[RADIATOR] PEAP/EAP MSCHAPV2 with WPA configuration
Khurram Masood
khurram.groups at gmail.com
Thu Jul 9 00:58:48 CDT 2009
Hello Hugh
Thanks for your reply, the answers to your questions are;
-Radiator version 3.2
-Hp GL5 380 server
-Perl 5.8.5
-Should we use handlers instead of wifi realm because using other
realms is our requirment for other user?
-Would it make a significant difference if we don't update our
dictionary because at this point of time we are not willing to?
- Are you talking of the shared secret in the following clause because
its the same at the access point?
<Client 10.100.0.2>
Secret abc
DupInterval 4
</Client>
On Wed, Jul 8, 2009 at 3:38 PM, Hugh Irvine<hugh at open.com.au> wrote:
>
> Hello Khurram -
>
> Can you please tell me what version of Radiator you are running? (The most
> recent is Radiator 4.4 plus patches).
>
> Can you also please tell me what hardware/software plafrom you are running
> on and what version of Perl etc.?
>
> I can see at least 3 problems:
>
> The first is your configuration file which mixes Realms and Handlers - you
> should use Handlers only (see the examples in "goodies/eap_*.cfg").
>
> The second is the dictionary you are using which does not appear to be the
> most recent one which contains these attributes:
>
>>
>> Mon Jul 6 16:17:13 2009: WARNING: Bad EAP Message-Authenticator
>> Mon Jul 6 16:17:13 2009: WARNING: Bad authenticator in request from
>> 192.168.22.99
>> (192.168.22.99)
>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 35 (vendor 311) is not
>> defined in
>> your dictionary
>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 34 (vendor 311) is not
>> defined in
>> your dictionary
>> Mon Jul 6 16:17:14 2009: DEBUG: Packet dump:
>
> And third - "Bad authenticator ....." usually indicates an incorrect shared
> secret.
>
>
> hope that helps
>
> regards
>
> Hugh
>
>
> On 7 Jul 2009, at 19:33, Khurram Masood wrote:
>
>> Hello Hugh
>>
>> I am having a problem configuring the radiator for securing my WiFi
>> network. Following are the necessary details
>>
>> Access point security protocol: WPA with AES
>> Client : XP SP3 with PEAP/EAP MSCHAP-V2
>> Other Info : Using DHCP for the clients although the AP has
>> static IP addresse.
>>
>> Problem : Unable to authenticate the user.
>>
>>
>> Config file:
>> # Example Radiator configuration file that allows you to
>> # authenticate from an SQL database.
>> # With Radiator you can interface with almost any databse schema,
>> # and there are many more configurable parameters that allow you
>> # to control database fallback, select statements, column names
>> # and arrangements etc etc etc.
>> # See the reference manual for more details.
>> # This is a very simple exmaple to get you started. It will
>> # work with the tables created by the goodies/*.sql scripts.
>> #
>> # You should consider this file to be a starting point only
>> # $Id: sql.cfg,v 1.4 2000/03/21 01:25:16 mikem Exp $
>>
>> Foreground
>> LogStdout
>> LogDir .
>> DbDir .
>> Trace 4
>> AuthPort 1645
>> AcctPort 1646
>> # You will probably want to change this to suit your site.
>> <Client 10.100.0.2>
>> Secret abc
>> DupInterval 4
>> </Client>
>>
>> <Client DEFAULT>
>> Secret xyz
>> DupInterval 4
>> </Client>
>>
>> # You can put client details in a database table
>> # and get their details from there with something like this:
>>
>> # This will authenticate users from SUBSCRIBERS
>> <Handler TunnelledByPEAP=1>
>> <AuthBy FILE>
>> Filename %D/users
>> # This tells the PEAP client what types of inner EAP
>> requests
>> # we will honour
>> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>> </AuthBy>
>> </Handler>
>>
>>
>> <Realm WIFI>
>> <AuthBy FILE>
>> Filename /home/oracle/Radiator-3.12/wifi_users
>> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>> EAPTLS_CAFile
>> /home/oracle/Radiator-3.12/certificates/demoCA/cacert.pem
>> EAPTLS_CAPath
>> EAPTLS_CertificateFile
>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>> EAPTLS_CertificateType PEM
>> EAPTLS_PrivateKeyFile
>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>> EAPTLS_PrivateKeyPassword whatever
>> AutoMPPEKeys
>> EAPTLS_PEAPVersion 0
>> </AuthBy>
>> </Realm>
>>
>> <Realm DEFAULT>
>> AuthByPolicy ContinueWhileAccept
>> PasswordLogFileName %L/password_log
>> MaxSessions 1
>> <AuthBy SQL>
>> # Adjust DBSource, DBUsername, DBAuth to suit your DB
>> DBSource dbi:Oracle:orcl
>> DBUsername abc
>> DBAuth xyz
>> AuthSelect select password from subaccounts where ((active=1
>> or (active=0
>> and freeaccess=1)) and login=concat('%n',
>> 'l') and nas=substr('%N',1,3) and locked=0) or (active=1 and
>> login=concat('%n','d')
>> and nas =substr('%N',1,3) and locked=0)
>> # You may want to tailor these for your ACCOUNTING table
>> # You can add your own columns to store whatever you like
>> AccountingTable CALLS
>> DateFormat %Y-%m-%d %H:%M:%S
>> AcctSQLStatement insert into
>>
>> calls(calldate,username,acctsessionid,acctsessiontime,acctterminatecause,nasidentifier,f
>> ramedaddress,callstationid) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-mm-dd
>> hh24:mi:ss'),'%{User-Name}','%{Acct-Session-Id}',%
>>
>> {Acct-Session-Time},'%{Acct-Terminate-Cause}','%N','%{Framed-IP-Address}','%{Calling-Station-Id}')
>> # AcctSQLStatement insert into
>>
>> calls(calldate,username,acctstatustype,acctsessionid,acctsessiontime,nasidentifier,naspo
>> rt) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-mm-dd
>> hh24:mi:ss'),'%{User-Name}','%{Acct-Status-Type}','%{Acct-Session-Id}',%{A
>> cct-Session-Time},'%N',%{NAS-Port})
>> AccountingStopsOnly
>>
>> AddToReply Service-Type = Framed-User, \
>> Framed-Protocol = PPP, \
>> Framed-IP-Netmask = 255.255.255.0, \
>> Framed-Routing = None, \
>> Acct-Terminate-Cause = %{Reply:Acct-Terminate-Cause}, \
>> Framed-MTU = 1500, \
>> Framed-Compression = Van-Jacobson-TCP-IP, \
>> # Idle-Timeout = 600 As on 4th Nov 2006 disabled on instruction
>> of MI by Faisl
>> Qadri
>> </AuthBy>
>> </Realm>
>>
>> <SessionDatabase SQL>
>> DBSource dbi:Oracle:orcl
>> DBUsername abc
>> DBAuth xyz
>>
>> AddQuery update serverports set
>>
>> username='%n',acctstatustype='%{Acct-Status-Type}',framedaddress='%{Framed-IP-
>> Address}',callstationid='%{Calling-Station-Id}',calldate=to_date('%Y-%m-%d
>> %H:%M:%S','yyyy-mm-dd HH24:MI:SS') where port=%{NA
>> S-Port} and substr(ipaddress,1,2)=substr('%N',1,2)
>>
>> DeleteQuery update serverports set acctstatustype='Stop' where
>> port=%{NAS-Port} and substr(ipaddress,1,2)=substr('%N
>> ',1,2)
>> ClearNasQuery update serverports set acctstatustype='Stop'
>> where
>> substr(ipaddress,1,2)=substr('%N',1,2)
>>
>> </SessionDatabase SQL>
>> -----------------------------------------------------------------------
>>
>> Level 4 Debug trace:
>>
>>
>> *** Received from 192.168.22.99 port 1027 ....
>> Code: Access-Request
>> Identifier: 0
>> Authentic: t<222>l<137>U<156>Gj<17>}<7><170>\<152><7>k
>> Attributes:
>> Message-Authenticator = <2><139>?<241><10><176><178>Q:`<160>";r,$
>> Service-Type = Framed-User
>> User-Name = "mfqadri at WIFI"
>> Framed-MTU = 1488
>> Called-Station-Id = "00-1E-58-A9-E7-3D:dlink"
>> Calling-Station-Id = "00-18-F8-2E-5B-B3"
>> NAS-Identifier = "D-Link Access Point"
>> NAS-Port-Type = Wireless-IEEE-802-11
>> Connect-Info = "CONNECT 54Mbps 802.11g"
>> EAP-Message = <2><0><0><17><1>mfqadri at WIFI
>> NAS-IP-Address = 192.168.22.99
>> NAS-Port = 1
>> NAS-Port-Id = "STA port # 1"
>> Mon Jul 6 16:17:10 2009: DEBUG: Handling request with Handler
>> 'Realm=WIFI'
>> Mon Jul 6 16:17:10 2009: DEBUG: Deleting session for mfqadri at WIFI,
>> 192.168.22.99, 1
>> Mon Jul 6 16:17:10 2009: DEBUG: do query is: 'update serverports set
>> acctstatustype='Stop' where port=1 and substr(ipaddress
>> ,1,2)=substr('192.168.22.99',1,2)':
>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with Radius::AuthFILE:
>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with EAP: code 2, 0, 17
>> Mon Jul 6 16:17:10 2009: DEBUG: Response type 1
>> Mon Jul 6 16:17:10 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Mon Jul 6 16:17:10 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> PEAP Challenge
>> Mon Jul 6 16:17:10 2009: DEBUG: Access challenged for mfqadri at WIFI:
>> EAP PEAP Challenge
>> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
>> *** Sending to 192.168.22.99 port 1027 ....
>> Code: Access-Challenge
>> Identifier: 0
>> Authentic: t<222>l<137>U<156>Gj<17>}<7><170>\<152><7>k
>> Attributes:
>> EAP-Message = <1><1><0><6><25>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
>> *** Received from 192.168.22.99 port 1027 ....
>> Code: Access-Request
>> Identifier: 1
>> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>> Attributes:
>> Message-Authenticator =
>> <195><23><144>t<230><162><149><247><209><213>VZ<225>p"<150>
>> Service-Type = Framed-User
>> User-Name = "mfqadri at WIFI"
>> Framed-MTU = 1488
>> Called-Station-Id = "00-1E-58-A9-E7-3D:dlink"
>> Calling-Station-Id = "00-18-F8-2E-5B-B3"
>> NAS-Identifier = "D-Link Access Point"
>> NAS-Port-Type = Wireless-IEEE-802-11
>> Connect-Info = "CONNECT 54Mbps 802.11g"
>> EAP-Message =
>>
>> <2><1><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>JQ<207><214>2<240><204><224><133>i<193><132>
>>
>> <176><26><198><23>h<251>B<23><191><3>;W]<160><162><154><232><187>*<154><0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6
>>>
>>> <0><19><0><18><0>c<1><0>
>>
>> NAS-IP-Address = 192.168.22.99
>> NAS-Port = 1
>> NAS-Port-Id = "STA port # 1"
>> Mon Jul 6 16:17:10 2009: DEBUG: Handling request with Handler
>> 'Realm=WIFI'
>> Mon Jul 6 16:17:10 2009: DEBUG: Deleting session for mfqadri at WIFI,
>> 192.168.22.99, 1
>> Mon Jul 6 16:17:10 2009: DEBUG: do query is: 'update serverports set
>> acctstatustype='Stop' where port=1 and substr(ipaddress
>> ,1,2)=substr('192.168.22.99',1,2)':
>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with Radius::AuthFILE:
>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with EAP: code 2, 1, 80
>> Mon Jul 6 16:17:10 2009: DEBUG: Response type 25
>> Mon Jul 6 16:17:10 2009: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
>> Mon Jul 6 16:17:10 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Mon Jul 6 16:17:10 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>> PEAP Challenge
>> Mon Jul 6 16:17:10 2009: DEBUG: Access challenged for mfqadri at WIFI:
>> EAP PEAP Challenge
>> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
>> *** Sending to 192.168.22.99 port 1027 ....
>> Code: Access-Challenge
>> Identifier: 1
>> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>> Attributes:
>> EAP-Message =
>>
>> <1><2><5><218><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>JQ<221>6<223>5C<192><254><128><222><250>
>> p<223>B<230><246><143>j8z<177><226>v<20><241><2><198><219><196>/<144>
>> <156><27>#<9><215>Qq<131>0q<182><196>(<23><147><159>3<2
>>
>> 11><178><178><159>U<158><1><251><142><154><27><212>A<144><139><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<
>>
>> 130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4>
>>
>> <6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>> production)1 0<30><6><9>*<134>H<134><247><13><1><9
>>>
>>>
>>> <1><22><17>mikem at open.com.au0<30><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
>>
>>
>> U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
>> Test
>>
>> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1>
>> EAP-Message =
>>
>> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/<241>.9<209><250>\y<1><149>[
>>
>> <215><24>e<133><15><223>d<176><132>Z<222>#<234><12>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19><2
>>
>> 47>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/<16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><
>>
>> 171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>+<233><135>0<212>Y<207><158>N<226><136
>>>
>>>
>>> <12><132><143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6>
>>
>>
>> <9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?<174><155><170><162><189><20>
>>
>> <25>az<19>o<202><250>|B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<211><248>oba<
>> EAP-Message =
>>
>> JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13><152><154>T<218><8><2
>>
>> 46><202>.<177>9s*<220><219>n"Gu<188><254><206>U?<214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><162
>>>
>>>
>>> <160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
>>>
>>> <6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>
>> Demo Certificates1!0<
>> 31><6><3>U<4><11><19><24>Test Certificate
>> Section1/0-<6><3>U<4><3><19>&OSC Test CA
>> (do not
>> EAP-Message = use in production)1
>>
>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>0403
>>
>> 16080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3
>>>
>>> U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>
>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Se
>> ction1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
>> EAP-Message = n)1
>>
>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134
>>>
>>>
>>> <247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><199><214
>>>
>>> <253>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><
>>
>>
>> 145><138><143><136><127><230><<9>l<172><210><205><136><162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<22
>>
>> 1><252><168>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0
>>>
>>>
>>> <1><163><130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
>>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Mon Jul 6 16:17:13 2009: DEBUG: Packet dump:
>> *** Received from 192.168.22.99 port 1027 ....
>> Code: UNDEF
>> Identifier: 63
>> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>> Attributes:
>> EAP-Message =
>>
>> <1><2><5><218><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>JQ<221>6<223>5C<192><254><128><222><250>
>> p<223>B<230><246><143>j8z<177><226>v<20><241><2><198><219><196>/<144>
>> <156><27>#<9><215>Qq<131>0q<182><196>(<23><147><159>3<2
>>
>> 11><178><178><159>U<158><1><251><142><154><27><212>A<144><139><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<
>>
>> 130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4>
>>
>> <6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>> production)1 0<30><6><9>*<134>H<134><247><13><1><9
>>>
>>>
>>> <1><22><17>mikem at open.com.au0<30><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
>>
>>
>> U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
>> Test Company1%0#<6><3>U<4><3>
>>
>> <19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1>
>> EAP-Message =
>>
>> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/<241>.9<209><250>\y<1><149>[
>>
>> <215><24>e<133><15><223>d<176><132>Z<222>#<234><12>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/<16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><
>>
>> 171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>+<233><135>0<212>Y<207><158>N<226><136
>>>
>>>
>>> <12><132><143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6>
>>
>>
>> <9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?<174><155><170><162><189><20>
>>
>> <25>az<19>o<202><250>|B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<211><248>oba<
>> EAP-Message =
>>
>> JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13><152><154>T<218><8><2
>>
>> 46><202>.<177>9s*<220><219>n"Gu<188><254><206>U?<214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><162
>>>
>>>
>>> <160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
>>>
>>> <6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>
>> Demo Certificates1!0<
>> 31><6><3>U<4><11><19><24>Test Certificate
>> Section1/0-<6><3>U<4><3><19>&OSC Test CA
>> (do not
>> EAP-Message = use in production)1
>>
>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>0403
>>
>> 16080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3
>>>
>>> U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>
>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Se
>> ction1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
>> EAP-Message = n)1
>>
>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134
>>>
>>>
>>> <247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><199><214
>>>
>>> <253>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><
>>
>>
>> 145><138><143><136><127><230><<9>l<172><210><205><136><162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<22
>>
>> 1><252><168>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0
>>>
>>>
>>> <1><163><130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
>>
>> Message-Authenticator =
>> <6>9<27><229><183><152>S<159><249><248><229>~1<253><136><135>
>> Mon Jul 6 16:17:13 2009: WARNING: Bad EAP Message-Authenticator
>> Mon Jul 6 16:17:13 2009: WARNING: Bad authenticator in request from
>> 192.168.22.99
>> (192.168.22.99)
>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 35 (vendor 311) is not
>> defined in
>> your dictionary
>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 34 (vendor 311) is not
>> defined in
>> your dictionary
>> Mon Jul 6 16:17:14 2009: DEBUG: Packet dump:
>>
>> Looking forward for your reply.
>>
>> Regards
>>
>> Khurram Masood
>> khurram.groups at gmail.com
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
More information about the radiator
mailing list