[RADIATOR] User is authenticating that should not

Hugh Irvine hugh at open.com.au
Wed Sep 10 00:47:49 CDT 2008


Hello Bob -

Here is the debug for the inner EAP authentication:


Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler  
'TunnelledByPEAP=1'
Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for anonymous,  
130.253.21.26, 3
Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthLDAP2:  
LDAP-AUTH-MSCHAPV2
Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 7, 64, 26
Sat Sep  6 00:56:34 2008: DEBUG: Response type 26
Sat Sep  6 00:56:34 2008: DEBUG: LDAP got result for  
uid=871184593,ou=People,o=du.edu,o=UniversityofDenver
Sat Sep  6 00:56:34 2008: DEBUG: LDAP got nthash: {nthash} 
3D8FB20E09434F7B70AC2950D04611BE
Sat Sep  6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 looks for match  
with 871184593 [anonymous]
Sat Sep  6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 ACCEPT: :  
871184593 [anonymous]
Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 3, EAP MSCHAP V2  
Challenge: Success
Sat Sep  6 00:56:34 2008: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP  
MSCHAP V2 Challenge: Success
Sat Sep  6 00:56:34 2008: DEBUG: Access challenged for anonymous: EAP  
MSCHAP V2 Challenge: Success
Sat Sep  6 00:56:34 2008: DEBUG: Returned PEAP tunnelled packet dump:
Code:       Access-Challenge
Identifier: UNDEF
Authentic:  Q,<173>$<164>S<143>[T$<181><181><233><145><216>B
Attributes:
	EAP-Message =  
<1><8><0>=<26><3><7><0>8S=08390F4C13EB366ADDACC0A7AB8509AB2BB34E3A  
M=success
	Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
	Service-Type = Framed-User

Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP inner  
authentication redespatched to a Handler
Sat Sep  6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
PEAP inner authentication redespatched to a Handler
Sat Sep  6 00:56:34 2008: DEBUG: Access challenged for  
anonymous at myabc.tw: EAP PEAP inner authentication redespatched to a  
Handler
Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
*** Sending to 130.253.21.26 port 32799 ....
Code:       Access-Challenge
Identifier: 118
Authentic:   
<142><194><245><226>Q<3><227><204><188><142><221><1><156>_<135>2
Attributes:
	EAP-Message = <1><8><0> 
[<25><0><23><3><1><0>P<162><255><220>,<127><229>Q<208><179><150><247>k<1 
45>d<202>6<191><20><28><152><31><251><26><241><230><252>O<224><233>B<250 
 ><145><253><194><15><17><221>E<21><9><132>EE<6><195><166><160>95<133><1 
51><236>*<205><128>.<194>v<151>D<241><31>w<172><133><129>)} 
<127>W<236><192>kH<9><20>V<186><251><213>
	Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
*** Received from 130.253.21.26 port 32799 ....
Code:       Access-Request
Identifier: 117
Authentic:  "<156>k<253><29>|<253>b[<220>Y<5>F<235><9><185>
Attributes:
	User-Name = "anonymous at myabc.tw"
	NAS-IP-Address = 130.253.21.26
	NAS-Port = 3
	NAS-Identifier = "130.253.21.26"
	NAS-Port-Type = Wireless-IEEE-802-11
	Calling-Station-Id = "001302618862"
	Called-Station-Id = "000B860A1D80"
	Service-Type = Login-User
	Framed-MTU = 1100
	EAP-Message = <2><8><0>P<25><0><23><3><1><0>  
<217><138>p<160>Ac<142>Y~R<192><173>$<232><134>y<173><0>1<218>h<165> 
$<14><241><198>"<18>Jd<149>:<23><3><1><0>  
<152><216><187><185><239><K<129>  
j<193><229><244><231><246><21><147><188><213> 
{<161><136><188><226><186><185><159>z<164>i<252>V
	Aruba-Essid-Name = "PioneerNet"
	Aruba-Location-Id = "AP1-UAPTS"
	Message-Authenticator = s(H6%d<137><234><247><171>d$_r<209>L

Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler ''
Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for  
anonymous at myabc.tw, 130.253.21.26, 3
Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 8, 80, 25
Sat Sep  6 00:56:34 2008: DEBUG: Response type 25
Sat Sep  6 00:56:34 2008: DEBUG: EAP PEAP inner authentication  
request for anonymous
Sat Sep  6 00:56:34 2008: DEBUG: PEAP Tunnelled request Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  |S<135>Vq{<133><223><244><228>f<167><152><166><207><157>
Attributes:
	EAP-Message = <2><8><0><2><26><3>
	Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
	User-Name = "anonymous"
	NAS-IP-Address = 130.253.21.26
	NAS-Identifier = "130.253.21.26"
	NAS-Port = 3
	Calling-Station-Id = "001302618862"

Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler  
'TunnelledByPEAP=1'
Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for anonymous,  
130.253.21.26, 3
Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthLDAP2:  
LDAP-AUTH-MSCHAPV2
Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 8, 2, 26
Sat Sep  6 00:56:34 2008: DEBUG: Response type 26
Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 0,
Sat Sep  6 00:56:34 2008: DEBUG: AuthBy LDAP2 result: ACCEPT,
Sat Sep  6 00:56:34 2008: DEBUG: Access accepted for anonymous
Sat Sep  6 00:56:34 2008: DEBUG: Returned PEAP tunnelled packet dump:
Code:       Access-Accept
Identifier: UNDEF
Authentic:  |S<135>Vq{<133><223><244><228>f<167><152><166><207><157>
Attributes:
	EAP-Message = <3><8><0><4>
	Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
	Service-Type = Framed-User


and this is the important bit:


Sat Sep  6 00:56:34 2008: DEBUG: LDAP got result for  
uid=871184593,ou=People,o=du.edu,o=UniversityofDenver
Sat Sep  6 00:56:34 2008: DEBUG: LDAP got nthash: {nthash} 
3D8FB20E09434F7B70AC2950D04611BE
Sat Sep  6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 looks for match  
with 871184593 [anonymous]
Sat Sep  6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 ACCEPT: :  
871184593 [anonymous]


You are checking the LDAP database for this user:  871184593

and the LDAP database is authenticating correctly.

As you have not included the AuthBy LDAP2 clause or any LDAP debug I  
can't say much more.

regards

Hugh



On 9 Sep 2008, at 21:05, Bob Shafer wrote:

> I've attached radius.cfg, user.anon and a trace 4 debug output  
> showing a
> user that is successfully authenticating that should not.  We are  
> using
> radiator 4.2 on RedHat Linux.
>
> There are no secrets or passwords in the files.
>
> I suspect I've mis-configured something.
>
> Could you please review the enclosed files and let me know what I've
> done wrong and what I can do to correct it?
>
> If you need anything else, please let me know.
>
> Thanks,
>
> Bob Shafer
> University of Denver
>
> # Required for some EAP supplicants. The Password can never be matched
> anonymous	Encrypted-Password=nevermatch
>
> Sat Sep  6 00:56:33 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code:       Access-Request
> Identifier: 110
> Authentic:  $N<157><188>vD<127><244>M<167><189>js<130>XB
> Attributes:
> 	User-Name = "anonymous at myabc.tw"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Port = 3
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "001302618862"
> 	Called-Station-Id = "000B860A1D80"
> 	Service-Type = Login-User
> 	Framed-MTU = 1100
> 	EAP-Message = <2><1><0><23><1>anonymous at myabc.tw
> 	Aruba-Essid-Name = "PioneerNet"
> 	Aruba-Location-Id = "AP1-UAPTS"
> 	Message-Authenticator = <25>E) 
> C<186><3>>e<161>B<152><12>K<251><253><154>
>
> Sat Sep  6 00:56:33 2008: DEBUG: Handling request with Handler ''
> Sat Sep  6 00:56:33 2008: DEBUG:  Deleting session for  
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep  6 00:56:33 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep  6 00:56:33 2008: DEBUG: Handling with EAP: code 2, 1, 23, 1
> Sat Sep  6 00:56:33 2008: DEBUG: Response type 1
> Sat Sep  6 00:56:33 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
> Sat Sep  6 00:56:33 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> PEAP Challenge
> Sat Sep  6 00:56:33 2008: DEBUG: Access challenged for  
> anonymous at myabc.tw: EAP PEAP Challenge
> Sat Sep  6 00:56:33 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code:       Access-Challenge
> Identifier: 110
> Authentic:  \<149><218><15>i<185><19>T#<173><162><216>%<152><165><148>
> Attributes:
> 	EAP-Message = <1><2><0><6><25>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep  6 00:56:33 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code:       Access-Request
> Identifier: 111
> Authentic:  }<212><250><16>sD<193>MT<135><144><166>*y<242>s
> Attributes:
> 	User-Name = "anonymous at myabc.tw"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Port = 3
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "001302618862"
> 	Called-Station-Id = "000B860A1D80"
> 	Service-Type = Login-User
> 	Framed-MTU = 1100
> 	EAP-Message = <2><2><0>f<25><0><22><3><1><0> 
> [<1><0><0>W<3><1>H<194>)<166>><3><157>3<205><31><134><0>l<174>p>% 
> <131><225><225>K<232>_<210><26><214><174><203>? 
> \v<178><0><0>0<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/ 
> <0>f<0><5><0><4><0>e<0>d<0>c<0>b<0>`<0><21><0><18><0><9><0><20><0><17> 
> <0><8><0><3><1><0>
> 	Aruba-Essid-Name = "PioneerNet"
> 	Aruba-Location-Id = "AP1-UAPTS"
> 	Message-Authenticator  
> = .<156><135><139><239><137><251><214><207>n<166>7<255><214><179>D
>
> Sat Sep  6 00:56:33 2008: DEBUG: Handling request with Handler ''
> Sat Sep  6 00:56:33 2008: DEBUG:  Deleting session for  
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep  6 00:56:33 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep  6 00:56:33 2008: DEBUG: Handling with EAP: code 2, 2, 102, 25
> Sat Sep  6 00:56:33 2008: DEBUG: Response type 25
> Sat Sep  6 00:56:33 2008: DEBUG: EAP TLS SSL_accept result: -1, 2,  
> 8576
> Sat Sep  6 00:56:33 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
> Sat Sep  6 00:56:33 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> PEAP Challenge
> Sat Sep  6 00:56:33 2008: DEBUG: Access challenged for  
> anonymous at myabc.tw: EAP PEAP Challenge
> Sat Sep  6 00:56:33 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code:       Access-Challenge
> Identifier: 111
> Authentic:  <174><136><13><249><209>=`C<19>G&Z<242><252><201><176>
> Attributes:
> 	EAP-Message =  
> <1><3><3><242><25><192><0><0><7><10><22><3><1><0>J<2><0><0>F<3><1>H<19 
> 4>)<161>A?<132><164><<214>&<17>8<200>P<251><13>L<163>/ 
> <248><6>f9<227> x<135>O4<154><224>  
> <224><182><19><177>=<175><140><252><244><252><160><215>K<210><190>i<20 
> 5><0><194>cL<139>3b<193>d"<200>wb<167><176><0>5<0><22><3><1><6><173><1 
> 1><0><6><169><0><6><166><0><3>u0<130><3>q0<130><2><218><160><3><2><1>< 
> 2><2><16>o<246><213><192><203>4<212>x<156><182><235><206><186>RA#0<13> 
> <6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><206>1<11>0<9><6><3>U< 
> 4><6><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>Western  
> Cape1<18>0<16><6><3>U<4><7><19><9>Cape  
> Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting cc1 
> (0&<6><3>U<4><11><19><31>Ce
> 	EAP-Message = rtification Services Division1! 
> 0<31><6><3>U<4><3><19><24>Thawte Premium Server CA1 
> (0&<6><9>*<134>H<134><247><13><1><9><1><22><25>premium- 
> server at thawte.com0<30><23><13>080220212324Z<23><13>090219212324Z0v1<11 
> >0<9><6><3>U<4><6><19><2>US1<17>0<15><6><3>U<4><8><19><8>Colorado1<15> 
> 0<13><6><3>U<4><7><19><6>Denver1<29>0<27><6><3>U<4><10><19><20>Univers 
> ity of  
> Denver1<12>0<10><6><3>U<4><11><19><3>UTS1<22>0<20><6><3>U<4><3><19><13 
> >radius.d
> 	EAP-Message =  
> u.edu0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129 
> ><141><0>0<129><137><2><129><129><0><173>4x<20><140>, 
> 8<189>f<226><143>9r<242>.<142><140>"! 
> <248>e<17><191>b<159><173><11><158><176><149><221>.BOX<217><159><172>V 
> <133><171><208><249><176><178>m j<233>\<173><231><9>7+e- 
> JJ"<146><22>:<218><<229><200>GL<245><201>An`<195><205><138>- 
> <156><235><150>q_nZE<207><152>(<171>*<218>_<139><161> 
> [<193>>p<187>B<24><237><201>) 
> <145><202><15>0<154><198><11><3>x<188>vQ<5><129><234>G<252>q<233>k<191 
> ><197>_<2><3><1><0><1><163><129><166>0<129><163>0<29><6><3>U<29>% 
> <4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8> 
> +<6><1><5><5><7><3><2>0@<6><3>U<29><31><4>90705<160>3<160>1<134>/ 
> http://crl.thawte.com/ThawtePr
> 	EAP-Message = emiumServerCA.crl02<6><8>+<6><1><5><5><7><1><1><4>&0 
> $0"<6><8>+<6><1><5><5><7>0<1><134><22>http:// 
> ocsp.thawte.com0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<13><6><9>*<1 
> 34>H<134><247><13><1><1><5><5><0><3><129><129><0><206><133>0<221><198> 
> <215>x4l<23>0U<156><189>b<192>/ 
> <248><144><162><247><143><17>h<232><145>q<179><226><253><151><130>5<15 
> 3><131><181><158>!} 
> <136><197><218><237>j<13>_<1><137><164><167><234><171><142><15><19><19 
> 0><172>4l<24><242><155>b'E<190><148><133>- 
> <132><159><138>V<196><18>~<229>}<20><140>dU<234>{<188><228><200>:) 
> +5<244><212>B<133><220><177><147><242><245>w.<188>rj- 
> <177><227><16><136><166><12><132>  
> _<184>g<195><229><186>v<232>H<13><188><223>r1<0><3> 
> +0<130><3>'0<130><2><144><160><3><2><1><2><2><1><1>0<13>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep  6 00:56:33 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code:       Access-Request
> Identifier: 113
> Authentic:  z<!Z9<185>[<210>2<160>2<26>U<245><153><254>
> Attributes:
> 	User-Name = "anonymous at myabc.tw"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Port = 3
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "001302618862"
> 	Called-Station-Id = "000B860A1D80"
> 	Service-Type = Login-User
> 	Framed-MTU = 1100
> 	EAP-Message = <2><3><0><6><25><0>
> 	Aruba-Essid-Name = "PioneerNet"
> 	Aruba-Location-Id = "AP1-UAPTS"
> 	Message-Authenticator = Ssj<149>A!<153><212><243><0><7><4><27><18> 
> $<205>
>
> Sat Sep  6 00:56:33 2008: DEBUG: Handling request with Handler ''
> Sat Sep  6 00:56:33 2008: DEBUG:  Deleting session for  
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep  6 00:56:33 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep  6 00:56:33 2008: DEBUG: Handling with EAP: code 2, 3, 6, 25
> Sat Sep  6 00:56:33 2008: DEBUG: Response type 25
> Sat Sep  6 00:56:33 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
> Sat Sep  6 00:56:33 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> PEAP Challenge
> Sat Sep  6 00:56:33 2008: DEBUG: Access challenged for  
> anonymous at myabc.tw: EAP PEAP Challenge
> Sat Sep  6 00:56:33 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code:       Access-Challenge
> Identifier: 113
> Authentic:  <191>KU<140><143>f<250>)Tt<238>~<225><147><170><139>
> Attributes:
> 	EAP-Message = <1><4><3> 
> (<25><0><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><206>1<11>0<9> 
> <6><3>U<4><6><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>Western  
> Cape1<18>0<16><6><3>U<4><7><19><9>Cape  
> Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting cc1 
> (0&<6><3>U<4><11><19><31>Certification Services Division1! 
> 0<31><6><3>U<4><3><19><24>Thawte Premium Server CA1 
> (0&<6><9>*<134>H<134><247><13><1><9><1><22><25>premium- 
> server at thawte.com0<30><23><13>960801000000Z<23><13>201231
> 	EAP-Message =  
> 235959Z0<129><206>1<11>0<9><6><3>U<4><6><19><2>ZA1<21>0<19><6><3>U<4>< 
> 8><19><12>Western Cape1<18>0<16><6><3>U<4><7><19><9>Cape  
> Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting cc1 
> (0&<6><3>U<4><11><19><31>Certification Services Division1! 
> 0<31><6><3>U<4><3><19><24>Thawte Premium Server CA1 
> (0&<6><9>*<134>H<134><247><13><1><9><1><22><25>premium- 
> server at thawte.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1>< 
> 5><0><3><129><141><0>0<129><137><2><129><129><0><210>66j<139><215><194 
> >[
> 	EAP-Message =  
> <158><218><129>Ab<143>8<238>I<4>U<214><208><239><28><27><149><22>G<239 
> ><24>H5:R<244>+j<6><143>;/ 
> <234>V<227><175><134><141><158><23><247><158><180>eu<2>M<239><203><9>< 
> 162>! 
> Q<216><155><208>g<208><186><13><146><6><20>s<212><147><203><151>*<0><1 
> 56>\N<12><188><250><21>R<252><242>Dn<218><17>Jn<8><159>/- 
> <227><249><170>:<134>s<182>FSX<200><137><5><189><131><17><184>s? 
> <170><7><141><244>BM<231>@<157><28>7<2><3><1><0><1><163><19>0<17>0<15> 
> <6><3>U<29><19><1><1><255><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134> 
> <247><13><1><1><4><5><0><3><129><129><0>&H,<22><194>X<250><232><22>t<1 
> 2><170><170>_T? 
> <242><215><201>x`^^n7c"w6~<178><23><196>4<185><245><8><133><252><201>< 
> 1>8<255>M<190><242><22>BC<231><187>ZF<251><193><198><17><31><241>J<176 
> >(F<201><195><196>B} 
> <188><250><171>Yn<213><183>Q<136><17><227><164><133><25>k<130>L<164><1 
> 2><18>
> 	EAP-Message = <173><233><164><174>? 
> <241><195>Ie<154><140><197><200>>% 
> <183><148><153><187><146>2q<7><240><134>^<237>P'<166><13><166>#<249><1 
> 87><203><166><7><20>B<22><3><1><0><4><14><0><0><0>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code:       Access-Request
> Identifier: 114
> Authentic:  7<230><221><150><28><183>% 
> <1>e<229><206><152><10><226>i<249>
> Attributes:
> 	User-Name = "anonymous at myabc.tw"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Port = 3
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "001302618862"
> 	Called-Station-Id = "000B860A1D80"
> 	Service-Type = Login-User
> 	Framed-MTU = 1100
> 	EAP-Message =  
> <2><4><0><204><25><0><22><3><1><0><134><16><0><0><130><0><128><129>N=< 
> 218><152><11>QgqK<218>|<9>F0 
> (sw<12><129><10>5.<145><211>d<21><194><0>9<239><228><150>w<164>^ 
> [<163>u9<8><255><13>0<182>X<182><169><24><158><209><234><<165><240><16 
> 4>D<127><144>p)<151><194><168>Z<18>Y8!un? 
> z<141><232><18><145><4><131>C<214>9U<172> 
> ("<255><3><200><215>2<239>&<162><255>N#d<215><135><197>l<225><14><233> 
> <27><236><204><254><214><128><229><200><241><175><208><9>Z<197><157><6 
> ><150><253>@<253><232><206><187><20><3><1><0><1><1><22><3><1><0>04<255 
> >m0<5>1<176><213><183>| 
> X<11><183>M<20><240><0><31>UR<241><147><147><205>n<25><159>><149><214> 
> <185>Xa@<171>w*o<241><132><238>J<228><149><211>/<131><195>
> 	Aruba-Essid-Name = "PioneerNet"
> 	Aruba-Location-Id = "AP1-UAPTS"
> 	Message-Authenticator =  
> U.><167><27>l<250>><185><19><195><176>N<140><131><189>
>
> Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for  
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 4, 204, 25
> Sat Sep  6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep  6 00:56:34 2008: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
> Sat Sep  6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> PEAP Challenge
> Sat Sep  6 00:56:34 2008: DEBUG: Access challenged for  
> anonymous at myabc.tw: EAP PEAP Challenge
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code:       Access-Challenge
> Identifier: 114
> Authentic:  rBi<Xq<204>}<234>~;0^"<197><1>
> Attributes:
> 	EAP-Message =  
> <1><5><0>E<25><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0- 
> N"<20><201><171>o<31><138><189><161><255>;<238><178><192>|] 
> rf<231>s<211><211>\k<156><187><237><156>A<221>L<136><146>z<237><227> 
> +<192><152><161>T<156>g<214>D?
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code:       Access-Request
> Identifier: 115
> Authentic:  Y<8>D<180>B2<197><245>SHCs<D<28><246>
> Attributes:
> 	User-Name = "anonymous at myabc.tw"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Port = 3
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "001302618862"
> 	Called-Station-Id = "000B860A1D80"
> 	Service-Type = Login-User
> 	Framed-MTU = 1100
> 	EAP-Message = <2><5><0><6><25><0>
> 	Aruba-Essid-Name = "PioneerNet"
> 	Aruba-Location-Id = "AP1-UAPTS"
> 	Message-Authenticator = !<255><202>.<21>g<232><214>$! 
> <172><236><252>R<183><222>
>
> Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for  
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 5, 6, 25
> Sat Sep  6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
> Sat Sep  6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> PEAP Challenge
> Sat Sep  6 00:56:34 2008: DEBUG: Access challenged for  
> anonymous at myabc.tw: EAP PEAP Challenge
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code:       Access-Challenge
> Identifier: 115
> Authentic:  <151><187><19><170>$<12><0>J<12><140><164><<212><244>p<14>
> Attributes:
> 	EAP-Message = <1><6><0>+<25><0><23><3><1><0>  
> <169><131><209><179><143>6<250>Utv<145><15><150><132><238>Oh<185><4>G< 
> 127>s!<204>I<215>]I@<214><243><145>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code:       Access-Request
> Identifier: 116
> Authentic:  ^<235>}<134>;`n<171>b<239><221>4<23><222><217><137>
> Attributes:
> 	User-Name = "anonymous at myabc.tw"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Port = 3
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "001302618862"
> 	Called-Station-Id = "000B860A1D80"
> 	Service-Type = Login-User
> 	Framed-MTU = 1100
> 	EAP-Message = <2><6><0>P<25><0><23><3><1><0>  
> q<210><167><247><194><15>i<234>r<142>/ 
> <192>s=<13>N<202>.<160><132><202><246>`<219><5><237><228> 
> \e<215><132><193><23><3><1><0> *~<139>J<167><188>#<244><133>) 
> <28>W<177><253><214><o<138><243><202>} 
> <5>C<175>'"[<234><223>c<209><231>
> 	Aruba-Essid-Name = "PioneerNet"
> 	Aruba-Location-Id = "AP1-UAPTS"
> 	Message-Authenticator = <129><216><30>*K<219><159><28>% 
> <134><172>'<202><178>N#
>
> Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for  
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 6, 80, 25
> Sat Sep  6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep  6 00:56:34 2008: DEBUG: EAP PEAP inner authentication  
> request for anonymous
> Sat Sep  6 00:56:34 2008: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:   
> <148><151><215><221><192><160>z<155>'<229><151><253>i<192>|E
> Attributes:
> 	EAP-Message = <2><6><0><10><1>871184593
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	User-Name = "anonymous"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port = 3
> 	Calling-Station-Id = "001302618862"
>
> Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler  
> 'TunnelledByPEAP=1'
> Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for anonymous,  
> 130.253.21.26, 3
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthLDAP2:  
> LDAP-AUTH-MSCHAPV2
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 6, 10, 1
> Sat Sep  6 00:56:34 2008: DEBUG: Response type 1
> Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 3, EAP MSCHAP-V2  
> Challenge
> Sat Sep  6 00:56:34 2008: DEBUG: AuthBy LDAP2 result: CHALLENGE,  
> EAP MSCHAP-V2 Challenge
> Sat Sep  6 00:56:34 2008: DEBUG: Access challenged for anonymous:  
> EAP MSCHAP-V2 Challenge
> Sat Sep  6 00:56:34 2008: DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Challenge
> Identifier: UNDEF
> Authentic:   
> <148><151><215><221><192><160>z<155>'<229><151><253>i<192>|E
> Attributes:
> 	EAP-Message = <1><7><0>"<26><1><7><0><29><16><233><221>S<156>OL< 
> [<16><139><205>I<208><178><12><152>scabbers
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Service-Type = Framed-User
>
> Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP inner  
> authentication redespatched to a Handler
> Sat Sep  6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> PEAP inner authentication redespatched to a Handler
> Sat Sep  6 00:56:34 2008: DEBUG: Access challenged for  
> anonymous at myabc.tw: EAP PEAP inner authentication redespatched to a  
> Handler
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code:       Access-Challenge
> Identifier: 116
> Authentic:  V<239>iB<229>>"ly<184>A<129><189>E<239><173>
> Attributes:
> 	EAP-Message = <1><7><0>K<25><0><23><3><1><0>@<175>)<163>p 
> [<248>NR<196>S<<245><140>P<227>5<180>y<216>m% 
> <129><25>p<155>pP<174><166><242>% 
> <2><160><172><192>F<215><15><195><206><210><30><152> 
> +<175>g<237><3>y<171><201><165><159><202>r<224>N<170><239><247><167><1 
> 50><14><254>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code:       Access-Request
> Identifier: 118
> Authentic:  Y<250>sI<30>B<197><189>W<1><146><211>}/<220><235>
> Attributes:
> 	User-Name = "anonymous at myabc.tw"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Port = 3
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "001302618862"
> 	Called-Station-Id = "000B860A1D80"
> 	Service-Type = Login-User
> 	Framed-MTU = 1100
> 	EAP-Message = <2><7><0><144><25><0><23><3><1><0> <30><6>8d`- 
> <195><10><207><153><232><19><181><207><31>f<248>/<20>e<237><209><24> 
> [<251>/ 
> <145><192><242><24><195><250><23><3><1><0>`<222><4><146><148><194>l<23 
> 8>! 
> <192><7><161><22><149><135>z<168><220><12><140><205><137><128>T<224>F< 
> 23><253><159>qE<198>7<252>><137><187><197><8>7 
> [<178><150><189><31><211><14><162><24>ct<128>8<25>;<181><139><200>m 
> (Tw<127><31>a'<148>a6<222>t<130>=<227><203><133><211>qR#<149>"<255>L<1 
> 98><12><6><177><7>?<212>g<199><176><245><243><132>
> 	Aruba-Essid-Name = "PioneerNet"
> 	Aruba-Location-Id = "AP1-UAPTS"
> 	Message-Authenticator = <134>3<232>j<136><206>p<197>] 
> 1<253><16>y0<237>D
>
> Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for  
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 7, 144, 25
> Sat Sep  6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep  6 00:56:34 2008: DEBUG: EAP PEAP inner authentication  
> request for anonymous
> Sat Sep  6 00:56:34 2008: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  Q,<173>$<164>S<143>[T$<181><181><233><145><216>B
> Attributes:
> 	EAP-Message = <2><7><0>@<26><2><7><0>? 
> 1<165><224>l<134><31><193><207><175>&<205><140><148><131><235>ZK<0><0> 
> <0><0><0><0><0><0>!<213>) 
> <6><245>G<217><241>W<200><29><3><155><127><164><254><178><132><9><233> 
> <28><175><162><236><0>871184593
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	User-Name = "anonymous"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port = 3
> 	Calling-Station-Id = "001302618862"
>
> Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler  
> 'TunnelledByPEAP=1'
> Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for anonymous,  
> 130.253.21.26, 3
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthLDAP2:  
> LDAP-AUTH-MSCHAPV2
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 7, 64, 26
> Sat Sep  6 00:56:34 2008: DEBUG: Response type 26
> Sat Sep  6 00:56:34 2008: DEBUG: LDAP got result for  
> uid=871184593,ou=People,o=du.edu,o=UniversityofDenver
> Sat Sep  6 00:56:34 2008: DEBUG: LDAP got nthash: {nthash} 
> 3D8FB20E09434F7B70AC2950D04611BE
> Sat Sep  6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 looks for match  
> with 871184593 [anonymous]
> Sat Sep  6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 ACCEPT: :  
> 871184593 [anonymous]
> Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 3, EAP MSCHAP V2  
> Challenge: Success
> Sat Sep  6 00:56:34 2008: DEBUG: AuthBy LDAP2 result: CHALLENGE,  
> EAP MSCHAP V2 Challenge: Success
> Sat Sep  6 00:56:34 2008: DEBUG: Access challenged for anonymous:  
> EAP MSCHAP V2 Challenge: Success
> Sat Sep  6 00:56:34 2008: DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Challenge
> Identifier: UNDEF
> Authentic:  Q,<173>$<164>S<143>[T$<181><181><233><145><216>B
> Attributes:
> 	EAP-Message =  
> <1><8><0>=<26><3><7><0>8S=08390F4C13EB366ADDACC0A7AB8509AB2BB34E3A  
> M=success
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Service-Type = Framed-User
>
> Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP inner  
> authentication redespatched to a Handler
> Sat Sep  6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> PEAP inner authentication redespatched to a Handler
> Sat Sep  6 00:56:34 2008: DEBUG: Access challenged for  
> anonymous at myabc.tw: EAP PEAP inner authentication redespatched to a  
> Handler
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code:       Access-Challenge
> Identifier: 118
> Authentic:   
> <142><194><245><226>Q<3><227><204><188><142><221><1><156>_<135>2
> Attributes:
> 	EAP-Message = <1><8><0> 
> [<25><0><23><3><1><0>P<162><255><220>,<127><229>Q<208><179><150><247>k 
> <145>d<202>6<191><20><28><152><31><251><26><241><230><252>O<224><233>B 
> <250><145><253><194><15><17><221>E<21><9><132>EE<6><195><166><160>95<1 
> 33><151><236>*<205><128>.<194>v<151>D<241><31>w<172><133><129>)} 
> <127>W<236><192>kH<9><20>V<186><251><213>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code:       Access-Request
> Identifier: 117
> Authentic:  "<156>k<253><29>|<253>b[<220>Y<5>F<235><9><185>
> Attributes:
> 	User-Name = "anonymous at myabc.tw"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Port = 3
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "001302618862"
> 	Called-Station-Id = "000B860A1D80"
> 	Service-Type = Login-User
> 	Framed-MTU = 1100
> 	EAP-Message = <2><8><0>P<25><0><23><3><1><0>  
> <217><138>p<160>Ac<142>Y~R<192><173>$<232><134>y<173><0>1<218>h<165> 
> $<14><241><198>"<18>Jd<149>:<23><3><1><0>  
> <152><216><187><185><239><K<129>  
> j<193><229><244><231><246><21><147><188><213> 
> {<161><136><188><226><186><185><159>z<164>i<252>V
> 	Aruba-Essid-Name = "PioneerNet"
> 	Aruba-Location-Id = "AP1-UAPTS"
> 	Message-Authenticator = s(H6%d<137><234><247><171>d$_r<209>L
>
> Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for  
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 8, 80, 25
> Sat Sep  6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep  6 00:56:34 2008: DEBUG: EAP PEAP inner authentication  
> request for anonymous
> Sat Sep  6 00:56:34 2008: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  |S<135>Vq{<133><223><244><228>f<167><152><166><207><157>
> Attributes:
> 	EAP-Message = <2><8><0><2><26><3>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	User-Name = "anonymous"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port = 3
> 	Calling-Station-Id = "001302618862"
>
> Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler  
> 'TunnelledByPEAP=1'
> Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for anonymous,  
> 130.253.21.26, 3
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthLDAP2:  
> LDAP-AUTH-MSCHAPV2
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 8, 2, 26
> Sat Sep  6 00:56:34 2008: DEBUG: Response type 26
> Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 0,
> Sat Sep  6 00:56:34 2008: DEBUG: AuthBy LDAP2 result: ACCEPT,
> Sat Sep  6 00:56:34 2008: DEBUG: Access accepted for anonymous
> Sat Sep  6 00:56:34 2008: DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Accept
> Identifier: UNDEF
> Authentic:  |S<135>Vq{<133><223><244><228>f<167><152><166><207><157>
> Attributes:
> 	EAP-Message = <3><8><0><4>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Service-Type = Framed-User
>
> Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP inner  
> authentication redespatched to a Handler
> Sat Sep  6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> PEAP inner authentication redespatched to a Handler
> Sat Sep  6 00:56:34 2008: DEBUG: Access challenged for  
> anonymous at myabc.tw: EAP PEAP inner authentication redespatched to a  
> Handler
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code:       Access-Challenge
> Identifier: 117
> Authentic:  <27>=9<164><245><189>bL<166><127>z<129><149><233><24><199>
> Attributes:
> 	EAP-Message = <1><9><0>+<25><0><23><3><1><0>  
> <181>k<0><127>"<7><151><140><18>Q? 
> <176><29><130><242><235><151><146><129><138>qw,<139><203>OG<166>uS<223 
> >N
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code:       Access-Request
> Identifier: 119
> Authentic:  <19><193>}V)<132><22>o:ma<252><17><150>wf
> Attributes:
> 	User-Name = "anonymous at myabc.tw"
> 	NAS-IP-Address = 130.253.21.26
> 	NAS-Port = 3
> 	NAS-Identifier = "130.253.21.26"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Calling-Station-Id = "001302618862"
> 	Called-Station-Id = "000B860A1D80"
> 	Service-Type = Login-User
> 	Framed-MTU = 1100
> 	EAP-Message = <2><9><0>P<25><0><23><3><1><0> <213><29><217>q<9>Z 
> $<162><135><210><8><16><212>~P.N[;<193><203>S<186><230><12>j<152>/ 
> <157>L=<28><23><3><1><0>  
> <240><172><241><1>0><169>1s*<197><238><6><134>n<221><15><159>[4Y% 
> <17>[_Y3CG<211>&C
> 	Aruba-Essid-Name = "PioneerNet"
> 	Aruba-Location-Id = "AP1-UAPTS"
> 	Message-Authenticator =  
> <195><184><216><202>W<17><165>=<248>a<23>b<206><237><27><26>
>
> Sat Sep  6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep  6 00:56:34 2008: DEBUG:  Deleting session for  
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep  6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 9, 80, 25
> Sat Sep  6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep  6 00:56:34 2008: DEBUG: EAP result: 0,
> Sat Sep  6 00:56:34 2008: DEBUG: AuthBy FILE result: ACCEPT,
> Sat Sep  6 00:56:34 2008: DEBUG: Access accepted for  
> anonymous at myabc.tw
> Sat Sep  6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code:       Access-Accept
> Identifier: 119
> Authentic:  <25><177><140>}-j<177>%xE<150>m<236><226><159>L
> Attributes:
> 	EAP-Message = <3><9><0><4>
> 	Message-Authenticator =  
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 	Service-Type = Framed-User
> 	MS-MPPE-Send-Key = <158><250>Tr 
> $Y<149>Ta2<26><184>l<27>ZG<231><229><210><168><6><213>u3<210><8> 
> (<159><158>N<229>G
> 	MS-MPPE-Recv-Key =  
> y<242><20>b<202>T<211><253><151>Xk<8>L_<130>*<19><207>`7t<227>ADN<230> 
> <228><252><148><214><232><192>
>
>
> LogDir		/var/log/radius
> DbDir		/etc/radiator
> # User a lower trace level in production systems:
> Trace 		4
>
> AuthPort	1812
> AcctPort	1813
>
> include %D/client.cfg
>
> include %D/ldap.cfg
>
> <Handler Aruba-Location-Id="N/A", Client-Identifier=/aruba- 
> controller/>
> 	AuthBy LDAP-AUTH-MSCHAPV2
> 	AddToReply Service-Type=Authenticate-Only
>         AcctLogFileName %L/detail
> </Handler>
>
> <Handler TunnelledByPEAP=1>
> 	AuthBy LDAP-AUTH-MSCHAPV2
> 	AddToReply Service-Type=Framed-User
> 	AcctLogFileName %L/detail
> </Handler>
>
> <Handler TunnelledByTTLS=1>
> 	AuthBy LDAP-AUTH-TTLS
> 	AddToReply Service-Type=Framed-User
> 	AcctLogFileName %L/detail
> </Handler>
>
> <Handler>
> 	<AuthBy FILE>
> 		Filename %D/users.anon
>
> 		EAPType PEAP,TTLS
>
> 		# EAPTLS_CAFile is the name of a file of CA certificates
> 		# in PEM format. The file can contain several CA certificates
> 		# Radiator will first look in EAPTLS_CAFile then in
> 		# EAPTLS_CAPath, so there usually is no need to set both
> 		#
> 		# Note: need to verify that RedHat actually updates this  
> periodically
> 		#       or set up a script to do it ourselves. - bshafer
> 		EAPTLS_CAFile /etc/pki/tls/cert.pem
>
> 		# EAPTLS_CertificateFile is the name of a file containing
> 		# the servers certificate. EAPTLS_CertificateType
> 		# specifies the type of the file. Can be PEM or ASN1
> 		# defaults to ASN1
> 		EAPTLS_CertificateFile %D/certificates/radius.du.edu.pem
> 		EAPTLS_CertificateType PEM
>
> 		# EAPTLS_PrivateKeyFile is the name of the file containing
> 		# the servers private key. It is sometimes in the same file
> 		# as the server certificate (EAPTLS_CertificateFile)
> 		# If the private key is encrypted (usually the case)
> 		# then EAPTLS_PrivateKeyPassword is the key to descrypt it
> 		#
> 		# Note: The two files are combined into one - though they
> 		#       probably don't need to be.  - bshafer
> 		#
> 		EAPTLS_PrivateKeyFile %D/certificates/radius.du.edu.pem
>
> 		# EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
> 		# size that will be replied by Radiator. It must be small
> 		# enough to fit in a single Radius request (ie less than 4096)
> 		# and still leave enough space for other attributes
> 		# Aironet APs seem to need a smaller MaxFragmentSize
> 		# (eg 1024) than the default of 2048. Others need even smaller  
> sizes.
> 		EAPTLS_MaxFragmentSize 1000
>
> 		# Some clients, depending on their configuration, may require you  
> to specify
> 		# MPPE send and receive keys. This _will_ be required if you select
> 		# 'Keys will be generated automatically for data privacy' in the  
> Funk Odyssey
> 		# client Network Properties dialog.
> 		# Automatically sets MS-MPPE-Send-Key and MS-MPPE-Recv-Key
> 		# in the final Access-Accept
> 		AutoMPPEKeys
>
> 		# You can enable some warning messages from the Net::SSLeay
> 		# module by setting SSLeayTrace to an integer from 1 to 4
> 		# 1=ciphers, 2=trace, 3=dump data
> 		#SSLeayTrace 4
>
> 		# You can control which version of the draft PEAP protocol to honour
> 		# with EAPTLS_PEAPVersion. Defaults to 1. Set it to 0 for unusual  
> clients,
> 		# such as Funk Odyssey Client 2.22 or later. For Funk Odyssey
> 		# version 4, use EAPTLS_PEAPVersion 1,
> 		# but set EAPTLS_PEAPBrokenV1Label below
> 		EAPTLS_PEAPVersion 0
>
> 		# You can make PEAP Version 1 support compatible with
> 		# nonstandard PEAP V1 clients that use the old broken TLS  
> encryption labels that
> 		# appear to be used frequently, due to Microsofts use of the  
> incorrect
> 		# label in its V0 client. You should use this with Funk Odyssey
> 		# Client version 4 when EAPTLS_PEAPVersion is set to 1
> 		#EAPTLS_PEAPBrokenV1Label
> 	</AuthBy>
>
> 	AcctLogFileName %L/detail
> </Handler>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.




More information about the radiator mailing list