[RADIATOR] Access rejected for anonymous: EAP MSCHAP-V2 Authentication failure and AuthBy LDAP2 result: REJECT, PEAP Authentication Failure
Hugh Irvine
hugh at open.com.au
Tue Nov 2 17:04:28 CDT 2010
Hello Garth -
Here is the first problem:
Tue Nov 2 11:34:34 2010: INFO: Connecting to ldapserver:389
Tue Nov 2 11:34:34 2010: ERR: Could not open LDAP connection to ldapserver:389. Backing off for 90 seconds.
Tue Nov 2 11:34:34 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user gladl
Radiator is unable to connect to the AD server.
In general you are better off using the AuthBy NTLM clause for this on *NIX, or else running an instance of Radiator on a Windows host and using the AuthBy LSA clause.
regards
Hugh
On 2 Nov 2010, at 12:36, Garth Ladlow wrote:
> Hoping someone can help, Am trying to allow access from a wireless network, with authentication off Active Directory.
>
> Am using the test certificates from Radiator in a test environment.
>
> Am unsure where I am going wrong , have trolled through the mailing list with no luck.
>
>
> Have included the radius config below and the output from the radius logs below that.
>
> ###################### Radius config
>
> ###############################################################
> #
> # configure AuthBy LDAP with no Searchfilter
> # for use by TACACS
>
>
> <AuthBy LDAP2>
>
> Identifier NCO-ldap
>
> EAPType PEAP,TTLS,MSCHAP-V2
>
> EAPTLS_CAFile /home/thart/Radiator-4.7/certificates/demoCA/cacert.pem
> EAPTLS_CertificateFile /home/thart/Radiator-4.7/certificates/cert-srv.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile /home/thart/Radiator-4.7/certificates/cert-srv.pem
> EAPTLS_PrivateKeyPassword whatever
> SSLeayTrace 4
> EAPTLS_PEAPVersion 0
> AutoMPPEKeys
> EAPTLS_MaxFragmentSize 1000
>
> Host ldapserver
> AuthDN ldapdn
> AuthPassword ldappassword
> BaseDN ldapdn
> ServerChecksPassword
> UsernameAttr sAMAccountName
> Version 3
> FailureBackoffTime 90
> NoDefault
> Timeout 9
>
> </AuthBy>
>
>
>
> ##########################################################
> #
> # Handlers
> #
> ##########################################################
>
> #<Handler Client-Identifier=ArubaClients, Request-Type=Access-Request, Aruba-Essid-Name="Mystar">
> <Handler>
>
> AuthBy NCO-ldap
>
> </Handler>
>
>
>
> ###################### Radius logs
>
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code: Access-Request
> Identifier: 87
> Authentic: D<167>M<144><24><13><15>5<4><174><18><144><4>t<226>[
> Attributes:
> User-Name = "gladl"
> NAS-IP-Address = 172.22.254.5
> NAS-Port = 1
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00242B9A89C9"
> Called-Station-Id = "000B86422000"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><13><0><10><1>gladl
> Aruba-Essid-Name = "Mystar"
> Aruba-Location-Id = "NCO_L2_TestAP"
> Message-Authenticator = <223><134><129>r<195>(<159><229><180><137><235><213>n<14><178><177>
>
> Tue Nov 2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:04 2010: DEBUG: Deleting session for gladl, 172.22.254.5, 1
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 13, 10, 1
> Tue Nov 2 11:34:04 2010: DEBUG: Response type 1
> Tue Nov 2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code: Access-Challenge
> Identifier: 87
> Authentic: <165><222><145><237><132><196><172><128><6><216><205><161><148><255><155><209>
> Attributes:
> EAP-Message = <1><14><0><6><25>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code: Access-Request
> Identifier: 88
> Authentic: <222>oc|O<24><212>A<228>q<183><20><131>P<220>
> Attributes:
> User-Name = "gladl"
> NAS-IP-Address = 172.22.254.5
> NAS-Port = 1
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00242B9A89C9"
> Called-Station-Id = "000B86422000"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><14><0>W<25><128><0><0><0>M<22><3><1><0>H<1><0><0>D<3><1>L<207>j<138><17><203>P<227>/<198><254>^<176>2<199><188><28><129><161>(<141><206>Zt<8><198><158>*J<11>+]<0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0><0><5><255><1><0><1><0>
> Aruba-Essid-Name = "Mystar"
> Aruba-Location-Id = "NCO_L2_TestAP"
> Message-Authenticator = <202><142><187><194>~9<206><165>z <176>:R<143>g<20>
>
> Tue Nov 2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:04 2010: DEBUG: Deleting session for gladl, 172.22.254.5, 1
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 14, 87, 25
> Tue Nov 2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov 2 11:34:04 2010: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Tue Nov 2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code: Access-Challenge
> Identifier: 88
> Authentic: `<165>G^|Z<204><139><149><237><242><25>pK<220><25>
> Attributes:
> EAP-Message = <1><15><3><242><25><192><0><0><7><185><22><3><1><0>Q<2><0><0>M<3><1>L<207>j<140><198>u<143><135><233><127><192>p:<237>?)?@<3><181>!<174>!<205><151>U*<182><205><252><199><219> <135><226><182><246><192>.q<4><158><159><147><253><147><242>'<134><28><205>"n+<149>A%<216><175>2<254><212>)<0><239><0><4><0><0><5><255><1><0><1><0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certific
> EAP-Message = ate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>100128213155Z<23><13>120128213155Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1%0#<6>
> EAP-Message = <3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><203>?(<193><229><128><183><136>q<166><202><21><168><224><157>M<139><204>{<209><131><10><156><164><254>Z<214><231><254>g<245>+y~<210><147><171><8><131><143><139><186>{<221><224>)<161>`<140>z<193><247><244><210><152><149><4><204><225><139><204><159><29><1><12><162><219><142><176>)/<189><163>vV<208><250><213><212><144><137><211><207><10><215><19><206><14><228>umT<7><239><198>_Y<231><197><202><14><166><211><145><181><226><226>|<201>E<128>F<165><189><<250><20><18><227>6t<243><177>ZNv<133><153><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><30><137>N<139><212>><249><25><151><161>N<31><183>
> EAP-Message = <246><141>'<233>V<198><203><206><146>9*<19><219>0<28><209><244>e<17><199>`<236>g<189>q<<200><185>{<219><252><31>+<245><10><208>M<181>!<248><20><1>K)E<2><158><128>#<169><162><179><224>W08<19><<16>ts<226>~<11>4<8><251>!d<201><223><230>~E<133><166>r<0>:<19>4<206>D<136>8<232>n<26><195>v<13><192>&ws<175>n at 0D<175><29>E<162>:<239>d <17>?<153><184>C4?<0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><249><170>@<232><246>7<146>$0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code: Access-Request
> Identifier: 89
> Authentic: <28><250><195><178>X<232>y<148>z<222>Dd<26><135>jA
> Attributes:
> User-Name = "gladl"
> NAS-IP-Address = 172.22.254.5
> NAS-Port = 1
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00242B9A89C9"
> Called-Station-Id = "000B86422000"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><15><0><6><25><0>
> Aruba-Essid-Name = "Mystar"
> Aruba-Location-Id = "NCO_L2_TestAP"
> Message-Authenticator = L<23>a<250>D<28>u<190><19><215><161><144>+<224><129><135>
>
> Tue Nov 2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:04 2010: DEBUG: Deleting session for gladl, 172.22.254.5, 1
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 15, 6, 25
> Tue Nov 2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov 2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code: Access-Challenge
> Identifier: 89
> Authentic: /<149>@Jli<134><22><194><249>qHn<26><136>K
> Attributes:
> EAP-Message = <1><16><3><215><25><0><4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>100128213155Z<23><13>120128213155Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test C
> EAP-Message = ertificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><221><135><194>,<1>U3|N'<174><232><18>VB6<20><197>'x<167><242><198>I<253>[<184>:<254><240><168><221>Se><13><130><251><23> <4><29> q#<228><181>#<236>9<182>0Q<253><0><227>eL<190>6K<4>8<240>L<178><255>^IS_T)n<206><147>%<251><255>o<229><128><30><140><14><149><22><21>+Yf<128><155><190><241><153>:<226>;<219><240><182>#<151><209>|<141><223><128>w<213>@<14><206><228> <203><132><0>w<134><255>Q
> EAP-Message = hd<12><190>9<2><3><1><0><1><163><130><1>30<130><1>/0<29><6><3>U<29><14><4><22><4><20><151>NFk<218><183>Rv/<18>-<225>P<190>E<209><205><183> p0<129><255><6><3>U<29>#<4><129><247>0<129><244><128><20><151>NFk<218><183>Rv/<18>-<225>P<190>E<209><205><183> p<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in pr
> EAP-Message = oduction)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><9><0><249><170>@<232><246>7<146>$0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>y<18>9X<176><<236><203><168><151><202><144><201>Q$<166><217><249><17>|<163>8<129><232>dr<236><211><240>WP<162>B<157><250>9<224><152>JA<213><127>><247>:<227><191><18><232>u,<172><237><188>?<8><239>E<239>m<203><152><10>`<18>V$<184><7><205><137><138>p<139><152><240><20><3>{<150>7<156><193><4><153><190><8><216><173><9><185>9<158><211>^ex<144><208><128><251>+<15><146>KQ<249><234><171><3><14>2<206><9>K<220><201>f<159>f<~<149><21>c<227>V<203><22><3><1><0><4><14><0><0><0>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code: Access-Request
> Identifier: 90
> Authentic: {<241><183>- <235><11><133>I,<211><225>l<232><199><134>
> Attributes:
> User-Name = "gladl"
> NAS-IP-Address = 172.22.254.5
> NAS-Port = 1
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00242B9A89C9"
> Called-Station-Id = "000B86422000"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><16><0><192><25><128><0><0><0><182><22><3><1><0><134><16><0><0><130><0><128>I<133><201><189><140><229>k<200><187>'<221><10>><253><230>><254><221>54C<231><239><158>.<7><215>@<210><22><154><17><139><241><134>W7><132><187><205>vDK<18><7><12><<7><28>m<205><222><249><31><143><0>6B<211><202><16><140><193>*<7>;<127>|<22><201>B<140><243><13><139><198><154><134><135>h<233><14>><156><8><205>IE<251>5|<18><138>$<12>m<127>7<237>:K(<3>a{<201><237><136>&<148><141><148><211>q<206>"<27><195><18>z<213>><21>[$<149>i<20><3><1><0><1><1><22><3><1><0> :t<202><224><254><226>a<149><254>}h<147><241>ce-mf<152><171><192>FqG<151>n<12>K<131><203>/4
> Aruba-Essid-Name = "Mystar"
> Aruba-Location-Id = "NCO_L2_TestAP"
> Message-Authenticator = <183><148>?YlP<241><175><18>A<220><158>K<195>+<184>
>
> Tue Nov 2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:04 2010: DEBUG: Deleting session for gladl, 172.22.254.5, 1
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 16, 192, 25
> Tue Nov 2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov 2 11:34:04 2010: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Tue Nov 2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code: Access-Challenge
> Identifier: 90
> Authentic: <250>7{A<192><242><184><225>5v<211>D<137>, <170>
> Attributes:
> EAP-Message = <1><17><0>5<25><128><0><0><0>+<20><3><1><0><1><1><22><3><1><0> #<192><252>*<227>@&+<24>mV<211><253>Un<130><133><173>7<172>opq<183><218><238><133><149><150><14><183>v
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code: Access-Request
> Identifier: 86
> Authentic: ?<148><16><138>/<223><25><169>~<145>Nb<20>4<214><203>
> Attributes:
> User-Name = "gladl"
> NAS-IP-Address = 172.22.254.5
> NAS-Port = 1
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00242B9A89C9"
> Called-Station-Id = "000B86422000"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><17><0><6><25><0>
> Aruba-Essid-Name = "Mystar"
> Aruba-Location-Id = "NCO_L2_TestAP"
> Message-Authenticator = <22>`<216><253><<228><157><146><24>W<16>\1<142><194>A
>
> Tue Nov 2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:04 2010: DEBUG: Deleting session for gladl, 172.22.254.5, 1
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 17, 6, 25
> Tue Nov 2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov 2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code: Access-Challenge
> Identifier: 86
> Authentic: <232>{<217><198>zOI<236>.z<143>-<183>/;6
> Attributes:
> EAP-Message = <1><18><0><28><25><0><23><3><1><0><17><228>$M[<246>aFB<189>AC<158><169><14><190>_<130>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code: Access-Request
> Identifier: 92
> Authentic: <213><171><228>[<231><31>dC0<196>ENb<174><233>
> Attributes:
> User-Name = "gladl"
> NAS-IP-Address = 172.22.254.5
> NAS-Port = 1
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00242B9A89C9"
> Called-Station-Id = "000B86422000"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><18><0>!<25><0><23><3><1><0><22><236><177><186><221>}<254><12><24>?<159>Z<177><232><0><28><255><134>M<228>^ <154>
> Aruba-Essid-Name = "Mystar"
> Aruba-Location-Id = "NCO_L2_TestAP"
> Message-Authenticator = <181><4><6><199><136><211>><142><151><197><136>ib<174><133>/
>
> Tue Nov 2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:04 2010: DEBUG: Deleting session for gladl, 172.22.254.5, 1
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 18, 33, 25
> Tue Nov 2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov 2 11:34:04 2010: DEBUG: EAP PEAP inner authentication request for anonymous
> Tue Nov 2 11:34:04 2010: DEBUG: PEAP Tunnelled request Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: <135><243><29>_5<228>w<158>0<16>H<31>3<164><3><128>
> Attributes:
> EAP-Message = <2><18><0><6><1>gladl
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> NAS-IP-Address = 172.22.254.5
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port = 1
> Calling-Station-Id = "00242B9A89C9"
> User-Name = "anonymous"
>
> Tue Nov 2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:04 2010: DEBUG: Deleting session for anonymous, 172.22.254.5, 1
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 18, 6, 1
> Tue Nov 2 11:34:04 2010: DEBUG: Response type 1
> Tue Nov 2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Access challenged for anonymous: EAP PEAP Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Returned PEAP tunnelled packet dump:
> Code: Access-Challenge
> Identifier: UNDEF
> Authentic: <135><243><29>_5<228>w<158>0<16>H<31>3<164><3><128>
> Attributes:
> EAP-Message = <1><19><0><6><25>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Nov 2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov 2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov 2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP inner authentication redispatched to a Handler
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code: Access-Challenge
> Identifier: 92
> Authentic: <3><217><14>S_<26>>k<255>I7<4><141><219><130>4
> Attributes:
> EAP-Message = <1><19><0><29><25><0><23><3><1><0><18>>#<183><197>}<<251><168>A<171><193>z<227><129>&.<16>;
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code: Access-Request
> Identifier: 93
> Authentic: <26><215>C<170>3<136>;<130>DF<3><220>y<239><179><226>
> Attributes:
> User-Name = "gladl"
> NAS-IP-Address = 172.22.254.5
> NAS-Port = 1
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00242B9A89C9"
> Called-Station-Id = "000B86422000"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><19><0><29><25><0><23><3><1><0><18>x/d<29>Q<168><195><4><220><213><31><217>`qup<236><231>
> Aruba-Essid-Name = "Mystar"
> Aruba-Location-Id = "NCO_L2_TestAP"
> Message-Authenticator = <26>KJ<157><222><187><163>fJ<129><183>@*<241><10><2>
>
> Tue Nov 2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:04 2010: DEBUG: Deleting session for gladl, 172.22.254.5, 1
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 19, 29, 25
> Tue Nov 2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov 2 11:34:04 2010: DEBUG: EAP PEAP inner authentication request for anonymous
> Tue Nov 2 11:34:04 2010: DEBUG: PEAP Tunnelled request Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: <128>CM<147>4<146>ka<27><183><178>[Y<24>j0
> Attributes:
> EAP-Message = <2><19><0><2><3><26>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> NAS-IP-Address = 172.22.254.5
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port = 1
> Calling-Station-Id = "00242B9A89C9"
> User-Name = "anonymous"
>
> Tue Nov 2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:04 2010: DEBUG: Deleting session for anonymous, 172.22.254.5, 1
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 19, 2, 3
> Tue Nov 2 11:34:04 2010: DEBUG: Response type 3
> Tue Nov 2 11:34:04 2010: DEBUG: EAP Nak desires type 26
> Tue Nov 2 11:34:04 2010: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP MSCHAP-V2 Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Access challenged for anonymous: EAP MSCHAP-V2 Challenge
> Tue Nov 2 11:34:04 2010: DEBUG: Returned PEAP tunnelled packet dump:
> Code: Access-Challenge
> Identifier: UNDEF
> Authentic: <128>CM<147>4<146>ka<27><183><178>[Y<24>j0
> Attributes:
> EAP-Message = <1><20><0>!<26><1><20><0><28><16><250>2<222><243><205><150><2>ZE<162><3>_[C<231>crockyvi
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Nov 2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov 2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov 2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP inner authentication redispatched to a Handler
> Tue Nov 2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code: Access-Challenge
> Identifier: 93
> Authentic: <242><176><159>k<10><157><16><233>^<160><4> ><1><3><237>
> Attributes:
> EAP-Message = <1><20><0>8<25><0><23><3><1><0>-Z<219><241><254>ES<203><226><248><176>0<220>v<12><254><135>D,<178><21><253><165><194><1><230><134><209><177><219><154><143><186>!/<151><241>?<<242>[/[<243>Q:
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
>
>
>
>
>
>
> Tue Nov 2 11:34:34 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:34 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:34 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code: Access-Request
> Identifier: 94
> Authentic: P<144><202>N<16>)<219>{<1><227>A<14>qo9<177>
> Attributes:
> User-Name = "gladl"
> NAS-IP-Address = 172.22.254.5
> NAS-Port = 1
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00242B9A89C9"
> Called-Station-Id = "000B86422000"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><20><0>W<25><0><23><3><1><0>L6<158>X<208><152><174>x<156><133>g5<231><4><23><161><216><250><212><131><233>Uu<212>~<137>gV;\<28><12>!<149><162>^V'<17><0><197><9><16><168><200><216><210>V<18><238><13><212><232><5>L<130>5<146><230><2>c<214><13>h{7<201>P<21>TF<214>/<175><168>a<25>
> Aruba-Essid-Name = "Mystar"
> Aruba-Location-Id = "NCO_L2_TestAP"
> Message-Authenticator = <202>S<195><183>r_<184><249>5Y$<150>Vc<127>~
>
> Tue Nov 2 11:34:34 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:34 2010: DEBUG: Deleting session for gladl, 172.22.254.5, 1
> Tue Nov 2 11:34:34 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:34 2010: DEBUG: Handling with EAP: code 2, 20, 87, 25
> Tue Nov 2 11:34:34 2010: DEBUG: Response type 25
> Tue Nov 2 11:34:34 2010: DEBUG: EAP PEAP inner authentication request for anonymous
> Tue Nov 2 11:34:34 2010: DEBUG: PEAP Tunnelled request Packet dump:
> Code: Access-Request
> Identifier: UNDEF
> Authentic: CY<<10><194>)<148><180>c<203><189><11><156><180>;<171>
> Attributes:
> EAP-Message = <2><20><0><<26><2><20><0>;1h<202><232><150><231><171><170>l<244><153>%c<1>{<153><<0><0><0><0><0><0><0><0><147><159><17><14><218><136>\<4><230>w<221>b=<230>R<210><245><152>"x<146><193>B<196><0>gladl
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> NAS-IP-Address = 172.22.254.5
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port = 1
> Calling-Station-Id = "00242B9A89C9"
> User-Name = "anonymous"
>
> Tue Nov 2 11:34:34 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:34 2010: DEBUG: Deleting session for anonymous, 172.22.254.5, 1
> Tue Nov 2 11:34:34 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:34 2010: DEBUG: Handling with EAP: code 2, 20, 60, 26
> Tue Nov 2 11:34:34 2010: DEBUG: Response type 26
> Tue Nov 2 11:34:34 2010: INFO: Connecting to ldapserver:389
> Tue Nov 2 11:34:34 2010: ERR: Could not open LDAP connection to ldapserver:389. Backing off for 90 seconds.
> Tue Nov 2 11:34:34 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user gladl
> Tue Nov 2 11:34:34 2010: DEBUG: AuthBy LDAP2 result: REJECT, EAP MSCHAP V2 failed: no such user gladl
> Tue Nov 2 11:34:34 2010: INFO: Access rejected for anonymous: EAP MSCHAP V2 failed: no such user gladl
> Tue Nov 2 11:34:34 2010: DEBUG: Returned PEAP tunnelled packet dump:
> Code: Access-Reject
> Identifier: UNDEF
> Authentic: CY<<10><194>)<148><180>c<203><189><11><156><180>;<171>
> Attributes:
> EAP-Message = <4><20><0><4>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
>
> Tue Nov 2 11:34:34 2010: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov 2 11:34:34 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov 2 11:34:34 2010: DEBUG: Access challenged for gladl: EAP PEAP inner authentication redispatched to a Handler
> Tue Nov 2 11:34:34 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code: Access-Challenge
> Identifier: 94
> Authentic: <20><22>,t<132>[YC<129>!y<200><143><129><127><199>
> Attributes:
> EAP-Message = <1><21><0>&<25><0><23><3><1><0><27><229>1<170><1>W7<205><250>;N<153><207><160><29><7><134>Si2<248><140><128><214><20><237>\2
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Nov 2 11:34:34 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:34 2010: DEBUG: Rewrote user name to gladl
> Tue Nov 2 11:34:34 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code: Access-Request
> Identifier: 95
> Authentic: <12>x<244>OC<199><178><197><5><242><138><142>)s<184><1>
> Attributes:
> User-Name = "gladl"
> NAS-IP-Address = 172.22.254.5
> NAS-Port = 1
> NAS-Identifier = "rob-wls-sw1"
> NAS-Port-Type = Wireless-IEEE-802-11
> Calling-Station-Id = "00242B9A89C9"
> Called-Station-Id = "000B86422000"
> Service-Type = Login-User
> Framed-MTU = 1100
> EAP-Message = <2><21><0>&<25><0><23><3><1><0><27>T<212>o<140><187><129><24><200><194>o<220><213>73y<254><232>c<225>42<197>t<237>6S<192>
> Aruba-Essid-Name = "Mystar"
> Aruba-Location-Id = "NCO_L2_TestAP"
> Message-Authenticator = G'5<163>3,<217>g<196><149><182><230>U<237><148><227>
>
> Tue Nov 2 11:34:34 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov 2 11:34:34 2010: DEBUG: Deleting session for gladl, 172.22.254.5, 1
> Tue Nov 2 11:34:34 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov 2 11:34:34 2010: DEBUG: Handling with EAP: code 2, 21, 38, 25
> Tue Nov 2 11:34:34 2010: DEBUG: Response type 25
> Tue Nov 2 11:34:34 2010: DEBUG: EAP result: 1, PEAP Authentication Failure
> Tue Nov 2 11:34:34 2010: DEBUG: AuthBy LDAP2 result: REJECT, PEAP Authentication Failure
> Tue Nov 2 11:34:34 2010: INFO: Access rejected for gladl: PEAP Authentication Failure
> Tue Nov 2 11:34:34 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code: Access-Reject
> Identifier: 95
> Authentic: t<255><178><208><212><144>_Dsn<21><211><225>d<225>Y
> Attributes:
> EAP-Message = <4><21><0><4>
> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Reply-Message = "Request Denied"
>
>
> ========================================================
> This Message has been scanned for Viruses by AUSTAR Communications Antivirus and content checking applications.
> AUSTAR Communications
> ======================================================== _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
More information about the radiator
mailing list