<247>U<31><6><253><133>e<203>C;<29><15><24><17><183>
>> 	Proxy-State = 27
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling with EAP: code 2, 5, 87
>> Thu Nov  1 14:32:14 2007: DEBUG: Response type 21
>> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS data, 3, 5, 4
>> Thu Nov  1 14:32:14 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
>> Code:       UNDEF
>> Identifier: UNDEF
>> Authentic:  UNDEF
>> Attributes:
>> 	User-Name = "test at my.dom.ain"
>> 	User-Password = ******
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: EAP TTLS inner authentication
>> request for
>> test at my.dom.ain
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling request with Handler
>> 'TunnelledByTTLS=1'
>> Thu Nov  1 14:32:14 2007: DEBUG: Rewrote user name to
>> test at my.rewrite.dom.ain
>> Thu Nov  1 14:32:14 2007: DEBUG:  Deleting session for
>> test at my.dom.ain,
>> 192.168.199.12,
>> Thu Nov  1 14:32:14 2007: DEBUG: Handling with Radius::AuthLSA:
>> AD-sund2-ttls
>> Thu Nov  1 14:32:14 2007: DEBUG: Radius::AuthLSA looks for match with
>> test at my.rewrite.dom.ain [test at my.dom.ain]
>> Thu Nov  1 14:32:14 2007: DEBUG: Radius::AuthLSA ACCEPT: :
>> test at my.rewrite.dom.ain [test at my.dom.ain]
>> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy LSA result: ACCEPT,
>> Thu Nov  1 14:32:14 2007: DEBUG: Access accepted for
>> test at my.rewrite.dom.ain
>> Thu Nov  1 14:32:14 2007: DEBUG: Returned TTLS tunnelled Diameter
>> Packet
>> dump:
>> Code:       Access-Accept
>> Identifier: UNDEF
>> Authentic:
>> <219><13><5><149><152><154><127>r<2><176>5<131><222><243><232><252>
>> Attributes:
>>
>> Thu Nov  1 14:32:14 2007: DEBUG: EAP result: 0, EAP TTLS inner
>> authentication redespatched to a Handler
>> Thu Nov  1 14:32:14 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP
>> TTLS inner
>> authentication redespatched to a Handler
>> Thu Nov  1 14:32:14 2007: DEBUG: Access accepted for
>> anonymous at my.dom.ain
>> Thu Nov  1 14:32:14 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Accept
>> Identifier: 24
>> Authentic:  <192><17><216>P)<175><27><145><171>.<169>A<155><181>y<11>
>> Attributes:
>> 	MS-MPPE-Send-Key =
>> <173><127>|<231>;<251>-
>> <1>7<173>D<188><229>T<241>`<207>j'<221><231><183>PJ<2
>> 22><168><178><221><130>:<17><1><161>O<12><236><179>1C<251><18>xs,<143 
>> >
>> <28><2
>> 34>}<169><196>
>> 	MS-MPPE-Recv-Key =
>> <128><139>'`}
>> L<199><144><163><160><29><211><251>B<247>4<250>9P<229><247><159
>>> <0>`U<19><19><132><253><133><132>`<139><220>4<197>0<220>`g\<228>)?
>>> ~<29>*g<1
>> 90><191>
>> 	EAP-Message = <3><5><0><4>
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 27
>>
>> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 25
>> Authentic:
>> <176><222><204><233><130><228>"<154>S<209>.<186>z<134><163>,
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message = <2><1><0><25><1>anonymous at my.dom.ain
>> 	Message-Authenticator =
>> <173>g<156><4>{<3><169>i<185>j<148>R<235><193><24><145>
>> 	Proxy-State = 28
>>
>> Thu Nov  1 14:32:51 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:32:51 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 1, 25
>> Thu Nov  1 14:32:51 2007: DEBUG: Response type 1
>> Thu Nov  1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:32:51 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 25
>> Authentic:
>> <176><222><204><233><130><228>"<154>S<209>.<186>z<134><163>,
>> Attributes:
>> 	EAP-Message = <1><2><0><6><21>
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 28
>>
>> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 26
>> Authentic:
>> <246><164><13><232><195><229>&<190><220>q<9><190><144><165>U<
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message =
>> <2><2><0><<21><128><0><0><0>2<22><3><1><0>-<1><0><0>)
>> <3><1>F<186><230><0><23
>> 4><178><16>h||
>> <6><25><145><189><232><138><193><160><194>p<240><239><14><24><
>> 197><246>r<246><206>GV<154><0><0><2><0><10><1><0>
>> 	Message-Authenticator =
>> <246><249>Z<220><232><134>]<208><221>(<31>x<181><31>X<13>
>> 	Proxy-State = 29
>>
>> Thu Nov  1 14:32:51 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:32:51 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 2, 60
>> Thu Nov  1 14:32:51 2007: DEBUG: Response type 21
>> Thu Nov  1 14:32:51 2007: DEBUG: EAP TTLS data, 24576, 2, -1
>> Thu Nov  1 14:32:51 2007: DEBUG: EAP TTLS SSL_accept result: -1, 2,
>> 8576
>> Thu Nov  1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:32:51 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 26
>> Authentic:
>> <246><164><13><232><195><229>&<190><220>q<9><190><144><165>U<
>> Attributes:
>> 	EAP-Message =
>> <1><3><3><242><21><192><0><0><6><206><22><3><1><0>J<2><0><0>F<3><1>G) 
>> <
>> 213><1
>> 31><225><182><247>9,<220><8>}*<136>]
>> i<243>B<31>jo<27>E<160>H<127>_<195><18><
>> 185>]<229>
>> <25>W<203><228>_<12><208>)<156><170>>
>> $<18>I';<6>g'<181><236><130>k<243>_<22>
>> &+<223>
>> $<237><8><0><10><0><22><3><1><6>q<11><0><6>m<0><6>j<0><3>@0<130><3><0
>> <130><2><165><160><3><2><1><2><2><3><7><161><4>0<13><6><9>*<134>H<134 
>> >
>> <247><
>> 13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U< 
>> 4
>>> <10><
>> 19><7>Equifax1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
>> Authority0<30><23><13>070625151303Z<23><13>090625151303Z0<129><198>1
>> 	EAP-Message =
>> <11>0<9><6><3>U<4><6><19><2>DK1<26>0<24><6><3>U<4><10><19><17>radius. 
>> m
>> y.dom.
>> ain1<19>0<17><6><3>U<4><11><19><10>GT28164278110/<6><3>U<4><11><19>
>> (See
>> www.geotrust.com/resources/cps (c)071705<6><3>U<4><11><19>.Domain
>> Control
>> Validated - QuickSSL
>> Premium(R)
>> 1<26>0<24><6><3>U<4><3><19><17>radius.my.dom.ain0<129><159>0<13><6
>>> <9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2 
>>> >
>>> <129><
>> 129><0><161><228><145>e<29><236>66<130><182><222>e<242><161>=<140>)
>> <172><188
>>> <235><227><220><135><233><15><24><197>
>> 	EAP-Message =
>> <11><5>]<181><173>J<129><161>v<202>,Z<20>L_
>> $<127>5<129><169><246>L<196><179>
>> <230>c<165>i<246><190><22><135>j=<250>1,<127><152>n*<183>/
>> <192><147><158>!<1
>> 53><208>b<161><232><242><249><200><166><14>b<253>Q<151><249>?
>> B<182><224><173
>>> }<253><30>u<<16>$#c<132>l<24><146>`<151>-!
>>> <207><140>E<240>1<208>N<155>2k0<1
>> 75><19><26>:<227>Q<2><3><1><0><1><163><129><174>0<129><171>0<14><6><3 
>> >
>> U<29><
>> 15><1><1><255><4><4><3><2><4><240>0<29><6><3>U<29><14><4><22><4><20>m 
>> u
>> <198>\
>> <205><133>'h|
>> <146>6<205><193><238><159><243>y<154><134>g0:<6><3>U<29><31><4>
>> 3010/<160>-<160>+<134>)http://crl.geotrust.com/crls/
>> secureca.crl0<31><6><3>U
>> <29>#<4><24>0<22><128><20>H<230>h<249>+<210><178><149><215>G<216>#
>> <16>O3<152><144><159><212>0
>> 	EAP-Message =
>> <29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>
>> +<6><1><5><5><
>> 7><3><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129>< 
>> 0
>>> N<12>
>> g&<165><9><228><207><146><20><161><244>m<208>9yD<155>8<140>)
>> <159><178><168><
>> 15>5<167>}<17><182><158>8l<238><18><181>tE<154><163><178>}
>> <2><177><20>}<209>
>> hoJ<199>-
>> <234>Ro3<26><127><3><209><222><178><175><152><248><179>kE<232>G(m<1
>> 56>T<176><137>MN<201>
>> c<207><244>a-<230>@Y)
>> <134>V<255>R<176>w<188>K3<202>Bwo<215>,<229>D<231>@<137
>>> <184>h<177><143><176><12>3l<149>[<175>1<179><222>5<224>W<5><0><3>
>>> $0<130><3>
>> 0<130><2><137><160><3><2><1><2><2><4>5<222><244><207>0<13><6><9>*<134 
>> >
>> H<134>
>> <247><13><1><1><5><5><0>0N1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6 
>> >
>> <3>U<4
>>> <10><19><7>Equifax1-0+
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 29
>>
>> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 27
>> Authentic:  7<215><153>R<156><209><172>gZ<160>+zXa<252><131>
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message = <2><3><0><6><21><0>
>> 	Message-Authenticator =
>> MN<153>pH<19><182><179><133><136>C<8><131><5>b<232>
>> 	Proxy-State = 30
>>
>> Thu Nov  1 14:32:51 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:32:51 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:32:51 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:32:51 2007: DEBUG: Handling with EAP: code 2, 3, 6
>> Thu Nov  1 14:32:51 2007: DEBUG: Response type 21
>> Thu Nov  1 14:32:51 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:32:51 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:32:51 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:32:51 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 27
>> Authentic:  7<215><153>R<156><209><172>gZ<160>+zXa<252><131>
>> Attributes:
>> 	EAP-Message = <1><4><2><236><21><0><6><3>U<4><11><19>$Equifax Secure
>> Certificate
>> Authority0<30><23><13>980822164151Z<23><13>180822164151Z0N1<11>0<9><6 
>> >
>> <3>U<4
>>> <6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax1-0
>>> +<6><3>U<4><11><19>$Eq
>> uifax Secure Certificate
>> Authority0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3 
>> >
>> <129><
>> 141><0>0<129><137><2><129><129><0><193>]<177>Xg<8>b<238><160><154>-
>> <31><8>m<
>> 145><20>h<152><10><30><254><218><4>o<19><132>b!<195><209>|
>> <206><159><5><224>
>> <184><1><240>N4<236><226><138><149><4>d<172><241>kS_<5><179><203>g<12 
>> 8
>>> <191>
>> B<2><142><254><221><1>
>> 	EAP-Message =
>> <9><236><225><0><20>O<252><251><240><12><221>C<186>
>> [+<225><31><128>p<153><21
>>> W<147><22><241><15><151>j<183><194>h#<28><204>MY0<172>Q<30>;<175>
>>> +<214><238
>>> cE
>>> {<197><217>_P<210><227>P<15>:<136><231><191><20><253><224><199><185> 
>>> <
>>> 2><3
>>> <1><0><1><163><130><1><9>0<130><1><5>0p<6><3>U<29><31><4>i0g0e<160>c 
>>> <
>>> 160>a<
>> 164>_0]
>> 1<11>0<9><6><3>U<4><6><19><2>US1<16>0<14><6><3>U<4><10><19><7>Equifax
>> 1-0+<6><3>U<4><11><19>$Equifax Secure Certificate
>> Authority1<13>0<11><6><3>U<4><3><19><4>CRL10<26><6><3>U<29><16><4><19 
>> >
>> 0<17><
>> 129><15>20180822164151Z0<11><6><3>U<29><15><4><4><3><2><1><6>0<31><6> 
>> <
>> 3>U<29
>>> #<4><24>0<22><128><20>H<230>h<249>+<210><178>
>> 	EAP-Message = <149><215>G<216>#
>> <16>O3<152><144><159><212>0<29><6><3>U<29><14><4><22><4><20>H<230>h<2 
>> 4
>> 9>+<21
>> 0><178><149><215>G<216>#
>> <16>O3<152><144><159><212>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0< 
>> 2
>> 6><6><
>> 9>*<134>H<134><246>}
>> <7>A<0><4><13>0<11><27><5>V3.0c<3><2><6><192>0<13><6><9>
>> *<134>H<134><247><13><1><1><5><5><0><3><129><129><0>X<206>)
>> <234><252><247><2
>> 22><181><206><2><185><23><181><133><209><185><227><224><149><204>%
>> 1<13><0><1
>> 66><146>n<127><182><146>c<158>P<149><209><154>o<228><17><222>c<133>n< 
>> 1
>> 52><23
>> 8><168><255>Z<200><211>U<178>fqW<222><192>!
>> <235>=*<167>#I<1><4><134>B{<252><
>> 238><127><162><22>R<181>gg<211>@<219>;&X<178>
>> (w=<174><20>wa<214><250>*f'<160
>>> <13><250><167>s\<234>p<241><148>!eD_<250><252><239>)
>>> h<169><162><135>y<239>y
>> <239>O<172><7>w8<22><3><1><0><4><14><0><0><0>
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 30
>>
>> Thu Nov  1 14:32:52 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 28
>> Authentic:
>> 7<27><204><254><194><197>k<205><28><143>M<131><214><8><13>b
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message =
>> <2><4><0><200><21><128><0><0><0><190><22><3><1><0><134><16><0><0><130 
>> >
>> <0><12
>> 8>iX`r<167><224><224><7>l'<185>`%%
>> <227><216><252>`C<230>2<253><245><29><20><
>> 138><167><179><179><145><7><181>U"<29>Z!
>> =<224>Y<130><140><241><240><0>N$<220
>>> E9D<156><225><174><202><149>0<14><224><226><164>6<152>1<184><6><128> 
>>> <
>>> 163><1
>> 81><216>f
>> +q<139><182>k&<182>*5T<136><0><238>h<247><188><149>U<21>FAV<19>bl<2
>> 23>n<153>Q<22><6>y<175><254><183><181><8><231>1<247>t<153><134><131>< 
>> 2
>> 52>~O<
>> 14><176>R<153><238>vv^\<144><20><3><1><0><1><1><22><3><1><0>
>> (<135>M<188>"B<2
>> 25>D<152>"<185><229><136><142><254><143><176>}
>> <190><247><158><13><137><248><
>> 236><21>a<245><19>q5<141><248>b<237>6e<240><249><127><200>
>> 	Message-Authenticator =
>> k<152>C<187><28><145><255><132><136><176><18><173><180>M<133><244>
>> 	Proxy-State = 31
>>
>> Thu Nov  1 14:32:52 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:32:52 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:32:52 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:32:52 2007: DEBUG: Handling with EAP: code 2, 4, 200
>> Thu Nov  1 14:32:52 2007: DEBUG: Response type 21
>> Thu Nov  1 14:32:52 2007: DEBUG: EAP TTLS data, 8576, 4, 2
>> Thu Nov  1 14:32:52 2007: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
>> Thu Nov  1 14:32:52 2007: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov  1 14:32:52 2007: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> TTLS
>> Challenge
>> Thu Nov  1 14:32:52 2007: DEBUG: Access challenged for
>> anonymous at my.dom.ain:
>> EAP TTLS Challenge
>> Thu Nov  1 14:32:52 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Challenge
>> Identifier: 28
>> Authentic:
>> 7<27><204><254><194><197>k<205><28><143>M<131><214><8><13>b
>> Attributes:
>> 	EAP-Message =
>> <1><5><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>
>> (g<30>u<165>>8<
>> 173><7>1)
>> <212><0>re<208>i<16><193><167><14>G<10>*eBu<18><6><4><178>vl<198>D<
>> 146><194>Br<23>\
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 31
>>
>> Thu Nov  1 14:32:52 2007: DEBUG: Packet dump:
>> *** Received from 130.225.126.187 port 1814 ....
>> Code:       Access-Request
>> Identifier: 29
>> Authentic:  <233><191><234><235>RGam<135>t<163>F<137>Vu<146>
>> Attributes:
>> 	NAS-IP-Address = 192.168.199.12
>> 	NAS-Port-Type = Wireless-IEEE-802-11
>> 	NAS-Port = 0
>> 	Framed-MTU = 1400
>> 	User-Name = "anonymous at my.dom.ain"
>> 	Calling-Station-Id = "00-90-4B-BC-05-74"
>> 	Called-Station-Id = "00-11-85-50-3C-AF"
>> 	NAS-Identifier = "AP420.12"
>> 	EAP-Message =
>> <2><5><0>W<21><128><0><0><0>M<23><3><1><0>H<12>
>> +Bkz;<137><151><20>5<176><17>
>> 9{]<27><235>PB<168><237><182><17><250><185><217><153>;<199><130>j/
>> <217><130>
>> P<133>@<237><235><165>Q<200><218>><215><171><161><22>Qh<247><6><149>< 
>> 1
>> 74><14
>> 6><238><148> uCg=<254><160><231><17><198>z<20><212><18><172>
>> 	Message-Authenticator =
>> z<26>j<227><162>x<221><142>*<4><23><171><194><202>,+
>> 	Proxy-State = 32
>>
>> Thu Nov  1 14:32:52 2007: DEBUG: Handling request with Handler
>> 'User-Name=anonymous at my.dom.ain'
>> Thu Nov  1 14:32:52 2007: DEBUG:  Deleting session for
>> anonymous at my.dom.ain,
>> 192.168.199.12, 0
>> Thu Nov  1 14:32:52 2007: DEBUG: Handling with Radius::AuthFILE:
>> AD-sund-ttls
>> Thu Nov  1 14:32:52 2007: DEBUG: Handling with EAP: code 2, 5, 87
>> Thu Nov  1 14:32:52 2007: DEBUG: Response type 21
>> Thu Nov  1 14:32:52 2007: DEBUG: EAP TTLS data, 3, 5, 4
>> Thu Nov  1 14:32:52 2007: DEBUG: TTLS Tunnelled Diameter Packet dump:
>> Code:       UNDEF
>> Identifier: UNDEF
>> Authentic:  UNDEF
>> Attributes:
>> 	User-Name = "test at my.dom.ain"
>> 	User-Password = ******
>>
>> Thu Nov  1 14:32:52 2007: DEBUG: EAP TTLS inner authentication
>> request for
>> test at my.dom.ain
>> Thu Nov  1 14:32:52 2007: DEBUG: Handling request with Handler
>> 'TunnelledByTTLS=1'
>> Thu Nov  1 14:32:52 2007: DEBUG: Rewrote user name to
>> test at my.rewrite.dom.ain
>> Thu Nov  1 14:32:52 2007: DEBUG:  Deleting session for
>> test at my.dom.ain,
>> 192.168.199.12,
>> Thu Nov  1 14:32:52 2007: DEBUG: Handling with Radius::AuthLSA:
>> AD-sund2-ttls
>> Thu Nov  1 14:32:52 2007: DEBUG: Radius::AuthLSA looks for match with
>> test at my.rewrite.dom.ain [test at my.dom.ain]
>> Thu Nov  1 14:32:52 2007: DEBUG: Radius::AuthLSA ACCEPT: :
>> test at my.rewrite.dom.ain [test at my.dom.ain]
>> Thu Nov  1 14:32:52 2007: DEBUG: AuthBy LSA result: ACCEPT,
>> Thu Nov  1 14:32:52 2007: DEBUG: Access accepted for
>> test at my.rewrite.dom.ain
>> Thu Nov  1 14:32:52 2007: DEBUG: Returned TTLS tunnelled Diameter
>> Packet
>> dump:
>> Code:       Access-Accept
>> Identifier: UNDEF
>> Authentic:  <216>W<218><140><136><161><245>O<29><4>'E<182>h<134>U
>> Attributes:
>>
>> Thu Nov  1 14:32:52 2007: DEBUG: EAP result: 0, EAP TTLS inner
>> authentication redespatched to a Handler
>> Thu Nov  1 14:32:52 2007: DEBUG: AuthBy FILE result: ACCEPT, EAP
>> TTLS inner
>> authentication redespatched to a Handler
>> Thu Nov  1 14:32:52 2007: DEBUG: Access accepted for
>> anonymous at my.dom.ain
>> Thu Nov  1 14:32:52 2007: DEBUG: Packet dump:
>> *** Sending to 130.225.126.187 port 1814 ....
>> Code:       Access-Accept
>> Identifier: 29
>> Authentic:  <233><191><234><235>RGam<135>t<163>F<137>Vu<146>
>> Attributes:
>> 	MS-MPPE-Send-Key =
>> <164><177>/l<214><2>N<217><12><219><214>'j<134>B^o_<158>
>> $:#<214><167><13>"P<
>> 183><176>G<145><184>L<20>I<244><11><166>*3wo<225><231>5<12><210><254> 
>> <
>> 5><30>
>> 	MS-MPPE-Recv-Key =
>> <212><169>%
>> I<245><14><212><196>g<197>6H,t<239><209><136><21><142><27><147>C<
>> 127>s<31><24><199><186>tN<160><166>K
>> [<161><197><233><221><205>x2<151><165>>.
>> <180><185>O<195><172>
>> 	EAP-Message = <3><5><0><4>
>> 	Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> 	Proxy-State = 32
>>
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
> <logfile 3.14>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list