[RADIATOR] PEAP/EAP MSCHAPV2 with WPA configuration

Khurram Masood khurram.groups at gmail.com
Thu Jul 9 04:55:28 CDT 2009


Hugh thanks for prompt response, I had already used the following code
with my version but result is the same.

# This will authenticate users from SUBSCRIBERS
<Handler TunnelledByPEAP=1>
       <AuthBy FILE>
               Filename %D/users
               # This tells the PEAP client what types of inner EAP requests
               # we will honour
               EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
       </AuthBy>
</Handler>

<Handler>
       <AuthBy FILE>
               Filename /home/oracle/Radiator-3.12/wifi_users
               EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
               EAPTLS_CAFile
/home/oracle/Radiator-3.12/certificates/demoCA/cacert.pem
               EAPTLS_CAPath
               EAPTLS_CertificateFile
/home/oracle/Radiator-3.12/certificates/cert-srv.pem
               EAPTLS_CertificateType PEM
               EAPTLS_PrivateKeyFile
/home/oracle/Radiator-3.12/certificates/cert-srv.pem
               EAPTLS_PrivateKeyPassword whatever
               AutoMPPEKeys
               EAPTLS_PEAPVersion 0
       </AuthBy>

</Handler>


On Thu, Jul 9, 2009 at 11:59 AM, Hugh Irvine<hugh at open.com.au> wrote:
>
> Hello Khurram -
>
> I strongly recommend you upgrade to Radiator 4.4 (plus the latest patches).
>
> more below ...
>
>
> On 9 Jul 2009, at 15:58, Khurram Masood wrote:
>
>> Hello Hugh
>>
>> Thanks for your reply, the answers to your questions are;
>> -Radiator version 3.2
>> -Hp GL5 380 server
>> -Perl 5.8.5
>>
>
> Thanks for the information.
>
>> -Should we use handlers instead of wifi realm because using other
>> realms is our requirment for other user?
>
>
> You should do something like this:
>
>
> .....
>
> # This will authenticate users from SUBSCRIBERS
> <Handler TunnelledByPEAP=1>
>        <AuthBy FILE>
>                Filename %D/users
>                # This tells the PEAP client what types of inner EAP requests
>                # we will honour
>                EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>        </AuthBy>
> </Handler>
>
>
> <Handler Realm = WIFI>
>        <AuthBy FILE>
>                Filename /home/oracle/Radiator-3.12/wifi_users
>                EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>                EAPTLS_CAFile
> /home/oracle/Radiator-3.12/certificates/demoCA/cacert.pem
>                EAPTLS_CAPath
>                EAPTLS_CertificateFile
> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>                EAPTLS_CertificateType PEM
>                EAPTLS_PrivateKeyFile
> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>                EAPTLS_PrivateKeyPassword whatever
>                AutoMPPEKeys
>                EAPTLS_PEAPVersion 0
>        </AuthBy>
> </Handler>
>
> <Handler>
>        AuthByPolicy ContinueWhileAccept
>        PasswordLogFileName %L/password_log
>        MaxSessions 1
>    <AuthBy SQL>
>        # Adjust DBSource, DBUsername, DBAuth to suit your DB
>        DBSource        dbi:Oracle:orcl
>        DBUsername      abc
>        DBAuth          xyz
>        AuthSelect  select  password from subaccounts where ((active=1
> or (active=0
> and freeaccess=1)) and login=concat('%n',
> 'l') and nas=substr('%N',1,3) and locked=0) or (active=1 and
> login=concat('%n','d')
> and nas =substr('%N',1,3) and locked=0)
>        # You may want to tailor these for your ACCOUNTING table
>        # You can add your own columns to store whatever you like
>        AccountingTable CALLS
>        DateFormat %Y-%m-%d %H:%M:%S
>        AcctSQLStatement insert into
> calls(calldate,username,acctsessionid,acctsessiontime,acctterminatecause,nasidentifier,f
> ramedaddress,callstationid) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-mm-dd
> hh24:mi:ss'),'%{User-Name}','%{Acct-Session-Id}',%
> {Acct-Session-Time},'%{Acct-Terminate-Cause}','%N','%{Framed-IP-Address}','%{Calling-Station-Id}')
> #       AcctSQLStatement insert into
> calls(calldate,username,acctstatustype,acctsessionid,acctsessiontime,nasidentifier,naspo
> rt) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-mm-dd
> hh24:mi:ss'),'%{User-Name}','%{Acct-Status-Type}','%{Acct-Session-Id}',%{A
> cct-Session-Time},'%N',%{NAS-Port})
>        AccountingStopsOnly
>
>        AddToReply Service-Type = Framed-User, \
>        Framed-Protocol = PPP, \
>        Framed-IP-Netmask = 255.255.255.0, \
>        Framed-Routing = None, \
>        Acct-Terminate-Cause = %{Reply:Acct-Terminate-Cause}, \
>        Framed-MTU = 1500, \
>        Framed-Compression = Van-Jacobson-TCP-IP, \
> #       Idle-Timeout = 600 As on 4th Nov 2006 disabled on instruction
> of MI by Faisl
> Qadri
>    </AuthBy>
> </Handler>
>
> .....
>
>
>> -Would it make a significant difference if we don't update our
>> dictionary because at this point of time we are not willing to?
>
> Yes - the missing attributes (and many others) are in the latest version.
>
>> - Are you talking of the shared secret in the following clause because
>> its the same at the access point?
>>
>> <Client 10.100.0.2>
>>      Secret  abc
>>      DupInterval 4
>> </Client>
>>
>
> Yes.
>
> regards
>
> Hugh
>
>
>> On Wed, Jul 8, 2009 at 3:38 PM, Hugh Irvine<hugh at open.com.au> wrote:
>>>
>>> Hello Khurram -
>>>
>>> Can you please tell me what version of Radiator you are running? (The
>>> most
>>> recent is Radiator 4.4 plus patches).
>>>
>>> Can you also please tell me what hardware/software plafrom you are
>>> running
>>> on and what version of Perl etc.?
>>>
>>> I can see at least 3 problems:
>>>
>>> The first is your configuration file which mixes Realms and Handlers -
>>> you
>>> should use Handlers only (see the examples in "goodies/eap_*.cfg").
>>>
>>> The second is the dictionary you are using which does not appear to be
>>> the
>>> most recent one which contains these attributes:
>>>
>>>>
>>>> Mon Jul  6 16:17:13 2009: WARNING: Bad EAP Message-Authenticator
>>>> Mon Jul  6 16:17:13 2009: WARNING: Bad authenticator in request from
>>>> 192.168.22.99
>>>> (192.168.22.99)
>>>> Mon Jul  6 16:17:14 2009: ERR: Attribute number 35 (vendor 311) is not
>>>> defined in
>>>> your dictionary
>>>> Mon Jul  6 16:17:14 2009: ERR: Attribute number 34 (vendor 311) is not
>>>> defined in
>>>> your dictionary
>>>> Mon Jul  6 16:17:14 2009: DEBUG: Packet dump:
>>>
>>> And third - "Bad authenticator ....." usually indicates an incorrect
>>> shared
>>> secret.
>>>
>>>
>>> hope that helps
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 7 Jul 2009, at 19:33, Khurram Masood wrote:
>>>
>>>> Hello Hugh
>>>>
>>>> I am having a problem configuring the radiator for securing my WiFi
>>>> network. Following are the necessary details
>>>>
>>>> Access point security protocol: WPA with AES
>>>> Client                : XP SP3 with PEAP/EAP MSCHAP-V2
>>>> Other Info          : Using DHCP for the clients although the AP has
>>>> static IP addresse.
>>>>
>>>> Problem            : Unable to authenticate the user.
>>>>
>>>>
>>>> Config file:
>>>> # Example Radiator configuration file that allows you to
>>>> # authenticate from an SQL database.
>>>> # With Radiator you can interface with almost any databse schema,
>>>> # and there are many more configurable parameters that allow you
>>>> # to control database fallback, select statements, column names
>>>> # and arrangements etc etc etc.
>>>> # See the reference manual for more details.
>>>> # This is a very simple exmaple to get you started. It will
>>>> # work with the tables created by the goodies/*.sql scripts.
>>>> #
>>>> # You should consider this file to be a starting point only
>>>> # $Id: sql.cfg,v 1.4 2000/03/21 01:25:16 mikem Exp $
>>>>
>>>> Foreground
>>>> LogStdout
>>>> LogDir          .
>>>> DbDir           .
>>>> Trace 4
>>>> AuthPort 1645
>>>> AcctPort 1646
>>>> # You will probably want to change this to suit your site.
>>>> <Client 10.100.0.2>
>>>>       Secret  abc
>>>>       DupInterval 4
>>>> </Client>
>>>>
>>>> <Client DEFAULT>
>>>>       Secret  xyz
>>>>       DupInterval 4
>>>> </Client>
>>>>
>>>> # You can put client details in a database table
>>>> # and get their details from there with something like this:
>>>>
>>>> # This will authenticate users from SUBSCRIBERS
>>>> <Handler TunnelledByPEAP=1>
>>>>       <AuthBy FILE>
>>>>               Filename %D/users
>>>>               # This tells the PEAP client what types of inner EAP
>>>> requests
>>>>               # we will honour
>>>>               EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>>>>       </AuthBy>
>>>> </Handler>
>>>>
>>>>
>>>> <Realm WIFI>
>>>>       <AuthBy FILE>
>>>>               Filename /home/oracle/Radiator-3.12/wifi_users
>>>>               EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>>>>               EAPTLS_CAFile
>>>> /home/oracle/Radiator-3.12/certificates/demoCA/cacert.pem
>>>>               EAPTLS_CAPath
>>>>               EAPTLS_CertificateFile
>>>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>>>>               EAPTLS_CertificateType PEM
>>>>               EAPTLS_PrivateKeyFile
>>>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>>>>               EAPTLS_PrivateKeyPassword whatever
>>>>               AutoMPPEKeys
>>>>               EAPTLS_PEAPVersion 0
>>>>       </AuthBy>
>>>> </Realm>
>>>>
>>>> <Realm DEFAULT>
>>>>       AuthByPolicy ContinueWhileAccept
>>>>       PasswordLogFileName %L/password_log
>>>>       MaxSessions 1
>>>>   <AuthBy SQL>
>>>>       # Adjust DBSource, DBUsername, DBAuth to suit your DB
>>>>       DBSource        dbi:Oracle:orcl
>>>>       DBUsername      abc
>>>>       DBAuth          xyz
>>>>       AuthSelect  select  password from subaccounts where ((active=1
>>>> or (active=0
>>>> and freeaccess=1)) and login=concat('%n',
>>>> 'l') and nas=substr('%N',1,3) and locked=0) or (active=1 and
>>>> login=concat('%n','d')
>>>> and nas =substr('%N',1,3) and locked=0)
>>>>       # You may want to tailor these for your ACCOUNTING table
>>>>       # You can add your own columns to store whatever you like
>>>>       AccountingTable CALLS
>>>>       DateFormat %Y-%m-%d %H:%M:%S
>>>>       AcctSQLStatement insert into
>>>>
>>>>
>>>> calls(calldate,username,acctsessionid,acctsessiontime,acctterminatecause,nasidentifier,f
>>>> ramedaddress,callstationid) values(to_date('%Y-%m-%d
>>>> %H:%M:%S','yyyy-mm-dd
>>>> hh24:mi:ss'),'%{User-Name}','%{Acct-Session-Id}',%
>>>>
>>>>
>>>> {Acct-Session-Time},'%{Acct-Terminate-Cause}','%N','%{Framed-IP-Address}','%{Calling-Station-Id}')
>>>> #       AcctSQLStatement insert into
>>>>
>>>>
>>>> calls(calldate,username,acctstatustype,acctsessionid,acctsessiontime,nasidentifier,naspo
>>>> rt) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-mm-dd
>>>>
>>>> hh24:mi:ss'),'%{User-Name}','%{Acct-Status-Type}','%{Acct-Session-Id}',%{A
>>>> cct-Session-Time},'%N',%{NAS-Port})
>>>>       AccountingStopsOnly
>>>>
>>>>       AddToReply Service-Type = Framed-User, \
>>>>       Framed-Protocol = PPP, \
>>>>       Framed-IP-Netmask = 255.255.255.0, \
>>>>       Framed-Routing = None, \
>>>>       Acct-Terminate-Cause = %{Reply:Acct-Terminate-Cause}, \
>>>>       Framed-MTU = 1500, \
>>>>       Framed-Compression = Van-Jacobson-TCP-IP, \
>>>> #       Idle-Timeout = 600 As on 4th Nov 2006 disabled on instruction
>>>> of MI by Faisl
>>>> Qadri
>>>>   </AuthBy>
>>>> </Realm>
>>>>
>>>> <SessionDatabase SQL>
>>>>       DBSource        dbi:Oracle:orcl
>>>>       DBUsername      abc
>>>>       DBAuth          xyz
>>>>
>>>>       AddQuery        update serverports set
>>>>
>>>>
>>>> username='%n',acctstatustype='%{Acct-Status-Type}',framedaddress='%{Framed-IP-
>>>>
>>>> Address}',callstationid='%{Calling-Station-Id}',calldate=to_date('%Y-%m-%d
>>>> %H:%M:%S','yyyy-mm-dd HH24:MI:SS') where port=%{NA
>>>> S-Port} and substr(ipaddress,1,2)=substr('%N',1,2)
>>>>
>>>>       DeleteQuery  update serverports set acctstatustype='Stop' where
>>>> port=%{NAS-Port} and substr(ipaddress,1,2)=substr('%N
>>>> ',1,2)
>>>>               ClearNasQuery update serverports set acctstatustype='Stop'
>>>> where
>>>> substr(ipaddress,1,2)=substr('%N',1,2)
>>>>
>>>> </SessionDatabase SQL>
>>>> -----------------------------------------------------------------------
>>>>
>>>> Level 4 Debug trace:
>>>>
>>>>
>>>> *** Received from 192.168.22.99 port 1027 ....
>>>> Code:       Access-Request
>>>> Identifier: 0
>>>> Authentic:  t<222>l<137>U<156>Gj<17>}<7><170>\<152><7>k
>>>> Attributes:
>>>>      Message-Authenticator = <2><139>?<241><10><176><178>Q:`<160>";r,$
>>>>      Service-Type = Framed-User
>>>>      User-Name = "mfqadri at WIFI"
>>>>      Framed-MTU = 1488
>>>>      Called-Station-Id = "00-1E-58-A9-E7-3D:dlink"
>>>>      Calling-Station-Id = "00-18-F8-2E-5B-B3"
>>>>      NAS-Identifier = "D-Link Access Point"
>>>>      NAS-Port-Type = Wireless-IEEE-802-11
>>>>      Connect-Info = "CONNECT 54Mbps 802.11g"
>>>>      EAP-Message = <2><0><0><17><1>mfqadri at WIFI
>>>>      NAS-IP-Address = 192.168.22.99
>>>>      NAS-Port = 1
>>>>      NAS-Port-Id = "STA port # 1"
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Handling request with Handler
>>>> 'Realm=WIFI'
>>>> Mon Jul  6 16:17:10 2009: DEBUG:  Deleting session for mfqadri at WIFI,
>>>> 192.168.22.99, 1
>>>> Mon Jul  6 16:17:10 2009: DEBUG: do query is: 'update serverports set
>>>> acctstatustype='Stop' where port=1 and substr(ipaddress
>>>> ,1,2)=substr('192.168.22.99',1,2)':
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Handling with Radius::AuthFILE:
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Handling with EAP: code 2, 0, 17
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Response type 1
>>>> Mon Jul  6 16:17:10 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>> Mon Jul  6 16:17:10 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>> PEAP Challenge
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Access challenged for mfqadri at WIFI:
>>>> EAP PEAP Challenge
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Packet dump:
>>>> *** Sending to 192.168.22.99 port 1027 ....
>>>> Code:       Access-Challenge
>>>> Identifier: 0
>>>> Authentic:  t<222>l<137>U<156>Gj<17>}<7><170>\<152><7>k
>>>> Attributes:
>>>>      EAP-Message = <1><1><0><6><25>
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Packet dump:
>>>> *** Received from 192.168.22.99 port 1027 ....
>>>> Code:       Access-Request
>>>> Identifier: 1
>>>> Authentic:  <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>>>> Attributes:
>>>>      Message-Authenticator =
>>>> <195><23><144>t<230><162><149><247><209><213>VZ<225>p"<150>
>>>>      Service-Type = Framed-User
>>>>      User-Name = "mfqadri at WIFI"
>>>>      Framed-MTU = 1488
>>>>      Called-Station-Id = "00-1E-58-A9-E7-3D:dlink"
>>>>      Calling-Station-Id = "00-18-F8-2E-5B-B3"
>>>>      NAS-Identifier = "D-Link Access Point"
>>>>      NAS-Port-Type = Wireless-IEEE-802-11
>>>>      Connect-Info = "CONNECT 54Mbps 802.11g"
>>>>      EAP-Message =
>>>>
>>>>
>>>> <2><1><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>JQ<207><214>2<240><204><224><133>i<193><132>
>>>>
>>>>
>>>> <176><26><198><23>h<251>B<23><191><3>;W]<160><162><154><232><187>*<154><0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6
>>>>>
>>>>> <0><19><0><18><0>c<1><0>
>>>>
>>>>      NAS-IP-Address = 192.168.22.99
>>>>      NAS-Port = 1
>>>>      NAS-Port-Id = "STA port # 1"
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Handling request with Handler
>>>> 'Realm=WIFI'
>>>> Mon Jul  6 16:17:10 2009: DEBUG:  Deleting session for mfqadri at WIFI,
>>>> 192.168.22.99, 1
>>>> Mon Jul  6 16:17:10 2009: DEBUG: do query is: 'update serverports set
>>>> acctstatustype='Stop' where port=1 and substr(ipaddress
>>>> ,1,2)=substr('192.168.22.99',1,2)':
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Handling with Radius::AuthFILE:
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Handling with EAP: code 2, 1, 80
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Response type 25
>>>> Mon Jul  6 16:17:10 2009: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
>>>> Mon Jul  6 16:17:10 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>> Mon Jul  6 16:17:10 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>> PEAP Challenge
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Access challenged for mfqadri at WIFI:
>>>> EAP PEAP Challenge
>>>> Mon Jul  6 16:17:10 2009: DEBUG: Packet dump:
>>>> *** Sending to 192.168.22.99 port 1027 ....
>>>> Code:       Access-Challenge
>>>> Identifier: 1
>>>> Authentic:  <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>>>> Attributes:
>>>>      EAP-Message =
>>>>
>>>>
>>>> <1><2><5><218><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>JQ<221>6<223>5C<192><254><128><222><250>
>>>> p<223>B<230><246><143>j8z<177><226>v<20><241><2><198><219><196>/<144>
>>>> <156><27>#<9><215>Qq<131>0q<182><196>(<23><147><159>3<2
>>>>
>>>>
>>>> 11><178><178><159>U<158><1><251><142><154><27><212>A<144><139><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<
>>>>
>>>>
>>>> 130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4>
>>>>
>>>>
>>>> <6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>>>>      EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>>>> production)1 0<30><6><9>*<134>H<134><247><13><1><9
>>>>>
>>>>>
>>>>>
>>>>> <1><22><17>mikem at open.com.au0<30><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
>>>>
>>>>
>>>>
>>>> U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
>>>> Test
>>>>
>>>>
>>>> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1>
>>>>      EAP-Message =
>>>>
>>>>
>>>> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/<241>.9<209><250>\y<1><149>[
>>>>
>>>>
>>>> <215><24>e<133><15><223>d<176><132>Z<222>#<234><12>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19><2
>>>>
>>>>
>>>> 47>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/<16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><
>>>>
>>>>
>>>> 171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>+<233><135>0<212>Y<207><158>N<226><136
>>>>>
>>>>>
>>>>>
>>>>> <12><132><143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6>
>>>>
>>>>
>>>>
>>>> <9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?<174><155><170><162><189><20>
>>>>
>>>>
>>>> <25>az<19>o<202><250>|B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<211><248>oba<
>>>>      EAP-Message =
>>>>
>>>>
>>>> JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13><152><154>T<218><8><2
>>>>
>>>>
>>>> 46><202>.<177>9s*<220><219>n"Gu<188><254><206>U?<214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><162
>>>>>
>>>>>
>>>>>
>>>>> <160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
>>>>>
>>>>>
>>>>> <6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>>
>>>> Demo Certificates1!0<
>>>> 31><6><3>U<4><11><19><24>Test Certificate
>>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA
>>>> (do not
>>>>      EAP-Message = use in production)1
>>>>
>>>>
>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>0403
>>>>
>>>>
>>>> 16080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3
>>>>>
>>>>> U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>>
>>>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Se
>>>> ction1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
>>>>      EAP-Message = n)1
>>>>
>>>>
>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134
>>>>>
>>>>>
>>>>>
>>>>> <247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><199><214
>>>>>
>>>>>
>>>>> <253>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><
>>>>
>>>>
>>>>
>>>> 145><138><143><136><127><230><<9>l<172><210><205><136><162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<22
>>>>
>>>>
>>>> 1><252><168>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0
>>>>>
>>>>>
>>>>>
>>>>> <1><163><130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
>>>>
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>> Mon Jul  6 16:17:13 2009: DEBUG: Packet dump:
>>>> *** Received from 192.168.22.99 port 1027 ....
>>>> Code:       UNDEF
>>>> Identifier: 63
>>>> Authentic:  <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>>>> Attributes:
>>>>      EAP-Message =
>>>>
>>>>
>>>> <1><2><5><218><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>JQ<221>6<223>5C<192><254><128><222><250>
>>>> p<223>B<230><246><143>j8z<177><226>v<20><241><2><198><219><196>/<144>
>>>> <156><27>#<9><215>Qq<131>0q<182><196>(<23><147><159>3<2
>>>>
>>>>
>>>> 11><178><178><159>U<158><1><251><142><154><27><212>A<144><139><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<
>>>>
>>>>
>>>> 130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4>
>>>>
>>>>
>>>> <6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>>>>      EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>>>> production)1 0<30><6><9>*<134>H<134><247><13><1><9
>>>>>
>>>>>
>>>>>
>>>>> <1><22><17>mikem at open.com.au0<30><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
>>>>
>>>>
>>>>
>>>> U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
>>>> Test Company1%0#<6><3>U<4><3>
>>>>
>>>>
>>>> <19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1>
>>>>      EAP-Message =
>>>>
>>>>
>>>> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/<241>.9<209><250>\y<1><149>[
>>>>
>>>>
>>>> <215><24>e<133><15><223>d<176><132>Z<222>#<234><12>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/<16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><
>>>>
>>>>
>>>> 171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>+<233><135>0<212>Y<207><158>N<226><136
>>>>>
>>>>>
>>>>>
>>>>> <12><132><143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6>
>>>>
>>>>
>>>>
>>>> <9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?<174><155><170><162><189><20>
>>>>
>>>>
>>>> <25>az<19>o<202><250>|B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<211><248>oba<
>>>>      EAP-Message =
>>>>
>>>>
>>>> JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13><152><154>T<218><8><2
>>>>
>>>>
>>>> 46><202>.<177>9s*<220><219>n"Gu<188><254><206>U?<214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><162
>>>>>
>>>>>
>>>>>
>>>>> <160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
>>>>>
>>>>>
>>>>> <6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>>
>>>> Demo Certificates1!0<
>>>> 31><6><3>U<4><11><19><24>Test Certificate
>>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA
>>>> (do not
>>>>      EAP-Message = use in production)1
>>>>
>>>>
>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>0403
>>>>
>>>>
>>>> 16080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3
>>>>>
>>>>> U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>>
>>>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Se
>>>> ction1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
>>>>      EAP-Message = n)1
>>>>
>>>>
>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134
>>>>>
>>>>>
>>>>>
>>>>> <247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><199><214
>>>>>
>>>>>
>>>>> <253>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><
>>>>
>>>>
>>>>
>>>> 145><138><143><136><127><230><<9>l<172><210><205><136><162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<22
>>>>
>>>>
>>>> 1><252><168>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0
>>>>>
>>>>>
>>>>>
>>>>> <1><163><130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
>>>>
>>>>      Message-Authenticator =
>>>> <6>9<27><229><183><152>S<159><249><248><229>~1<253><136><135>
>>>> Mon Jul  6 16:17:13 2009: WARNING: Bad EAP Message-Authenticator
>>>> Mon Jul  6 16:17:13 2009: WARNING: Bad authenticator in request from
>>>> 192.168.22.99
>>>> (192.168.22.99)
>>>> Mon Jul  6 16:17:14 2009: ERR: Attribute number 35 (vendor 311) is not
>>>> defined in
>>>> your dictionary
>>>> Mon Jul  6 16:17:14 2009: ERR: Attribute number 34 (vendor 311) is not
>>>> defined in
>>>> your dictionary
>>>> Mon Jul  6 16:17:14 2009: DEBUG: Packet dump:
>>>>
>>>> Looking forward for your reply.
>>>>
>>>> Regards
>>>>
>>>> Khurram Masood
>>>> khurram.groups at gmail.com
>>>> _______________________________________________
>>>> radiator mailing list
>>>> radiator at open.com.au
>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive
>>> (www.open.com.au/archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>> Have you checked the RadiusExpert wiki:
>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> Includes support for reliable RADIUS transport (RadSec),
>>> and DIAMETER translation agent.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>>
>>>
>>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>


More information about the radiator mailing list