[RADIATOR] Access rejected for anonymous: EAP MSCHAP-V2 Authentication failure and AuthBy LDAP2 result: REJECT, PEAP Authentication Failure

Hugh Irvine hugh at open.com.au
Tue Nov 2 17:04:28 CDT 2010


Hello Garth -

Here is the first problem:


Tue Nov  2 11:34:34 2010: INFO: Connecting to ldapserver:389
Tue Nov  2 11:34:34 2010: ERR: Could not open LDAP connection to ldapserver:389. Backing off for 90 seconds.
Tue Nov  2 11:34:34 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user gladl


Radiator is unable to connect to the AD server.

In general you are better off using the AuthBy NTLM clause for this on *NIX, or else running an instance of Radiator on a Windows host and using the AuthBy LSA clause.

regards

Hugh



On 2 Nov 2010, at 12:36, Garth Ladlow wrote:

> Hoping someone can help, Am trying to allow access from a wireless network, with authentication off Active Directory.
>  
> Am using the test certificates from Radiator in a test environment.
>  
> Am unsure where I am going wrong , have trolled through the mailing list with no luck.
>  
>  
> Have included the radius config below and the output from the radius logs below that.
>  
> ###################### Radius config
>  
> ###############################################################
> #
> # configure AuthBy LDAP with no Searchfilter
> # for use by TACACS
>  
>  
> <AuthBy LDAP2>
>  
>     Identifier NCO-ldap
>  
>      EAPType PEAP,TTLS,MSCHAP-V2
>  
>       EAPTLS_CAFile /home/thart/Radiator-4.7/certificates/demoCA/cacert.pem
>         EAPTLS_CertificateFile /home/thart/Radiator-4.7/certificates/cert-srv.pem
>         EAPTLS_CertificateType PEM
>         EAPTLS_PrivateKeyFile /home/thart/Radiator-4.7/certificates/cert-srv.pem
>         EAPTLS_PrivateKeyPassword whatever
>         SSLeayTrace 4
>         EAPTLS_PEAPVersion 0
>         AutoMPPEKeys
>         EAPTLS_MaxFragmentSize 1000
>  
>     Host ldapserver
>     AuthDN ldapdn
>     AuthPassword    ldappassword
>     BaseDN          ldapdn
>     ServerChecksPassword
>     UsernameAttr sAMAccountName
>     Version 3
>     FailureBackoffTime 90
>     NoDefault
>     Timeout 9
>  
> </AuthBy>
>  
>  
>  
> ##########################################################
> #
> # Handlers
> #
> ##########################################################
>  
> #<Handler Client-Identifier=ArubaClients, Request-Type=Access-Request, Aruba-Essid-Name="Mystar">
> <Handler>
>  
>         AuthBy NCO-ldap
>  
> </Handler>
>  
>  
>  
> ###################### Radius logs
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code:       Access-Request
> Identifier: 87
> Authentic:  D<167>M<144><24><13><15>5<4><174><18><144><4>t<226>[
> Attributes:
>      User-Name = "gladl"
>      NAS-IP-Address = 172.22.254.5
>      NAS-Port = 1
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port-Type = Wireless-IEEE-802-11
>      Calling-Station-Id = "00242B9A89C9"
>      Called-Station-Id = "000B86422000"
>      Service-Type = Login-User
>      Framed-MTU = 1100
>      EAP-Message = <2><13><0><10><1>gladl
>      Aruba-Essid-Name = "Mystar"
>      Aruba-Location-Id = "NCO_L2_TestAP"
>      Message-Authenticator = <223><134><129>r<195>(<159><229><180><137><235><213>n<14><178><177>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:04 2010: DEBUG:  Deleting session for gladl, 172.22.254.5, 1
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 13, 10, 1
> Tue Nov  2 11:34:04 2010: DEBUG: Response type 1
> Tue Nov  2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code:       Access-Challenge
> Identifier: 87
> Authentic:  <165><222><145><237><132><196><172><128><6><216><205><161><148><255><155><209>
> Attributes:
>      EAP-Message = <1><14><0><6><25>
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code:       Access-Request
> Identifier: 88
> Authentic:   <222>oc|O<24><212>A<228>q<183><20><131>P<220>
> Attributes:
>      User-Name = "gladl"
>      NAS-IP-Address = 172.22.254.5
>      NAS-Port = 1
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port-Type = Wireless-IEEE-802-11
>      Calling-Station-Id = "00242B9A89C9"
>      Called-Station-Id = "000B86422000"
>      Service-Type = Login-User
>      Framed-MTU = 1100
>      EAP-Message = <2><14><0>W<25><128><0><0><0>M<22><3><1><0>H<1><0><0>D<3><1>L<207>j<138><17><203>P<227>/<198><254>^<176>2<199><188><28><129><161>(<141><206>Zt<8><198><158>*J<11>+]<0><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0><0><5><255><1><0><1><0>
>      Aruba-Essid-Name = "Mystar"
>      Aruba-Location-Id = "NCO_L2_TestAP"
>      Message-Authenticator = <202><142><187><194>~9<206><165>z <176>:R<143>g<20>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:04 2010: DEBUG:  Deleting session for gladl, 172.22.254.5, 1
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 14, 87, 25
> Tue Nov  2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov  2 11:34:04 2010: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> Tue Nov  2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code:       Access-Challenge
> Identifier: 88
> Authentic:  `<165>G^|Z<204><139><149><237><242><25>pK<220><25>
> Attributes:
>      EAP-Message = <1><15><3><242><25><192><0><0><7><185><22><3><1><0>Q<2><0><0>M<3><1>L<207>j<140><198>u<143><135><233><127><192>p:<237>?)?@<3><181>!<174>!<205><151>U*<182><205><252><199><219> <135><226><182><246><192>.q<4><158><159><147><253><147><242>'<134><28><205>"n+<149>A%<216><175>2<254><212>)<0><239><0><4><0><0><5><255><1><0><1><0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certific
>      EAP-Message = ate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>100128213155Z<23><13>120128213155Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1%0#<6>
>      EAP-Message = <3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><203>?(<193><229><128><183><136>q<166><202><21><168><224><157>M<139><204>{<209><131><10><156><164><254>Z<214><231><254>g<245>+y~<210><147><171><8><131><143><139><186>{<221><224>)<161>`<140>z<193><247><244><210><152><149><4><204><225><139><204><159><29><1><12><162><219><142><176>)/<189><163>vV<208><250><213><212><144><137><211><207><10><215><19><206><14><228>umT<7><239><198>_Y<231><197><202><14><166><211><145><181><226><226>|<201>E<128>F<165><189><<250><20><18><227>6t<243><177>ZNv<133><153><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><30><137>N<139><212>><249><25><151><161>N<31><183>
>      EAP-Message = <246><141>'<233>V<198><203><206><146>9*<19><219>0<28><209><244>e<17><199>`<236>g<189>q<<200><185>{<219><252><31>+<245><10><208>M<181>!<248><20><1>K)E<2><158><128>#<169><162><179><224>W08<19><<16>ts<226>~<11>4<8><251>!d<201><223><230>~E<133><166>r<0>:<19>4<206>D<136>8<232>n<26><195>v<13><192>&ws<175>n at 0D<175><29>E<162>:<239>d <17>?<153><184>C4?<0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><249><170>@<232><246>7<146>$0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code:       Access-Request
> Identifier: 89
> Authentic:  <28><250><195><178>X<232>y<148>z<222>Dd<26><135>jA
> Attributes:
>      User-Name = "gladl"
>      NAS-IP-Address = 172.22.254.5
>      NAS-Port = 1
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port-Type = Wireless-IEEE-802-11
>      Calling-Station-Id = "00242B9A89C9"
>      Called-Station-Id = "000B86422000"
>      Service-Type = Login-User
>      Framed-MTU = 1100
>      EAP-Message = <2><15><0><6><25><0>
>      Aruba-Essid-Name = "Mystar"
>      Aruba-Location-Id = "NCO_L2_TestAP"
>      Message-Authenticator = L<23>a<250>D<28>u<190><19><215><161><144>+<224><129><135>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:04 2010: DEBUG:  Deleting session for gladl, 172.22.254.5, 1
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 15, 6, 25
> Tue Nov  2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov  2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code:       Access-Challenge
> Identifier: 89
> Authentic:  /<149>@Jli<134><22><194><249>qHn<26><136>K
> Attributes:
>      EAP-Message = <1><16><3><215><25><0><4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>100128213155Z<23><13>120128213155Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test C
>      EAP-Message = ertificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><221><135><194>,<1>U3|N'<174><232><18>VB6<20><197>'x<167><242><198>I<253>[<184>:<254><240><168><221>Se><13><130><251><23> <4><29> q#<228><181>#<236>9<182>0Q<253><0><227>eL<190>6K<4>8<240>L<178><255>^IS_T)n<206><147>%<251><255>o<229><128><30><140><14><149><22><21>+Yf<128><155><190><241><153>:<226>;<219><240><182>#<151><209>|<141><223><128>w<213>@<14><206><228> <203><132><0>w<134><255>Q
>      EAP-Message = hd<12><190>9<2><3><1><0><1><163><130><1>30<130><1>/0<29><6><3>U<29><14><4><22><4><20><151>NFk<218><183>Rv/<18>-<225>P<190>E<209><205><183> p0<129><255><6><3>U<29>#<4><129><247>0<129><244><128><20><151>NFk<218><183>Rv/<18>-<225>P<190>E<209><205><183> p<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in pr
>      EAP-Message = oduction)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<130><9><0><249><170>@<232><246>7<146>$0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>y<18>9X<176><<236><203><168><151><202><144><201>Q$<166><217><249><17>|<163>8<129><232>dr<236><211><240>WP<162>B<157><250>9<224><152>JA<213><127>><247>:<227><191><18><232>u,<172><237><188>?<8><239>E<239>m<203><152><10>`<18>V$<184><7><205><137><138>p<139><152><240><20><3>{<150>7<156><193><4><153><190><8><216><173><9><185>9<158><211>^ex<144><208><128><251>+<15><146>KQ<249><234><171><3><14>2<206><9>K<220><201>f<159>f<~<149><21>c<227>V<203><22><3><1><0><4><14><0><0><0>
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code:       Access-Request
> Identifier: 90
> Authentic:  {<241><183>- <235><11><133>I,<211><225>l<232><199><134>
> Attributes:
>      User-Name = "gladl"
>      NAS-IP-Address = 172.22.254.5
>      NAS-Port = 1
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port-Type = Wireless-IEEE-802-11
>      Calling-Station-Id = "00242B9A89C9"
>      Called-Station-Id = "000B86422000"
>      Service-Type = Login-User
>      Framed-MTU = 1100
>      EAP-Message = <2><16><0><192><25><128><0><0><0><182><22><3><1><0><134><16><0><0><130><0><128>I<133><201><189><140><229>k<200><187>'<221><10>><253><230>><254><221>54C<231><239><158>.<7><215>@<210><22><154><17><139><241><134>W7><132><187><205>vDK<18><7><12><<7><28>m<205><222><249><31><143><0>6B<211><202><16><140><193>*<7>;<127>|<22><201>B<140><243><13><139><198><154><134><135>h<233><14>><156><8><205>IE<251>5|<18><138>$<12>m<127>7<237>:K(<3>a{<201><237><136>&<148><141><148><211>q<206>"<27><195><18>z<213>><21>[$<149>i<20><3><1><0><1><1><22><3><1><0> :t<202><224><254><226>a<149><254>}h<147><241>ce-mf<152><171><192>FqG<151>n<12>K<131><203>/4
>      Aruba-Essid-Name = "Mystar"
>      Aruba-Location-Id = "NCO_L2_TestAP"
>      Message-Authenticator = <183><148>?YlP<241><175><18>A<220><158>K<195>+<184>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:04 2010: DEBUG:  Deleting session for gladl, 172.22.254.5, 1
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 16, 192, 25
> Tue Nov  2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov  2 11:34:04 2010: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> Tue Nov  2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code:       Access-Challenge
> Identifier: 90
> Authentic:  <250>7{A<192><242><184><225>5v<211>D<137>, <170>
> Attributes:
>      EAP-Message = <1><17><0>5<25><128><0><0><0>+<20><3><1><0><1><1><22><3><1><0> #<192><252>*<227>@&+<24>mV<211><253>Un<130><133><173>7<172>opq<183><218><238><133><149><150><14><183>v
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code:       Access-Request
> Identifier: 86
> Authentic:  ?<148><16><138>/<223><25><169>~<145>Nb<20>4<214><203>
> Attributes:
>      User-Name = "gladl"
>      NAS-IP-Address = 172.22.254.5
>      NAS-Port = 1
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port-Type = Wireless-IEEE-802-11
>      Calling-Station-Id = "00242B9A89C9"
>      Called-Station-Id = "000B86422000"
>      Service-Type = Login-User
>      Framed-MTU = 1100
>      EAP-Message = <2><17><0><6><25><0>
>      Aruba-Essid-Name = "Mystar"
>      Aruba-Location-Id = "NCO_L2_TestAP"
>      Message-Authenticator = <22>`<216><253><<228><157><146><24>W<16>\1<142><194>A
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:04 2010: DEBUG:  Deleting session for gladl, 172.22.254.5, 1
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 17, 6, 25
> Tue Nov  2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov  2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code:       Access-Challenge
> Identifier: 86
> Authentic:  <232>{<217><198>zOI<236>.z<143>-<183>/;6
> Attributes:
>      EAP-Message = <1><18><0><28><25><0><23><3><1><0><17><228>$M[<246>aFB<189>AC<158><169><14><190>_<130>
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code:       Access-Request
> Identifier: 92
> Authentic:   <213><171><228>[<231><31>dC0<196>ENb<174><233>
> Attributes:
>      User-Name = "gladl"
>      NAS-IP-Address = 172.22.254.5
>      NAS-Port = 1
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port-Type = Wireless-IEEE-802-11
>      Calling-Station-Id = "00242B9A89C9"
>      Called-Station-Id = "000B86422000"
>      Service-Type = Login-User
>      Framed-MTU = 1100
>      EAP-Message = <2><18><0>!<25><0><23><3><1><0><22><236><177><186><221>}<254><12><24>?<159>Z<177><232><0><28><255><134>M<228>^ <154>
>      Aruba-Essid-Name = "Mystar"
>      Aruba-Location-Id = "NCO_L2_TestAP"
>      Message-Authenticator = <181><4><6><199><136><211>><142><151><197><136>ib<174><133>/
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:04 2010: DEBUG:  Deleting session for gladl, 172.22.254.5, 1
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 18, 33, 25
> Tue Nov  2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov  2 11:34:04 2010: DEBUG: EAP PEAP inner authentication request for anonymous
> Tue Nov  2 11:34:04 2010: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <135><243><29>_5<228>w<158>0<16>H<31>3<164><3><128>
> Attributes:
>      EAP-Message = <2><18><0><6><1>gladl
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>      NAS-IP-Address = 172.22.254.5
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port = 1
>      Calling-Station-Id = "00242B9A89C9"
>      User-Name = "anonymous"
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:04 2010: DEBUG:  Deleting session for anonymous, 172.22.254.5, 1
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 18, 6, 1
> Tue Nov  2 11:34:04 2010: DEBUG: Response type 1
> Tue Nov  2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Access challenged for anonymous: EAP PEAP Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Challenge
> Identifier: UNDEF
> Authentic:  <135><243><29>_5<228>w<158>0<16>H<31>3<164><3><128>
> Attributes:
>      EAP-Message = <1><19><0><6><25>
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov  2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov  2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP inner authentication redispatched to a Handler
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code:       Access-Challenge
> Identifier: 92
> Authentic:  <3><217><14>S_<26>>k<255>I7<4><141><219><130>4
> Attributes:
>      EAP-Message = <1><19><0><29><25><0><23><3><1><0><18>>#<183><197>}<<251><168>A<171><193>z<227><129>&.<16>;
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code:       Access-Request
> Identifier: 93
> Authentic:  <26><215>C<170>3<136>;<130>DF<3><220>y<239><179><226>
> Attributes:
>      User-Name = "gladl"
>      NAS-IP-Address = 172.22.254.5
>      NAS-Port = 1
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port-Type = Wireless-IEEE-802-11
>      Calling-Station-Id = "00242B9A89C9"
>      Called-Station-Id = "000B86422000"
>      Service-Type = Login-User
>      Framed-MTU = 1100
>      EAP-Message = <2><19><0><29><25><0><23><3><1><0><18>x/d<29>Q<168><195><4><220><213><31><217>`qup<236><231>
>      Aruba-Essid-Name = "Mystar"
>      Aruba-Location-Id = "NCO_L2_TestAP"
>      Message-Authenticator = <26>KJ<157><222><187><163>fJ<129><183>@*<241><10><2>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:04 2010: DEBUG:  Deleting session for gladl, 172.22.254.5, 1
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 19, 29, 25
> Tue Nov  2 11:34:04 2010: DEBUG: Response type 25
> Tue Nov  2 11:34:04 2010: DEBUG: EAP PEAP inner authentication request for anonymous
> Tue Nov  2 11:34:04 2010: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <128>CM<147>4<146>ka<27><183><178>[Y<24>j0
> Attributes:
>      EAP-Message = <2><19><0><2><3><26>
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>      NAS-IP-Address = 172.22.254.5
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port = 1
>      Calling-Station-Id = "00242B9A89C9"
>      User-Name = "anonymous"
>  
> Tue Nov  2 11:34:04 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:04 2010: DEBUG:  Deleting session for anonymous, 172.22.254.5, 1
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:04 2010: DEBUG: Handling with EAP: code 2, 19, 2, 3
> Tue Nov  2 11:34:04 2010: DEBUG: Response type 3
> Tue Nov  2 11:34:04 2010: DEBUG: EAP Nak desires type 26
> Tue Nov  2 11:34:04 2010: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP MSCHAP-V2 Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Access challenged for anonymous: EAP MSCHAP-V2 Challenge
> Tue Nov  2 11:34:04 2010: DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Challenge
> Identifier: UNDEF
> Authentic:  <128>CM<147>4<146>ka<27><183><178>[Y<24>j0
> Attributes:
>      EAP-Message = <1><20><0>!<26><1><20><0><28><16><250>2<222><243><205><150><2>ZE<162><3>_[C<231>crockyvi
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>  
> Tue Nov  2 11:34:04 2010: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov  2 11:34:04 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov  2 11:34:04 2010: DEBUG: Access challenged for gladl: EAP PEAP inner authentication redispatched to a Handler
> Tue Nov  2 11:34:04 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code:       Access-Challenge
> Identifier: 93
> Authentic:  <242><176><159>k<10><157><16><233>^<160><4> ><1><3><237>
> Attributes:
>      EAP-Message = <1><20><0>8<25><0><23><3><1><0>-Z<219><241><254>ES<203><226><248><176>0<220>v<12><254><135>D,<178><21><253><165><194><1><230><134><209><177><219><154><143><186>!/<151><241>?<<242>[/[<243>Q:
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>  
>  
>  
>  
>  
>  
>  
> Tue Nov  2 11:34:34 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:34 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:34 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code:       Access-Request
> Identifier: 94
> Authentic:  P<144><202>N<16>)<219>{<1><227>A<14>qo9<177>
> Attributes:
>      User-Name = "gladl"
>      NAS-IP-Address = 172.22.254.5
>      NAS-Port = 1
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port-Type = Wireless-IEEE-802-11
>      Calling-Station-Id = "00242B9A89C9"
>      Called-Station-Id = "000B86422000"
>      Service-Type = Login-User
>      Framed-MTU = 1100
>      EAP-Message = <2><20><0>W<25><0><23><3><1><0>L6<158>X<208><152><174>x<156><133>g5<231><4><23><161><216><250><212><131><233>Uu<212>~<137>gV;\<28><12>!<149><162>^V'<17><0><197><9><16><168><200><216><210>V<18><238><13><212><232><5>L<130>5<146><230><2>c<214><13>h{7<201>P<21>TF<214>/<175><168>a<25>
>      Aruba-Essid-Name = "Mystar"
>      Aruba-Location-Id = "NCO_L2_TestAP"
>      Message-Authenticator = <202>S<195><183>r_<184><249>5Y$<150>Vc<127>~
>  
> Tue Nov  2 11:34:34 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:34 2010: DEBUG:  Deleting session for gladl, 172.22.254.5, 1
> Tue Nov  2 11:34:34 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:34 2010: DEBUG: Handling with EAP: code 2, 20, 87, 25
> Tue Nov  2 11:34:34 2010: DEBUG: Response type 25
> Tue Nov  2 11:34:34 2010: DEBUG: EAP PEAP inner authentication request for anonymous
> Tue Nov  2 11:34:34 2010: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  CY<<10><194>)<148><180>c<203><189><11><156><180>;<171>
> Attributes:
>      EAP-Message = <2><20><0><<26><2><20><0>;1h<202><232><150><231><171><170>l<244><153>%c<1>{<153><<0><0><0><0><0><0><0><0><147><159><17><14><218><136>\<4><230>w<221>b=<230>R<210><245><152>"x<146><193>B<196><0>gladl
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>      NAS-IP-Address = 172.22.254.5
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port = 1
>      Calling-Station-Id = "00242B9A89C9"
>      User-Name = "anonymous"
>  
> Tue Nov  2 11:34:34 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:34 2010: DEBUG:  Deleting session for anonymous, 172.22.254.5, 1
> Tue Nov  2 11:34:34 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:34 2010: DEBUG: Handling with EAP: code 2, 20, 60, 26
> Tue Nov  2 11:34:34 2010: DEBUG: Response type 26
> Tue Nov  2 11:34:34 2010: INFO: Connecting to ldapserver:389
> Tue Nov  2 11:34:34 2010: ERR: Could not open LDAP connection to ldapserver:389. Backing off for 90 seconds.
> Tue Nov  2 11:34:34 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user gladl
> Tue Nov  2 11:34:34 2010: DEBUG: AuthBy LDAP2 result: REJECT, EAP MSCHAP V2 failed: no such user gladl
> Tue Nov  2 11:34:34 2010: INFO: Access rejected for anonymous: EAP MSCHAP V2 failed: no such user gladl
> Tue Nov  2 11:34:34 2010: DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Reject
> Identifier: UNDEF
> Authentic:  CY<<10><194>)<148><180>c<203><189><11><156><180>;<171>
> Attributes:
>      EAP-Message = <4><20><0><4>
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>      Reply-Message = "Request Denied"
>  
> Tue Nov  2 11:34:34 2010: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov  2 11:34:34 2010: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
> Tue Nov  2 11:34:34 2010: DEBUG: Access challenged for gladl: EAP PEAP inner authentication redispatched to a Handler
> Tue Nov  2 11:34:34 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code:       Access-Challenge
> Identifier: 94
> Authentic:  <20><22>,t<132>[YC<129>!y<200><143><129><127><199>
> Attributes:
>      EAP-Message = <1><21><0>&<25><0><23><3><1><0><27><229>1<170><1>W7<205><250>;N<153><207><160><29><7><134>Si2<248><140><128><214><20><237>\2
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>  
> Tue Nov  2 11:34:34 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:34 2010: DEBUG: Rewrote user name to gladl
> Tue Nov  2 11:34:34 2010: DEBUG: Packet dump:
> *** Received from 172.22.254.4 port 41832 ....
> Code:       Access-Request
> Identifier: 95
> Authentic:  <12>x<244>OC<199><178><197><5><242><138><142>)s<184><1>
> Attributes:
>      User-Name = "gladl"
>      NAS-IP-Address = 172.22.254.5
>      NAS-Port = 1
>      NAS-Identifier = "rob-wls-sw1"
>      NAS-Port-Type = Wireless-IEEE-802-11
>      Calling-Station-Id = "00242B9A89C9"
>      Called-Station-Id = "000B86422000"
>      Service-Type = Login-User
>      Framed-MTU = 1100
>      EAP-Message = <2><21><0>&<25><0><23><3><1><0><27>T<212>o<140><187><129><24><200><194>o<220><213>73y<254><232>c<225>42<197>t<237>6S<192>
>      Aruba-Essid-Name = "Mystar"
>      Aruba-Location-Id = "NCO_L2_TestAP"
>      Message-Authenticator = G'5<163>3,<217>g<196><149><182><230>U<237><148><227>
>  
> Tue Nov  2 11:34:34 2010: DEBUG: Handling request with Handler '', Identifier ''
> Tue Nov  2 11:34:34 2010: DEBUG:  Deleting session for gladl, 172.22.254.5, 1
> Tue Nov  2 11:34:34 2010: DEBUG: Handling with Radius::AuthLDAP2: NCO-ldap
> Tue Nov  2 11:34:34 2010: DEBUG: Handling with EAP: code 2, 21, 38, 25
> Tue Nov  2 11:34:34 2010: DEBUG: Response type 25
> Tue Nov  2 11:34:34 2010: DEBUG: EAP result: 1, PEAP Authentication Failure
> Tue Nov  2 11:34:34 2010: DEBUG: AuthBy LDAP2 result: REJECT, PEAP Authentication Failure
> Tue Nov  2 11:34:34 2010: INFO: Access rejected for gladl: PEAP Authentication Failure
> Tue Nov  2 11:34:34 2010: DEBUG: Packet dump:
> *** Sending to 172.22.254.4 port 41832 ....
> Code:       Access-Reject
> Identifier: 95
> Authentic:  t<255><178><208><212><144>_Dsn<21><211><225>d<225>Y
> Attributes:
>      EAP-Message = <4><21><0><4>
>      Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>      Reply-Message = "Request Denied"
> 
> 
> ========================================================
> This Message has been scanned for Viruses by AUSTAR Communications Antivirus and content checking applications.
> AUSTAR Communications
> ======================================================== _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.






More information about the radiator mailing list