[RADIATOR] EAP-PEAP problem
Colin Byelong
c.byelong at ucl.ac.uk
Fri Nov 13 03:01:42 CST 2009
Hello Hugh,
Thanks for the help as this is a test box I will try removing TTLS in
the outer handler and look in the Access point as you suggest.
Thanks
Colin
> Hello Colin -
>
> Thanks for sending all of the relevant information.
>
> The only thing that I can see in the configuration file and debug is that you specify TTLS first on your EAPType line in the outer Handler.
>
> The debug shows an initial TTLS challenge which is refused by the supplicant which wants to do PEAP.
>
> The PEAP processing proceeds correctly until the final MSCHAP-V2 challenge, after which nothing more is heard from the supplicant.
>
> I think you will need to look at the supplicant and/or access point to see what is happening there.
>
> regards
>
> Hugh
>
>
> On 12 Nov 2009, at 22:39, Colin Byelong wrote:
>
>
>> Hello,
>>
>> I have been trying to test EAP-PEAP access with AuthbyNTLM this is on a
>> ubuntu box running radiator 4.5
>> We currently use EAP-TTLS with a pap innner and this still works but
>> PEAP is failing and im not sure why, heres the config:
>>
>> #
>> Foreground
>> LogStdout
>> LogDir /var/log/radius
>> DbDir .
>> #
>> #Logfiles
>> #
>> <Log FILE>
>> Filename %L/radiator.%Y_%m_%d.log
>> LogIdent log-file
>> Trace 4
>> </Log>
>> #
>> #
>> #
>> #
>> #Use port 1812 for Authentication
>> AuthPort 1812,1645
>> #Use port 1813 for accounting
>> AcctPort 1813,1646
>> Trace 4
>> #
>> #
>> #
>> #
>> #Logging for users with no realm
>> #
>> AcctLogFileName %L/detail
>> #
>> <Client localhost>
>> Secret <REMOVED>
>> DupInterval 0
>> </Client>
>> #
>> #
>> #
>> #
>> #
>> #
>> #
>> <Client DEFAULT>
>> Secret <REMOVED>
>> DupInterval 2
>> StatusServerShowClientDetails
>> IgnoreAcctSignature
>> </Client>
>> ### This is where we autneticate a PEAP inner request, which will be an EAP
>> # request. The username of the inner request will be anonymous, although
>> # the identity of the EAP request will be the real username we are
>> # trying to authenticate.
>>
>> #
>> <Handler TunnelledByPEAP=1>
>> <AuthBy NTLM>
>> # The name of the ntlm_auth program, supplied with
>> # Samba. Defaults to '/usr/bin/ntlm_auth
>> --helper-protocol=ntlm-server-1'
>> # You can require that authenticated users belong to a
>> certain group with:
>> #NtlmAuthProg /usr/bin/ntlm_auth
>> --helper-protocol=ntlm-server-1 --require-membership-of=MyGroupName
>> # or you can specify that the NTLM authenticaiton
>> requests appear to come from a workstation with
>> # a specified name. This can be used to restrict
>> authentication for certain users by setting
>> # workstation requirements in their Windows user
>> configuration.
>> #NtlmAuthProg /usr/bin/ntlm_auth
>> --helper-protocol=ntlm-server-1 --workstation=MyWorkstationName
>>
>> # Specifies which Windows Domain is ALWAYS to be used to
>> authenticate
>> # users (even if they specify a different domain in
>> their username).
>> # Special characters are supported. Can be an Active
>> # directory domain or a Windows NT domain controller
>> # domain name
>> Domain UCLUSERS
>>
>> # Specifies the Windows Domain to use if the user does not
>> # specify a domain in their username.
>> # Special characters are supported. Can be an Active
>> # directory domain or a Windows NT domain controller
>> # domain name
>> #DefaultDomain
>> UsernameMatchesWithoutRealm
>>
>> # This tells the PEAP client what types of inner EAP
>> requests
>> # we will honour
>> EAPType MSCHAP-V2
>>
>> </AuthBy>
>> </Handler>
>> #
>> #Handlers with authentication
>> <Handler TunnelledByTTLS=1>
>> RewriteUsername s/^([^@]+).*/$1/
>> RewriteUsername tr/A-Z/a-z/
>>
>> <AuthBy LDAP2>
>> # Identifier UCL
>> Host uclusers-dc1.uclusers.ucl.ac.uk
>>
>> # Microsoft AD also listens on port 3268, and
>> # requests received on that port are reported to be
>> # more compliant with standfard LDAP, so you may want to use:
>> # Port 3268
>>
>> AuthDN cn=locindnet,ou=System
>> Users,dc=uclusers,dc=ucl,dc=ac,dc=uk
>> # AuthPassword yourADadminpasswordhere
>> AuthPassword <REMOVED>
>> BaseDN ou=departments,dc=uclusers,dc=ucl,dc=ac,dc=uk
>> ServerChecksPassword
>> EAPType MSCHAP-V2,TTLS,PAP,PEAP
>> UsernameAttr sAMAccountName
>> # EncryptedPasswordAttr sn
>> #
>> # AuthAttrDef logonHours,MS-Login-Hours,check
>>
>>
>> </AuthBy>
>> #
>> #
>> AcctLogFileName %L/ucl-detail.%m%y
>> #
>> </Handler>
>> #
>> #EAPOUTER
>> <Handler Realm=ucl.ac.uk, EAP-Message = /.+/>
>> RewriteUsername s/^([^@]+).*/$1/
>> RewriteUsername tr/A-Z/a-z/
>> <AuthBy FILE>
>> Filename %D/users
>> EAPType TTLS,pap,PEAP,MSCHAP-V2
>> EAPTLS_CAFile %D/certs/sureserverEDU.pem
>> EAPTLS_CertificateFile %D/certs/orps.pem
>> EAPTLS_CertificateType PEM
>> EAPTLS_PrivateKeyFile %D/certs/server.key
>> EAPTLS_MaxFragmentSize 1500
>> AutoMPPEKeys
>> EAPTLS_PEAPVersion 0
>> EAPTLS_PEAPBrokenV1Label
>> EAPAnonymous anonymous
>> </AuthBy>
>>
>> AcctLogFileName %L/eapout
>> AccountingHandled
>> </Handler>
>> #
>> <Handler Request-Type=Accounting-Request>
>> AcctLogFileName %L/accttest.log
>> AccountingHandled
>> </Handler>
>> #
>>
>>
>> root at nwgdev-desktop:/var/log/radius# more radiator.2009_11_12.log
>> Thu Nov 12 11:28:25 2009: ERR: Unknown keyword 'LogIdent' in
>> ./eduroam.cfg line 12
>> Thu Nov 12 11:28:25 2009: ERR: Unknown keyword 'AcctLogFileName' in
>> ./eduroam.cfg line 30
>> Thu Nov 12 11:28:25 2009: DEBUG: Finished reading configuration file
>> './eduroam.cfg'
>> Thu Nov 12 11:28:25 2009: DEBUG: Reading dictionary file './dictionary'
>> Thu Nov 12 11:28:25 2009: DEBUG: Creating authentication port 0.0.0.0:1812
>> Thu Nov 12 11:28:25 2009: DEBUG: Creating authentication port 0.0.0.0:1645
>> Thu Nov 12 11:28:25 2009: DEBUG: Creating accounting port 0.0.0.0:1813
>> Thu Nov 12 11:28:25 2009: DEBUG: Creating accounting port 0.0.0.0:1646
>> Thu Nov 12 11:28:25 2009: NOTICE: Server started: Radiator 4.5 on
>> nwgdev-desktop
>> Thu Nov 12 11:35:24 2009: DEBUG: Packet dump:
>> *** Received from 10.101.1.11 port 1645 ....
>> Code: Access-Request
>> Identifier: 213
>> Authentic: <151>9<187>.<154><155>.&<160><240><229>|d<176><156>D
>> Attributes:
>> User-Name = "ccaacrb at ucl.ac.uk"
>> Framed-MTU = 1400
>> Called-Station-Id = "0000.0c07.ac00"
>> Calling-Station-Id = "0015.afa6.0d8d"
>> Service-Type = Login-User
>> Message-Authenticator =
>> <20><27><24><194><239><158>`<148><192><236><169><250>(<138>.<185>
>> EAP-Message = <2><3><0><22><1>ccaacrb at ucl.ac.uk
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 7565083
>> NAS-IP-Address = 10.101.1.11
>>
>> Thu Nov 12 11:35:24 2009: DEBUG: Handling request with Handler
>> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
>> Thu Nov 12 11:35:24 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:24 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:24 2009: DEBUG: Deleting session for
>> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
>> Thu Nov 12 11:35:24 2009: DEBUG: Handling with Radius::AuthFILE:
>> Thu Nov 12 11:35:24 2009: DEBUG: Handling with EAP: code 2, 3, 22, 1
>> Thu Nov 12 11:35:24 2009: DEBUG: Response type 1
>> Thu Nov 12 11:35:24 2009: DEBUG: EAP result: 3, EAP TTLS Challenge
>> Thu Nov 12 11:35:24 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS
>> Challenge
>> Thu Nov 12 11:35:24 2009: DEBUG: Access challenged for ccaacrb: EAP TTLS
>> Challenge
>> Thu Nov 12 11:35:24 2009: DEBUG: Packet dump:
>> *** Sending to 10.101.1.11 port 1645 ....
>> Code: Access-Challenge
>> Identifier: 213
>> Authentic:
>> <214><236><215><225><13><183>g<157><244><205><143>.<163>E<3><191>
>> Attributes:
>> EAP-Message = <1><4><0><6><21>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Nov 12 11:35:24 2009: DEBUG: Packet dump:
>> *** Received from 10.101.1.11 port 1645 ....
>> Code: Access-Request
>> Identifier: 214
>> Authentic: p<161>y<25><28><216><150><236>'A<31>+{<248><177>`
>> Attributes:
>> User-Name = "ccaacrb at ucl.ac.uk"
>> Framed-MTU = 1400
>> Called-Station-Id = "0000.0c07.ac00"
>> Calling-Station-Id = "0015.afa6.0d8d"
>> Service-Type = Login-User
>> Message-Authenticator =
>> I<158><17><2><179><12><134>!<141><167><4>=z9t<26>
>> EAP-Message = <2><4><0><6><3><25>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 7565083
>> NAS-IP-Address = 10.101.1.11
>>
>> Thu Nov 12 11:35:24 2009: DEBUG: Handling request with Handler
>> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
>> Thu Nov 12 11:35:24 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:24 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:24 2009: DEBUG: Deleting session for
>> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
>> Thu Nov 12 11:35:24 2009: DEBUG: Handling with Radius::AuthFILE:
>> Thu Nov 12 11:35:24 2009: DEBUG: Handling with EAP: code 2, 4, 6, 3
>> Thu Nov 12 11:35:24 2009: DEBUG: Response type 3
>> Thu Nov 12 11:35:24 2009: INFO: EAP Nak desires type 25
>> Thu Nov 12 11:35:24 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Nov 12 11:35:24 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:24 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:24 2009: DEBUG: Packet dump:
>> *** Sending to 10.101.1.11 port 1645 ....
>> Code: Access-Challenge
>> Identifier: 214
>> Authentic: 9<163><174>+<161><222>?A<24>/4<203><23><127><213><222>
>> Attributes:
>> EAP-Message = <1><5><0><6><25>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Received from 10.101.1.11 port 1645 ....
>> Code: Access-Request
>> Identifier: 216
>> Authentic: <216>n<197><175>_<224>C<137>8/<220>'<246><206><188><22>
>> Attributes:
>> User-Name = "ccaacrb at ucl.ac.uk"
>> Framed-MTU = 1400
>> Called-Station-Id = "0000.0c07.ac00"
>> Calling-Station-Id = "0015.afa6.0d8d"
>> Service-Type = Login-User
>> Message-Authenticator =
>> <198><170><165><251>I<136><174>A<132>tA&:<11><148><6>
>> EAP-Message =
>> <2><5><0>p<25><128><0><0><0>f<22><3><1><0>a<1><0><0>]<3><1>J<251><243><16><178><231><233><185><155>}<181><10><232>?ZN<18>6<1><238>.N<211><245>
>>
>>> <189>l<190><173>7<244><186>
>>>
>> tR<163>s<22>t<198><237><148><226>1<1><149><128>m<156><4>?vy<181>~i<135><16>q!
>> <227><4>h<185><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0>
>> <3><0><6><0><19><0><18><0>c<1><0>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 7565083
>> NAS-IP-Address = 10.101.1.11
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler
>> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Deleting session for
>> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 5, 112, 25
>> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Sending to 10.101.1.11 port 1645 ....
>> Code: Access-Challenge
>> Identifier: 216
>> Authentic: <221><215><19>z<221><182>`<14><192><235><147>K<182>_Z^
>> Attributes:
>> EAP-Message =
>> <1><6><5><130><25><192><0><0><11>6<22><3><1><0>J<2><0><0>F<3><1>J<251><242><253><1>7<184><21><200><11><233><212>/o<128><219><130><202>~<127><1
>> 29>~<145>jeQ<29><148>/<151><172><14>
>> <156>E<202><131>:<250>r<177>P<10><222>B<148><228><253>f/G<247><143><157><196><220><199><238><2><234>Loe<212>d<0><4><0><22><3><1
>>
>>> <10><217><11><0><10><213><0><10><210><0><4>%0<130><4>!0<130><3><9><160><3><2><1><2><2><11><1><0><0><0><0><1><27>2<5><158><181>0<13><6><9>*<134>H<134><247><13><1><1
>>> <5><5><0>0_1<11>0<9><6><3>U<4><6><19><2>BE1<19>0<17><6><3>U<4><10><19><10>Cybertrust1<23>0<21><6><3>U<4><11><19><14>Educational
>>>
>> CA1"0 <6><3>U<4><3><19><25>Cybertru
>> st Educational CA0<30><23><13>0807171
>> EAP-Message =
>> 71601Z<23><13>110717171601Z0N1<11>0<9><6><3>U<4><6><19><2>GB1"0
>> <6><3>U<4><10><19><25>University College
>> London1<27>0<25><6><3>U<4><3><19><18>
>> orps.jrs.ucl.ac.uk0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><194><171>:B<129>[<175><194>.Y<148><187><233>
>> :<169>-<171>2^<11><158><231><1>IGD<211>hA<179><22>YP>v<175><187><10><168>3,<204>h<234>8<170>4O<214><247>=<234><139>8<165><157><249><199>l<220><253>)<155><167>E<133>
>> <24><233><220><172><21><250><156>z<199>S<231><231><3><2><222><129><171>H<218>QT<253>E%<223>4<248><250><144><23><7><217>lN<233><22><0>W<237><223>`<210>]<153><7><161>
>> <180>9<215>lG<231><183><1>O<211>m
>> EAP-Message =
>> t<217>H<141><133><2><3><1><0><1><163><130><1>q0<130><1>m0P<6><3>U<29>
>> <4>I0G0E<6><7>*<134>H<177>><1><0>0:08<6><8>+<6><1><5><5><7><2><1><22>,ht
>> tp://www.globalsign.net/repository/cps.cfm0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><160>0<31><6><3>U<29>#<4><24>0<22><128><20>ee<163>=<215>;<17><163><10><7>%7<
>> 201>BJ[vwP<225>0<29><6><3>U<29><14><4><22><4><20>hT<230><199><27>#<6><250>(vS<8><180>s"F<192><226><17><157>0:<6><3>U<29><31><4>3010/<160>-<160>+<134>)http://crl.glo
>> balsign.net/educational.crl0O<6><8>+<6><1><5><5><7><1><1><4>
>> EAP-Message =
>> C0A0?<6><8>+<6><1><5><5><7>0<2><134>3http://secure.globalsign.net/cacert/educational.crt0<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3>
>> <1><6><8>+<6><1><5><5><7><3><2>0<29><6><3>U<29><17><4><22>0<20><130><18>orps.jrs.ucl.ac.uk0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>(z)N<157><
>> 187><211><160>.<4>m<0><22><14><27><244>G<195><237><11>0<191><206><180><170><147><250><162><171><214>&<128><240><210>=<214><166>!<12><225><242><253><172><158><234><2
>> 46><142><161><25><165><201><232><238>UV<162>h~F<185><205>q\Z<148>#<137><136><179><198><174><193><5>|5q<189>Q5<171><28>n<139>k<199>iG<199><130><199><27>M<182>v<174><
>> 163><148><226><240><223>r<148>A
>> EAP-Message =
>> <143>&<145><10>j<200><7><246><<174>3#<156><225><8>~(}o
>> <250><148><4><242><163><242><196>X<221><9>co<213><25><23><222><216><24><240>[<147>[<181
>>
>>> q<248>}<179><181>w<205><<128>9>7<128><8><235><160>x*<206><182>%<220><240><12><19>_<179><167><234>!<202>+<199>F<31><252>a<226>+<156><178>X<167><225>n;<209><230><252
>>> T<25>^/(<246><226>$<160>.<172>To<175>9<168><3><160>5pPa<13><169><144>Z<136><164>C<240>5Nc<17><205>jc<9><248>$5<187><4>H|<239>q<179><241>mfNi!\<210>i)b<178><203><0>
>>>
>> <4>F0<130><4>B0<130><3><171><160><3><2><1><2><2><4><4><0><3><251>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0u1<11>0<9><6><3>U<4><6><19><2>US1<24>0<22><6><3>U<4
>>
>>> <10><19><15>GTE Corporation1'0%<6><3>U<4><11><19><30>GTE CyberTr
>>>
>> EAP-Message = ust Solutions, Inc.1#0!<6><3>U<4><3><19><26>GTE
>> CyberTrust Global
>> Root0<30><23><13>060314203000Z<23><13>130314235900Z0_1<11>0<9><6><3>U<4><6><
>> 19><2>BE1<19>0<17><6><3>U<4><10><19><10>Cybertrust1<23>0<21><6><3>U<4><11><19><14>Educationa
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Received from 10.101.1.11 port 1645 ....
>> Code: Access-Request
>> Identifier: 220
>> Authentic: }<140><239><252><30><155><140><27>IZ<216>_k56<232>
>> Attributes:
>> User-Name = "ccaacrb at ucl.ac.uk"
>> Framed-MTU = 1400
>> Called-Station-Id = "0000.0c07.ac00"
>> Calling-Station-Id = "0015.afa6.0d8d"
>> Service-Type = Login-User
>> Message-Authenticator = ]KkUf<176>L<194><175><234>)+-<139><0>D
>> EAP-Message = <2><6><0><6><25><0>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 7565083
>> NAS-IP-Address = 10.101.1.11
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler
>> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Deleting session for
>> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 6, 6, 25
>> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Sending to 10.101.1.11 port 1645 ....
>> Code: Access-Challenge
>> Identifier: 220
>> Authentic: QT<203>#<165><252>Y<230>a<164><154>7<193><28>p<165>
>> Attributes:
>> EAP-Message = <1><7><5>~<25>@l CA1"0
>> <6><3>U<4><3><19><25>Cybertrust Educational
>> CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><
>> 0>0<130><1><10><2><130><1><1><0><149>"<161><16><29>JF`n<5><145><155><223><131><194><237><18><178>Z|<248><171><225><248>P\(,~~<0>8<147><176><139>J<241><194>L<<16>,<<
>> 239><176><236><161>i/<185><252><204><8><20>k<141>O<24><243><131><210><250><169>7<8>
>> <170>\<170><128>`<162><213><165>"<0><207>Z<229><180><151><223><186><30><190>\<14
>> 2><23><25>f<253><175><159>|{<137><178><14>$<216><199><171>c<196><149>2<141>H<230>cY}<4><184>3<168><189><215>]d<188>c<181><247>M(<253><249><6>r1\<186>E<148>e<163><21
>> 0><180>X<236>;aXD<163>/b<179><155><128><180><130><253><213><199><204>Q%<229><149>?G/0{<172><200>xn<226><225>m'
>> EAP-Message =
>> <235>=<204><1><130><232>5w<141><171>X<187>U<209><213><164><129>V<141><28><208><20><177><176><6><222><160><145>"<243><240><168>4<23>G<198><224>
>>
>>> <246><12>Z<172>~PK<205><225>in<6><252><6>~jM<180><149><153><160>Y\5f<236><217>I<212><23><224>`<176>]<165><215><26><226>*nf<242><175><29><2><3><1><0><1><163><130><1
>>> o0<130><1>k0E<6><3>U<29><31><4>>0<0:<160>8<160>6<134>4http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0<29><6><3>U<29><14><4><22><4><20>ee<163>=<215>;<17><163>
>>>
>> <10><7>%7<201>BJ[vwP<225>0S<6><3>U<29>
>> <4>L0J0H<6><9>+<6><1><4><1><177>><1><0>0;09<6><8>+<6><1><5><5><7><2><1><22>-http://www.publi
>> EAP-Message =
>> c-trust.com/CPS/OmniRoot.html0<129><137><6><3>U<29>#<4><129><129>0<127><161>y<164>w0u1<11>0<9><6><3>U<4><6><19><2>US1<24>0<22><6><3>U<4><10><1
>> 9><15>GTE Corporation1'0%<6><3>U<4><11><19><30>GTE CyberTrust Solutions,
>> Inc.1#0!<6><3>U<4><3><19><26>GTE CyberTrust Global
>> Root<130><2><1><165>0<14><6><3>U<29><15>
>> <1><1><255><4><4><3><2><1><6>0<18><6><3>U<29><19><1><1><255><4><8>0<6><1><1><255><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>C<179>E<131
>>
>>> Tq<196><31><220><178><kN<191>&<242>N<242><173><154>[<250><134>7<136><232><20>lA
>>>
>> EAP-Message =
>> <24>B_<239>e><235><3>w<160><183><158>uzQ|<187><21>[<184><175><145><160>4<146>S<237><127>*I<132><172><185><128>K<181><199><178>#"<251><235><216
>>
>>> <251>n<201><<243><210><209><187><190><201><28><255>m<1><219>i<128><14><153><165><234><158>{<151><152><143><183><207>"<156><179><184>]<229><169>3<23>t<198><151>7<15
>>> <180><233>&<130>_a<11>?<30>=d<233>+<155><0><2>^0<130><2>Z0<130><1><195><2><2><1><165>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0u1<11>0<9><6><3>U<4><6><19><2>
>>>
>> US1<24>0<22><6><3>U<4><10><19><15>GTE
>> Corporation1'0%<6><3>U<4><11><19><30>GTE CyberTrust Solutions,
>> Inc.1#0!<6><3>U<4><3><19><26>GTE CyberTrust Global Root0<30><23
>>
>>> <13>9
>>>
>> EAP-Message =
>> 80813002900Z<23><13>180813235900Z0u1<11>0<9><6><3>U<4><6><19><2>US1<24>0<22><6><3>U<4><10><19><15>GTE
>> Corporation1'0%<6><3>U<4><11><19><30>GTE
>> CyberTrust Solutions, Inc.1#0!<6><3>U<4><3><19><26>GTE CyberTrust
>> Global
>> Root0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><
>> 2><129><129><0><149><15><160><182><240>P<156><232>z<199><136><205><221><23><14>.<176><148><208><27>=<14><246><148><192><138><148><199><6><200><144><151><200><184>d<
>> 26>z~l<S<225>7(s`<127><178><151>S<7><159>S<249>mX<148><210><175><141>m<136>g<128><230><237><178><149><207>r1<202><165><28>r<186>\<2>
>> EAP-Message =
>> <231>dB<231><249><169>,<214>:<13><172><141>B<170>$<1>9<230><156>?<1><133>W<13>X<135>E<248><211><133><170><147>i&<133>pH<128>?<18><21><199>y<18
>> 0><31><5>/;b<153><2><3><1><0><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>m<235><27><9><233>^<217>Q<219>g"a<164>*<Hw<227><160>|<166><222>s<162>
>> <20><3><133>=<251><171><14>0<197><131><22>3<129><19><8><158>{4N<223>@<200>t<215><185>}<220><244>vU}<155>cT<24><233><240><234><243>\<177><217><139>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Received from 10.101.1.11 port 1645 ....
>> Code: Access-Request
>> Identifier: 221
>> Authentic:
>> <171><253><25><130><137><247><159>9<241><13><200><28><163>Rz<134>
>> Attributes:
>> User-Name = "ccaacrb at ucl.ac.uk"
>> Framed-MTU = 1400
>> Called-Station-Id = "0000.0c07.ac00"
>> Calling-Station-Id = "0015.afa6.0d8d"
>> Service-Type = Login-User
>> Message-Authenticator =
>> <130><2><219>0<10>Cu<130><160><24><160>c<155><194><146><185>
>> EAP-Message = <2><7><0><6><25><0>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 7565083
>> NAS-IP-Address = 10.101.1.11
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler
>> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Deleting session for
>> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 7, 6, 25
>> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Sending to 10.101.1.11 port 1645 ....
>> Code: Access-Challenge
>> Identifier: 221
>> Authentic: <235><24><151><11>7<8><231>f<1><175><151>"<170><220><181><227>
>> Attributes:
>> EAP-Message =
>> <1><8><0>L<25><0>B<30><185><192><149>N<186><250><213><226>|<245>ha<191><142><236><5><151>_[<176><215><163><133>4<196>$<167><13><15><149><147><
>> 239><203><148><216><158><31><157>\<133>m<199><170><174>O<31>"<181><205><149><173><186><167><204><249><171><11>z<127><22><3><1><0><4><14><0><0><0>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Received from 10.101.1.11 port 1645 ....
>> Code: Access-Request
>> Identifier: 223
>> Authentic: }<150><<212><169><232><129><183>4J<163><133><214><165><140><225>
>> Attributes:
>> User-Name = "ccaacrb at ucl.ac.uk"
>> Framed-MTU = 1400
>> Called-Station-Id = "0000.0c07.ac00"
>> Calling-Station-Id = "0015.afa6.0d8d"
>> Service-Type = Login-User
>> Message-Authenticator = <193><137><192>Z<191><193>qx<249>c+q<|,$
>> EAP-Message =
>> <2><8><0><192><25><128><0><0><0><182><22><3><1><0><134><16><0><0><130><0><128>/<139><242><169><132>q<16>q<127><224><146>J<183>$<12>Kp<249>9&<4
>>
>>> <237>P<155><142><254><209>Q<<3>><12><222>}<146><212><222>?<175><244>s<19>F<24>mk<205><198><19>$<<231><228><138>g<131><252><163><211><230><192><2><221><184>b<8><242
>>> <5><13>s<180><219><241><16>{<142><146><23>%8<189><242><uX<247><209><211><210><220><246><216>}g<206><162>_<159><248>3<7>9<235><220><220>B*<24>@<153><237><221>d<2>BD
>>>
>> J<226>x<17><165>*<164><193>A<198>{<148><20><3><1><0><1><1><22><3><1><0>
>> <218>M<148><12>Saz>](;<29>HI<31><198><170>2<128><223><190><11><21><157>Y<230><236><29><218>(
>> <216><26>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 7565083
>> NAS-IP-Address = 10.101.1.11
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler
>> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Deleting session for
>> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 8, 192, 25
>> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Sending to 10.101.1.11 port 1645 ....
>> Code: Access-Challenge
>> Identifier: 223
>> Authentic: <10><144><14>)<161>t<163><221>|<221><26><231>?<28><135><236>
>> Attributes:
>> EAP-Message =
>> <1><9><0>5<25><128><0><0><0>+<20><3><1><0><1><1><22><3><1><0>
>> U9<168><252>=adB<161><254><10><191><7><227><239><228>y<195>@<221><146><134>vK<23
>> 8>kR<181>F<219>s7
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Received from 10.101.1.11 port 1645 ....
>> Code: Access-Request
>> Identifier: 226
>> Authentic: <180>P<143>.<234>z?<160>~G<151><192><202><144><214><23>
>> Attributes:
>> User-Name = "ccaacrb at ucl.ac.uk"
>> Framed-MTU = 1400
>> Called-Station-Id = "0000.0c07.ac00"
>> Calling-Station-Id = "0015.afa6.0d8d"
>> Service-Type = Login-User
>> Message-Authenticator =
>> qE[<211><23><142><155><158><0><185><210>{<5><13><131>c
>> EAP-Message = <2><9><0><6><25><0>
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 7565083
>> NAS-IP-Address = 10.101.1.11
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler
>> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Deleting session for
>> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 9, 6, 25
>> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP
>> Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Sending to 10.101.1.11 port 1645 ....
>> Code: Access-Challenge
>> Identifier: 226
>> Authentic: <174>_'<171><202><176>TB<138><224><184><223><169>H<252>?
>> Attributes:
>> EAP-Message =
>> <1><10><0><28><25><0><23><3><1><0><17>m8<128><222><169><187><159><29><133>S<167><174><137><214><171><14>R
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Received from 10.101.1.11 port 1645 ....
>> Code: Access-Request
>> Identifier: 227
>> Authentic: C<233>k<127>B<181>5M<16><10>f8<208><154>J<194>
>> Attributes:
>> User-Name = "ccaacrb at ucl.ac.uk"
>> Framed-MTU = 1400
>> Called-Station-Id = "0000.0c07.ac00"
>> Calling-Station-Id = "0015.afa6.0d8d"
>> Service-Type = Login-User
>> Message-Authenticator =
>> <208><220>+Vn7<146>4<188><233><226>~<193><169><130><235>
>> EAP-Message =
>> <2><10><0>-<25><0><23><3><1><0>"<204>H<247><191><157><134><204><9>f<237>cc<134>1/<220><183>-<152><166><27><23>I<152><140><235>F@<9>><234><246>
>> !0
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 7565083
>> NAS-IP-Address = 10.101.1.11
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler
>> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Deleting session for
>> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 10, 45, 25
>> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP PEAP inner authentication request
>> for anonymous
>> Thu Nov 12 11:35:25 2009: DEBUG: PEAP Tunnelled request Packet dump:
>> Code: Access-Request
>> Identifier: UNDEF
>> Authentic: <181><136><11>3a<209><155><144>zC<221>5WQ<152>d
>> Attributes:
>> EAP-Message = <2><10><0><18><1>ccaacrb at ucl.ac.uk
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> NAS-IP-Address = 10.101.1.11
>> NAS-Port = 7565083
>> Calling-Station-Id = "0015.afa6.0d8d"
>> User-Name = "anonymous"
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler
>> 'TunnelledByPEAP=1'
>> Thu Nov 12 11:35:25 2009: DEBUG: Deleting session for anonymous,
>> 10.101.1.11, 7565083
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthNTLM:
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 10, 18, 1
>> Thu Nov 12 11:35:25 2009: DEBUG: Response type 1
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy NTLM result: CHALLENGE, EAP
>> MSCHAP-V2 Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for anonymous: EAP
>> MSCHAP-V2 Challenge
>> Thu Nov 12 11:35:25 2009: DEBUG: Returned PEAP tunnelled packet dump:
>> Code: Access-Challenge
>> Identifier: UNDEF
>> Authentic: <181><136><11>3a<209><155><144>zC<221>5WQ<152>d
>> Attributes:
>> EAP-Message =
>> <1><11><0>(<26><1><11><0>#<16><18><157><231>Q<227>T<216><145>!<172><163><144><165><174>Fsnwgdev-desktop
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP inner
>> authentication redispatched to a Handler
>> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
>> inner authentication redispatched to a Handler
>> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP
>> inner authentication redispatched to a Handler
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Sending to 10.101.1.11 port 1645 ....
>> Code: Access-Challenge
>> Identifier: 227
>> Authentic: <187><128>ot<179>9M<200><13>6|<14>X<202><161>c
>> Attributes:
>> EAP-Message =
>> <1><11><0>?<25><0><23><3><1><0>4<162><235><231><243><5><7>qF.<168><i<7>F<170>g<29><255><217><174><9><199>6<214><188><233><23><212><128><157>z<
>> 151><22>0B$<26><150>f<13>N<172><237><207><230>y#<224><145><184><248>C
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Received from 10.101.1.11 port 1645 ....
>> Code: Access-Request
>> Identifier: 230
>> Authentic: <16>r<5>nZ`Up=<144><10><225><28><13>J<9>
>> Attributes:
>> User-Name = "ccaacrb at ucl.ac.uk"
>> Framed-MTU = 1400
>> Called-Station-Id = "0000.0c07.ac00"
>> Calling-Station-Id = "0015.afa6.0d8d"
>> Service-Type = Login-User
>> Message-Authenticator =
>> <13><136><159><235>7~<196>X<180><206><245>)|0`~
>> EAP-Message =
>> <2><11><0>c<25><0><23><3><1><0>X<225><151><233><205><244><16><248><214>[<164><137>t<233><144>b<207><249><149>u<234><167><243><176><143><205>&<
>> 249><218><212><156>><208>u0C.<206><241><25><174><175><177>R_!<198><175>9<147>:P<21>#<213><227><8><188><211><240><244><128>[<9><185>
>> <169><29>s<207><136>04C<196>O`<2
>> 8><171><157><165><254>s<198>U<22><25><134>i
>> NAS-Port-Type = Wireless-IEEE-802-11
>> NAS-Port = 7565083
>> NAS-IP-Address = 10.101.1.11
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler
>> 'Realm=ucl.ac.uk, EAP-Message = /.+/'
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Rewrote user name to ccaacrb
>> Thu Nov 12 11:35:25 2009: DEBUG: Deleting session for
>> ccaacrb at ucl.ac.uk, 10.101.1.11, 7565083
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthFILE:
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 11, 99, 25
>> Thu Nov 12 11:35:25 2009: DEBUG: Response type 25
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP PEAP inner authentication request
>> for anonymous
>> Thu Nov 12 11:35:25 2009: DEBUG: PEAP Tunnelled request Packet dump:
>> Code: Access-Request
>> Identifier: UNDEF
>> Authentic: <237><12><173><229><218><226><19>v<28><232>{<194><154>;<156>P
>> Attributes:
>> EAP-Message =
>> <2><11><0>H<26><2><11><0>G1<215><253><194><234>:!<151><154><143><213>{<147><255>"<177><131><0><0><0><0><0><0><0><0><0><18>&<11><21><250><173><
>> 195>g<139><209>9b@<251>h<232><240><5>cW<235>cR<0>ccaacrb at ucl.ac.uk
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> NAS-IP-Address = 10.101.1.11
>> NAS-Port = 7565083
>> Calling-Station-Id = "0015.afa6.0d8d"
>> User-Name = "anonymous"
>>
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling request with Handler
>> 'TunnelledByPEAP=1'
>> Thu Nov 12 11:35:25 2009: DEBUG: Deleting session for anonymous,
>> 10.101.1.11, 7565083
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with Radius::AuthNTLM:
>> Thu Nov 12 11:35:25 2009: DEBUG: Handling with EAP: code 2, 11, 72, 26
>> Thu Nov 12 11:35:25 2009: DEBUG: Response type 26
>> Thu Nov 12 11:35:25 2009: DEBUG: Radius::AuthNTLM looks for match with
>> ccaacrb [anonymous]
>> Thu Nov 12 11:35:25 2009: DEBUG: Radius::AuthNTLM ACCEPT: : ccaacrb
>> [anonymous]
>> Thu Nov 12 11:35:25 2009: INFO: Starting NtlmAuthProg:
>> /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
>> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute
>> Request-User-Session-Key: Yes
>> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute
>> Request-LanMan-Session-Key: Yes
>> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute LANMAN-Challenge:
>> 8a03d805dce6b2df
>> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute NT-Response:
>> 0012260b15faadc3678bd1396240fb68e8f0056357eb6352
>> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute NT-Domain:: VUNMVVNFUlM=
>> Thu Nov 12 11:35:25 2009: DEBUG: Passing attribute Username:: Y2NhYWNyYg==
>> Thu Nov 12 11:35:25 2009: DEBUG: Received attribute: Authenticated: Yes
>> Thu Nov 12 11:35:25 2009: DEBUG: Received attribute: LANMAN-Session-Key:
>> E928F849BA704AB3
>> Thu Nov 12 11:35:25 2009: DEBUG: Received attribute: User-Session-Key:
>> A223F0B2DD3F19A3F4C41D9C7EAB80B5
>> Thu Nov 12 11:35:25 2009: DEBUG: Received attribute: .
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP MSCHAP V2 Challenge:
>> Success
>> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy NTLM result: CHALLENGE, EAP
>> MSCHAP V2 Challenge: Success
>> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for anonymous: EAP
>> MSCHAP V2 Challenge: Success
>> Thu Nov 12 11:35:25 2009: DEBUG: Returned PEAP tunnelled packet dump:
>> Code: Access-Challenge
>> Identifier: UNDEF
>> Authentic: <237><12><173><229><218><226><19>v<28><232>{<194><154>;<156>P
>> Attributes:
>> EAP-Message =
>> <1><12><0>=<26><3><11><0>8S=50CD2DE6C1810F6C092C4BADD9C0E567567D077C
>> M=success
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Thu Nov 12 11:35:25 2009: DEBUG: EAP result: 3, EAP PEAP inner
>> authentication redispatched to a Handler
>> Thu Nov 12 11:35:25 2009: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
>> inner authentication redispatched to a Handler
>> Thu Nov 12 11:35:25 2009: DEBUG: Access challenged for ccaacrb: EAP PEAP
>> inner authentication redispatched to a Handler
>> Thu Nov 12 11:35:25 2009: DEBUG: Packet dump:
>> *** Sending to 10.101.1.11 port 1645 ....
>> Code: Access-Challenge
>> Identifier: 230
>> Authentic: B<220><27><243><174>Lb<139>hT<150>c<175><172><230><0>
>> Attributes:
>> EAP-Message =
>> <1><12><0>T<25><0><23><3><1><0>I<141><186>3<217><21><173><255><173>c<216><169><242><221><223><23><128><127><140>x<6><233><196><148>5<228><135>
>> <185>N<231>r<6><218><15>X4a<4>u<186>A<219>rB[<13>I<152>lp<25>.<223><255><168>.<177><211><141>4<159>!F<241><21>X<240><137><210>O<153>(&<230>
>> Message-Authenticator =
>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>
>> This is where it stops.
>>
>>
>> Thanks for any help
>>
>> Colin
>>
>> --
>> -----------------------------------------------------------------------
>>
>>
>> Colin Byelong Email: C.Byelong at ucl.ac.uk
>> Senior Network Development Officer
>> Network Group
>> Information Systems Division
>> University College London
>> Gower Street Phone: 020 7679-2572
>> London WC1E 6BT
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
>
--
-----------------------------------------------------------------------
Colin Byelong Email: C.Byelong at ucl.ac.uk
Senior Network Development Officer
Network Group
Information Systems Division
University College London
Gower Street Phone: 020 7679-2572
London WC1E 6BT
------------------------------------------------------------------------
More information about the radiator
mailing list