[RADIATOR] User is authenticating that should not
Hugh Irvine
hugh at open.com.au
Wed Sep 10 00:47:49 CDT 2008
Hello Bob -
Here is the debug for the inner EAP authentication:
Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler
'TunnelledByPEAP=1'
Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for anonymous,
130.253.21.26, 3
Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthLDAP2:
LDAP-AUTH-MSCHAPV2
Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 7, 64, 26
Sat Sep 6 00:56:34 2008: DEBUG: Response type 26
Sat Sep 6 00:56:34 2008: DEBUG: LDAP got result for
uid=871184593,ou=People,o=du.edu,o=UniversityofDenver
Sat Sep 6 00:56:34 2008: DEBUG: LDAP got nthash: {nthash}
3D8FB20E09434F7B70AC2950D04611BE
Sat Sep 6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 looks for match
with 871184593 [anonymous]
Sat Sep 6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 ACCEPT: :
871184593 [anonymous]
Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 3, EAP MSCHAP V2
Challenge: Success
Sat Sep 6 00:56:34 2008: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP
MSCHAP V2 Challenge: Success
Sat Sep 6 00:56:34 2008: DEBUG: Access challenged for anonymous: EAP
MSCHAP V2 Challenge: Success
Sat Sep 6 00:56:34 2008: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: Q,<173>$<164>S<143>[T$<181><181><233><145><216>B
Attributes:
EAP-Message =
<1><8><0>=<26><3><7><0>8S=08390F4C13EB366ADDACC0A7AB8509AB2BB34E3A
M=success
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Service-Type = Framed-User
Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP inner
authentication redespatched to a Handler
Sat Sep 6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
PEAP inner authentication redespatched to a Handler
Sat Sep 6 00:56:34 2008: DEBUG: Access challenged for
anonymous at myabc.tw: EAP PEAP inner authentication redespatched to a
Handler
Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
*** Sending to 130.253.21.26 port 32799 ....
Code: Access-Challenge
Identifier: 118
Authentic:
<142><194><245><226>Q<3><227><204><188><142><221><1><156>_<135>2
Attributes:
EAP-Message = <1><8><0>
[<25><0><23><3><1><0>P<162><255><220>,<127><229>Q<208><179><150><247>k<1
45>d<202>6<191><20><28><152><31><251><26><241><230><252>O<224><233>B<250
><145><253><194><15><17><221>E<21><9><132>EE<6><195><166><160>95<133><1
51><236>*<205><128>.<194>v<151>D<241><31>w<172><133><129>)}
<127>W<236><192>kH<9><20>V<186><251><213>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
*** Received from 130.253.21.26 port 32799 ....
Code: Access-Request
Identifier: 117
Authentic: "<156>k<253><29>|<253>b[<220>Y<5>F<235><9><185>
Attributes:
User-Name = "anonymous at myabc.tw"
NAS-IP-Address = 130.253.21.26
NAS-Port = 3
NAS-Identifier = "130.253.21.26"
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "001302618862"
Called-Station-Id = "000B860A1D80"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message = <2><8><0>P<25><0><23><3><1><0>
<217><138>p<160>Ac<142>Y~R<192><173>$<232><134>y<173><0>1<218>h<165>
$<14><241><198>"<18>Jd<149>:<23><3><1><0>
<152><216><187><185><239><K<129>
j<193><229><244><231><246><21><147><188><213>
{<161><136><188><226><186><185><159>z<164>i<252>V
Aruba-Essid-Name = "PioneerNet"
Aruba-Location-Id = "AP1-UAPTS"
Message-Authenticator = s(H6%d<137><234><247><171>d$_r<209>L
Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler ''
Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for
anonymous at myabc.tw, 130.253.21.26, 3
Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 8, 80, 25
Sat Sep 6 00:56:34 2008: DEBUG: Response type 25
Sat Sep 6 00:56:34 2008: DEBUG: EAP PEAP inner authentication
request for anonymous
Sat Sep 6 00:56:34 2008: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: |S<135>Vq{<133><223><244><228>f<167><152><166><207><157>
Attributes:
EAP-Message = <2><8><0><2><26><3>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = 130.253.21.26
NAS-Identifier = "130.253.21.26"
NAS-Port = 3
Calling-Station-Id = "001302618862"
Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler
'TunnelledByPEAP=1'
Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for anonymous,
130.253.21.26, 3
Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthLDAP2:
LDAP-AUTH-MSCHAPV2
Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 8, 2, 26
Sat Sep 6 00:56:34 2008: DEBUG: Response type 26
Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 0,
Sat Sep 6 00:56:34 2008: DEBUG: AuthBy LDAP2 result: ACCEPT,
Sat Sep 6 00:56:34 2008: DEBUG: Access accepted for anonymous
Sat Sep 6 00:56:34 2008: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Accept
Identifier: UNDEF
Authentic: |S<135>Vq{<133><223><244><228>f<167><152><166><207><157>
Attributes:
EAP-Message = <3><8><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Service-Type = Framed-User
and this is the important bit:
Sat Sep 6 00:56:34 2008: DEBUG: LDAP got result for
uid=871184593,ou=People,o=du.edu,o=UniversityofDenver
Sat Sep 6 00:56:34 2008: DEBUG: LDAP got nthash: {nthash}
3D8FB20E09434F7B70AC2950D04611BE
Sat Sep 6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 looks for match
with 871184593 [anonymous]
Sat Sep 6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 ACCEPT: :
871184593 [anonymous]
You are checking the LDAP database for this user: 871184593
and the LDAP database is authenticating correctly.
As you have not included the AuthBy LDAP2 clause or any LDAP debug I
can't say much more.
regards
Hugh
On 9 Sep 2008, at 21:05, Bob Shafer wrote:
> I've attached radius.cfg, user.anon and a trace 4 debug output
> showing a
> user that is successfully authenticating that should not. We are
> using
> radiator 4.2 on RedHat Linux.
>
> There are no secrets or passwords in the files.
>
> I suspect I've mis-configured something.
>
> Could you please review the enclosed files and let me know what I've
> done wrong and what I can do to correct it?
>
> If you need anything else, please let me know.
>
> Thanks,
>
> Bob Shafer
> University of Denver
>
> # Required for some EAP supplicants. The Password can never be matched
> anonymous Encrypted-Password=nevermatch
>
> Sat Sep 6 00:56:33 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code: Access-Request
> Identifier: 110
> Authentic: $N<157><188>vD<127><244>M<167><189>js<130>XB
> Attributes:
> User-Name = "anonymous at myabc.tw"
> NAS-IP-Address = 130.253.21.26
> NAS-Port = 3
> NAS-Identifier = "130.253.21.26"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "001302618862"
> Called-Station-Id = "000B860A1D80"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><1><0><23><1>anonymous at myabc.tw
> Aruba-Essid-Name = "PioneerNet"
> Aruba-Location-Id = "AP1-UAPTS"
> Message-Authenticator = <25>E)
> C<186><3>>e<161>B<152><12>K<251><253><154>
>
> Sat Sep 6 00:56:33 2008: DEBUG: Handling request with Handler ''
> Sat Sep 6 00:56:33 2008: DEBUG: Deleting session for
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep 6 00:56:33 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep 6 00:56:33 2008: DEBUG: Handling with EAP: code 2, 1, 23, 1
> Sat Sep 6 00:56:33 2008: DEBUG: Response type 1
> Sat Sep 6 00:56:33 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
> Sat Sep 6 00:56:33 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Sat Sep 6 00:56:33 2008: DEBUG: Access challenged for
> anonymous at myabc.tw: EAP PEAP Challenge
> Sat Sep 6 00:56:33 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code: Access-Challenge
> Identifier: 110
> Authentic: \<149><218><15>i<185><19>T#<173><162><216>%<152><165><148>
> Attributes:
> EAP-Message = <1><2><0><6><25>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep 6 00:56:33 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code: Access-Request
> Identifier: 111
> Authentic: }<212><250><16>sD<193>MT<135><144><166>*y<242>s
> Attributes:
> User-Name = "anonymous at myabc.tw"
> NAS-IP-Address = 130.253.21.26
> NAS-Port = 3
> NAS-Identifier = "130.253.21.26"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "001302618862"
> Called-Station-Id = "000B860A1D80"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><2><0>f<25><0><22><3><1><0>
> [<1><0><0>W<3><1>H<194>)<166>><3><157>3<205><31><134><0>l<174>p>%
> <131><225><225>K<232>_<210><26><214><174><203>?
> \v<178><0><0>0<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/
> <0>f<0><5><0><4><0>e<0>d<0>c<0>b<0>`<0><21><0><18><0><9><0><20><0><17>
> <0><8><0><3><1><0>
> Aruba-Essid-Name = "PioneerNet"
> Aruba-Location-Id = "AP1-UAPTS"
> Message-Authenticator
> = .<156><135><139><239><137><251><214><207>n<166>7<255><214><179>D
>
> Sat Sep 6 00:56:33 2008: DEBUG: Handling request with Handler ''
> Sat Sep 6 00:56:33 2008: DEBUG: Deleting session for
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep 6 00:56:33 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep 6 00:56:33 2008: DEBUG: Handling with EAP: code 2, 2, 102, 25
> Sat Sep 6 00:56:33 2008: DEBUG: Response type 25
> Sat Sep 6 00:56:33 2008: DEBUG: EAP TLS SSL_accept result: -1, 2,
> 8576
> Sat Sep 6 00:56:33 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
> Sat Sep 6 00:56:33 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Sat Sep 6 00:56:33 2008: DEBUG: Access challenged for
> anonymous at myabc.tw: EAP PEAP Challenge
> Sat Sep 6 00:56:33 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code: Access-Challenge
> Identifier: 111
> Authentic: <174><136><13><249><209>=`C<19>G&Z<242><252><201><176>
> Attributes:
> EAP-Message =
> <1><3><3><242><25><192><0><0><7><10><22><3><1><0>J<2><0><0>F<3><1>H<19
> 4>)<161>A?<132><164><<214>&<17>8<200>P<251><13>L<163>/
> <248><6>f9<227> x<135>O4<154><224>
> <224><182><19><177>=<175><140><252><244><252><160><215>K<210><190>i<20
> 5><0><194>cL<139>3b<193>d"<200>wb<167><176><0>5<0><22><3><1><6><173><1
> 1><0><6><169><0><6><166><0><3>u0<130><3>q0<130><2><218><160><3><2><1><
> 2><2><16>o<246><213><192><203>4<212>x<156><182><235><206><186>RA#0<13>
> <6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><206>1<11>0<9><6><3>U<
> 4><6><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>Western
> Cape1<18>0<16><6><3>U<4><7><19><9>Cape
> Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting cc1
> (0&<6><3>U<4><11><19><31>Ce
> EAP-Message = rtification Services Division1!
> 0<31><6><3>U<4><3><19><24>Thawte Premium Server CA1
> (0&<6><9>*<134>H<134><247><13><1><9><1><22><25>premium-
> server at thawte.com0<30><23><13>080220212324Z<23><13>090219212324Z0v1<11
> >0<9><6><3>U<4><6><19><2>US1<17>0<15><6><3>U<4><8><19><8>Colorado1<15>
> 0<13><6><3>U<4><7><19><6>Denver1<29>0<27><6><3>U<4><10><19><20>Univers
> ity of
> Denver1<12>0<10><6><3>U<4><11><19><3>UTS1<22>0<20><6><3>U<4><3><19><13
> >radius.d
> EAP-Message =
> u.edu0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129
> ><141><0>0<129><137><2><129><129><0><173>4x<20><140>,
> 8<189>f<226><143>9r<242>.<142><140>"!
> <248>e<17><191>b<159><173><11><158><176><149><221>.BOX<217><159><172>V
> <133><171><208><249><176><178>m j<233>\<173><231><9>7+e-
> JJ"<146><22>:<218><<229><200>GL<245><201>An`<195><205><138>-
> <156><235><150>q_nZE<207><152>(<171>*<218>_<139><161>
> [<193>>p<187>B<24><237><201>)
> <145><202><15>0<154><198><11><3>x<188>vQ<5><129><234>G<252>q<233>k<191
> ><197>_<2><3><1><0><1><163><129><166>0<129><163>0<29><6><3>U<29>%
> <4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>
> +<6><1><5><5><7><3><2>0@<6><3>U<29><31><4>90705<160>3<160>1<134>/
> http://crl.thawte.com/ThawtePr
> EAP-Message = emiumServerCA.crl02<6><8>+<6><1><5><5><7><1><1><4>&0
> $0"<6><8>+<6><1><5><5><7>0<1><134><22>http://
> ocsp.thawte.com0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<13><6><9>*<1
> 34>H<134><247><13><1><1><5><5><0><3><129><129><0><206><133>0<221><198>
> <215>x4l<23>0U<156><189>b<192>/
> <248><144><162><247><143><17>h<232><145>q<179><226><253><151><130>5<15
> 3><131><181><158>!}
> <136><197><218><237>j<13>_<1><137><164><167><234><171><142><15><19><19
> 0><172>4l<24><242><155>b'E<190><148><133>-
> <132><159><138>V<196><18>~<229>}<20><140>dU<234>{<188><228><200>:)
> +5<244><212>B<133><220><177><147><242><245>w.<188>rj-
> <177><227><16><136><166><12><132>
> _<184>g<195><229><186>v<232>H<13><188><223>r1<0><3>
> +0<130><3>'0<130><2><144><160><3><2><1><2><2><1><1>0<13>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep 6 00:56:33 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code: Access-Request
> Identifier: 113
> Authentic: z<!Z9<185>[<210>2<160>2<26>U<245><153><254>
> Attributes:
> User-Name = "anonymous at myabc.tw"
> NAS-IP-Address = 130.253.21.26
> NAS-Port = 3
> NAS-Identifier = "130.253.21.26"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "001302618862"
> Called-Station-Id = "000B860A1D80"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><3><0><6><25><0>
> Aruba-Essid-Name = "PioneerNet"
> Aruba-Location-Id = "AP1-UAPTS"
> Message-Authenticator = Ssj<149>A!<153><212><243><0><7><4><27><18>
> $<205>
>
> Sat Sep 6 00:56:33 2008: DEBUG: Handling request with Handler ''
> Sat Sep 6 00:56:33 2008: DEBUG: Deleting session for
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep 6 00:56:33 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep 6 00:56:33 2008: DEBUG: Handling with EAP: code 2, 3, 6, 25
> Sat Sep 6 00:56:33 2008: DEBUG: Response type 25
> Sat Sep 6 00:56:33 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
> Sat Sep 6 00:56:33 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Sat Sep 6 00:56:33 2008: DEBUG: Access challenged for
> anonymous at myabc.tw: EAP PEAP Challenge
> Sat Sep 6 00:56:33 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code: Access-Challenge
> Identifier: 113
> Authentic: <191>KU<140><143>f<250>)Tt<238>~<225><147><170><139>
> Attributes:
> EAP-Message = <1><4><3>
> (<25><0><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><206>1<11>0<9>
> <6><3>U<4><6><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>Western
> Cape1<18>0<16><6><3>U<4><7><19><9>Cape
> Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting cc1
> (0&<6><3>U<4><11><19><31>Certification Services Division1!
> 0<31><6><3>U<4><3><19><24>Thawte Premium Server CA1
> (0&<6><9>*<134>H<134><247><13><1><9><1><22><25>premium-
> server at thawte.com0<30><23><13>960801000000Z<23><13>201231
> EAP-Message =
> 235959Z0<129><206>1<11>0<9><6><3>U<4><6><19><2>ZA1<21>0<19><6><3>U<4><
> 8><19><12>Western Cape1<18>0<16><6><3>U<4><7><19><9>Cape
> Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting cc1
> (0&<6><3>U<4><11><19><31>Certification Services Division1!
> 0<31><6><3>U<4><3><19><24>Thawte Premium Server CA1
> (0&<6><9>*<134>H<134><247><13><1><9><1><22><25>premium-
> server at thawte.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><
> 5><0><3><129><141><0>0<129><137><2><129><129><0><210>66j<139><215><194
> >[
> EAP-Message =
> <158><218><129>Ab<143>8<238>I<4>U<214><208><239><28><27><149><22>G<239
> ><24>H5:R<244>+j<6><143>;/
> <234>V<227><175><134><141><158><23><247><158><180>eu<2>M<239><203><9><
> 162>!
> Q<216><155><208>g<208><186><13><146><6><20>s<212><147><203><151>*<0><1
> 56>\N<12><188><250><21>R<252><242>Dn<218><17>Jn<8><159>/-
> <227><249><170>:<134>s<182>FSX<200><137><5><189><131><17><184>s?
> <170><7><141><244>BM<231>@<157><28>7<2><3><1><0><1><163><19>0<17>0<15>
> <6><3>U<29><19><1><1><255><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134>
> <247><13><1><1><4><5><0><3><129><129><0>&H,<22><194>X<250><232><22>t<1
> 2><170><170>_T?
> <242><215><201>x`^^n7c"w6~<178><23><196>4<185><245><8><133><252><201><
> 1>8<255>M<190><242><22>BC<231><187>ZF<251><193><198><17><31><241>J<176
> >(F<201><195><196>B}
> <188><250><171>Yn<213><183>Q<136><17><227><164><133><25>k<130>L<164><1
> 2><18>
> EAP-Message = <173><233><164><174>?
> <241><195>Ie<154><140><197><200>>%
> <183><148><153><187><146>2q<7><240><134>^<237>P'<166><13><166>#<249><1
> 87><203><166><7><20>B<22><3><1><0><4><14><0><0><0>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code: Access-Request
> Identifier: 114
> Authentic: 7<230><221><150><28><183>%
> <1>e<229><206><152><10><226>i<249>
> Attributes:
> User-Name = "anonymous at myabc.tw"
> NAS-IP-Address = 130.253.21.26
> NAS-Port = 3
> NAS-Identifier = "130.253.21.26"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "001302618862"
> Called-Station-Id = "000B860A1D80"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message =
> <2><4><0><204><25><0><22><3><1><0><134><16><0><0><130><0><128><129>N=<
> 218><152><11>QgqK<218>|<9>F0
> (sw<12><129><10>5.<145><211>d<21><194><0>9<239><228><150>w<164>^
> [<163>u9<8><255><13>0<182>X<182><169><24><158><209><234><<165><240><16
> 4>D<127><144>p)<151><194><168>Z<18>Y8!un?
> z<141><232><18><145><4><131>C<214>9U<172>
> ("<255><3><200><215>2<239>&<162><255>N#d<215><135><197>l<225><14><233>
> <27><236><204><254><214><128><229><200><241><175><208><9>Z<197><157><6
> ><150><253>@<253><232><206><187><20><3><1><0><1><1><22><3><1><0>04<255
> >m0<5>1<176><213><183>|
> X<11><183>M<20><240><0><31>UR<241><147><147><205>n<25><159>><149><214>
> <185>Xa@<171>w*o<241><132><238>J<228><149><211>/<131><195>
> Aruba-Essid-Name = "PioneerNet"
> Aruba-Location-Id = "AP1-UAPTS"
> Message-Authenticator =
> U.><167><27>l<250>><185><19><195><176>N<140><131><189>
>
> Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 4, 204, 25
> Sat Sep 6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep 6 00:56:34 2008: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
> Sat Sep 6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Sat Sep 6 00:56:34 2008: DEBUG: Access challenged for
> anonymous at myabc.tw: EAP PEAP Challenge
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code: Access-Challenge
> Identifier: 114
> Authentic: rBi<Xq<204>}<234>~;0^"<197><1>
> Attributes:
> EAP-Message =
> <1><5><0>E<25><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0-
> N"<20><201><171>o<31><138><189><161><255>;<238><178><192>|]
> rf<231>s<211><211>\k<156><187><237><156>A<221>L<136><146>z<237><227>
> +<192><152><161>T<156>g<214>D?
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code: Access-Request
> Identifier: 115
> Authentic: Y<8>D<180>B2<197><245>SHCs<D<28><246>
> Attributes:
> User-Name = "anonymous at myabc.tw"
> NAS-IP-Address = 130.253.21.26
> NAS-Port = 3
> NAS-Identifier = "130.253.21.26"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "001302618862"
> Called-Station-Id = "000B860A1D80"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><5><0><6><25><0>
> Aruba-Essid-Name = "PioneerNet"
> Aruba-Location-Id = "AP1-UAPTS"
> Message-Authenticator = !<255><202>.<21>g<232><214>$!
> <172><236><252>R<183><222>
>
> Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 5, 6, 25
> Sat Sep 6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP Challenge
> Sat Sep 6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Sat Sep 6 00:56:34 2008: DEBUG: Access challenged for
> anonymous at myabc.tw: EAP PEAP Challenge
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code: Access-Challenge
> Identifier: 115
> Authentic: <151><187><19><170>$<12><0>J<12><140><164><<212><244>p<14>
> Attributes:
> EAP-Message = <1><6><0>+<25><0><23><3><1><0>
> <169><131><209><179><143>6<250>Utv<145><15><150><132><238>Oh<185><4>G<
> 127>s!<204>I<215>]I@<214><243><145>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code: Access-Request
> Identifier: 116
> Authentic: ^<235>}<134>;`n<171>b<239><221>4<23><222><217><137>
> Attributes:
> User-Name = "anonymous at myabc.tw"
> NAS-IP-Address = 130.253.21.26
> NAS-Port = 3
> NAS-Identifier = "130.253.21.26"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "001302618862"
> Called-Station-Id = "000B860A1D80"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><6><0>P<25><0><23><3><1><0>
> q<210><167><247><194><15>i<234>r<142>/
> <192>s=<13>N<202>.<160><132><202><246>`<219><5><237><228>
> \e<215><132><193><23><3><1><0> *~<139>J<167><188>#<244><133>)
> <28>W<177><253><214><o<138><243><202>}
> <5>C<175>'"[<234><223>c<209><231>
> Aruba-Essid-Name = "PioneerNet"
> Aruba-Location-Id = "AP1-UAPTS"
> Message-Authenticator = <129><216><30>*K<219><159><28>%
> <134><172>'<202><178>N#
>
> Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 6, 80, 25
> Sat Sep 6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep 6 00:56:34 2008: DEBUG: EAP PEAP inner authentication
> request for anonymous
> Sat Sep 6 00:56:34 2008: DEBUG: PEAP Tunnelled request Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic:
> <148><151><215><221><192><160>z<155>'<229><151><253>i<192>|E
> Attributes:
> EAP-Message = <2><6><0><10><1>871184593
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> User-Name = "anonymous"
> NAS-IP-Address = 130.253.21.26
> NAS-Identifier = "130.253.21.26"
> NAS-Port = 3
> Calling-Station-Id = "001302618862"
>
> Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1'
> Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for anonymous,
> 130.253.21.26, 3
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthLDAP2:
> LDAP-AUTH-MSCHAPV2
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 6, 10, 1
> Sat Sep 6 00:56:34 2008: DEBUG: Response type 1
> Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 3, EAP MSCHAP-V2
> Challenge
> Sat Sep 6 00:56:34 2008: DEBUG: AuthBy LDAP2 result: CHALLENGE,
> EAP MSCHAP-V2 Challenge
> Sat Sep 6 00:56:34 2008: DEBUG: Access challenged for anonymous:
> EAP MSCHAP-V2 Challenge
> Sat Sep 6 00:56:34 2008: DEBUG: Returned PEAP tunnelled packet dump:
> Code: Access-Challenge
> Identifier: UNDEF
> Authentic:
> <148><151><215><221><192><160>z<155>'<229><151><253>i<192>|E
> Attributes:
> EAP-Message = <1><7><0>"<26><1><7><0><29><16><233><221>S<156>OL<
> [<16><139><205>I<208><178><12><152>scabbers
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Service-Type = Framed-User
>
> Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redespatched to a Handler
> Sat Sep 6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP inner authentication redespatched to a Handler
> Sat Sep 6 00:56:34 2008: DEBUG: Access challenged for
> anonymous at myabc.tw: EAP PEAP inner authentication redespatched to a
> Handler
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code: Access-Challenge
> Identifier: 116
> Authentic: V<239>iB<229>>"ly<184>A<129><189>E<239><173>
> Attributes:
> EAP-Message = <1><7><0>K<25><0><23><3><1><0>@<175>)<163>p
> [<248>NR<196>S<<245><140>P<227>5<180>y<216>m%
> <129><25>p<155>pP<174><166><242>%
> <2><160><172><192>F<215><15><195><206><210><30><152>
> +<175>g<237><3>y<171><201><165><159><202>r<224>N<170><239><247><167><1
> 50><14><254>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code: Access-Request
> Identifier: 118
> Authentic: Y<250>sI<30>B<197><189>W<1><146><211>}/<220><235>
> Attributes:
> User-Name = "anonymous at myabc.tw"
> NAS-IP-Address = 130.253.21.26
> NAS-Port = 3
> NAS-Identifier = "130.253.21.26"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "001302618862"
> Called-Station-Id = "000B860A1D80"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><7><0><144><25><0><23><3><1><0> <30><6>8d`-
> <195><10><207><153><232><19><181><207><31>f<248>/<20>e<237><209><24>
> [<251>/
> <145><192><242><24><195><250><23><3><1><0>`<222><4><146><148><194>l<23
> 8>!
> <192><7><161><22><149><135>z<168><220><12><140><205><137><128>T<224>F<
> 23><253><159>qE<198>7<252>><137><187><197><8>7
> [<178><150><189><31><211><14><162><24>ct<128>8<25>;<181><139><200>m
> (Tw<127><31>a'<148>a6<222>t<130>=<227><203><133><211>qR#<149>"<255>L<1
> 98><12><6><177><7>?<212>g<199><176><245><243><132>
> Aruba-Essid-Name = "PioneerNet"
> Aruba-Location-Id = "AP1-UAPTS"
> Message-Authenticator = <134>3<232>j<136><206>p<197>]
> 1<253><16>y0<237>D
>
> Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 7, 144, 25
> Sat Sep 6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep 6 00:56:34 2008: DEBUG: EAP PEAP inner authentication
> request for anonymous
> Sat Sep 6 00:56:34 2008: DEBUG: PEAP Tunnelled request Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: Q,<173>$<164>S<143>[T$<181><181><233><145><216>B
> Attributes:
> EAP-Message = <2><7><0>@<26><2><7><0>?
> 1<165><224>l<134><31><193><207><175>&<205><140><148><131><235>ZK<0><0>
> <0><0><0><0><0><0>!<213>)
> <6><245>G<217><241>W<200><29><3><155><127><164><254><178><132><9><233>
> <28><175><162><236><0>871184593
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> User-Name = "anonymous"
> NAS-IP-Address = 130.253.21.26
> NAS-Identifier = "130.253.21.26"
> NAS-Port = 3
> Calling-Station-Id = "001302618862"
>
> Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1'
> Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for anonymous,
> 130.253.21.26, 3
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthLDAP2:
> LDAP-AUTH-MSCHAPV2
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 7, 64, 26
> Sat Sep 6 00:56:34 2008: DEBUG: Response type 26
> Sat Sep 6 00:56:34 2008: DEBUG: LDAP got result for
> uid=871184593,ou=People,o=du.edu,o=UniversityofDenver
> Sat Sep 6 00:56:34 2008: DEBUG: LDAP got nthash: {nthash}
> 3D8FB20E09434F7B70AC2950D04611BE
> Sat Sep 6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 looks for match
> with 871184593 [anonymous]
> Sat Sep 6 00:56:34 2008: DEBUG: Radius::AuthLDAP2 ACCEPT: :
> 871184593 [anonymous]
> Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 3, EAP MSCHAP V2
> Challenge: Success
> Sat Sep 6 00:56:34 2008: DEBUG: AuthBy LDAP2 result: CHALLENGE,
> EAP MSCHAP V2 Challenge: Success
> Sat Sep 6 00:56:34 2008: DEBUG: Access challenged for anonymous:
> EAP MSCHAP V2 Challenge: Success
> Sat Sep 6 00:56:34 2008: DEBUG: Returned PEAP tunnelled packet dump:
> Code: Access-Challenge
> Identifier: UNDEF
> Authentic: Q,<173>$<164>S<143>[T$<181><181><233><145><216>B
> Attributes:
> EAP-Message =
> <1><8><0>=<26><3><7><0>8S=08390F4C13EB366ADDACC0A7AB8509AB2BB34E3A
> M=success
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Service-Type = Framed-User
>
> Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redespatched to a Handler
> Sat Sep 6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP inner authentication redespatched to a Handler
> Sat Sep 6 00:56:34 2008: DEBUG: Access challenged for
> anonymous at myabc.tw: EAP PEAP inner authentication redespatched to a
> Handler
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code: Access-Challenge
> Identifier: 118
> Authentic:
> <142><194><245><226>Q<3><227><204><188><142><221><1><156>_<135>2
> Attributes:
> EAP-Message = <1><8><0>
> [<25><0><23><3><1><0>P<162><255><220>,<127><229>Q<208><179><150><247>k
> <145>d<202>6<191><20><28><152><31><251><26><241><230><252>O<224><233>B
> <250><145><253><194><15><17><221>E<21><9><132>EE<6><195><166><160>95<1
> 33><151><236>*<205><128>.<194>v<151>D<241><31>w<172><133><129>)}
> <127>W<236><192>kH<9><20>V<186><251><213>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code: Access-Request
> Identifier: 117
> Authentic: "<156>k<253><29>|<253>b[<220>Y<5>F<235><9><185>
> Attributes:
> User-Name = "anonymous at myabc.tw"
> NAS-IP-Address = 130.253.21.26
> NAS-Port = 3
> NAS-Identifier = "130.253.21.26"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "001302618862"
> Called-Station-Id = "000B860A1D80"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><8><0>P<25><0><23><3><1><0>
> <217><138>p<160>Ac<142>Y~R<192><173>$<232><134>y<173><0>1<218>h<165>
> $<14><241><198>"<18>Jd<149>:<23><3><1><0>
> <152><216><187><185><239><K<129>
> j<193><229><244><231><246><21><147><188><213>
> {<161><136><188><226><186><185><159>z<164>i<252>V
> Aruba-Essid-Name = "PioneerNet"
> Aruba-Location-Id = "AP1-UAPTS"
> Message-Authenticator = s(H6%d<137><234><247><171>d$_r<209>L
>
> Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 8, 80, 25
> Sat Sep 6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep 6 00:56:34 2008: DEBUG: EAP PEAP inner authentication
> request for anonymous
> Sat Sep 6 00:56:34 2008: DEBUG: PEAP Tunnelled request Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: |S<135>Vq{<133><223><244><228>f<167><152><166><207><157>
> Attributes:
> EAP-Message = <2><8><0><2><26><3>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> User-Name = "anonymous"
> NAS-IP-Address = 130.253.21.26
> NAS-Identifier = "130.253.21.26"
> NAS-Port = 3
> Calling-Station-Id = "001302618862"
>
> Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1'
> Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for anonymous,
> 130.253.21.26, 3
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthLDAP2:
> LDAP-AUTH-MSCHAPV2
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 8, 2, 26
> Sat Sep 6 00:56:34 2008: DEBUG: Response type 26
> Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 0,
> Sat Sep 6 00:56:34 2008: DEBUG: AuthBy LDAP2 result: ACCEPT,
> Sat Sep 6 00:56:34 2008: DEBUG: Access accepted for anonymous
> Sat Sep 6 00:56:34 2008: DEBUG: Returned PEAP tunnelled packet dump:
> Code: Access-Accept
> Identifier: UNDEF
> Authentic: |S<135>Vq{<133><223><244><228>f<167><152><166><207><157>
> Attributes:
> EAP-Message = <3><8><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Service-Type = Framed-User
>
> Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redespatched to a Handler
> Sat Sep 6 00:56:34 2008: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP inner authentication redespatched to a Handler
> Sat Sep 6 00:56:34 2008: DEBUG: Access challenged for
> anonymous at myabc.tw: EAP PEAP inner authentication redespatched to a
> Handler
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code: Access-Challenge
> Identifier: 117
> Authentic: <27>=9<164><245><189>bL<166><127>z<129><149><233><24><199>
> Attributes:
> EAP-Message = <1><9><0>+<25><0><23><3><1><0>
> <181>k<0><127>"<7><151><140><18>Q?
> <176><29><130><242><235><151><146><129><138>qw,<139><203>OG<166>uS<223
> >N
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Received from 130.253.21.26 port 32799 ....
> Code: Access-Request
> Identifier: 119
> Authentic: <19><193>}V)<132><22>o:ma<252><17><150>wf
> Attributes:
> User-Name = "anonymous at myabc.tw"
> NAS-IP-Address = 130.253.21.26
> NAS-Port = 3
> NAS-Identifier = "130.253.21.26"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "001302618862"
> Called-Station-Id = "000B860A1D80"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><9><0>P<25><0><23><3><1><0> <213><29><217>q<9>Z
> $<162><135><210><8><16><212>~P.N[;<193><203>S<186><230><12>j<152>/
> <157>L=<28><23><3><1><0>
> <240><172><241><1>0><169>1s*<197><238><6><134>n<221><15><159>[4Y%
> <17>[_Y3CG<211>&C
> Aruba-Essid-Name = "PioneerNet"
> Aruba-Location-Id = "AP1-UAPTS"
> Message-Authenticator =
> <195><184><216><202>W<17><165>=<248>a<23>b<206><237><27><26>
>
> Sat Sep 6 00:56:34 2008: DEBUG: Handling request with Handler ''
> Sat Sep 6 00:56:34 2008: DEBUG: Deleting session for
> anonymous at myabc.tw, 130.253.21.26, 3
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with Radius::AuthFILE:
> Sat Sep 6 00:56:34 2008: DEBUG: Handling with EAP: code 2, 9, 80, 25
> Sat Sep 6 00:56:34 2008: DEBUG: Response type 25
> Sat Sep 6 00:56:34 2008: DEBUG: EAP result: 0,
> Sat Sep 6 00:56:34 2008: DEBUG: AuthBy FILE result: ACCEPT,
> Sat Sep 6 00:56:34 2008: DEBUG: Access accepted for
> anonymous at myabc.tw
> Sat Sep 6 00:56:34 2008: DEBUG: Packet dump:
> *** Sending to 130.253.21.26 port 32799 ....
> Code: Access-Accept
> Identifier: 119
> Authentic: <25><177><140>}-j<177>%xE<150>m<236><226><159>L
> Attributes:
> EAP-Message = <3><9><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Service-Type = Framed-User
> MS-MPPE-Send-Key = <158><250>Tr
> $Y<149>Ta2<26><184>l<27>ZG<231><229><210><168><6><213>u3<210><8>
> (<159><158>N<229>G
> MS-MPPE-Recv-Key =
> y<242><20>b<202>T<211><253><151>Xk<8>L_<130>*<19><207>`7t<227>ADN<230>
> <228><252><148><214><232><192>
>
>
> LogDir /var/log/radius
> DbDir /etc/radiator
> # User a lower trace level in production systems:
> Trace 4
>
> AuthPort 1812
> AcctPort 1813
>
> include %D/client.cfg
>
> include %D/ldap.cfg
>
> <Handler Aruba-Location-Id="N/A", Client-Identifier=/aruba-
> controller/>
> AuthBy LDAP-AUTH-MSCHAPV2
> AddToReply Service-Type=Authenticate-Only
> AcctLogFileName %L/detail
> </Handler>
>
> <Handler TunnelledByPEAP=1>
> AuthBy LDAP-AUTH-MSCHAPV2
> AddToReply Service-Type=Framed-User
> AcctLogFileName %L/detail
> </Handler>
>
> <Handler TunnelledByTTLS=1>
> AuthBy LDAP-AUTH-TTLS
> AddToReply Service-Type=Framed-User
> AcctLogFileName %L/detail
> </Handler>
>
> <Handler>
> <AuthBy FILE>
> Filename %D/users.anon
>
> EAPType PEAP,TTLS
>
> # EAPTLS_CAFile is the name of a file of CA certificates
> # in PEM format. The file can contain several CA certificates
> # Radiator will first look in EAPTLS_CAFile then in
> # EAPTLS_CAPath, so there usually is no need to set both
> #
> # Note: need to verify that RedHat actually updates this
> periodically
> # or set up a script to do it ourselves. - bshafer
> EAPTLS_CAFile /etc/pki/tls/cert.pem
>
> # EAPTLS_CertificateFile is the name of a file containing
> # the servers certificate. EAPTLS_CertificateType
> # specifies the type of the file. Can be PEM or ASN1
> # defaults to ASN1
> EAPTLS_CertificateFile %D/certificates/radius.du.edu.pem
> EAPTLS_CertificateType PEM
>
> # EAPTLS_PrivateKeyFile is the name of the file containing
> # the servers private key. It is sometimes in the same file
> # as the server certificate (EAPTLS_CertificateFile)
> # If the private key is encrypted (usually the case)
> # then EAPTLS_PrivateKeyPassword is the key to descrypt it
> #
> # Note: The two files are combined into one - though they
> # probably don't need to be. - bshafer
> #
> EAPTLS_PrivateKeyFile %D/certificates/radius.du.edu.pem
>
> # EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
> # size that will be replied by Radiator. It must be small
> # enough to fit in a single Radius request (ie less than 4096)
> # and still leave enough space for other attributes
> # Aironet APs seem to need a smaller MaxFragmentSize
> # (eg 1024) than the default of 2048. Others need even smaller
> sizes.
> EAPTLS_MaxFragmentSize 1000
>
> # Some clients, depending on their configuration, may require you
> to specify
> # MPPE send and receive keys. This _will_ be required if you select
> # 'Keys will be generated automatically for data privacy' in the
> Funk Odyssey
> # client Network Properties dialog.
> # Automatically sets MS-MPPE-Send-Key and MS-MPPE-Recv-Key
> # in the final Access-Accept
> AutoMPPEKeys
>
> # You can enable some warning messages from the Net::SSLeay
> # module by setting SSLeayTrace to an integer from 1 to 4
> # 1=ciphers, 2=trace, 3=dump data
> #SSLeayTrace 4
>
> # You can control which version of the draft PEAP protocol to honour
> # with EAPTLS_PEAPVersion. Defaults to 1. Set it to 0 for unusual
> clients,
> # such as Funk Odyssey Client 2.22 or later. For Funk Odyssey
> # version 4, use EAPTLS_PEAPVersion 1,
> # but set EAPTLS_PEAPBrokenV1Label below
> EAPTLS_PEAPVersion 0
>
> # You can make PEAP Version 1 support compatible with
> # nonstandard PEAP V1 clients that use the old broken TLS
> encryption labels that
> # appear to be used frequently, due to Microsofts use of the
> incorrect
> # label in its V0 client. You should use this with Funk Odyssey
> # Client version 4 when EAPTLS_PEAPVersion is set to 1
> #EAPTLS_PEAPBrokenV1Label
> </AuthBy>
>
> AcctLogFileName %L/detail
> </Handler>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list