[RADIATOR] EAP-PEAP problem

Hugh Irvine hugh at open.com.au
Thu Nov 12 14:59:15 CST 2009


Hello Colin -

Thanks for sending all of the relevant information.

The only thing that I can see in the configuration file and debug is that you specify TTLS first on your EAPType line in the outer Handler.

The debug shows an initial TTLS challenge which is refused by the supplicant which wants to do PEAP.

The PEAP processing proceeds correctly until the final MSCHAP-V2 challenge, after which nothing more is heard from the supplicant.

I think you will need to look at the supplicant and/or access point to see what is happening there.

regards

Hugh


On 12 Nov 2009, at 22:39, Colin Byelong wrote:

> Hello,
> 
> I have been trying to test EAP-PEAP access with AuthbyNTLM this is on a 
> ubuntu box running radiator 4.5
> We currently use EAP-TTLS with a pap innner and this still works but 
> PEAP is failing and im not sure why, heres the config:
> 
> #
> Foreground
> LogStdout
> LogDir /var/log/radius
> DbDir .
> #
> #Logfiles
> #
> <Log FILE>
>  Filename %L/radiator.%Y_%m_%d.log
>  LogIdent  log-file
>  Trace     4
> </Log>
> #
> #
> #
> #
> #Use port 1812 for Authentication
> AuthPort 1812,1645
> #Use port 1813 for accounting
> AcctPort 1813,1646
> Trace  4
> #
> #
> #
> #
> #Logging for users with no realm
> #
> AcctLogFileName %L/detail
> #
> <Client localhost>
>       Secret <REMOVED>
>       DupInterval 0
> </Client>
> #
> #
> #
> #
> #
> #
> #
> <Client DEFAULT>
>       Secret <REMOVED>
>        DupInterval 2
>       StatusServerShowClientDetails
>       IgnoreAcctSignature
> </Client>
> ### This is where we autneticate a PEAP inner request, which will be an EAP
> # request. The username of the inner request will be anonymous, although
> # the identity of the EAP request will be the real username we are
> # trying to authenticate.
> 
> #
> <Handler TunnelledByPEAP=1>
>        <AuthBy NTLM>
>                # The name of the ntlm_auth program, supplied with
>                # Samba. Defaults to '/usr/bin/ntlm_auth  
> --helper-protocol=ntlm-server-1'
>                # You can require that authenticated users belong to a 
> certain group with:
>                #NtlmAuthProg /usr/bin/ntlm_auth  
> --helper-protocol=ntlm-server-1 --require-membership-of=MyGroupName
>                # or you can specify that the NTLM authenticaiton 
> requests appear to come from a workstation with
>                # a specified name. This can be used to restrict 
> authentication for certain users by setting
>                # workstation requirements in their Windows user 
> configuration.
>                #NtlmAuthProg /usr/bin/ntlm_auth  
> --helper-protocol=ntlm-server-1 --workstation=MyWorkstationName
> 
>                # Specifies which Windows Domain is ALWAYS to be used to 
> authenticate
>                # users (even if they specify a different domain in 
> their username).
>                # Special characters are supported. Can be an Active
>                # directory domain or a Windows NT domain controller
>                # domain name
>                Domain UCLUSERS
> 
>                # Specifies the Windows Domain to use if the user does not
>                # specify a domain in their username.
>                # Special characters are supported. Can be an Active
>                # directory domain or a Windows NT domain controller
>                # domain name
>                #DefaultDomain
>                UsernameMatchesWithoutRealm
> 
>                # This tells the PEAP client what types of inner EAP 
> requests
>                # we will honour
>                EAPType MSCHAP-V2
> 
>        </AuthBy>
> </Handler>
> #
> #Handlers with authentication
> <Handler TunnelledByTTLS=1>
>   RewriteUsername   s/^([^@]+).*/$1/
>      RewriteUsername   tr/A-Z/a-z/
> 
>        <AuthBy LDAP2>
> #               Identifier  UCL
>               Host   uclusers-dc1.uclusers.ucl.ac.uk
> 
>               # Microsoft AD also listens on port 3268, and
>               # requests received on that port are reported to be
>               # more compliant with standfard LDAP, so you may want to use:
>               # Port 3268
> 
>               AuthDN cn=locindnet,ou=System 
> Users,dc=uclusers,dc=ucl,dc=ac,dc=uk
> #               AuthPassword    yourADadminpasswordhere
>               AuthPassword    <REMOVED>
>               BaseDN ou=departments,dc=uclusers,dc=ucl,dc=ac,dc=uk
>               ServerChecksPassword
>              EAPType MSCHAP-V2,TTLS,PAP,PEAP
>               UsernameAttr sAMAccountName
>              # EncryptedPasswordAttr sn
> #
> #                AuthAttrDef logonHours,MS-Login-Hours,check
> 
> 
> </AuthBy>
> #
> #
> AcctLogFileName   %L/ucl-detail.%m%y
> #
>  </Handler>
> #
> #EAPOUTER
> <Handler Realm=ucl.ac.uk, EAP-Message = /.+/>
> RewriteUsername   s/^([^@]+).*/$1/
>      RewriteUsername   tr/A-Z/a-z/
>          <AuthBy FILE>
>             Filename %D/users
>              EAPType TTLS,pap,PEAP,MSCHAP-V2
>              EAPTLS_CAFile %D/certs/sureserverEDU.pem
>              EAPTLS_CertificateFile %D/certs/orps.pem
>              EAPTLS_CertificateType PEM
>              EAPTLS_PrivateKeyFile %D/certs/server.key
>              EAPTLS_MaxFragmentSize 1500
>              AutoMPPEKeys
>              EAPTLS_PEAPVersion 0
>              EAPTLS_PEAPBrokenV1Label
>              EAPAnonymous anonymous
>            </AuthBy>
> 
> AcctLogFileName %L/eapout
> AccountingHandled
> </Handler>
> #
> <Handler Request-Type=Accounting-Request>
>    AcctLogFileName %L/accttest.log
>    AccountingHandled
> </Handler>
> #
> 
> 
> root at nwgdev-desktop:/var/log/radius# more radiator.2009_11_12.log
> Thu Nov 12 11:28:25 2009: ERR: Unknown keyword 'LogIdent' in 
> ./eduroam.cfg line 12
> Thu Nov 12 11:28:25 2009: ERR: Unknown keyword 'AcctLogFileName' in 
> ./eduroam.cfg line 30
> Thu Nov 12 11:28:25 2009: DEBUG: Finished reading configuration file 
> './eduroam.cfg'
> Thu Nov 12 11:28:25 2009: DEBUG: Reading dictionary file './dictionary'
> Thu Nov 12 11:28:25 2009: DEBUG: Creating authentication port 0.0.0.0:1812
> Thu Nov 12 11:28:25 2009: DEBUG: Creating authentication port 0.0.0.0:1645
> Thu Nov 12 11:28:25 2009: DEBUG: Creating accounting port 0.0.0.0:1813
> Thu Nov 12 11:28:25 2009: DEBUG: Creating accounting port 0.0.0.0:1646
> Thu Nov 12 11:28:25 2009: NOTICE: Server started: Radiator 4.5 on 
> nwgdev-desktop
> Thu Nov 12 11:35:24 2009: DEBUG: Packet dump:
> *** Received from 10.101.1.11 port 1645 ....
> Code:       Access-Request
> Identifier: 213
> Authentic:  <151>9<187>.<154><155>.&<160><240><229>|d<176><156>D
> Attributes:
>        User-Name = "ccaacrb at ucl.ac.uk"
>        Framed-MTU = 1400
>        Called-Station-Id = "0000.0c07.ac00"
>        Calling-Station-Id = "0015.afa6.0d8d"
>        Service-Type = Login-User
>        Message-Authenticator = 
> <20><27><24><194><239><158>`<148><192><236><169><250>(<138>.<185>
>        EAP-Message = <2><3><0><22><1>ccaacrb at ucl.ac.uk
>        NAS-Port-Type = Wireless-IEEE-802-11
>        NAS-Port = 7565083
>        NAS-IP-Address = 10.101.1.11
> 
> Thu Nov 12 11:35:24 2009: DEBUG: Handling request with Handler 
> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
> Thu Nov 12 11:35:24 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:24 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:24 2009: DEBUG:  Deleting session for 
> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
> Thu Nov 12 11:35:24 2009: DEBUG: Handling with Radius::AuthFILE:
> Thu Nov 12 11:35:24 2009: DEBUG: Handling with EAP: code 2, 3, 22, 1
> Thu Nov 12 11:35:24 2009: DEBUG: Response type 1
> Thu Nov 12 11:35:24 2009: DEBUG: EAP result: 3, EAP TTLS Challenge
> Thu Nov 12 11:35:24 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS 
> Challenge
> Thu Nov 12 11:35:24 2009: DEBUG: Access challenged for ccaacrb: EAP TTLS 
> Challenge
> Thu Nov 12 11:35:24 2009: DEBUG: Packet dump:
> *** Sending to 10.101.1.11 port 1645 ....
> Code:       Access-Challenge
> Identifier: 213
> Authentic:  
> <214><236><215><225><13><183>g<157><244><205><143>.<163>E<3><191>
> Attributes:
>        EAP-Message = <1><4><0><6><21>
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Thu Nov 12 11:35:24 2009: DEBUG: Packet dump:
> *** Received from 10.101.1.11 port 1645 ....
> Code:       Access-Request
> Identifier: 214
> Authentic:  p<161>y<25><28><216><150><236>'A<31>+{<248><177>`
> Attributes:
>        User-Name = "ccaacrb at ucl.ac.uk"
>        Framed-MTU = 1400
>        Called-Station-Id = "0000.0c07.ac00"
>        Calling-Station-Id = "0015.afa6.0d8d"
>        Service-Type = Login-User
>        Message-Authenticator = 
> I<158><17><2><179><12><134>!<141><167><4>=z9t<26>
>        EAP-Message = <2><4><0><6><3><25>
>        NAS-Port-Type = Wireless-IEEE-802-11
>        NAS-Port = 7565083
>        NAS-IP-Address = 10.101.1.11
> 
> Thu Nov 12 11:35:24 2009: DEBUG: Handling request with Handler 
> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
> Thu Nov 12 11:35:24 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:24 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:24 2009: DEBUG:  Deleting session for 
> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
> Thu Nov 12 11:35:24 2009: DEBUG: Handling with Radius::AuthFILE:
> Thu Nov 12 11:35:24 2009: DEBUG: Handling with EAP: code 2, 4, 6, 3
> Thu Nov 12 11:35:24 2009: DEBUG: Response type 3
> Thu Nov 12 11:35:24 2009: INFO: EAP Nak desires type 25
> Thu Nov 12 11:35:24 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Nov 12 11:35:24 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP 
> Challenge
> Thu Nov 12 11:35:24 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP 
> Challenge
> Thu Nov 12 11:35:24 2009: DEBUG: Packet dump:
> *** Sending to 10.101.1.11 port 1645 ....
> Code:       Access-Challenge
> Identifier: 214
> Authentic:  9<163><174>+<161><222>?A<24>/4<203><23><127><213><222>
> Attributes:
>        EAP-Message = <1><5><0><6><25>
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Received from 10.101.1.11 port 1645 ....
> Code:       Access-Request
> Identifier: 216
> Authentic:  <216>n<197><175>_<224>C<137>8/<220>'<246><206><188><22>
> Attributes:
>        User-Name = "ccaacrb at ucl.ac.uk"
>        Framed-MTU = 1400
>        Called-Station-Id = "0000.0c07.ac00"
>        Calling-Station-Id = "0015.afa6.0d8d"
>        Service-Type = Login-User
>        Message-Authenticator = 
> <198><170><165><251>I<136><174>A<132>tA&:<11><148><6>
>        EAP-Message = 
> <2><5><0>p<25><128><0><0><0>f<22><3><1><0>a<1><0><0>]<3><1>J<251><243><16><178><231><233><185><155>}<181><10><232>?ZN<18>6<1><238>.N<211><245>
>> <189>l<190><173>7<244><186> 
> tR<163>s<22>t<198><237><148><226>1<1><149><128>m<156><4>?vy<181>~i<135><16>q! 
> <227><4>h<185><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0>
> <3><0><6><0><19><0><18><0>c<1><0>
>        NAS-Port-Type = Wireless-IEEE-802-11
>        NAS-Port = 7565083
>        NAS-IP-Address = 10.101.1.11
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler 
> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG:  Deleting session for 
> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 5, 112, 25
> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
> Thu Nov 12 11:35:25 2009: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP 
> Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP 
> Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Sending to 10.101.1.11 port 1645 ....
> Code:       Access-Challenge
> Identifier: 216
> Authentic:  <221><215><19>z<221><182>`<14><192><235><147>K<182>_Z^
> Attributes:
>        EAP-Message = 
> <1><6><5><130><25><192><0><0><11>6<22><3><1><0>J<2><0><0>F<3><1>J<251><242><253><1>7<184><21><200><11><233><212>/o<128><219><130><202>~<127><1
> 29>~<145>jeQ<29><148>/<151><172><14> 
> <156>E<202><131>:<250>r<177>P<10><222>B<148><228><253>f/G<247><143><157><196><220><199><238><2><234>Loe<212>d<0><4><0><22><3><1
>> <10><217><11><0><10><213><0><10><210><0><4>%0<130><4>!0<130><3><9><160><3><2><1><2><2><11><1><0><0><0><0><1><27>2<5><158><181>0<13><6><9>*<134>H<134><247><13><1><1
>> <5><5><0>0_1<11>0<9><6><3>U<4><6><19><2>BE1<19>0<17><6><3>U<4><10><19><10>Cybertrust1<23>0<21><6><3>U<4><11><19><14>Educational 
> CA1"0 <6><3>U<4><3><19><25>Cybertru
> st Educational CA0<30><23><13>0807171
>        EAP-Message = 
> 71601Z<23><13>110717171601Z0N1<11>0<9><6><3>U<4><6><19><2>GB1"0 
> <6><3>U<4><10><19><25>University College 
> London1<27>0<25><6><3>U<4><3><19><18>
> orps.jrs.ucl.ac.uk0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><194><171>:B<129>[<175><194>.Y<148><187><233>
> :<169>-<171>2^<11><158><231><1>IGD<211>hA<179><22>YP>v<175><187><10><168>3,<204>h<234>8<170>4O<214><247>=<234><139>8<165><157><249><199>l<220><253>)<155><167>E<133>
> <24><233><220><172><21><250><156>z<199>S<231><231><3><2><222><129><171>H<218>QT<253>E%<223>4<248><250><144><23><7><217>lN<233><22><0>W<237><223>`<210>]<153><7><161>
> <180>9<215>lG<231><183><1>O<211>m
>        EAP-Message = 
> t<217>H<141><133><2><3><1><0><1><163><130><1>q0<130><1>m0P<6><3>U<29> 
> <4>I0G0E<6><7>*<134>H<177>><1><0>0:08<6><8>+<6><1><5><5><7><2><1><22>,ht
> tp://www.globalsign.net/repository/cps.cfm0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><160>0<31><6><3>U<29>#<4><24>0<22><128><20>ee<163>=<215>;<17><163><10><7>%7<
> 201>BJ[vwP<225>0<29><6><3>U<29><14><4><22><4><20>hT<230><199><27>#<6><250>(vS<8><180>s"F<192><226><17><157>0:<6><3>U<29><31><4>3010/<160>-<160>+<134>)http://crl.glo
> balsign.net/educational.crl0O<6><8>+<6><1><5><5><7><1><1><4>
>        EAP-Message = 
> C0A0?<6><8>+<6><1><5><5><7>0<2><134>3http://secure.globalsign.net/cacert/educational.crt0<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3>
> <1><6><8>+<6><1><5><5><7><3><2>0<29><6><3>U<29><17><4><22>0<20><130><18>orps.jrs.ucl.ac.uk0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>(z)N<157><
> 187><211><160>.<4>m<0><22><14><27><244>G<195><237><11>0<191><206><180><170><147><250><162><171><214>&<128><240><210>=<214><166>!<12><225><242><253><172><158><234><2
> 46><142><161><25><165><201><232><238>UV<162>h~F<185><205>q\Z<148>#<137><136><179><198><174><193><5>|5q<189>Q5<171><28>n<139>k<199>iG<199><130><199><27>M<182>v<174><
> 163><148><226><240><223>r<148>A
>        EAP-Message = 
> <143>&<145><10>j<200><7><246><<174>3#<156><225><8>~(}o 
> <250><148><4><242><163><242><196>X<221><9>co<213><25><23><222><216><24><240>[<147>[<181
>> q<248>}<179><181>w<205><<128>9>7<128><8><235><160>x*<206><182>%<220><240><12><19>_<179><167><234>!<202>+<199>F<31><252>a<226>+<156><178>X<167><225>n;<209><230><252
>> T<25>^/(<246><226>$<160>.<172>To<175>9<168><3><160>5pPa<13><169><144>Z<136><164>C<240>5Nc<17><205>jc<9><248>$5<187><4>H|<239>q<179><241>mfNi!\<210>i)b<178><203><0>
> <4>F0<130><4>B0<130><3><171><160><3><2><1><2><2><4><4><0><3><251>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0u1<11>0<9><6><3>U<4><6><19><2>US1<24>0<22><6><3>U<4
>> <10><19><15>GTE Corporation1'0%<6><3>U<4><11><19><30>GTE CyberTr
>        EAP-Message = ust Solutions, Inc.1#0!<6><3>U<4><3><19><26>GTE 
> CyberTrust Global 
> Root0<30><23><13>060314203000Z<23><13>130314235900Z0_1<11>0<9><6><3>U<4><6><
> 19><2>BE1<19>0<17><6><3>U<4><10><19><10>Cybertrust1<23>0<21><6><3>U<4><11><19><14>Educationa
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Received from 10.101.1.11 port 1645 ....
> Code:       Access-Request
> Identifier: 220
> Authentic:  }<140><239><252><30><155><140><27>IZ<216>_k56<232>
> Attributes:
>        User-Name = "ccaacrb at ucl.ac.uk"
>        Framed-MTU = 1400
>        Called-Station-Id = "0000.0c07.ac00"
>        Calling-Station-Id = "0015.afa6.0d8d"
>        Service-Type = Login-User
>        Message-Authenticator = ]KkUf<176>L<194><175><234>)+-<139><0>D
>        EAP-Message = <2><6><0><6><25><0>
>        NAS-Port-Type = Wireless-IEEE-802-11
>        NAS-Port = 7565083
>        NAS-IP-Address = 10.101.1.11
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler 
> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG:  Deleting session for 
> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 6, 6, 25
> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP 
> Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP 
> Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Sending to 10.101.1.11 port 1645 ....
> Code:       Access-Challenge
> Identifier: 220
> Authentic:  QT<203>#<165><252>Y<230>a<164><154>7<193><28>p<165>
> Attributes:
>        EAP-Message = <1><7><5>~<25>@l CA1"0 
> <6><3>U<4><3><19><25>Cybertrust Educational 
> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><
> 0>0<130><1><10><2><130><1><1><0><149>"<161><16><29>JF`n<5><145><155><223><131><194><237><18><178>Z|<248><171><225><248>P\(,~~<0>8<147><176><139>J<241><194>L<<16>,<<
> 239><176><236><161>i/<185><252><204><8><20>k<141>O<24><243><131><210><250><169>7<8> 
> <170>\<170><128>`<162><213><165>"<0><207>Z<229><180><151><223><186><30><190>\<14
> 2><23><25>f<253><175><159>|{<137><178><14>$<216><199><171>c<196><149>2<141>H<230>cY}<4><184>3<168><189><215>]d<188>c<181><247>M(<253><249><6>r1\<186>E<148>e<163><21
> 0><180>X<236>;aXD<163>/b<179><155><128><180><130><253><213><199><204>Q%<229><149>?G/0{<172><200>xn<226><225>m'
>        EAP-Message = 
> <235>=<204><1><130><232>5w<141><171>X<187>U<209><213><164><129>V<141><28><208><20><177><176><6><222><160><145>"<243><240><168>4<23>G<198><224>
>> <246><12>Z<172>~PK<205><225>in<6><252><6>~jM<180><149><153><160>Y\5f<236><217>I<212><23><224>`<176>]<165><215><26><226>*nf<242><175><29><2><3><1><0><1><163><130><1
>> o0<130><1>k0E<6><3>U<29><31><4>>0<0:<160>8<160>6<134>4http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0<29><6><3>U<29><14><4><22><4><20>ee<163>=<215>;<17><163>
> <10><7>%7<201>BJ[vwP<225>0S<6><3>U<29> 
> <4>L0J0H<6><9>+<6><1><4><1><177>><1><0>0;09<6><8>+<6><1><5><5><7><2><1><22>-http://www.publi
>        EAP-Message = 
> c-trust.com/CPS/OmniRoot.html0<129><137><6><3>U<29>#<4><129><129>0<127><161>y<164>w0u1<11>0<9><6><3>U<4><6><19><2>US1<24>0<22><6><3>U<4><10><1
> 9><15>GTE Corporation1'0%<6><3>U<4><11><19><30>GTE CyberTrust Solutions, 
> Inc.1#0!<6><3>U<4><3><19><26>GTE CyberTrust Global 
> Root<130><2><1><165>0<14><6><3>U<29><15>
> <1><1><255><4><4><3><2><1><6>0<18><6><3>U<29><19><1><1><255><4><8>0<6><1><1><255><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>C<179>E<131
>> Tq<196><31><220><178><kN<191>&<242>N<242><173><154>[<250><134>7<136><232><20>lA
>        EAP-Message = 
> <24>B_<239>e><235><3>w<160><183><158>uzQ|<187><21>[<184><175><145><160>4<146>S<237><127>*I<132><172><185><128>K<181><199><178>#"<251><235><216
>> <251>n<201><<243><210><209><187><190><201><28><255>m<1><219>i<128><14><153><165><234><158>{<151><152><143><183><207>"<156><179><184>]<229><169>3<23>t<198><151>7<15
>> <180><233>&<130>_a<11>?<30>=d<233>+<155><0><2>^0<130><2>Z0<130><1><195><2><2><1><165>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0u1<11>0<9><6><3>U<4><6><19><2>
> US1<24>0<22><6><3>U<4><10><19><15>GTE 
> Corporation1'0%<6><3>U<4><11><19><30>GTE CyberTrust Solutions, 
> Inc.1#0!<6><3>U<4><3><19><26>GTE CyberTrust Global Root0<30><23
>> <13>9
>        EAP-Message = 
> 80813002900Z<23><13>180813235900Z0u1<11>0<9><6><3>U<4><6><19><2>US1<24>0<22><6><3>U<4><10><19><15>GTE 
> Corporation1'0%<6><3>U<4><11><19><30>GTE
> CyberTrust Solutions, Inc.1#0!<6><3>U<4><3><19><26>GTE CyberTrust 
> Global 
> Root0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><
> 2><129><129><0><149><15><160><182><240>P<156><232>z<199><136><205><221><23><14>.<176><148><208><27>=<14><246><148><192><138><148><199><6><200><144><151><200><184>d<
> 26>z~l<S<225>7(s`<127><178><151>S<7><159>S<249>mX<148><210><175><141>m<136>g<128><230><237><178><149><207>r1<202><165><28>r<186>\<2>
>        EAP-Message = 
> <231>dB<231><249><169>,<214>:<13><172><141>B<170>$<1>9<230><156>?<1><133>W<13>X<135>E<248><211><133><170><147>i&<133>pH<128>?<18><21><199>y<18
> 0><31><5>/;b<153><2><3><1><0><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>m<235><27><9><233>^<217>Q<219>g"a<164>*<Hw<227><160>|<166><222>s<162>
> <20><3><133>=<251><171><14>0<197><131><22>3<129><19><8><158>{4N<223>@<200>t<215><185>}<220><244>vU}<155>cT<24><233><240><234><243>\<177><217><139>
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Received from 10.101.1.11 port 1645 ....
> Code:       Access-Request
> Identifier: 221
> Authentic:  
> <171><253><25><130><137><247><159>9<241><13><200><28><163>Rz<134>
> Attributes:
>        User-Name = "ccaacrb at ucl.ac.uk"
>        Framed-MTU = 1400
>        Called-Station-Id = "0000.0c07.ac00"
>        Calling-Station-Id = "0015.afa6.0d8d"
>        Service-Type = Login-User
>        Message-Authenticator = 
> <130><2><219>0<10>Cu<130><160><24><160>c<155><194><146><185>
>        EAP-Message = <2><7><0><6><25><0>
>        NAS-Port-Type = Wireless-IEEE-802-11
>        NAS-Port = 7565083
>        NAS-IP-Address = 10.101.1.11
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler 
> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG:  Deleting session for 
> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 7, 6, 25
> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP 
> Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP 
> Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Sending to 10.101.1.11 port 1645 ....
> Code:       Access-Challenge
> Identifier: 221
> Authentic:  <235><24><151><11>7<8><231>f<1><175><151>"<170><220><181><227>
> Attributes:
>        EAP-Message = 
> <1><8><0>L<25><0>B<30><185><192><149>N<186><250><213><226>|<245>ha<191><142><236><5><151>_[<176><215><163><133>4<196>$<167><13><15><149><147><
> 239><203><148><216><158><31><157>\<133>m<199><170><174>O<31>"<181><205><149><173><186><167><204><249><171><11>z<127><22><3><1><0><4><14><0><0><0>
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Received from 10.101.1.11 port 1645 ....
> Code:       Access-Request
> Identifier: 223
> Authentic:  }<150><<212><169><232><129><183>4J<163><133><214><165><140><225>
> Attributes:
>        User-Name = "ccaacrb at ucl.ac.uk"
>        Framed-MTU = 1400
>        Called-Station-Id = "0000.0c07.ac00"
>        Calling-Station-Id = "0015.afa6.0d8d"
>        Service-Type = Login-User
>        Message-Authenticator = <193><137><192>Z<191><193>qx<249>c+q<|,$
>        EAP-Message = 
> <2><8><0><192><25><128><0><0><0><182><22><3><1><0><134><16><0><0><130><0><128>/<139><242><169><132>q<16>q<127><224><146>J<183>$<12>Kp<249>9&<4
>> <237>P<155><142><254><209>Q<<3>><12><222>}<146><212><222>?<175><244>s<19>F<24>mk<205><198><19>$<<231><228><138>g<131><252><163><211><230><192><2><221><184>b<8><242
>> <5><13>s<180><219><241><16>{<142><146><23>%8<189><242><uX<247><209><211><210><220><246><216>}g<206><162>_<159><248>3<7>9<235><220><220>B*<24>@<153><237><221>d<2>BD
> J<226>x<17><165>*<164><193>A<198>{<148><20><3><1><0><1><1><22><3><1><0> 
> <218>M<148><12>Saz>](;<29>HI<31><198><170>2<128><223><190><11><21><157>Y<230><236><29><218>(
> <216><26>
>        NAS-Port-Type = Wireless-IEEE-802-11
>        NAS-Port = 7565083
>        NAS-IP-Address = 10.101.1.11
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler 
> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG:  Deleting session for 
> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 8, 192, 25
> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
> Thu Nov 12 11:35:25 2009: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP 
> Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP 
> Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Sending to 10.101.1.11 port 1645 ....
> Code:       Access-Challenge
> Identifier: 223
> Authentic:  <10><144><14>)<161>t<163><221>|<221><26><231>?<28><135><236>
> Attributes:
>        EAP-Message = 
> <1><9><0>5<25><128><0><0><0>+<20><3><1><0><1><1><22><3><1><0> 
> U9<168><252>=adB<161><254><10><191><7><227><239><228>y<195>@<221><146><134>vK<23
> 8>kR<181>F<219>s7
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Received from 10.101.1.11 port 1645 ....
> Code:       Access-Request
> Identifier: 226
> Authentic:  <180>P<143>.<234>z?<160>~G<151><192><202><144><214><23>
> Attributes:
>        User-Name = "ccaacrb at ucl.ac.uk"
>        Framed-MTU = 1400
>        Called-Station-Id = "0000.0c07.ac00"
>        Calling-Station-Id = "0015.afa6.0d8d"
>        Service-Type = Login-User
>        Message-Authenticator = 
> qE[<211><23><142><155><158><0><185><210>{<5><13><131>c
>        EAP-Message = <2><9><0><6><25><0>
>        NAS-Port-Type = Wireless-IEEE-802-11
>        NAS-Port = 7565083
>        NAS-IP-Address = 10.101.1.11
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler 
> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG:  Deleting session for 
> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 9, 6, 25
> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP 
> Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP 
> Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Sending to 10.101.1.11 port 1645 ....
> Code:       Access-Challenge
> Identifier: 226
> Authentic:  <174>_'<171><202><176>TB<138><224><184><223><169>H<252>?
> Attributes:
>        EAP-Message = 
> <1><10><0><28><25><0><23><3><1><0><17>m8<128><222><169><187><159><29><133>S<167><174><137><214><171><14>R
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Received from 10.101.1.11 port 1645 ....
> Code:       Access-Request
> Identifier: 227
> Authentic:  C<233>k<127>B<181>5M<16><10>f8<208><154>J<194>
> Attributes:
>        User-Name = "ccaacrb at ucl.ac.uk"
>        Framed-MTU = 1400
>        Called-Station-Id = "0000.0c07.ac00"
>        Calling-Station-Id = "0015.afa6.0d8d"
>        Service-Type = Login-User
>        Message-Authenticator = 
> <208><220>+Vn7<146>4<188><233><226>~<193><169><130><235>
>        EAP-Message = 
> <2><10><0>-<25><0><23><3><1><0>"<204>H<247><191><157><134><204><9>f<237>cc<134>1/<220><183>-<152><166><27><23>I<152><140><235>F@<9>><234><246>
> !0
>        NAS-Port-Type = Wireless-IEEE-802-11
>        NAS-Port = 7565083
>        NAS-IP-Address = 10.101.1.11
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler 
> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG:  Deleting session for 
> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 10, 45, 25
> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
> Thu Nov 12 11:35:25 2009: DEBUG: EAP PEAP inner authentication request 
> for anonymous
> Thu Nov 12 11:35:25 2009: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <181><136><11>3a<209><155><144>zC<221>5WQ<152>d
> Attributes:
>        EAP-Message = <2><10><0><18><1>ccaacrb at ucl.ac.uk
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>        NAS-IP-Address = 10.101.1.11
>        NAS-Port = 7565083
>        Calling-Station-Id = "0015.afa6.0d8d"
>        User-Name = "anonymous"
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler 
> 'TunnelledByPEAP=1'
> Thu Nov 12 11:35:25 2009: DEBUG:  Deleting session for anonymous, 
> 10.101.1.11, 7565083
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthNTLM:
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 10, 18, 1
> Thu Nov 12 11:35:25 2009: DEBUG: Response type 1
> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy NTLM result: CHALLENGE, EAP 
> MSCHAP-V2 Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for anonymous: EAP 
> MSCHAP-V2 Challenge
> Thu Nov 12 11:35:25 2009: DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Challenge
> Identifier: UNDEF
> Authentic:  <181><136><11>3a<209><155><144>zC<221>5WQ<152>d
> Attributes:
>        EAP-Message = 
> <1><11><0>(<26><1><11><0>#<16><18><157><231>Q<227>T<216><145>!<172><163><144><165><174>Fsnwgdev-desktop
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP inner 
> authentication redispatched to a Handler
> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP 
> inner authentication redispatched to a Handler
> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP 
> inner authentication redispatched to a Handler
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Sending to 10.101.1.11 port 1645 ....
> Code:       Access-Challenge
> Identifier: 227
> Authentic:  <187><128>ot<179>9M<200><13>6|<14>X<202><161>c
> Attributes:
>        EAP-Message = 
> <1><11><0>?<25><0><23><3><1><0>4<162><235><231><243><5><7>qF.<168><i<7>F<170>g<29><255><217><174><9><199>6<214><188><233><23><212><128><157>z<
> 151><22>0B$<26><150>f<13>N<172><237><207><230>y#<224><145><184><248>C
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Received from 10.101.1.11 port 1645 ....
> Code:       Access-Request
> Identifier: 230
> Authentic:  <16>r<5>nZ`Up=<144><10><225><28><13>J<9>
> Attributes:
>        User-Name = "ccaacrb at ucl.ac.uk"
>        Framed-MTU = 1400
>        Called-Station-Id = "0000.0c07.ac00"
>        Calling-Station-Id = "0015.afa6.0d8d"
>        Service-Type = Login-User
>        Message-Authenticator = 
> <13><136><159><235>7~<196>X<180><206><245>)|0`~
>        EAP-Message = 
> <2><11><0>c<25><0><23><3><1><0>X<225><151><233><205><244><16><248><214>[<164><137>t<233><144>b<207><249><149>u<234><167><243><176><143><205>&<
> 249><218><212><156>><208>u0C.<206><241><25><174><175><177>R_!<198><175>9<147>:P<21>#<213><227><8><188><211><240><244><128>[<9><185> 
> <169><29>s<207><136>04C<196>O`<2
> 8><171><157><165><254>s<198>U<22><25><134>i
>        NAS-Port-Type = Wireless-IEEE-802-11
>        NAS-Port = 7565083
>        NAS-IP-Address = 10.101.1.11
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler 
> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
> Thu Nov 12 11:35:25 2009: DEBUG:  Deleting session for 
> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 11, 99, 25
> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
> Thu Nov 12 11:35:25 2009: DEBUG: EAP PEAP inner authentication request 
> for anonymous
> Thu Nov 12 11:35:25 2009: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <237><12><173><229><218><226><19>v<28><232>{<194><154>;<156>P
> Attributes:
>        EAP-Message = 
> <2><11><0>H<26><2><11><0>G1<215><253><194><234>:!<151><154><143><213>{<147><255>"<177><131><0><0><0><0><0><0><0><0><0><18>&<11><21><250><173><
> 195>g<139><209>9b@<251>h<232><240><5>cW<235>cR<0>ccaacrb at ucl.ac.uk
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>        NAS-IP-Address = 10.101.1.11
>        NAS-Port = 7565083
>        Calling-Station-Id = "0015.afa6.0d8d"
>        User-Name = "anonymous"
> 
> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler 
> 'TunnelledByPEAP=1'
> Thu Nov 12 11:35:25 2009: DEBUG:  Deleting session for anonymous, 
> 10.101.1.11, 7565083
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthNTLM:
> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 11, 72, 26
> Thu Nov 12 11:35:25 2009: DEBUG: Response type 26
> Thu Nov 12 11:35:25 2009: DEBUG: Radius::AuthNTLM looks for match with 
> ccaacrb [anonymous]
> Thu Nov 12 11:35:25 2009: DEBUG: Radius::AuthNTLM ACCEPT: : ccaacrb 
> [anonymous]
> Thu Nov 12 11:35:25 2009: INFO: Starting NtlmAuthProg: 
> /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute 
> Request-User-Session-Key: Yes
> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute 
> Request-LanMan-Session-Key: Yes
> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute LANMAN-Challenge: 
> 8a03d805dce6b2df
> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute NT-Response: 
> 0012260b15faadc3678bd1396240fb68e8f0056357eb6352
> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute NT-Domain:: VUNMVVNFUlM=
> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute Username:: Y2NhYWNyYg==
> Thu Nov 12 11:35:25 2009: DEBUG: Received attribute: Authenticated: Yes
> Thu Nov 12 11:35:25 2009: DEBUG: Received attribute: LANMAN-Session-Key: 
> E928F849BA704AB3
> Thu Nov 12 11:35:25 2009: DEBUG: Received attribute: User-Session-Key: 
> A223F0B2DD3F19A3F4C41D9C7EAB80B5
> Thu Nov 12 11:35:25 2009: DEBUG: Received attribute: .
> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP MSCHAP V2 Challenge: 
> Success
> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy NTLM result: CHALLENGE, EAP 
> MSCHAP V2 Challenge: Success
> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for anonymous: EAP 
> MSCHAP V2 Challenge: Success
> Thu Nov 12 11:35:25 2009: DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Challenge
> Identifier: UNDEF
> Authentic:  <237><12><173><229><218><226><19>v<28><232>{<194><154>;<156>P
> Attributes:
>        EAP-Message = 
> <1><12><0>=<26><3><11><0>8S=50CD2DE6C1810F6C092C4BADD9C0E567567D077C 
> M=success
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP inner 
> authentication redispatched to a Handler
> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP 
> inner authentication redispatched to a Handler
> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP 
> inner authentication redispatched to a Handler
> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
> *** Sending to 10.101.1.11 port 1645 ....
> Code:       Access-Challenge
> Identifier: 230
> Authentic:  B<220><27><243><174>Lb<139>hT<150>c<175><172><230><0>
> Attributes:
>        EAP-Message = 
> <1><12><0>T<25><0><23><3><1><0>I<141><186>3<217><21><173><255><173>c<216><169><242><221><223><23><128><127><140>x<6><233><196><148>5<228><135>
> <185>N<231>r<6><218><15>X4a<4>u<186>A<219>rB[<13>I<152>lp<25>.<223><255><168>.<177><211><141>4<159>!F<241><21>X<240><137><210>O<153>(&<230>
>        Message-Authenticator = 
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> This is where it stops.
> 
> 
> Thanks for any help
> 
> Colin
> 
> -- 
> -----------------------------------------------------------------------
> 
> 
> Colin Byelong                             Email: C.Byelong at ucl.ac.uk
> Senior Network Development Officer
> Network Group
> Information Systems Division
> University College London
> Gower Street                              Phone: 020 7679-2572
> London WC1E 6BT
> ------------------------------------------------------------------------
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.




More information about the radiator mailing list