[RADIATOR] Bridge Authentication Issue
Caporossi, Stephen G.
capoross at musc.edu
Tue Jul 15 13:47:19 CDT 2008
Mike and Hugh,
I am having issues with a Silex device and have been unable to determine what the problem is. Our Cisco Controller appears to show the device has authenticated but the security policy does not complete. I also opened a Cisco case but, since the controller logs show AAA failures, wanted to cover all my bases. Below are the config and Trace4 debugs. Silex is also looking into the issue.
Thanks,
Steve
#Foreground
#LogStdout
LogDir c:\Program Files\Radiator\logs
DbDir c:\Program Files\Radiator
LogFile %L/%m%d%y.log
DictionaryFile %D/dictionary
PidFile %D/radiusd.pid
AuthPort 1812
AcctPort 1813
Trace 3
<Client 128.23.246.129>
Identifier ppp
Secret nosecret
DupInterval 2
NasType Cisco
SNMPCommunity nosecret
IgnoreAcctSignature 1
</Client>
<Client 128.23.36.1>
Identifier vpn
IdenticalClients 128.23.242.1
Secret nosecret
DupInterval 2
NasType Cisco
SNMPCommunity nosecret
IgnoreAcctSignature 1
</Client>
<Client 128.23.203.203>
Identifier hal
Secret nosecret
DupInterval 2
NasType unknown
IgnoreAcctSignature 1
</Client>
PreClientHook file:"%D/scripts/acct_adjustment.pl"
<Client 10.24.70.11>
IdenticalClients 10.24.70.12,10.24.70.21,10.24.70.22,10.24.70.31,10.24.70.32,10.24.70.41,10.24.70.42,10.24.70.13,10.24.70.14,10.24.70.23,10.24.70.24,10.24.70.15,10.24.70.16,10.24.70.25,10.24.70.26,10.24.238.41,10.24.238.42
Secret nosecret
Identifier airespace
DupInterval 2
NasType Cisco
SNMPCommunity nosecret
IgnoreAcctSignature 1
</Client>
#<Log FILE>
# Identifier debugging
# Trace 4
# LogMicroseconds
# Filename %L/%m%d%y.debug.log
#</Log>
<Handler Request-Type = Accounting-Request>
AddToRequest Connect-Info=%{Client:Identifier},Ascend-Authen-Alias=%h
StripFromRequest Class
<AuthBy RADIUS>
Host radacct.mdc.musc.edu
Secret nosecret
AcctPort 1813
Retries 10
AcctFailedLogFileName %L/%{Client:Identifier}/%m%d%y.log.missed
</AuthBy>
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>
<AuthBy INTERNAL>
Identifier AcctStartStopOnly
AcctStartResult ACCEPT
AcctStopResult ACCEPT
AcctAliveResult IGNORE
</AuthBy>
<Handler TunnelledByPEAP=1, Client-Identifier=airespace>
AuthByPolicy ContinueUntilAccept
RewriteUsername s/(.*)\\(.*)/$2/
<AuthBy LSA>
Domain clinlan
#Group Domain Users
#DomainController zulu
EAPType MSCHAP-V2
</AuthBy>
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
PostAuthHook file:"%D/scripts/eap_anon_hook.pl"
PostProcessingHook file:"%D/scripts/eap_acct_username.pl"
</Handler>
<Handler TunnelledByTTLS=1, Client-Identifier=airespace>
AuthByPolicy ContinueUntilAccept
# Strip realm if in MSN format
RewriteUsername s/(.*)\\(.*)/$2/
#AuthBy LDAPAuthentication
<AuthBy LSA>
Domain clinlan
#Group Domain Users
#DomainController zulu
EAPType MSCHAP-V2
</AuthBy>
<AuthBy UNIX>
GroupFilename %D/group
# anonymous-PEAP must be in here:
Filename %D/radauth_pass.wlan
</AuthBy>
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
PostAuthHook file:"%D/scripts/eap_anon_hook.pl"
PostProcessingHook file:"%D/scripts/eap_acct_username.pl"
</Handler>
<Handler Client-Identifier=airespace,Called-Station-Id=/muscwep/i>
AuthByPolicy ContinueUntilAccept
AddToRequestIfNotExist Framed-IP-Address=%{Calling-Station-Id}
StripFromRequest Class
<AuthBy FILE>
Filename %D/users
EAPType TTLS, PEAP
EAPTLS_CAFile %D/certificates/production/ca-bundle.crt
EAPTLS_CertificateFile %D/certificates/production/%h_ips.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/production/%h_ips.pem
EAPTLS_PrivateKeyPassword nosecret
EAPTLS_VerifyDepth 3
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
SSLeayTrace 4
EAPTLS_PEAPVersion 1
EAPTLS_PEAPBrokenV1Label
</AuthBy>
PreProcessingHook file:"%D/scripts/eap_anon_hook.pl"
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>
<Handler Client-Identifier=airespace,Called-Station-Id=/c3wep/i>
AuthByPolicy ContinueUntilAccept
AddToRequestIfNotExist Framed-IP-Address=%{Calling-Station-Id}
StripFromRequest Class
<AuthBy FILE>
Filename %D/users
EAPType PEAP,TTLS
EAPTLS_CAFile %D/certificates/production/dc1_ca.cer
EAPTLS_CertificateFile %D/certificates/production/%h_dc1.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/production/%h_dc1.pem
EAPTLS_PrivateKeyPassword nosecret
EAPTLS_VerifyDepth 3
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
SSLeayTrace 4
EAPTLS_PEAPVersion 1
EAPTLS_PEAPBrokenV1Label
</AuthBy>
PreProcessingHook file:"%D/scripts/eap_anon_hook.pl"
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>
<Handler Client-Identifier=airespace,Called-Station-Id=/muscsecure/i>
AuthByPolicy ContinueUntilAccept
AddToRequestIfNotExist Framed-IP-Address=%{Calling-Station-Id}
StripFromRequest Class
<AuthBy FILE>
Filename %D/users
EAPType PEAP,TTLS
EAPTLS_CAFile %D/certificates/production/verisign-combo.crt
EAPTLS_CertificateFile %D/certificates/production/%h.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/production/%h.pem
EAPTLS_PrivateKeyPassword nosecret
EAPTLS_VerifyDepth 3
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
SSLeayTrace 4
EAPTLS_PEAPVersion 1
EAPTLS_PEAPBrokenV1Label
</AuthBy>
PreProcessingHook file:"%D/scripts/eap_anon_hook.pl"
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>
<Handler Client-Identifier=airespace,Called-Station-Id=/devnet/i>
AuthByPolicy ContinueUntilAccept
AddToRequestIfNotExist Framed-IP-Address=%{Calling-Station-Id}
StripFromRequest Class
<AuthBy FILE>
Filename %D/users
EAPType PEAP,TTLS
EAPTLS_CAFile %D/certificates/production/dc1_ca.cer
EAPTLS_CertificateFile %D/certificates/production/%h_dc1.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/production/%h_dc1.pem
EAPTLS_PrivateKeyPassword nosecret
EAPTLS_VerifyDepth 3
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
SSLeayTrace 4
EAPTLS_PEAPVersion 1
EAPTLS_PEAPBrokenV1Label
</AuthBy>
PreProcessingHook file:"%D/scripts/eap_anon_hook.pl"
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>
<Handler Client-Identifier=airespace>
AuthByPolicy ContinueUntilAccept
AddToRequestIfNotExist Framed-IP-Address=%{Calling-Station-Id}
StripFromRequest Class
<AuthBy UNIX>
# anonymous-PEAP must be in here:
GroupFilename %D/group
Filename %D/radauth_pass.wlan
NoEAP
</AuthBy>
</Handler>
<Handler Client-Identifier=ppp>
AuthByPolicy ContinueAlways
#AuthByPolicy ContinueWhileIgnore # Default
<AuthBy UNIX>
GroupFilename %D/group
Filename %D/radauth_pass.ppp
</AuthBy>
#syslog functions not available on win32
#AuthLog authlogger
# Log accounting to a detail file
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>
<Handler Client-Identifier=vpn>
AuthByPolicy ContinueAlways
# AuthByPolicy ContinueWhileIgnore # Default
AddToRequestIfNotExist Calling-Station-Id=%{Tunnel-Client-Endpoint}
<AuthBy UNIX>
GroupFilename %D/group
Filename %D/radauth_pass.vpn
</AuthBy>
#syslog functions not available on win32
#AuthLog authlogger
# Log accounting to a detail file
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>
<Handler Client-Identifier=hal>
AuthByPolicy ContinueUntilAccept
<AuthBy UNIX>
GroupFilename %D/group
Filename %D/passwd.nagios
</AuthBy>
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>
Fri Jul 11 10:13:42 2008: DEBUG: Packet dump:
*** Received from 10.24.70.26 port 32770 ....
Code: Access-Request
Identifier: 182
Authentic: <17>z<206><5><223><224>_<158>'<178><225><185>z<20><137>+
Attributes:
User-Name = "testuser"
Calling-Station-Id = "00-80-92-3B-3B-A2"
Called-Station-Id = "00-1D-A2-83-D0-E0:devnet"
NAS-Port = 29
NAS-IP-Address = 10.24.70.26
NAS-Identifier = "c2wism6"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 256
EAP-Message = <2><19><0><13><1>testuser
Message-Authenticator = <157><172><141><137><138>2<235><127><167>Q<163>qGa<254>i
Fri Jul 11 10:13:42 2008: DEBUG: Calling-Station-Id = 0080.923b.3ba2
Fri Jul 11 10:13:42 2008: DEBUG: Called-Station-Id = 001d.a283.d0e0:devnet
Fri Jul 11 10:13:42 2008: DEBUG: Handling request with Handler 'Client-Identifier=airespace,Called-Station-Id=/devnet/i'
Fri Jul 11 10:13:42 2008: DEBUG: Deleting session for testuser, 10.24.70.26, 29
Fri Jul 11 10:13:42 2008: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 11 10:13:42 2008: DEBUG: Handling with EAP: code 2, 19, 13, 1
Fri Jul 11 10:13:42 2008: DEBUG: Response type 1
Fri Jul 11 10:13:42 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: Access challenged for testuser: EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: Packet dump:
*** Sending to 10.24.70.26 port 32770 ....
Code: Access-Challenge
Identifier: 182
Authentic: <17>z<206><5><223><224>_<158>'<178><225><185>z<20><137>+
Attributes:
EAP-Message = <1><20><0><6><25>!
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jul 11 10:13:42 2008: DEBUG: Packet dump:
*** Received from 10.24.70.26 port 32770 ....
Code: Access-Request
Identifier: 183
Authentic: <1><201>g6u<191>>/&<211><25><194><31><132>j<143>
Attributes:
User-Name = "testuser"
Calling-Station-Id = "00-80-92-3B-3B-A2"
Called-Station-Id = "00-1D-A2-83-D0-E0:devnet"
NAS-Port = 29
NAS-IP-Address = 10.24.70.26
NAS-Identifier = "c2wism6"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 256
EAP-Message = <2><20><0><<25><129><0><0><0>2<22><3><1><0>-<1><0><0>)<3><1>_<127><200><129><192><226><203>8<2><210><127> <4>v<201><220><176>INt-<178>Ap<221>L<221>V<220>ka<21><0><0><2><0><4><1><0>
Message-Authenticator = Y<30><145><249><201><251>.<153>}Y<158><182><163><242>,<172>
Fri Jul 11 10:13:42 2008: DEBUG: Calling-Station-Id = 0080.923b.3ba2
Fri Jul 11 10:13:42 2008: DEBUG: Called-Station-Id = 001d.a283.d0e0:devnet
Fri Jul 11 10:13:42 2008: DEBUG: Handling request with Handler 'Client-Identifier=airespace,Called-Station-Id=/devnet/i'
Fri Jul 11 10:13:42 2008: DEBUG: Deleting session for testuser, 10.24.70.26, 29
Fri Jul 11 10:13:42 2008: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 11 10:13:42 2008: DEBUG: Handling with EAP: code 2, 20, 60, 25
Fri Jul 11 10:13:42 2008: DEBUG: Response type 25
Fri Jul 11 10:13:42 2008: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Fri Jul 11 10:13:42 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: Access challenged for testuser: EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: Packet dump:
*** Sending to 10.24.70.26 port 32770 ....
Code: Access-Challenge
Identifier: 183
Authentic: <1><201>g6u<191>>/&<211><25><194><31><132>j<143>
Attributes:
EAP-Message = <1><21><3><242><25><193><0><0><10>n<22><3><1><0>J<2><0><0>F<3><1>Hwj<150><5><238><246>(<163><25>8gQ<254><233>P<155>&<4>GS<27>: E<147>S6<239><136><166><156> h<193><211><190>;<193><231><144>#<188><195>w<15>/n<142>p<231><154>T9\[<170><15><175><162>{<195>X<21><10><0><4><0><22><3><1><10><17><11><0><10><13><0><10><10><0><5><161>0<130><5><157>0<130><4><133><160><3><2><1><2><2><10>]<244>z<248><0><0><0><0>b<210>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0>1<21>0<19><6><10><9><146>&<137><147><242>,d<1><25><22><5>local1<23>0<21><6><10><9><146>&<137><147><242>,d<1><25><22><7>clinlan1<12>0<10><6><3>U<4><3><19><3>DC10<30><23><13>080521171318Z<23><13>100521171318Z0<129><152>1<11>0<9><6><3>U<4><6><19>
EAP-Message = <2>US1<23>0<21><6><3>U<4><8><19><14>South Carolina1<19>0<17><6><3>U<4><7><19><10>Charleston1-0+<6><3>U<4><10><19>$Medical University of South Carolina1<16>0<14><6><3>U<4><11><19><7>OCIO-IS1<26>0<24><6><3>U<4><3><19><17>radauth4.musc.edu0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><202>(<208>g$<252>;<137>Y<29><248>h<31><190><143><202>[<127>b<25>=<156><142><26><221>"<233><20>E<224><246><194><235><240><205><136><157><168>~Y>`<26><203><187>8<23>}<172><197><185>6%<215>M,<211><162><184><230><216>TW<226>N<187><204><131>2?(<150><18>&<220><240><4><208><147>!<144>*
EAP-Message = Jb<235>6}<28>|<19>*<z<219><250><147><236><148>,<2><191>D<193>e<184><25><237>^<235><3><131>K<0><240><178><227>s<196>8<10><169>Cv<190>I<246><252><185><2><3><1><0><1><163><130><2><196>0<130><2><192>0<11><6><3>U<29><15><4><4><3><2><5><160>0D<6><9>*<134>H<134><247><13><1><9><15><4>7050<14><6><8>*<134>H<134><247><13><3><2><2><2><0><128>0<14><6><8>*<134>H<134><247><13><3><4><2><2><0><128>0<7><6><5>+<14><3><2><7>0<10><6><8>*<134>H<134><247><13><3><7>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<29><6><3>U<29><14><4><22><4><20>K<242><16><218>2<228>_Y<222><161>`-<128><130><234><254><235><232>CR0<31><6><3>U<29>#<4><24>0<22><128><20><142><176><22>_\k<234>t<22><155><238><238>d<22>@<251>C<171><169><232>0<129><236><6><3>U<29><31><4><129><228>0<129><225>0<129><222><160><129><219><160><129><216><134><129><168>
EAP-Message = ldap:///CN=DC1,CN=dc1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=clinlan,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint<134>+http://dc1.clinlan.local/CertEnroll/DC1.crl0<130><1><2><6><8>+<6><1><5><5><7><1><1><4><129><245>0<129><242>0<129><164><6><8>+<6><1><5><5><7>0<2><134><129><151>ld
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jul 11 10:13:42 2008: DEBUG: Packet dump:
*** Received from 10.24.70.26 port 32770 ....
Code: Access-Request
Identifier: 184
Authentic: <151><160>|<204>'h<135>)<181><241>!<189><140>T<17><130>
Attributes:
User-Name = "testuser"
Calling-Station-Id = "00-80-92-3B-3B-A2"
Called-Station-Id = "00-1D-A2-83-D0-E0:devnet"
NAS-Port = 29
NAS-IP-Address = 10.24.70.26
NAS-Identifier = "c2wism6"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 256
EAP-Message = <2><21><0><6><25><0>
Message-Authenticator = <154><240><197><186>(<24>1hg<8>a<30><5><161><1><0>
Fri Jul 11 10:13:42 2008: DEBUG: Calling-Station-Id = 0080.923b.3ba2
Fri Jul 11 10:13:42 2008: DEBUG: Called-Station-Id = 001d.a283.d0e0:devnet
Fri Jul 11 10:13:42 2008: DEBUG: Handling request with Handler 'Client-Identifier=airespace,Called-Station-Id=/devnet/i'
Fri Jul 11 10:13:42 2008: DEBUG: Deleting session for testuser, 10.24.70.26, 29
Fri Jul 11 10:13:42 2008: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 11 10:13:42 2008: DEBUG: Handling with EAP: code 2, 21, 6, 25
Fri Jul 11 10:13:42 2008: DEBUG: Response type 25
Fri Jul 11 10:13:42 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: Access challenged for testuser: EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: Packet dump:
*** Sending to 10.24.70.26 port 32770 ....
Code: Access-Challenge
Identifier: 184
Authentic: <151><160>|<204>'h<135>)<181><241>!<189><140>T<17><130>
Attributes:
EAP-Message = <1><22><3><238><25>Aap:///CN=DC1,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=clinlan,DC=local?cACertificate?base?objectClass=certificationAuthority0I<6><8>+<6><1><5><5><7>0<2><134>=http://dc1.clinlan.local/CertEnroll/dc1.clinlan.local_DC1.crt0!<6><9>+<6><1><4><1><130>7<20><2><4><20><30><18><0>W<0>e<0>b
EAP-Message = <0>S<0>e<0>r<0>v<0>e<0>r0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>T<144><130><10><254><254>=<12><178>V<214>OA6<135><164><189><167><196><249><149>g<154><163><149><146><17>}<28>`^<139><166><178>S?sC(G<230>6y<249>?<25>@<176><7>4q<174><203><191>2D<170><203><231><18><17><15><1><195><208>ad<28><9><11>Ew<9><170><135><29>2<12><129>I<158><198><252><20><215>t<161>'<181><29>v(<161><155>)/i|<151><149><191>wM<209>,<26><223>B<19>Z*<164><145>]<254>_<188><202><13><11>j<190><15>aM@<247>%<188><236><155><163><187>.<186><5>F<208><181><222><5><138><213><242>Z(<217><176>0{<139>j<166><190><237>F<170>\u<21><175><232>CZ<6><148><193>_<245>$<170>> <156>O<187><222><193>Y2<201><243><129><165><207><200>E<253><240><181><178>><173>V=<220>v<180>G<172>E'<15>c<14>ec<21>mQx<9><171>E%|q<2><148><1><15>
EAP-Message = <15>gY<238><175>7rw<6><151><3><208>;<30>b6<24>\<129><195><225><161>j<211><150><132><131><166><176><171><133>H<128>s<158><0><4>c0<130><4>_0<130><3>G<160><3><2><1><2><2><16>*<210><251><131>(<28>l<134>L<219><130><219>B<155><220>t0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0>1<21>0<19><6><10><9><146>&<137><147><242>,d<1><25><22><5>local1<23>0<21><6><10><9><146>&<137><147><242>,d<1><25><22><7>clinlan1<12>0<10><6><3>U<4><3><19><3>DC10<30><23><13>060110204917Z<23><13>160110205855Z0>1<21>0<19><6><10><9><146>&<137><147><242>,d<1><25><22><5>local1<23>0<21><6><10><9><146>&<137><147><242>,d<1><25><22><7>clinlan1<12>0<10><6><3>U<4><3><19><3>DC10<130><1>"0<13><6><9>*
EAP-Message = <134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><176><1>a<213><134>S<191>~$<150>U<251>W<143><193><129><195><20>7A<171><7>nH<0>v<207><220>"<221><164>M<4><234><232><151>I<216>\<153><205><217><25><215><146><229><194>Q<135><170><166><158><249><26><5>n<6><139><251>HZ<204><230><186><235><175><212>`<180><178>{<197><170><251>vA<0>X<234><175><148><0>A<<10>E<170><214><202><7><246><127><220>j<21>[<184>-<234>=<174>><252>&<189><215><173>=<1><245><185><227><181><136>U<255>V;<131>]<225>Nn<1>(<188> <249>R/<195><186><234>ORet=<204><240><227><0><8>q<6>2<11>b<22><3>S<156>B<167><228><136><19><234><155>Ro0T<140><152><15>e<15><235>'<241>c<1>9<<164><250><189> y<219><230><192><4><196><214>Q<162><211><27>IC*<212>\<242><156><200>=<27>3<0>$lL<192><152><3><150><254>F<149><30><242>c#U<246><207>9f0X
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jul 11 10:13:42 2008: DEBUG: Packet dump:
*** Received from 10.24.70.26 port 32770 ....
Code: Access-Request
Identifier: 185
Authentic: =<179><31>L<248>H<207><226>M0<165><194><145><210>g;
Attributes:
User-Name = "testuser"
Calling-Station-Id = "00-80-92-3B-3B-A2"
Called-Station-Id = "00-1D-A2-83-D0-E0:devnet"
NAS-Port = 29
NAS-IP-Address = 10.24.70.26
NAS-Identifier = "c2wism6"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 256
EAP-Message = <2><22><0><6><25><0>
Message-Authenticator = <213><221>c<197>=c<206><255>|<190><158>E<210><129><137>:
Fri Jul 11 10:13:42 2008: DEBUG: Calling-Station-Id = 0080.923b.3ba2
Fri Jul 11 10:13:42 2008: DEBUG: Called-Station-Id = 001d.a283.d0e0:devnet
Fri Jul 11 10:13:42 2008: DEBUG: Handling request with Handler 'Client-Identifier=airespace,Called-Station-Id=/devnet/i'
Fri Jul 11 10:13:42 2008: DEBUG: Deleting session for testuser, 10.24.70.26, 29
Fri Jul 11 10:13:42 2008: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 11 10:13:42 2008: DEBUG: Handling with EAP: code 2, 22, 6, 25
Fri Jul 11 10:13:42 2008: DEBUG: Response type 25
Fri Jul 11 10:13:42 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: Access challenged for testuser: EAP PEAP Challenge
Fri Jul 11 10:13:42 2008: DEBUG: Packet dump:
*** Sending to 10.24.70.26 port 32770 ....
Code: Access-Challenge
Identifier: 185
Authentic: =<179><31>L<248>H<207><226>M0<165><194><145><210>g;
Attributes:
EAP-Message = <1><23><2><164><25><1><130><240>8\<188><236><27>vEL<212><161>F<31><210>eo<219><131>cr<190>a<254><131><2>4k<0>(<236><180><201><2><3><1><0><1><163><130><1>W0<130><1>S0<19><6><9>+<6><1><4><1><130>7<20><2><4><6><30><4><0>C<0>A0<11><6><3>U<29><15><4><4><3><2><1><134>0<15><6><3>U<29><19><1><1><255><4><5>0<3><1><1><255>0<29><6><3>U<29><14><4><22><4><20><142><176><22>_\k<234>t<22><155><238><238>d<22>@<251>C<171><169><232>0<129><236><6><3>U<29><31><4><129><228>0<129><225>0<129><222><160><129><219><160><129><216><134><129><168>ldap:///CN=DC1,CN=dc1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=clinl
EAP-Message = an,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint<134>+http://dc1.clinlan.local/CertEnroll/DC1.crl0<16><6><9>+<6><1><4><1><130>7<21><1><4><3><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>W<140><171>;<255><163><28><7>j<178>F<163><201>X<143><237>l<4>*<Z<136><147><149>Q<234> <231><227>}<153><246><143>H<129><156>sn#<134>:<7>~<192><142>0<242>t$<224><171><166><25><171><211><187>z<127><232><250>6N<158><197>&Qgh<242><225><130><205><187><255><236>'<180><253><129>c<242>Xf.<157><16><3><153>;<149><168><223><172>>U
EAP-Message = v<185><8><161>$<192>5<225><248><224>Bb<143><31><217><1><249><15><230>q.dGE<211>\<15><179><24><127>,<249><185>"<200>Cd!<253>h<246><30><158><146><218><196><181>s<17>|6<13><145><245>U<231>j<207><138>AZ*<224>-'<249><9><149><140>HT<148><202><7>xA<203><10>aC<127>QMw<166>@<232>F<23><129><167><178><21><3>N<157><133>9<187><240><10>r<19>5<217><195>O<0><129>p}<167><176><206>s<27><192>}X<216>|N|<128>,<155>4?<230><169><188>g90<29><155>bS<28><207><135><6><162>u<167><204>S<196>9<226>AX<233><222><13>m<211><197><231><163>?<22><3><1><0><4><14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jul 11 10:13:42 2008: DEBUG: Packet dump:
*** Received from 10.24.70.26 port 32770 ....
Code: Access-Request
Identifier: 186
Authentic: <148><165><130><196>Rr58<155>%wZ<246><11>3<149>
Attributes:
User-Name = "testuser"
Calling-Station-Id = "00-80-92-3B-3B-A2"
Called-Station-Id = "00-1D-A2-83-D0-E0:devnet"
NAS-Port = 29
NAS-IP-Address = 10.24.70.26
NAS-Identifier = "c2wism6"
Airespace-WLAN-Id = 6
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-IEEE-802-11
Tunnel-Type = 0:VLAN
Tunnel-Medium-Type = 0:802
Tunnel-Private-Group-ID = 256
EAP-Message = <2><23><0><17><25><129><0><0><0><7><21><3><1><0><2><2>*
Message-Authenticator = <17>}<<146>)<212><251><11><26>,<227><152><219>L<193><207>
Fri Jul 11 10:13:42 2008: DEBUG: Calling-Station-Id = 0080.923b.3ba2
Fri Jul 11 10:13:42 2008: DEBUG: Called-Station-Id = 001d.a283.d0e0:devnet
Fri Jul 11 10:13:42 2008: DEBUG: Handling request with Handler 'Client-Identifier=airespace,Called-Station-Id=/devnet/i'
Fri Jul 11 10:13:42 2008: DEBUG: Deleting session for testuser, 10.24.70.26, 29
Fri Jul 11 10:13:42 2008: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 11 10:13:42 2008: DEBUG: Handling with EAP: code 2, 23, 17, 25
Fri Jul 11 10:13:42 2008: DEBUG: Response type 25
Fri Jul 11 10:13:42 2008: DEBUG: EAP TLS SSL_accept result: 0, 1, 8576
Fri Jul 11 10:13:42 2008: ERR: EAP PEAP TLS Handshake unsuccessful: 2556: 1 - error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
Fri Jul 11 10:13:42 2008: DEBUG: EAP result: 1, EAP PEAP TLS Handshake unsuccessful
Fri Jul 11 10:13:42 2008: DEBUG: AuthBy FILE result: REJECT, EAP PEAP TLS Handshake unsuccessful
Fri Jul 11 10:13:42 2008: INFO: Access rejected for testuser: EAP PEAP TLS Handshake unsuccessful
Fri Jul 11 10:13:42 2008: DEBUG: Packet dump:
*** Sending to 10.24.70.26 port 32770 ....
Code: Access-Reject
Identifier: 186
Authentic: <148><165><130><196>Rr58<155>%wZ<246><11>3<149>
Attributes:
Reply-Message = "Request Denied"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080715/5f5da91e/attachment-0001.html>
More information about the radiator
mailing list