[RADIATOR] PEAP/EAP MSCHAPV2 with WPA configuration
Hugh Irvine
hugh at open.com.au
Thu Jul 9 01:59:34 CDT 2009
Hello Khurram -
I strongly recommend you upgrade to Radiator 4.4 (plus the latest
patches).
more below ...
On 9 Jul 2009, at 15:58, Khurram Masood wrote:
> Hello Hugh
>
> Thanks for your reply, the answers to your questions are;
> -Radiator version 3.2
> -Hp GL5 380 server
> -Perl 5.8.5
>
Thanks for the information.
> -Should we use handlers instead of wifi realm because using other
> realms is our requirment for other user?
You should do something like this:
.....
# This will authenticate users from SUBSCRIBERS
<Handler TunnelledByPEAP=1>
<AuthBy FILE>
Filename %D/users
# This tells the PEAP client what types of inner EAP
requests
# we will honour
EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
</AuthBy>
</Handler>
<Handler Realm = WIFI>
<AuthBy FILE>
Filename /home/oracle/Radiator-3.12/wifi_users
EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
EAPTLS_CAFile
/home/oracle/Radiator-3.12/certificates/demoCA/cacert.pem
EAPTLS_CAPath
EAPTLS_CertificateFile
/home/oracle/Radiator-3.12/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile
/home/oracle/Radiator-3.12/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
AutoMPPEKeys
EAPTLS_PEAPVersion 0
</AuthBy>
</Handler>
<Handler>
AuthByPolicy ContinueWhileAccept
PasswordLogFileName %L/password_log
MaxSessions 1
<AuthBy SQL>
# Adjust DBSource, DBUsername, DBAuth to suit your DB
DBSource dbi:Oracle:orcl
DBUsername abc
DBAuth xyz
AuthSelect select password from subaccounts where ((active=1
or (active=0
and freeaccess=1)) and login=concat('%n',
'l') and nas=substr('%N',1,3) and locked=0) or (active=1 and
login=concat('%n','d')
and nas =substr('%N',1,3) and locked=0)
# You may want to tailor these for your ACCOUNTING table
# You can add your own columns to store whatever you like
AccountingTable CALLS
DateFormat %Y-%m-%d %H:%M:%S
AcctSQLStatement insert into
calls
(calldate
,username
,acctsessionid,acctsessiontime,acctterminatecause,nasidentifier,f
ramedaddress,callstationid) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-
mm-dd
hh24:mi:ss'),'%{User-Name}','%{Acct-Session-Id}',%
{Acct-Session-Time},'%{Acct-Terminate-Cause}','%N','%{Framed-IP-
Address}','%{Calling-Station-Id}')
# AcctSQLStatement insert into
calls
(calldate
,username
,acctstatustype,acctsessionid,acctsessiontime,nasidentifier,naspo
rt) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-mm-dd
hh24:mi:ss'),'%{User-Name}','%{Acct-Status-Type}','%{Acct-Session-Id}',
%{A
cct-Session-Time},'%N',%{NAS-Port})
AccountingStopsOnly
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
Framed-IP-Netmask = 255.255.255.0, \
Framed-Routing = None, \
Acct-Terminate-Cause = %{Reply:Acct-Terminate-Cause}, \
Framed-MTU = 1500, \
Framed-Compression = Van-Jacobson-TCP-IP, \
# Idle-Timeout = 600 As on 4th Nov 2006 disabled on instruction
of MI by Faisl
Qadri
</AuthBy>
</Handler>
.....
> -Would it make a significant difference if we don't update our
> dictionary because at this point of time we are not willing to?
Yes - the missing attributes (and many others) are in the latest
version.
> - Are you talking of the shared secret in the following clause because
> its the same at the access point?
>
> <Client 10.100.0.2>
> Secret abc
> DupInterval 4
> </Client>
>
Yes.
regards
Hugh
> On Wed, Jul 8, 2009 at 3:38 PM, Hugh Irvine<hugh at open.com.au> wrote:
>>
>> Hello Khurram -
>>
>> Can you please tell me what version of Radiator you are running?
>> (The most
>> recent is Radiator 4.4 plus patches).
>>
>> Can you also please tell me what hardware/software plafrom you are
>> running
>> on and what version of Perl etc.?
>>
>> I can see at least 3 problems:
>>
>> The first is your configuration file which mixes Realms and
>> Handlers - you
>> should use Handlers only (see the examples in "goodies/eap_*.cfg").
>>
>> The second is the dictionary you are using which does not appear to
>> be the
>> most recent one which contains these attributes:
>>
>>>
>>> Mon Jul 6 16:17:13 2009: WARNING: Bad EAP Message-Authenticator
>>> Mon Jul 6 16:17:13 2009: WARNING: Bad authenticator in request from
>>> 192.168.22.99
>>> (192.168.22.99)
>>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 35 (vendor 311) is
>>> not
>>> defined in
>>> your dictionary
>>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 34 (vendor 311) is
>>> not
>>> defined in
>>> your dictionary
>>> Mon Jul 6 16:17:14 2009: DEBUG: Packet dump:
>>
>> And third - "Bad authenticator ....." usually indicates an
>> incorrect shared
>> secret.
>>
>>
>> hope that helps
>>
>> regards
>>
>> Hugh
>>
>>
>> On 7 Jul 2009, at 19:33, Khurram Masood wrote:
>>
>>> Hello Hugh
>>>
>>> I am having a problem configuring the radiator for securing my WiFi
>>> network. Following are the necessary details
>>>
>>> Access point security protocol: WPA with AES
>>> Client : XP SP3 with PEAP/EAP MSCHAP-V2
>>> Other Info : Using DHCP for the clients although the AP has
>>> static IP addresse.
>>>
>>> Problem : Unable to authenticate the user.
>>>
>>>
>>> Config file:
>>> # Example Radiator configuration file that allows you to
>>> # authenticate from an SQL database.
>>> # With Radiator you can interface with almost any databse schema,
>>> # and there are many more configurable parameters that allow you
>>> # to control database fallback, select statements, column names
>>> # and arrangements etc etc etc.
>>> # See the reference manual for more details.
>>> # This is a very simple exmaple to get you started. It will
>>> # work with the tables created by the goodies/*.sql scripts.
>>> #
>>> # You should consider this file to be a starting point only
>>> # $Id: sql.cfg,v 1.4 2000/03/21 01:25:16 mikem Exp $
>>>
>>> Foreground
>>> LogStdout
>>> LogDir .
>>> DbDir .
>>> Trace 4
>>> AuthPort 1645
>>> AcctPort 1646
>>> # You will probably want to change this to suit your site.
>>> <Client 10.100.0.2>
>>> Secret abc
>>> DupInterval 4
>>> </Client>
>>>
>>> <Client DEFAULT>
>>> Secret xyz
>>> DupInterval 4
>>> </Client>
>>>
>>> # You can put client details in a database table
>>> # and get their details from there with something like this:
>>>
>>> # This will authenticate users from SUBSCRIBERS
>>> <Handler TunnelledByPEAP=1>
>>> <AuthBy FILE>
>>> Filename %D/users
>>> # This tells the PEAP client what types of inner EAP
>>> requests
>>> # we will honour
>>> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>>> </AuthBy>
>>> </Handler>
>>>
>>>
>>> <Realm WIFI>
>>> <AuthBy FILE>
>>> Filename /home/oracle/Radiator-3.12/wifi_users
>>> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>>> EAPTLS_CAFile
>>> /home/oracle/Radiator-3.12/certificates/demoCA/cacert.pem
>>> EAPTLS_CAPath
>>> EAPTLS_CertificateFile
>>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>>> EAPTLS_CertificateType PEM
>>> EAPTLS_PrivateKeyFile
>>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>>> EAPTLS_PrivateKeyPassword whatever
>>> AutoMPPEKeys
>>> EAPTLS_PEAPVersion 0
>>> </AuthBy>
>>> </Realm>
>>>
>>> <Realm DEFAULT>
>>> AuthByPolicy ContinueWhileAccept
>>> PasswordLogFileName %L/password_log
>>> MaxSessions 1
>>> <AuthBy SQL>
>>> # Adjust DBSource, DBUsername, DBAuth to suit your DB
>>> DBSource dbi:Oracle:orcl
>>> DBUsername abc
>>> DBAuth xyz
>>> AuthSelect select password from subaccounts where
>>> ((active=1
>>> or (active=0
>>> and freeaccess=1)) and login=concat('%n',
>>> 'l') and nas=substr('%N',1,3) and locked=0) or (active=1 and
>>> login=concat('%n','d')
>>> and nas =substr('%N',1,3) and locked=0)
>>> # You may want to tailor these for your ACCOUNTING table
>>> # You can add your own columns to store whatever you like
>>> AccountingTable CALLS
>>> DateFormat %Y-%m-%d %H:%M:%S
>>> AcctSQLStatement insert into
>>>
>>> calls
>>> (calldate
>>> ,username
>>> ,acctsessionid,acctsessiontime,acctterminatecause,nasidentifier,f
>>> ramedaddress,callstationid) values(to_date('%Y-%m-%d %H:%M:
>>> %S','yyyy-mm-dd
>>> hh24:mi:ss'),'%{User-Name}','%{Acct-Session-Id}',%
>>>
>>> {Acct-Session-Time},'%{Acct-Terminate-Cause}','%N','%{Framed-IP-
>>> Address}','%{Calling-Station-Id}')
>>> # AcctSQLStatement insert into
>>>
>>> calls
>>> (calldate
>>> ,username
>>> ,acctstatustype,acctsessionid,acctsessiontime,nasidentifier,naspo
>>> rt) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-mm-dd
>>> hh24:mi:ss'),'%{User-Name}','%{Acct-Status-Type}','%{Acct-Session-
>>> Id}',%{A
>>> cct-Session-Time},'%N',%{NAS-Port})
>>> AccountingStopsOnly
>>>
>>> AddToReply Service-Type = Framed-User, \
>>> Framed-Protocol = PPP, \
>>> Framed-IP-Netmask = 255.255.255.0, \
>>> Framed-Routing = None, \
>>> Acct-Terminate-Cause = %{Reply:Acct-Terminate-Cause}, \
>>> Framed-MTU = 1500, \
>>> Framed-Compression = Van-Jacobson-TCP-IP, \
>>> # Idle-Timeout = 600 As on 4th Nov 2006 disabled on
>>> instruction
>>> of MI by Faisl
>>> Qadri
>>> </AuthBy>
>>> </Realm>
>>>
>>> <SessionDatabase SQL>
>>> DBSource dbi:Oracle:orcl
>>> DBUsername abc
>>> DBAuth xyz
>>>
>>> AddQuery update serverports set
>>>
>>> username='%n',acctstatustype='%{Acct-Status-Type}',framedaddress='%
>>> {Framed-IP-
>>> Address}',callstationid='%{Calling-Station-
>>> Id}',calldate=to_date('%Y-%m-%d
>>> %H:%M:%S','yyyy-mm-dd HH24:MI:SS') where port=%{NA
>>> S-Port} and substr(ipaddress,1,2)=substr('%N',1,2)
>>>
>>> DeleteQuery update serverports set acctstatustype='Stop'
>>> where
>>> port=%{NAS-Port} and substr(ipaddress,1,2)=substr('%N
>>> ',1,2)
>>> ClearNasQuery update serverports set
>>> acctstatustype='Stop'
>>> where
>>> substr(ipaddress,1,2)=substr('%N',1,2)
>>>
>>> </SessionDatabase SQL>
>>> -----------------------------------------------------------------------
>>>
>>> Level 4 Debug trace:
>>>
>>>
>>> *** Received from 192.168.22.99 port 1027 ....
>>> Code: Access-Request
>>> Identifier: 0
>>> Authentic: t<222>l<137>U<156>Gj<17>}<7><170>\<152><7>k
>>> Attributes:
>>> Message-Authenticator = <2><139>?
>>> <241><10><176><178>Q:`<160>";r,$
>>> Service-Type = Framed-User
>>> User-Name = "mfqadri at WIFI"
>>> Framed-MTU = 1488
>>> Called-Station-Id = "00-1E-58-A9-E7-3D:dlink"
>>> Calling-Station-Id = "00-18-F8-2E-5B-B3"
>>> NAS-Identifier = "D-Link Access Point"
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> Connect-Info = "CONNECT 54Mbps 802.11g"
>>> EAP-Message = <2><0><0><17><1>mfqadri at WIFI
>>> NAS-IP-Address = 192.168.22.99
>>> NAS-Port = 1
>>> NAS-Port-Id = "STA port # 1"
>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling request with Handler
>>> 'Realm=WIFI'
>>> Mon Jul 6 16:17:10 2009: DEBUG: Deleting session for mfqadri at WIFI,
>>> 192.168.22.99, 1
>>> Mon Jul 6 16:17:10 2009: DEBUG: do query is: 'update serverports
>>> set
>>> acctstatustype='Stop' where port=1 and substr(ipaddress
>>> ,1,2)=substr('192.168.22.99',1,2)':
>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with Radius::AuthFILE:
>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with EAP: code 2, 0, 17
>>> Mon Jul 6 16:17:10 2009: DEBUG: Response type 1
>>> Mon Jul 6 16:17:10 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>>> Mon Jul 6 16:17:10 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>> PEAP Challenge
>>> Mon Jul 6 16:17:10 2009: DEBUG: Access challenged for mfqadri at WIFI:
>>> EAP PEAP Challenge
>>> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
>>> *** Sending to 192.168.22.99 port 1027 ....
>>> Code: Access-Challenge
>>> Identifier: 0
>>> Authentic: t<222>l<137>U<156>Gj<17>}<7><170>\<152><7>k
>>> Attributes:
>>> EAP-Message = <1><1><0><6><25>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
>>> *** Received from 192.168.22.99 port 1027 ....
>>> Code: Access-Request
>>> Identifier: 1
>>> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>>> Attributes:
>>> Message-Authenticator =
>>> <195><23><144>t<230><162><149><247><209><213>VZ<225>p"<150>
>>> Service-Type = Framed-User
>>> User-Name = "mfqadri at WIFI"
>>> Framed-MTU = 1488
>>> Called-Station-Id = "00-1E-58-A9-E7-3D:dlink"
>>> Calling-Station-Id = "00-18-F8-2E-5B-B3"
>>> NAS-Identifier = "D-Link Access Point"
>>> NAS-Port-Type = Wireless-IEEE-802-11
>>> Connect-Info = "CONNECT 54Mbps 802.11g"
>>> EAP-Message =
>>>
>>> <
>>> 2
>>> >
>>> <
>>> 1
>>> >
>>> <
>>> 0
>>> >
>>> P
>>> <
>>> 25
>>> >
>>> <
>>> 128
>>> >
>>> <
>>> 0
>>> >
>>> <
>>> 0
>>> >
>>> <
>>> 0
>>> >
>>> F
>>> <
>>> 22
>>> >
>>> <
>>> 3
>>> ><1><0>A<1><0><0>=<3><1>JQ<207><214>2<240><204><224><133>i<193><132>
>>>
>>> <
>>> 176
>>> >
>>> <
>>> 26
>>> >
>>> <
>>> 198
>>> >
>>> <
>>> 23
>>> >
>>> h
>>> <
>>> 251
>>> >
>>> B
>>> <
>>> 23
>>> >
>>> <
>>> 191
>>> >
>>> <
>>> 3
>>> >
>>> ;W
>>> ]<
>>> 160
>>> >
>>> <
>>> 162
>>> >
>>> <
>>> 154
>>> >
>>> <
>>> 232
>>> ><187>*<154><0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6
>>>>
>>>> <0><19><0><18><0>c<1><0>
>>>
>>> NAS-IP-Address = 192.168.22.99
>>> NAS-Port = 1
>>> NAS-Port-Id = "STA port # 1"
>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling request with Handler
>>> 'Realm=WIFI'
>>> Mon Jul 6 16:17:10 2009: DEBUG: Deleting session for mfqadri at WIFI,
>>> 192.168.22.99, 1
>>> Mon Jul 6 16:17:10 2009: DEBUG: do query is: 'update serverports
>>> set
>>> acctstatustype='Stop' where port=1 and substr(ipaddress
>>> ,1,2)=substr('192.168.22.99',1,2)':
>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with Radius::AuthFILE:
>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with EAP: code 2, 1, 80
>>> Mon Jul 6 16:17:10 2009: DEBUG: Response type 25
>>> Mon Jul 6 16:17:10 2009: DEBUG: EAP TLS SSL_accept result: -1, 2,
>>> 8576
>>> Mon Jul 6 16:17:10 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>>> Mon Jul 6 16:17:10 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>> PEAP Challenge
>>> Mon Jul 6 16:17:10 2009: DEBUG: Access challenged for mfqadri at WIFI:
>>> EAP PEAP Challenge
>>> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
>>> *** Sending to 192.168.22.99 port 1027 ....
>>> Code: Access-Challenge
>>> Identifier: 1
>>> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>>> Attributes:
>>> EAP-Message =
>>>
>>> <
>>> 1
>>> >
>>> <
>>> 2
>>> >
>>> <
>>> 5
>>> >
>>> <
>>> 218
>>> >
>>> <
>>> 25
>>> >
>>> <
>>> 192
>>> >
>>> <
>>> 0
>>> >
>>> <
>>> 0
>>> >
>>> <
>>> 8
>>> >
>>> P
>>> <
>>> 22
>>> ><3><1><0>J<2><0><0>F<3><1>JQ<221>6<223>5C<192><254><128><222><250>
>>> p<223>B<230><246><143>j8z<177><226>v<20><241><2><198><219><196>/
>>> <144>
>>> <156><27>#<9><215>Qq<131>0q<182><196>(<23><147><159>3<2
>>>
>>> 11
>>> >
>>> <
>>> 178
>>> >
>>> <
>>> 178
>>> >
>>> <
>>> 159
>>> >
>>> U
>>> <
>>> 158
>>> >
>>> <
>>> 1
>>> >
>>> <
>>> 251
>>> >
>>> <
>>> 142
>>> >
>>> <
>>> 154
>>> >
>>> <
>>> 27
>>> >
>>> <
>>> 212
>>> >
>>> A
>>> <
>>> 144
>>> >
>>> <139><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<
>>>
>>> 130
>>> >
>>> <
>>> 2
>>> >
>>> <
>>> 205
>>> >
>>> 0
>>> <
>>> 130
>>> >
>>> <
>>> 2
>>> >
>>> 6
>>> <
>>> 160
>>> >
>>> <
>>> 3
>>> >
>>> <
>>> 2
>>> >
>>> <
>>> 1
>>> >
>>> <
>>> 2
>>> >
>>> <
>>> 2
>>> >
>>> <
>>> 1
>>> >
>>> <
>>> 2
>>> >
>>> 0
>>> <
>>> 13
>>> >
>>> <
>>> 6
>>> >
>>> <
>>> 9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4>
>>>
>>> <
>>> 6
>>> >
>>> <
>>> 19
>>> >
>>> <
>>> 2
>>> >
>>> AU1
>>> <
>>> 17
>>> >
>>> 0
>>> <
>>> 15
>>> >
>>> <
>>> 6
>>> >
>>> <
>>> 3
>>> >
>>> U
>>> <
>>> 4
>>> >
>>> <
>>> 8
>>> >
>>> <
>>> 19
>>> >
>>> <
>>> 8
>>> >
>>> Victoria1
>>> <
>>> 18
>>> >
>>> 0
>>> <16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>>> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not
>>> use in
>>> production)1 0<30><6><9>*<134>H<134><247><13><1><9
>>>>
>>>>
>>>> <
>>>> 1
>>>> >
>>>> <
>>>> 22
>>>> >
>>>> <
>>>> 17
>>>> >
>>>> mikem
>>>> @open
>>>> .com
>>>> .au0
>>>> <
>>>> 30
>>>> >
>>>> <
>>>> 23
>>>> >
>>>> <
>>>> 13
>>>> >
>>>> 040316080209Z
>>>> <
>>>> 23
>>>> ><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
>>>
>>>
>>> U
>>> <
>>> 4
>>> >
>>> <
>>> 8
>>> >
>>> <
>>> 19
>>> >
>>> <
>>> 8
>>> >
>>> Victoria1
>>> <
>>> 18
>>> >
>>> 0<16><6><3>U<4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
>>> Test
>>>
>>> Company1
>>> %0
>>> #<
>>> 6
>>> >
>>> <
>>> 3
>>> >
>>> U
>>> <
>>> 4
>>> >
>>> <
>>> 3
>>> >
>>> <
>>> 19
>>> >
>>> <
>>> 28
>>> >
>>> test
>>> .server
>>> .some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1>
>>> EAP-Message =
>>>
>>> <
>>> 1
>>> >
>>> <
>>> 5
>>> >
>>> <
>>> 0
>>> ><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/
>>> <241>.9<209><250>\y<1><149>[
>>>
>>> <215><24>e<133><15><223>d<176><132>Z<222>#<234><12>
>>> %<
>>> 133
>>> >
>>> aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19><2
>>>
>>> 47>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/
>>> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><
>>>
>>> 171
>>> >
>>> <
>>> 154
>>> >
>>> <
>>> 249
>>> >
>>> <
>>> 220
>>> >
>>> v
>>> <17><159><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>
>>> +<233><135>0<212>Y<207><158>N<226><136
>>>>
>>>>
>>>> <
>>>> 12
>>>> >
>>>> <
>>>> 132
>>>> >
>>>> <143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>
>>>> %<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6>
>>>
>>>
>>> <
>>> 9
>>> >
>>> *<
>>> 134
>>> >
>>> H
>>> <
>>> 134
>>> >
>>> <
>>> 247
>>> >
>>> <
>>> 13
>>> >
>>> <
>>> 1
>>> >
>>> <
>>> 1
>>> ><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?
>>> <174><155><170><162><189><20>
>>>
>>> <25>az<19>o<202><250>|B8N<209><225><253>?
>>> hv<170><193><235><2>b<16><201>}<250>,<181>q<154>
>>> %<182><29><179>p<211><248>oba<
>>> EAP-Message =
>>>
>>> JP<13>p<12>
>>> +
>>> <
>>> 154
>>> >
>>> <
>>> 199
>>> >
>>> 1
>>> <
>>> 16
>>> >
>>> <
>>> 208
>>> >
>>> <
>>> 138
>>> ><21><141>'wrX<214>NUW<231><173><25>w<215><13><152><154>T<218><8><2
>>>
>>> 46><202>.<177>9s*<220><219>n"Gu<188><254><206>U?
>>> <
>>> 214
>>> >
>>> )<
>>> 181
>>> >I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><162
>>>>
>>>>
>>>> <
>>>> 160
>>>> >
>>>> <
>>>> 3
>>>> >
>>>> <
>>>> 2
>>>> >
>>>> <
>>>> 1
>>>> >
>>>> <
>>>> 2
>>>> >
>>>> <
>>>> 2
>>>> >
>>>> <
>>>> 1
>>>> >
>>>> <
>>>> 0
>>>> >
>>>> 0
>>>> <
>>>> 13
>>>> >
>>>> <
>>>> 6
>>>> >
>>>> <
>>>> 9
>>>> >
>>>> *<
>>>> 134
>>>> >
>>>> H
>>>> <
>>>> 134
>>>> >
>>>> <
>>>> 247
>>>> >
>>>> <
>>>> 13
>>>> ><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
>>>>
>>>> <
>>>> 6
>>>> >
>>>> <
>>>> 3
>>>> >
>>>> U
>>>> <
>>>> 4
>>>> >
>>>> <
>>>> 8
>>>> >
>>>> <
>>>> 19
>>>> >
>>>> <
>>>> 8
>>>> >
>>>> Victoria1
>>>> <
>>>> 18
>>>> >
>>>> 0
>>>> <
>>>> 16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>
>>> Demo Certificates1!0<
>>> 31><6><3>U<4><11><19><24>Test Certificate
>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA
>>> (do not
>>> EAP-Message = use in production)1
>>>
>>> 0
>>> <
>>> 30
>>> >
>>> <
>>> 6
>>> >
>>> <
>>> 9
>>> >
>>> *<
>>> 134
>>> >H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>0403
>>>
>>> 16080125Z
>>> <
>>> 23
>>> >
>>> <
>>> 13
>>> >
>>> 060316080125Z0
>>> <
>>> 129
>>> >
>>> <
>>> 202
>>> >
>>> 1
>>> <
>>> 11
>>> >
>>> 0
>>> <
>>> 9
>>> >
>>> <
>>> 6
>>> >
>>> <
>>> 3
>>> >
>>> U
>>> <4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3
>>>>
>>>> U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>
>>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Se
>>> ction1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
>>> EAP-Message = n)1
>>>
>>> 0
>>> <
>>> 30
>>> >
>>> <
>>> 6
>>> >
>>> <
>>> 9
>>> >
>>> *<
>>> 134
>>> >
>>> H
>>> <
>>> 134
>>> >
>>> <
>>> 247
>>> >
>>> <
>>> 13
>>> ><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134
>>>>
>>>>
>>>> <
>>>> 247
>>>> >
>>>> <
>>>> 13
>>>> >
>>>> <
>>>> 1
>>>> ><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><204><181>
>>>> %Q<192>7g0<140><153>0xg<240><152><248><199><214
>>>>
>>>> <253>W<7><220>|fd<163><137>
>>>> %F
>>>> <
>>>> 216
>>>> >
>>>> <
>>>> 220
>>>> >
>>>> <
>>>> 148
>>>> >
>>>> <
>>>> 230
>>>> >
>>>> <
>>>> 6
>>>> >
>>>> <
>>>> 18
>>>> >
>>>> ie
>>>> <144>'<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><
>>>
>>>
>>> 145
>>> >
>>> <
>>> 138
>>> >
>>> <
>>> 143
>>> >
>>> <
>>> 136
>>> >
>>> <
>>> 127
>>> >
>>> <
>>> 230
>>> >
>>> <
>>> <
>>> 9
>>> >
>>> l
>>> <
>>> 172
>>> >
>>> <
>>> 210
>>> >
>>> <
>>> 205
>>> >
>>> <
>>> 136
>>> >
>>> <
>>> 162
>>> ><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<22
>>>
>>> 1
>>> >
>>> <
>>> 252
>>> >
>>> <
>>> 168
>>> >
>>> H
>>> <
>>> 178
>>> >
>>> <
>>> 158
>>> >
>>> <
>>> 25
>>> >
>>> <
>>> 235
>>> >
>>> <
>>> 152
>>> >
>>> <
>>> 250
>>> >
>>> g
>>> <
>>> 199
>>> >
>>> <
>>> 172
>>> >
>>> <
>>> 250
>>> >uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0
>>>>
>>>>
>>>> <1><163><130><1>
>>>> +
>>>> 0
>>>> <
>>>> 130
>>>> >
>>>> <
>>>> 1
>>>> >
>>>> '0
>>>> <
>>>> 29
>>>> >
>>>> <
>>>> 6
>>>> >
>>>> <3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
>>>
>>> Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>> Mon Jul 6 16:17:13 2009: DEBUG: Packet dump:
>>> *** Received from 192.168.22.99 port 1027 ....
>>> Code: UNDEF
>>> Identifier: 63
>>> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>>> Attributes:
>>> EAP-Message =
>>>
>>> <
>>> 1
>>> >
>>> <
>>> 2
>>> >
>>> <
>>> 5
>>> >
>>> <
>>> 218
>>> >
>>> <
>>> 25
>>> >
>>> <
>>> 192
>>> >
>>> <
>>> 0
>>> >
>>> <
>>> 0
>>> >
>>> <
>>> 8
>>> >
>>> P
>>> <
>>> 22
>>> ><3><1><0>J<2><0><0>F<3><1>JQ<221>6<223>5C<192><254><128><222><250>
>>> p<223>B<230><246><143>j8z<177><226>v<20><241><2><198><219><196>/
>>> <144>
>>> <156><27>#<9><215>Qq<131>0q<182><196>(<23><147><159>3<2
>>>
>>> 11
>>> >
>>> <
>>> 178
>>> >
>>> <
>>> 178
>>> >
>>> <
>>> 159
>>> >
>>> U
>>> <
>>> 158
>>> >
>>> <
>>> 1
>>> >
>>> <
>>> 251
>>> >
>>> <
>>> 142
>>> >
>>> <
>>> 154
>>> >
>>> <
>>> 27
>>> >
>>> <
>>> 212
>>> >
>>> A
>>> <
>>> 144
>>> >
>>> <139><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<
>>>
>>> 130
>>> >
>>> <
>>> 2
>>> >
>>> <
>>> 205
>>> >
>>> 0
>>> <
>>> 130
>>> >
>>> <
>>> 2
>>> >
>>> 6
>>> <
>>> 160
>>> >
>>> <
>>> 3
>>> >
>>> <
>>> 2
>>> >
>>> <
>>> 1
>>> >
>>> <
>>> 2
>>> >
>>> <
>>> 2
>>> >
>>> <
>>> 1
>>> >
>>> <
>>> 2
>>> >
>>> 0
>>> <
>>> 13
>>> >
>>> <
>>> 6
>>> >
>>> <
>>> 9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4>
>>>
>>> <
>>> 6
>>> >
>>> <
>>> 19
>>> >
>>> <
>>> 2
>>> >
>>> AU1
>>> <
>>> 17
>>> >
>>> 0
>>> <
>>> 15
>>> >
>>> <
>>> 6
>>> >
>>> <
>>> 3
>>> >
>>> U
>>> <
>>> 4
>>> >
>>> <
>>> 8
>>> >
>>> <
>>> 19
>>> >
>>> <
>>> 8
>>> >
>>> Victoria1
>>> <
>>> 18
>>> >
>>> 0
>>> <16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>>> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not
>>> use in
>>> production)1 0<30><6><9>*<134>H<134><247><13><1><9
>>>>
>>>>
>>>> <
>>>> 1
>>>> >
>>>> <
>>>> 22
>>>> >
>>>> <
>>>> 17
>>>> >
>>>> mikem
>>>> @open
>>>> .com
>>>> .au0
>>>> <
>>>> 30
>>>> >
>>>> <
>>>> 23
>>>> >
>>>> <
>>>> 13
>>>> >
>>>> 040316080209Z
>>>> <
>>>> 23
>>>> ><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
>>>
>>>
>>> U
>>> <
>>> 4
>>> >
>>> <
>>> 8
>>> >
>>> <
>>> 19
>>> >
>>> <
>>> 8
>>> >
>>> Victoria1
>>> <
>>> 18
>>> >
>>> 0<16><6><3>U<4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
>>> Test Company1%0#<6><3>U<4><3>
>>>
>>> <
>>> 19
>>> >
>>> <
>>> 28
>>> >
>>> test
>>> .server
>>> .some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1>
>>> EAP-Message =
>>>
>>> <
>>> 1
>>> >
>>> <
>>> 5
>>> >
>>> <
>>> 0
>>> ><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/
>>> <241>.9<209><250>\y<1><149>[
>>>
>>> <215><24>e<133><15><223>d<176><132>Z<222>#<234><12>
>>> %<
>>> 133
>>> >
>>> aF
>>> <
>>> 28
>>> >
>>> <
>>> 20
>>> >
>>> <
>>> 24
>>> >
>>> <
>>> 218
>>> >
>>> <
>>> 160
>>> >
>>> <
>>> 197
>>> >
>>> <
>>> 239
>>> >
>>> <
>>> 237
>>> >
>>> <
>>> 136
>>> >
>>> <
>>> 222
>>> >
>>> <
>>> 218
>>> >
>>> <
>>> 138
>>> >
>>> <
>>> 6><19><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/
>>> <16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><
>>>
>>> 171
>>> >
>>> <
>>> 154
>>> >
>>> <
>>> 249
>>> >
>>> <
>>> 220
>>> >
>>> v
>>> <17><159><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>
>>> +<233><135>0<212>Y<207><158>N<226><136
>>>>
>>>>
>>>> <
>>>> 12
>>>> >
>>>> <
>>>> 132
>>>> >
>>>> <143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>
>>>> %<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6>
>>>
>>>
>>> <
>>> 9
>>> >
>>> *<
>>> 134
>>> >
>>> H
>>> <
>>> 134
>>> >
>>> <
>>> 247
>>> >
>>> <
>>> 13
>>> >
>>> <
>>> 1
>>> >
>>> <
>>> 1
>>> ><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?
>>> <174><155><170><162><189><20>
>>>
>>> <25>az<19>o<202><250>|B8N<209><225><253>?
>>> hv<170><193><235><2>b<16><201>}<250>,<181>q<154>
>>> %<182><29><179>p<211><248>oba<
>>> EAP-Message =
>>>
>>> JP<13>p<12>
>>> +
>>> <
>>> 154
>>> >
>>> <
>>> 199
>>> >
>>> 1
>>> <
>>> 16
>>> >
>>> <
>>> 208
>>> >
>>> <
>>> 138
>>> ><21><141>'wrX<214>NUW<231><173><25>w<215><13><152><154>T<218><8><2
>>>
>>> 46><202>.<177>9s*<220><219>n"Gu<188><254><206>U?
>>> <
>>> 214
>>> >
>>> )<
>>> 181
>>> >I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><162
>>>>
>>>>
>>>> <
>>>> 160
>>>> >
>>>> <
>>>> 3
>>>> >
>>>> <
>>>> 2
>>>> >
>>>> <
>>>> 1
>>>> >
>>>> <
>>>> 2
>>>> >
>>>> <
>>>> 2
>>>> >
>>>> <
>>>> 1
>>>> >
>>>> <
>>>> 0
>>>> >
>>>> 0
>>>> <
>>>> 13
>>>> >
>>>> <
>>>> 6
>>>> >
>>>> <
>>>> 9
>>>> >
>>>> *<
>>>> 134
>>>> >
>>>> H
>>>> <
>>>> 134
>>>> >
>>>> <
>>>> 247
>>>> >
>>>> <
>>>> 13
>>>> ><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
>>>>
>>>> <
>>>> 6
>>>> >
>>>> <
>>>> 3
>>>> >
>>>> U
>>>> <
>>>> 4
>>>> >
>>>> <
>>>> 8
>>>> >
>>>> <
>>>> 19
>>>> >
>>>> <
>>>> 8
>>>> >
>>>> Victoria1
>>>> <
>>>> 18
>>>> >
>>>> 0
>>>> <
>>>> 16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>
>>> Demo Certificates1!0<
>>> 31><6><3>U<4><11><19><24>Test Certificate
>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA
>>> (do not
>>> EAP-Message = use in production)1
>>>
>>> 0
>>> <
>>> 30
>>> >
>>> <
>>> 6
>>> >
>>> <
>>> 9
>>> >
>>> *<
>>> 134
>>> >H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>0403
>>>
>>> 16080125Z
>>> <
>>> 23
>>> >
>>> <
>>> 13
>>> >
>>> 060316080125Z0
>>> <
>>> 129
>>> >
>>> <
>>> 202
>>> >
>>> 1
>>> <
>>> 11
>>> >
>>> 0
>>> <
>>> 9
>>> >
>>> <
>>> 6
>>> >
>>> <
>>> 3
>>> >
>>> U
>>> <4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3
>>>>
>>>> U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>
>>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Se
>>> ction1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
>>> EAP-Message = n)1
>>>
>>> 0
>>> <
>>> 30
>>> >
>>> <
>>> 6
>>> >
>>> <
>>> 9
>>> >
>>> *<
>>> 134
>>> >
>>> H
>>> <
>>> 134
>>> >
>>> <
>>> 247
>>> >
>>> <
>>> 13
>>> ><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134
>>>>
>>>>
>>>> <
>>>> 247
>>>> >
>>>> <
>>>> 13
>>>> >
>>>> <
>>>> 1
>>>> ><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><204><181>
>>>> %Q<192>7g0<140><153>0xg<240><152><248><199><214
>>>>
>>>> <253>W<7><220>|fd<163><137>
>>>> %F
>>>> <
>>>> 216
>>>> >
>>>> <
>>>> 220
>>>> >
>>>> <
>>>> 148
>>>> >
>>>> <
>>>> 230
>>>> >
>>>> <
>>>> 6
>>>> >
>>>> <
>>>> 18
>>>> >
>>>> ie
>>>> <144>'<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><
>>>
>>>
>>> 145
>>> >
>>> <
>>> 138
>>> >
>>> <
>>> 143
>>> >
>>> <
>>> 136
>>> >
>>> <
>>> 127
>>> >
>>> <
>>> 230
>>> >
>>> <
>>> <
>>> 9
>>> >
>>> l
>>> <
>>> 172
>>> >
>>> <
>>> 210
>>> >
>>> <
>>> 205
>>> >
>>> <
>>> 136
>>> >
>>> <
>>> 162
>>> ><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<22
>>>
>>> 1
>>> >
>>> <
>>> 252
>>> >
>>> <
>>> 168
>>> >
>>> H
>>> <
>>> 178
>>> >
>>> <
>>> 158
>>> >
>>> <
>>> 25
>>> >
>>> <
>>> 235
>>> >
>>> <
>>> 152
>>> >
>>> <
>>> 250
>>> >
>>> g
>>> <
>>> 199
>>> >
>>> <
>>> 172
>>> >
>>> <
>>> 250
>>> >uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0
>>>>
>>>>
>>>> <1><163><130><1>
>>>> +
>>>> 0
>>>> <
>>>> 130
>>>> >
>>>> <
>>>> 1
>>>> >
>>>> '0
>>>> <
>>>> 29
>>>> >
>>>> <
>>>> 6
>>>> >
>>>> <3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
>>>
>>> Message-Authenticator =
>>> <6>9<27><229><183><152>S<159><249><248><229>~1<253><136><135>
>>> Mon Jul 6 16:17:13 2009: WARNING: Bad EAP Message-Authenticator
>>> Mon Jul 6 16:17:13 2009: WARNING: Bad authenticator in request from
>>> 192.168.22.99
>>> (192.168.22.99)
>>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 35 (vendor 311) is
>>> not
>>> defined in
>>> your dictionary
>>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 34 (vendor 311) is
>>> not
>>> defined in
>>> your dictionary
>>> Mon Jul 6 16:17:14 2009: DEBUG: Packet dump:
>>>
>>> Looking forward for your reply.
>>>
>>> Regards
>>>
>>> Khurram Masood
>>> khurram.groups at gmail.com
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list