[RADIATOR] PEAP/EAP MSCHAPV2 with WPA configuration
Khurram Masood
khurram.groups at gmail.com
Thu Jul 9 05:05:32 CDT 2009
Thanks alot Hugh, appreciate you advice.
Regards
On Thu, Jul 9, 2009 at 3:01 PM, Hugh Irvine<hugh at open.com.au> wrote:
>
> Hello Khurram -
>
> As mentioned previously, Radiator 3.2 is very old and you will need to
> upgrade to Radiator 4.4 (plus patches).
>
> regards
>
> Hugh
>
>
> On 9 Jul 2009, at 19:55, Khurram Masood wrote:
>
>> Hugh thanks for prompt response, I had already used the following code
>> with my version but result is the same.
>>
>> # This will authenticate users from SUBSCRIBERS
>> <Handler TunnelledByPEAP=1>
>> <AuthBy FILE>
>> Filename %D/users
>> # This tells the PEAP client what types of inner EAP requests
>> # we will honour
>> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>> </AuthBy>
>> </Handler>
>>
>> <Handler>
>> <AuthBy FILE>
>> Filename /home/oracle/Radiator-3.12/wifi_users
>> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>> EAPTLS_CAFile
>> /home/oracle/Radiator-3.12/certificates/demoCA/cacert.pem
>> EAPTLS_CAPath
>> EAPTLS_CertificateFile
>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>> EAPTLS_CertificateType PEM
>> EAPTLS_PrivateKeyFile
>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>> EAPTLS_PrivateKeyPassword whatever
>> AutoMPPEKeys
>> EAPTLS_PEAPVersion 0
>> </AuthBy>
>>
>> </Handler>
>>
>>
>> On Thu, Jul 9, 2009 at 11:59 AM, Hugh Irvine<hugh at open.com.au> wrote:
>>>
>>> Hello Khurram -
>>>
>>> I strongly recommend you upgrade to Radiator 4.4 (plus the latest
>>> patches).
>>>
>>> more below ...
>>>
>>>
>>> On 9 Jul 2009, at 15:58, Khurram Masood wrote:
>>>
>>>> Hello Hugh
>>>>
>>>> Thanks for your reply, the answers to your questions are;
>>>> -Radiator version 3.2
>>>> -Hp GL5 380 server
>>>> -Perl 5.8.5
>>>>
>>>
>>> Thanks for the information.
>>>
>>>> -Should we use handlers instead of wifi realm because using other
>>>> realms is our requirment for other user?
>>>
>>>
>>> You should do something like this:
>>>
>>>
>>> .....
>>>
>>> # This will authenticate users from SUBSCRIBERS
>>> <Handler TunnelledByPEAP=1>
>>> <AuthBy FILE>
>>> Filename %D/users
>>> # This tells the PEAP client what types of inner EAP
>>> requests
>>> # we will honour
>>> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>>> </AuthBy>
>>> </Handler>
>>>
>>>
>>> <Handler Realm = WIFI>
>>> <AuthBy FILE>
>>> Filename /home/oracle/Radiator-3.12/wifi_users
>>> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>>> EAPTLS_CAFile
>>> /home/oracle/Radiator-3.12/certificates/demoCA/cacert.pem
>>> EAPTLS_CAPath
>>> EAPTLS_CertificateFile
>>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>>> EAPTLS_CertificateType PEM
>>> EAPTLS_PrivateKeyFile
>>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>>> EAPTLS_PrivateKeyPassword whatever
>>> AutoMPPEKeys
>>> EAPTLS_PEAPVersion 0
>>> </AuthBy>
>>> </Handler>
>>>
>>> <Handler>
>>> AuthByPolicy ContinueWhileAccept
>>> PasswordLogFileName %L/password_log
>>> MaxSessions 1
>>> <AuthBy SQL>
>>> # Adjust DBSource, DBUsername, DBAuth to suit your DB
>>> DBSource dbi:Oracle:orcl
>>> DBUsername abc
>>> DBAuth xyz
>>> AuthSelect select password from subaccounts where ((active=1
>>> or (active=0
>>> and freeaccess=1)) and login=concat('%n',
>>> 'l') and nas=substr('%N',1,3) and locked=0) or (active=1 and
>>> login=concat('%n','d')
>>> and nas =substr('%N',1,3) and locked=0)
>>> # You may want to tailor these for your ACCOUNTING table
>>> # You can add your own columns to store whatever you like
>>> AccountingTable CALLS
>>> DateFormat %Y-%m-%d %H:%M:%S
>>> AcctSQLStatement insert into
>>>
>>> calls(calldate,username,acctsessionid,acctsessiontime,acctterminatecause,nasidentifier,f
>>> ramedaddress,callstationid) values(to_date('%Y-%m-%d
>>> %H:%M:%S','yyyy-mm-dd
>>> hh24:mi:ss'),'%{User-Name}','%{Acct-Session-Id}',%
>>>
>>> {Acct-Session-Time},'%{Acct-Terminate-Cause}','%N','%{Framed-IP-Address}','%{Calling-Station-Id}')
>>> # AcctSQLStatement insert into
>>>
>>> calls(calldate,username,acctstatustype,acctsessionid,acctsessiontime,nasidentifier,naspo
>>> rt) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-mm-dd
>>>
>>> hh24:mi:ss'),'%{User-Name}','%{Acct-Status-Type}','%{Acct-Session-Id}',%{A
>>> cct-Session-Time},'%N',%{NAS-Port})
>>> AccountingStopsOnly
>>>
>>> AddToReply Service-Type = Framed-User, \
>>> Framed-Protocol = PPP, \
>>> Framed-IP-Netmask = 255.255.255.0, \
>>> Framed-Routing = None, \
>>> Acct-Terminate-Cause = %{Reply:Acct-Terminate-Cause}, \
>>> Framed-MTU = 1500, \
>>> Framed-Compression = Van-Jacobson-TCP-IP, \
>>> # Idle-Timeout = 600 As on 4th Nov 2006 disabled on instruction
>>> of MI by Faisl
>>> Qadri
>>> </AuthBy>
>>> </Handler>
>>>
>>> .....
>>>
>>>
>>>> -Would it make a significant difference if we don't update our
>>>> dictionary because at this point of time we are not willing to?
>>>
>>> Yes - the missing attributes (and many others) are in the latest version.
>>>
>>>> - Are you talking of the shared secret in the following clause because
>>>> its the same at the access point?
>>>>
>>>> <Client 10.100.0.2>
>>>> Secret abc
>>>> DupInterval 4
>>>> </Client>
>>>>
>>>
>>> Yes.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>>> On Wed, Jul 8, 2009 at 3:38 PM, Hugh Irvine<hugh at open.com.au> wrote:
>>>>>
>>>>> Hello Khurram -
>>>>>
>>>>> Can you please tell me what version of Radiator you are running? (The
>>>>> most
>>>>> recent is Radiator 4.4 plus patches).
>>>>>
>>>>> Can you also please tell me what hardware/software plafrom you are
>>>>> running
>>>>> on and what version of Perl etc.?
>>>>>
>>>>> I can see at least 3 problems:
>>>>>
>>>>> The first is your configuration file which mixes Realms and Handlers -
>>>>> you
>>>>> should use Handlers only (see the examples in "goodies/eap_*.cfg").
>>>>>
>>>>> The second is the dictionary you are using which does not appear to be
>>>>> the
>>>>> most recent one which contains these attributes:
>>>>>
>>>>>>
>>>>>> Mon Jul 6 16:17:13 2009: WARNING: Bad EAP Message-Authenticator
>>>>>> Mon Jul 6 16:17:13 2009: WARNING: Bad authenticator in request from
>>>>>> 192.168.22.99
>>>>>> (192.168.22.99)
>>>>>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 35 (vendor 311) is not
>>>>>> defined in
>>>>>> your dictionary
>>>>>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 34 (vendor 311) is not
>>>>>> defined in
>>>>>> your dictionary
>>>>>> Mon Jul 6 16:17:14 2009: DEBUG: Packet dump:
>>>>>
>>>>> And third - "Bad authenticator ....." usually indicates an incorrect
>>>>> shared
>>>>> secret.
>>>>>
>>>>>
>>>>> hope that helps
>>>>>
>>>>> regards
>>>>>
>>>>> Hugh
>>>>>
>>>>>
>>>>> On 7 Jul 2009, at 19:33, Khurram Masood wrote:
>>>>>
>>>>>> Hello Hugh
>>>>>>
>>>>>> I am having a problem configuring the radiator for securing my WiFi
>>>>>> network. Following are the necessary details
>>>>>>
>>>>>> Access point security protocol: WPA with AES
>>>>>> Client : XP SP3 with PEAP/EAP MSCHAP-V2
>>>>>> Other Info : Using DHCP for the clients although the AP has
>>>>>> static IP addresse.
>>>>>>
>>>>>> Problem : Unable to authenticate the user.
>>>>>>
>>>>>>
>>>>>> Config file:
>>>>>> # Example Radiator configuration file that allows you to
>>>>>> # authenticate from an SQL database.
>>>>>> # With Radiator you can interface with almost any databse schema,
>>>>>> # and there are many more configurable parameters that allow you
>>>>>> # to control database fallback, select statements, column names
>>>>>> # and arrangements etc etc etc.
>>>>>> # See the reference manual for more details.
>>>>>> # This is a very simple exmaple to get you started. It will
>>>>>> # work with the tables created by the goodies/*.sql scripts.
>>>>>> #
>>>>>> # You should consider this file to be a starting point only
>>>>>> # $Id: sql.cfg,v 1.4 2000/03/21 01:25:16 mikem Exp $
>>>>>>
>>>>>> Foreground
>>>>>> LogStdout
>>>>>> LogDir .
>>>>>> DbDir .
>>>>>> Trace 4
>>>>>> AuthPort 1645
>>>>>> AcctPort 1646
>>>>>> # You will probably want to change this to suit your site.
>>>>>> <Client 10.100.0.2>
>>>>>> Secret abc
>>>>>> DupInterval 4
>>>>>> </Client>
>>>>>>
>>>>>> <Client DEFAULT>
>>>>>> Secret xyz
>>>>>> DupInterval 4
>>>>>> </Client>
>>>>>>
>>>>>> # You can put client details in a database table
>>>>>> # and get their details from there with something like this:
>>>>>>
>>>>>> # This will authenticate users from SUBSCRIBERS
>>>>>> <Handler TunnelledByPEAP=1>
>>>>>> <AuthBy FILE>
>>>>>> Filename %D/users
>>>>>> # This tells the PEAP client what types of inner EAP
>>>>>> requests
>>>>>> # we will honour
>>>>>> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>>>>>> </AuthBy>
>>>>>> </Handler>
>>>>>>
>>>>>>
>>>>>> <Realm WIFI>
>>>>>> <AuthBy FILE>
>>>>>> Filename /home/oracle/Radiator-3.12/wifi_users
>>>>>> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge
>>>>>> EAPTLS_CAFile
>>>>>> /home/oracle/Radiator-3.12/certificates/demoCA/cacert.pem
>>>>>> EAPTLS_CAPath
>>>>>> EAPTLS_CertificateFile
>>>>>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>>>>>> EAPTLS_CertificateType PEM
>>>>>> EAPTLS_PrivateKeyFile
>>>>>> /home/oracle/Radiator-3.12/certificates/cert-srv.pem
>>>>>> EAPTLS_PrivateKeyPassword whatever
>>>>>> AutoMPPEKeys
>>>>>> EAPTLS_PEAPVersion 0
>>>>>> </AuthBy>
>>>>>> </Realm>
>>>>>>
>>>>>> <Realm DEFAULT>
>>>>>> AuthByPolicy ContinueWhileAccept
>>>>>> PasswordLogFileName %L/password_log
>>>>>> MaxSessions 1
>>>>>> <AuthBy SQL>
>>>>>> # Adjust DBSource, DBUsername, DBAuth to suit your DB
>>>>>> DBSource dbi:Oracle:orcl
>>>>>> DBUsername abc
>>>>>> DBAuth xyz
>>>>>> AuthSelect select password from subaccounts where ((active=1
>>>>>> or (active=0
>>>>>> and freeaccess=1)) and login=concat('%n',
>>>>>> 'l') and nas=substr('%N',1,3) and locked=0) or (active=1 and
>>>>>> login=concat('%n','d')
>>>>>> and nas =substr('%N',1,3) and locked=0)
>>>>>> # You may want to tailor these for your ACCOUNTING table
>>>>>> # You can add your own columns to store whatever you like
>>>>>> AccountingTable CALLS
>>>>>> DateFormat %Y-%m-%d %H:%M:%S
>>>>>> AcctSQLStatement insert into
>>>>>>
>>>>>>
>>>>>>
>>>>>> calls(calldate,username,acctsessionid,acctsessiontime,acctterminatecause,nasidentifier,f
>>>>>> ramedaddress,callstationid) values(to_date('%Y-%m-%d
>>>>>> %H:%M:%S','yyyy-mm-dd
>>>>>> hh24:mi:ss'),'%{User-Name}','%{Acct-Session-Id}',%
>>>>>>
>>>>>>
>>>>>>
>>>>>> {Acct-Session-Time},'%{Acct-Terminate-Cause}','%N','%{Framed-IP-Address}','%{Calling-Station-Id}')
>>>>>> # AcctSQLStatement insert into
>>>>>>
>>>>>>
>>>>>>
>>>>>> calls(calldate,username,acctstatustype,acctsessionid,acctsessiontime,nasidentifier,naspo
>>>>>> rt) values(to_date('%Y-%m-%d %H:%M:%S','yyyy-mm-dd
>>>>>>
>>>>>>
>>>>>> hh24:mi:ss'),'%{User-Name}','%{Acct-Status-Type}','%{Acct-Session-Id}',%{A
>>>>>> cct-Session-Time},'%N',%{NAS-Port})
>>>>>> AccountingStopsOnly
>>>>>>
>>>>>> AddToReply Service-Type = Framed-User, \
>>>>>> Framed-Protocol = PPP, \
>>>>>> Framed-IP-Netmask = 255.255.255.0, \
>>>>>> Framed-Routing = None, \
>>>>>> Acct-Terminate-Cause = %{Reply:Acct-Terminate-Cause}, \
>>>>>> Framed-MTU = 1500, \
>>>>>> Framed-Compression = Van-Jacobson-TCP-IP, \
>>>>>> # Idle-Timeout = 600 As on 4th Nov 2006 disabled on instruction
>>>>>> of MI by Faisl
>>>>>> Qadri
>>>>>> </AuthBy>
>>>>>> </Realm>
>>>>>>
>>>>>> <SessionDatabase SQL>
>>>>>> DBSource dbi:Oracle:orcl
>>>>>> DBUsername abc
>>>>>> DBAuth xyz
>>>>>>
>>>>>> AddQuery update serverports set
>>>>>>
>>>>>>
>>>>>>
>>>>>> username='%n',acctstatustype='%{Acct-Status-Type}',framedaddress='%{Framed-IP-
>>>>>>
>>>>>>
>>>>>> Address}',callstationid='%{Calling-Station-Id}',calldate=to_date('%Y-%m-%d
>>>>>> %H:%M:%S','yyyy-mm-dd HH24:MI:SS') where port=%{NA
>>>>>> S-Port} and substr(ipaddress,1,2)=substr('%N',1,2)
>>>>>>
>>>>>> DeleteQuery update serverports set acctstatustype='Stop' where
>>>>>> port=%{NAS-Port} and substr(ipaddress,1,2)=substr('%N
>>>>>> ',1,2)
>>>>>> ClearNasQuery update serverports set
>>>>>> acctstatustype='Stop'
>>>>>> where
>>>>>> substr(ipaddress,1,2)=substr('%N',1,2)
>>>>>>
>>>>>> </SessionDatabase SQL>
>>>>>>
>>>>>> -----------------------------------------------------------------------
>>>>>>
>>>>>> Level 4 Debug trace:
>>>>>>
>>>>>>
>>>>>> *** Received from 192.168.22.99 port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 0
>>>>>> Authentic: t<222>l<137>U<156>Gj<17>}<7><170>\<152><7>k
>>>>>> Attributes:
>>>>>> Message-Authenticator = <2><139>?<241><10><176><178>Q:`<160>";r,$
>>>>>> Service-Type = Framed-User
>>>>>> User-Name = "mfqadri at WIFI"
>>>>>> Framed-MTU = 1488
>>>>>> Called-Station-Id = "00-1E-58-A9-E7-3D:dlink"
>>>>>> Calling-Station-Id = "00-18-F8-2E-5B-B3"
>>>>>> NAS-Identifier = "D-Link Access Point"
>>>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>>>> Connect-Info = "CONNECT 54Mbps 802.11g"
>>>>>> EAP-Message = <2><0><0><17><1>mfqadri at WIFI
>>>>>> NAS-IP-Address = 192.168.22.99
>>>>>> NAS-Port = 1
>>>>>> NAS-Port-Id = "STA port # 1"
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling request with Handler
>>>>>> 'Realm=WIFI'
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Deleting session for mfqadri at WIFI,
>>>>>> 192.168.22.99, 1
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: do query is: 'update serverports set
>>>>>> acctstatustype='Stop' where port=1 and substr(ipaddress
>>>>>> ,1,2)=substr('192.168.22.99',1,2)':
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with EAP: code 2, 0, 17
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Response type 1
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>>>> PEAP Challenge
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Access challenged for mfqadri at WIFI:
>>>>>> EAP PEAP Challenge
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
>>>>>> *** Sending to 192.168.22.99 port 1027 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 0
>>>>>> Authentic: t<222>l<137>U<156>Gj<17>}<7><170>\<152><7>k
>>>>>> Attributes:
>>>>>> EAP-Message = <1><1><0><6><25>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
>>>>>> *** Received from 192.168.22.99 port 1027 ....
>>>>>> Code: Access-Request
>>>>>> Identifier: 1
>>>>>> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>>>>>> Attributes:
>>>>>> Message-Authenticator =
>>>>>> <195><23><144>t<230><162><149><247><209><213>VZ<225>p"<150>
>>>>>> Service-Type = Framed-User
>>>>>> User-Name = "mfqadri at WIFI"
>>>>>> Framed-MTU = 1488
>>>>>> Called-Station-Id = "00-1E-58-A9-E7-3D:dlink"
>>>>>> Calling-Station-Id = "00-18-F8-2E-5B-B3"
>>>>>> NAS-Identifier = "D-Link Access Point"
>>>>>> NAS-Port-Type = Wireless-IEEE-802-11
>>>>>> Connect-Info = "CONNECT 54Mbps 802.11g"
>>>>>> EAP-Message =
>>>>>>
>>>>>>
>>>>>>
>>>>>> <2><1><0>P<25><128><0><0><0>F<22><3><1><0>A<1><0><0>=<3><1>JQ<207><214>2<240><204><224><133>i<193><132>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <176><26><198><23>h<251>B<23><191><3>;W]<160><162><154><232><187>*<154><0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6
>>>>>>>
>>>>>>> <0><19><0><18><0>c<1><0>
>>>>>>
>>>>>> NAS-IP-Address = 192.168.22.99
>>>>>> NAS-Port = 1
>>>>>> NAS-Port-Id = "STA port # 1"
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling request with Handler
>>>>>> 'Realm=WIFI'
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Deleting session for mfqadri at WIFI,
>>>>>> 192.168.22.99, 1
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: do query is: 'update serverports set
>>>>>> acctstatustype='Stop' where port=1 and substr(ipaddress
>>>>>> ,1,2)=substr('192.168.22.99',1,2)':
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with Radius::AuthFILE:
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Handling with EAP: code 2, 1, 80
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Response type 25
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: EAP TLS SSL_accept result: -1, 2,
>>>>>> 8576
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP
>>>>>> PEAP Challenge
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Access challenged for mfqadri at WIFI:
>>>>>> EAP PEAP Challenge
>>>>>> Mon Jul 6 16:17:10 2009: DEBUG: Packet dump:
>>>>>> *** Sending to 192.168.22.99 port 1027 ....
>>>>>> Code: Access-Challenge
>>>>>> Identifier: 1
>>>>>> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>>>>>> Attributes:
>>>>>> EAP-Message =
>>>>>>
>>>>>>
>>>>>>
>>>>>> <1><2><5><218><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>JQ<221>6<223>5C<192><254><128><222><250>
>>>>>> p<223>B<230><246><143>j8z<177><226>v<20><241><2><198><219><196>/<144>
>>>>>> <156><27>#<9><215>Qq<131>0q<182><196>(<23><147><159>3<2
>>>>>>
>>>>>>
>>>>>>
>>>>>> 11><178><178><159>U<158><1><251><142><154><27><212>A<144><139><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<
>>>>>>
>>>>>>
>>>>>>
>>>>>> 130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>>>>>> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>>>>>> production)1 0<30><6><9>*<134>H<134><247><13><1><9
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <1><22><17>mikem at open.com.au0<30><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
>>>>>> Test
>>>>>>
>>>>>>
>>>>>>
>>>>>> Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1>
>>>>>> EAP-Message =
>>>>>>
>>>>>>
>>>>>>
>>>>>> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/<241>.9<209><250>\y<1><149>[
>>>>>>
>>>>>>
>>>>>>
>>>>>> <215><24>e<133><15><223>d<176><132>Z<222>#<234><12>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19><2
>>>>>>
>>>>>>
>>>>>>
>>>>>> 47>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/<16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><
>>>>>>
>>>>>>
>>>>>>
>>>>>> 171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>+<233><135>0<212>Y<207><158>N<226><136
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <12><132><143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?<174><155><170><162><189><20>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <25>az<19>o<202><250>|B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<211><248>oba<
>>>>>> EAP-Message =
>>>>>>
>>>>>>
>>>>>>
>>>>>> JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13><152><154>T<218><8><2
>>>>>>
>>>>>>
>>>>>>
>>>>>> 46><202>.<177>9s*<220><219>n"Gu<188><254><206>U?<214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><162
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>>>>
>>>>>> Demo Certificates1!0<
>>>>>> 31><6><3>U<4><11><19><24>Test Certificate
>>>>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA
>>>>>> (do not
>>>>>> EAP-Message = use in production)1
>>>>>>
>>>>>>
>>>>>>
>>>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>0403
>>>>>>
>>>>>>
>>>>>>
>>>>>> 16080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3
>>>>>>>
>>>>>>> U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>>>>
>>>>>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Se
>>>>>> ction1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
>>>>>> EAP-Message = n)1
>>>>>>
>>>>>>
>>>>>>
>>>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><199><214
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <253>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> 145><138><143><136><127><230><<9>l<172><210><205><136><162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<22
>>>>>>
>>>>>>
>>>>>>
>>>>>> 1><252><168>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <1><163><130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
>>>>>>
>>>>>> Message-Authenticator =
>>>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>>> Mon Jul 6 16:17:13 2009: DEBUG: Packet dump:
>>>>>> *** Received from 192.168.22.99 port 1027 ....
>>>>>> Code: UNDEF
>>>>>> Identifier: 63
>>>>>> Authentic: <24>$E<6><21><190>v<143>f<173>(FYC<0>@
>>>>>> Attributes:
>>>>>> EAP-Message =
>>>>>>
>>>>>>
>>>>>>
>>>>>> <1><2><5><218><25><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>JQ<221>6<223>5C<192><254><128><222><250>
>>>>>> p<223>B<230><246><143>j8z<177><226>v<20><241><2><198><219><196>/<144>
>>>>>> <156><27>#<9><215>Qq<131>0q<182><196>(<23><147><159>3<2
>>>>>>
>>>>>>
>>>>>>
>>>>>> 11><178><178><159>U<158><1><251><142><154><27><212>A<144><139><0><4><0><22><3><1><7><27><11><0><7><23><0><7><20><0><2><209>0<
>>>>>>
>>>>>>
>>>>>>
>>>>>> 130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>>>> Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
>>>>>> EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
>>>>>> production)1 0<30><6><9>*<134>H<134><247><13><1><9
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <1><22><17>mikem at open.com.au0<30><23><13>040316080209Z<23><13>060316080209Z0u1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<24>0<22><6><3>U<4><10><19><15>My
>>>>>> Test Company1%0#<6><3>U<4><3>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1>
>>>>>> EAP-Message =
>>>>>>
>>>>>>
>>>>>>
>>>>>> <1><5><0><3><129><141><0>0<129><137><2><129><129><0><216>4<7><6><214><234>/<241>.9<209><250>\y<1><149>[
>>>>>>
>>>>>>
>>>>>>
>>>>>> <215><24>e<133><15><223>d<176><132>Z<222>#<234><12>%<133>aF<28><20><24><218><160><197><239><237><136><222><218><138><6><19><247>}*3B<155><24>TE<18><240><194><220><164><183>9<192><176>/<16>HI<220><169>vN<215>)<31><207><24><157><230>G<186>)<246>J<195><
>>>>>>
>>>>>>
>>>>>>
>>>>>> 171><154><249><220>v<17><159><2>x<29><136><148>:b<170><254><4><207><183><144><210><251>+<233><135>0<212>Y<207><158>N<226><136
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <12><132><143><250><182><218>W<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>n<23><196><159>c<165><188>>q<129>X<13>=l?<174><155><170><162><189><20>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <25>az<19>o<202><250>|B8N<209><225><253>?hv<170><193><235><2>b<16><201>}<250>,<181>q<154>%<182><29><179>p<211><248>oba<
>>>>>> EAP-Message =
>>>>>>
>>>>>>
>>>>>>
>>>>>> JP<13>p<12>+<154><199>1<16><208><138><21><141>'wrX<214>NUW<231><173><25>w<215><13><152><154>T<218><8><2
>>>>>>
>>>>>>
>>>>>>
>>>>>> 46><202>.<177>9s*<220><219>n"Gu<188><254><206>U?<214>)<181>I2^<157><225><174><232>2e<185>k<131><0><4>=0<130><4>90<130><3><162
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
>>>>>>
>>>>>> Demo Certificates1!0<
>>>>>> 31><6><3>U<4><11><19><24>Test Certificate
>>>>>> Section1/0-<6><3>U<4><3><19>&OSC Test CA
>>>>>> (do not
>>>>>> EAP-Message = use in production)1
>>>>>>
>>>>>>
>>>>>>
>>>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>0403
>>>>>>
>>>>>>
>>>>>>
>>>>>> 16080125Z<23><13>060316080125Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3
>>>>>>>
>>>>>>> U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo
>>>>>>
>>>>>> Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Se
>>>>>> ction1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
>>>>>> EAP-Message = n)1
>>>>>>
>>>>>>
>>>>>>
>>>>>> 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><204><181>%Q<192>7g0<140><153>0xg<240><152><248><199><214
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <253>W<7><220>|fd<163><137>%F<216><220><148><230><6><18>ie<144>'<244>P<8>DxJ<138>n<203>k8<164><239><179>H<237>K<182>mo<155><
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> 145><138><143><136><127><230><<9>l<172><210><205><136><162><29>)1<4><206><11>g<163><226>i@<206>o<210>,<185><173><234><3>^4<22
>>>>>>
>>>>>>
>>>>>>
>>>>>> 1><252><168>H<178><158><25><235><152><250>g<199><172><250>uSr<156><205>P<150>O<197><240>=a<255>_<209><12><163><0>U<2><3><1><0
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <1><163><130><1>+0<130><1>'0<29><6><3>U<29><14><4><22><4><20><23><2><196>#<233><210>F0D<173>f]r<193>H?
>>>>>>
>>>>>> Message-Authenticator =
>>>>>> <6>9<27><229><183><152>S<159><249><248><229>~1<253><136><135>
>>>>>> Mon Jul 6 16:17:13 2009: WARNING: Bad EAP Message-Authenticator
>>>>>> Mon Jul 6 16:17:13 2009: WARNING: Bad authenticator in request from
>>>>>> 192.168.22.99
>>>>>> (192.168.22.99)
>>>>>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 35 (vendor 311) is not
>>>>>> defined in
>>>>>> your dictionary
>>>>>> Mon Jul 6 16:17:14 2009: ERR: Attribute number 34 (vendor 311) is not
>>>>>> defined in
>>>>>> your dictionary
>>>>>> Mon Jul 6 16:17:14 2009: DEBUG: Packet dump:
>>>>>>
>>>>>> Looking forward for your reply.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Khurram Masood
>>>>>> khurram.groups at gmail.com
>>>>>> _______________________________________________
>>>>>> radiator mailing list
>>>>>> radiator at open.com.au
>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>
>>>>>
>>>>>
>>>>> NB:
>>>>>
>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>> Have you searched the mailing list archive
>>>>> (www.open.com.au/archives/radiator)?
>>>>> Have you had a quick look on Google (www.google.com)?
>>>>> Have you included a copy of your configuration file (no secrets),
>>>>> together with a trace 4 debug showing what is happening?
>>>>> Have you checked the RadiusExpert wiki:
>>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>>>
>>>>> --
>>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>> Includes support for reliable RADIUS transport (RadSec),
>>>>> and DIAMETER translation agent.
>>>>> -
>>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>>> flexible with hardware, software, platform and database independence.
>>>>> -
>>>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive
>>> (www.open.com.au/archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>> Have you checked the RadiusExpert wiki:
>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> Includes support for reliable RADIUS transport (RadSec),
>>> and DIAMETER translation agent.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>>
>>>
>>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
More information about the radiator
mailing list