[RADIATOR] [Radiator] EAP TTLS with EAP Inner Method
Aman Arneja
arneja.aman at gmail.com
Mon Apr 11 07:55:33 CDT 2011
Team
As you might have gathered from my previous mails, i am writing an EAP TTLS
Method. We are facing problems with using EAP Inner Methods. Non Eap Inner
methods are working fine. I am attaching 2 log files :
1.) radiatornoproxy : Config File = eap_ttls.cfg.
Topology :
Client - Wireless supplicant configured to authenticate using our TTLS + EAP
MsChapv2
Radiator - AuthByLsa
2.) eapttlsradiator : Config File = eap_ttls_proxy.txtTopology :
Client - Wireless supplicant configured to authenticate using our TTLS + EAP
MsChapv2
Radiator - AuthByRadius, with authentication terminating on Microsoft NPS
In Both Cases Radiator is rejecting the AVP sent by client after server
sends access challenge.
Can some1 pls help us with this? Let me know if any more information is
required. Seems to be an issue with the reading of the EAP Message from the
AVP.
Snipped of issue is as follows
:
Mon Apr 11 04:34:01 2011: DEBUG: Handling request with Handler '',
Identifier ''
Mon Apr 11 04:34:01 2011: DEBUG: Deleting session for
DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 04:34:01 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 04:34:01 2011: DEBUG: Handling with EAP: code 2, 7, 139, 21
Mon Apr 11 04:34:01 2011: DEBUG: Response type 21
Mon Apr 11 04:34:01 2011: DEBUG: EAP TTLS data, 3, 7, 6
Mon Apr 11 04:34:01 2011: DEBUG: EAP result: 1, EAP TTLS read failed: 1168:
1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Mon Apr 11 04:34:01 2011: DEBUG: AuthBy FILE result: REJECT, EAP TTLS read
failed: 1168: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number
Mon Apr 11 04:34:01 2011: INFO: Access rejected for DVM-AMARNE-DC\anonymous:
EAP TTLS read failed: 1168: 1 - error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number
Mon Apr 11 04:34:01 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 65529 ....
Code: Access-Reject
Identifier: 6
Authentic:
<179>~<25><150><242><188><191><189>_<127><180><130>O<26><21><209>
Attributes:
EAP-Message = <4><7><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Thanx
Aman Arneja
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110411/0f51958b/attachment-0001.html
-------------- next part --------------
Mon Apr 11 05:46:11 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 62756 ....
Code: Access-Request
Identifier: 0
Authentic: )#<190><132><225>l<214><174>R<144>I<241><241><187><233><235>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><1><0><28><1>DVM-AMARNE-DC\anonymous
Message-Authenticator = <206><144><158><145><16>)Q<146><184><214><248><252><226><131>wu
Mon Apr 11 05:46:11 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:46:11 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:46:11 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:46:11 2011: DEBUG: Handling with EAP: code 2, 1, 28, 1
Mon Apr 11 05:46:11 2011: DEBUG: Response type 1
Mon Apr 11 05:46:11 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 62756 ....
Code: Access-Challenge
Identifier: 0
Authentic: <232><137>d7<224>Qq<136><132><223>n<138><164><223>.<128>
Attributes:
EAP-Message = <1><2><0><6><21>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:46:11 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 62756 ....
Code: Access-Request
Identifier: 1
Authentic: <179><166><219><<135><12>><153>$^<13><28><6><183>G<222>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><2><0>i<21><128><0><0><0>_<22><3><1><0>Z<1><0><0>V<3><1>M<162><248>"<217><128><209>h/<209>[$0<243><181>H<251>8<173>g<199>_N<162>j<30><194><224>W<240><209><137><0><0><24><0>/<0>5<0><5><0><10><192><19><192><20><192><9><192><10><0>2<0>8<0><19><0><4><1><0><0><21><255><1><0><1><0><0><10><0><6><0><4><0><23><0><24><0><11><0><2><1><0>
Message-Authenticator = <218><160><185>z<145><251>F@<148><218><3><148><187><17><127><142>
Mon Apr 11 05:46:11 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:46:11 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:46:11 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:46:11 2011: DEBUG: Handling with EAP: code 2, 2, 105, 21
Mon Apr 11 05:46:11 2011: DEBUG: Response type 21
Mon Apr 11 05:46:11 2011: DEBUG: EAP TTLS data, 24576, 2, -1
Mon Apr 11 05:46:11 2011: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
Mon Apr 11 05:46:11 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 62756 ....
Code: Access-Challenge
Identifier: 1
Authentic: rY)<151><164>X<205><225><182>9|<202>g<29><142><172>
Attributes:
EAP-Message = <1><3><4><10><21><192><0><0><9>K<22><3><1><0>J<2><0><0>F<3><1>M<162><248><19><127><207>P5x<173>N<231><12><129>K!<182><172><189>o<210><145>6<194><226><186><210><179><223><158>X<1> c<177>]<190><6><215><204>[<133>)<10><219>owU<134><212><233><20>q<187><164><195><142><130>,^<220><253><235><203>&<0>/<0><22><3><1><8><238><11><0><8><234><0><8><231><0><5><154>0<130><5><150>0<130><4>~<160><3><2><1><2><2><19>M<0><0><0>#V<155>kCK<186><211><207><0><0><0><0><0>#0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>041<27>0<25><6><3>U<4><11><19><18>Microsoft PKI Team1<21>0<19><6><3>U<4><3><19><12>VM-AMARNE-DC0<30><23><13>110329161910Z<23><13>120328161910Z0=1;09<6><3>U<4><3><19>2R
EAP-Message = adiatorServer1.dVM-AMARNE-DC.nttest.microsoft.com0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><196><134>kt" <183>E<230><134><164><20>;<165><148><8><23><222>^<227><216>8]<182><151>V<169><11><161>R<227><170>E4<27><19><228><218><250><238><20><17><30><128><225><19><183><194><15><225><214><224>\r<23><177>e<247><241><128>q;\<160><162><129><232><7><20><11><186><242>oy<217><162>L<231>)<135><222><151>6<162><146>X<233><22><11><149>%><192><219><225><171><156><183><195><170><129><164>:2<163>3<193><166>]<151>V'&<137>[<133><226>V<187>sIF<143>5i<193><136><167>!<249>S<163><248><142><244><0><180>)<212><243><177><176>?$<127><250><129>5<179><220><226>7<141>\<<165><224><5><223><228><160><174>$Z<207><128>E<172><212>bN
EAP-Message = <166><217><180><143><206>a<160><203>Z<192><242>q<194><254><25><199><216><244>70<167>p<190>D<230>!<175><245><21><23>?<209><241>-<180><212><205><148><140><130><2>Inv<208><147><176><209><232>OiE<24>A<162><237>O<130><132><238>=<227><208>p<180>LD<233><167><18><158><4><148><226><228>_<19><19>J<174><226><199><233>Rc<2><3><1><0><1><163><130><2><150>0<130><2><146>0<29><6><9>+<6><1><4><1><130>7<20><2><4><16><30><14><0>M<0>a<0>c<0>h<0>i<0>n<0>e0<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><2><6><8>+<6><1><5><5><7><3><1>0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><160>0<29><6><3>U<29><14><4><22><4><20><224>:<203>k<142><177><151><24>a<210><8><167><255><149>Z<220><164><152><227>]0<31><6><3>U<29>#<4><24>0<22><128><20><219><161><182><221><30>FD<143><232>]<154>HV)FT<25>9<236><249>0<129><232><6><3>U<29><31><4><129><224>0<129>
EAP-Message = <221>0<129><218><160><129><215><160><129><212><134><129><209>ldap:///CN=VM-AMARNE-DC,CN=VM-AMARNE-DC,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=dVM-AMARNE-DC,DC=nttest,DC=microsoft,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint0<129><215><6><8>+<6><1><5><5><7><1><1><4><129><202>0<129><199>0<129><196><6><8>+<6><1><5><5><7>0
EAP-Message = <2><134><129><183>ldap:///CN=VM-AMAR
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:46:11 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 62756 ....
Code: Access-Request
Identifier: 2
Authentic: <179><18>M<200>C<187><139><166><31><3>Z}<9>8%<31>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><3><0><6><21><0>
Message-Authenticator = <138>v<7>p<23>s<169>4Sp<154><129><134><169><191><6>
Mon Apr 11 05:46:11 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:46:11 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:46:11 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:46:11 2011: DEBUG: Handling with EAP: code 2, 3, 6, 21
Mon Apr 11 05:46:11 2011: DEBUG: Response type 21
Mon Apr 11 05:46:11 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 62756 ....
Code: Access-Challenge
Identifier: 2
Authentic: a.<10><168><202><224><8>P<224>m<182><176>Bu;<228>
Attributes:
EAP-Message = <1><4><4><6><21>@NE-DC,CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=dVM-AMARNE-DC,DC=nttest,DC=microsoft,DC=com?cACertificate?base?objectClass=certificationAuthority0=<6><3>U<29><17><4>604<130>2RadiatorServer1.dVM-AMARNE-DC.nttest.microsoft.com0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1>
EAP-Message = <0><27>%<188>F<145>L<203><222><215><192>*n<182>}<233><237><205>V<195>yC<244><130>u<145>w|<229><199><140>;R<212><206><193><238>z-<143>7<157>C<173><161><237><10><8><243><208><248>a<247>0t<178><180><20><197>4<183><198><0><10><176>Yi<212><238>llx<8>i<14><143><226><201><14>;6<10><201>@g<218><232><229>P<20>W<250><147><25><24><146>q,kv<211><26><146><218>_Z<196>+<24><217>?N><129>U<139><202><160><160><146>,/p\<216><229><190><234><135><216>)<175><216><174>*<206><149><4><173><240>B<200>R-<27><235>w<227><11><185><234>4nVK<223><172><31><155>R@ O<197><158>z <1><189><199>`<254><248><199><235><143>g<30>=<138>%<218><134><238><241><174>/<231><136><176><2>W<206><23><175><216>&/{_<4><192><156><185><3><148><24><243>!4<253><158><167><181><194><147><153><176><250><159><175><226>L<232><192>.<206>x-<211>X]V<244>Z<244><174><17>[M9<167><148>+<197>(V*n|<196><2><149>
EAP-Message = <24><131><145>]<0><3>G0<130><3>C0<130><2>+<160><3><2><1><2><2><16>sE<147><211>[<152><155><146>K<155><17><169><13><133><5>Y0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>041<27>0<25><6><3>U<4><11><19><18>Microsoft PKI Team1<21>0<19><6><3>U<4><3><19><12>VM-AMARNE-DC0<30><23><13>110328133139Z<23><13>160328134137Z041<27>0<25><6><3>U<4><11><19><18>Microsoft PKI Team1<21>0<19><6><3>U<4><3><19><12>VM-AMARNE-DC0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><221><161><246>_<131><144><25>B<170><162>/<241>u<192><203><148><239><31>u<217><235><203><251>+m<151><164>
EAP-Message = <139>x2<214><25><208><196><191><164><146><236>`*<170><11><229><150><13>r<165><21>\<219><24><22>`5c<219>><241><18><195>/4BO<131>V<209><230>\<222><164><159><253><26>X%<239><25><1><244>x<139><20><229><221>,6<237>a$W<3><142><228>c4(n>9<200><143><203><227><252>VN<186>d(<235><22><135>-<163>U<161>;<210>oH<153><150><235><177><216><156><210><142>>m<7><225><229><242><200><e<229><240>"<219><29>3F<17>J<13><12><16>Z<206><253>b<160><2>P<234><180>AAIfw<220><128>p<173><146>!<254><164><130><132>w<197><206>rz<250><138><0>>e<229>R/<140><3><214><138><228>,<8><18><222><26><185><133>2<233>h'<207><167>f<25><165><25><190>/<162>f<167>|<175><223>/<19><173>R<138><229>P<199>L<193><230><23><129><179><219><183>U<170>E<161>6<128><130>?<8><14><163>x<162><211><18>T<205><171><23>#<160>d<189><2><3><1><0><1><163>Q0O0<11><6><3>U<29><15><4><4><3><2><1><134>0<15>
EAP-Message = <6><3>U<29><19><1><1><255><4><5>0<3><1><1><255>0<29><6>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:46:11 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 62756 ....
Code: Access-Request
Identifier: 3
Authentic: ]<212><203><252><150><245>E;<19><13><137><10><28><219><174>2
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><4><0><6><21><0>
Message-Authenticator = :<239><184>Y/<158>x<151>O<141><140>V<20><155><144><212>
Mon Apr 11 05:46:11 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:46:11 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:46:11 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:46:11 2011: DEBUG: Handling with EAP: code 2, 4, 6, 21
Mon Apr 11 05:46:11 2011: DEBUG: Response type 21
Mon Apr 11 05:46:11 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 62756 ....
Code: Access-Challenge
Identifier: 3
Authentic: J<165><145><154>]H<156><183><217><175>4<177><138><158><12>E
Attributes:
EAP-Message = <1><5><1>Q<21><0><3>U<29><14><4><22><4><20><219><161><182><221><30>FD<143><232>]<154>HV)FT<25>9<236><249>0<16><6><9>+<6><1><4><1><130>7<21><1><4><3><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><170>g<188>p<182><13>Y.W"U-<230><209><159>i}<216><166><191><18><28><161><193>=<176>l><243><231><31><235><192>h<221>D<233><4><8>f+<148><254>cB<9>f<253><167>|Y?<175><189><183><22>e<250><136>ko<251>4<236>e(Ut<187><227><223><234><136>k<180><246>$I<200><23><250><133><233><14>"<247>[<31><152><235>y<198>V<142>E<205><238><216><206><202><241>D<133>p<20>Z<153>j<7><251><237><255>RJe<138><230>v<238><193>tHK<250><251><254><222>_<25>D/<188><251><146>n<166><21>l<218>V<193><211><27>f<17>=T<223>#<220>N8<169><231><21><12>&4<7><130>]~<247><248><233><186><192>9<186>w<13>sm<214><11><14><232><8>I<200><236>
EAP-Message = <5><162><172><192>.<205><15><170><152><235><22><179>J<184>P<136><15><240><27><225><17><153><218><31>$#<255><6><158>]<157>&7<3><11><216><237><151><3><141><230><251><134>"ME<222><129>`<149><140><244><193><222><21><11>UJ<6><180><164><244><229><224><226><164><179>J<194>v<246>j<239>vU<22><3><1><0><4><14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:46:11 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 62756 ....
Code: Access-Request
Identifier: 4
Authentic: <154>P<238>@x6<253><18>I2<246><158>}I<220>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><5><1>P<21><128><0><0><1>F<22><3><1><1><6><16><0><1><2><1><0><11><10><222><145><232><202><26><228>~et<142><131>y<254><239><194><1>G7<184><188><178><14><136><164><253><25>A|<186><150><188><204>T<182>5<160><168><220><176>M<161><196><9><202><183>.P61=<14><221><218>r<191>m<146>:<220><156><184><165><168><162>{<212><14><158>w<161><152><127><167>36<10><239><249>R<156>9<210><148><243><184>,Z<155>h<150>t<228><163><248>GW<154>#<204><188><220><138>b<30><139><144><171><220><223>U<134><16><238><166>}eEZ?<191>"<129><242>D{<131><214>uF<223><21>mI<190>G<206>o<170>eJC7u<253><130>."<217>T<232>6<183><255>(<137>"<164>Zyd1<217><251><158><171><174>%<225><0>!T<207><244><<143>~!<141><243>0<131><21><162>`<151>k<248>Gn<227>+<194><139>:f<236><141><167><152><220><248>\<30>9<139>><183><233><192>VloX0<236><194><195><160><3><201>k<8>E<8><239><203><238><6><143><203>
EAP-Message = ;#<11><210><234>%<201><153><163><17>I<4>{Hmxr<180>=<168><244>S<11>&<20><3><1><0><1><1><22><3><1><0>0<22>Q9<238>GN<189><211><230><16><246>X^/<223>S<242><214>ho<154>C<142><11>'<12><226>T<194>J<219><187><1>J<11><248>(d5<182><201><29>Q<144><12><189>k<13>
Message-Authenticator = /<165><171><243>qxe<147>5\<220><160>%<24><9><129>
Mon Apr 11 05:46:11 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:46:11 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:46:11 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:46:11 2011: DEBUG: Handling with EAP: code 2, 5, 336, 21
Mon Apr 11 05:46:11 2011: DEBUG: Response type 21
Mon Apr 11 05:46:11 2011: DEBUG: EAP TTLS data, 8576, 5, 2
Mon Apr 11 05:46:11 2011: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
Mon Apr 11 05:46:11 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS Challenge
Mon Apr 11 05:46:11 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 62756 ....
Code: Access-Challenge
Identifier: 4
Authentic: <231><128><212>ZV<31><237><191><203><172><243><24>NK<177><228>
Attributes:
EAP-Message = <1><6><0>E<21><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0~<172><205><235><213>;<249>+<132>2v3+^<15>S<178>H<224>}<140><186><196>F<158><169><146><228><220><182>AI<204>U*b<176>p<193><238><135>,<201><222><135>>_<201>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:46:12 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 62756 ....
Code: Access-Request
Identifier: 5
Authentic: <173>O<20><242>D at f<208>k<196>0<183>2;<161>"
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><6><0>W<21><128><0><0><0>M<23><3><1><0>@n<164><15><241><172><137>K<136><180><14><178>Eo><214><182>p<18><240>/(<174><255>]<7><149><241>d<234><253><164><23>U<233><234>~<138><206><132><188>I<141><211>B<23><148><181>.<155><139><131><207><233><2><13><253><252>0]<128><133><252><204><227><0>t<0>o<0><0><0><0>
Message-Authenticator = <194><199>FLh<7><19>[<231><164><18>_3<135><199><22>
Mon Apr 11 05:46:12 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:46:12 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:46:12 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:46:12 2011: DEBUG: Handling with EAP: code 2, 6, 87, 21
Mon Apr 11 05:46:12 2011: DEBUG: Response type 21
Mon Apr 11 05:46:12 2011: DEBUG: EAP TTLS data, 3, 6, 5
Mon Apr 11 05:46:12 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: UNDEF
Identifier: UNDEF
Authentic: UNDEF
Attributes:
EAP-Message = <2><6><0><26><1>DVM-AMARNE-DC\eapauto
Mon Apr 11 05:46:12 2011: DEBUG: EAP TTLS inner authentication request for anonymous
Mon Apr 11 05:46:12 2011: DEBUG: Handling request with Handler 'TunnelledByTTLS=1', Identifier ''
Mon Apr 11 05:46:12 2011: DEBUG: Deleting session for anonymous, 192.168.10.3,
Mon Apr 11 05:46:12 2011: DEBUG: Handling with Radius::AuthLSA:
Mon Apr 11 05:46:12 2011: DEBUG: Handling with EAP: code 2, 6, 26, 1
Mon Apr 11 05:46:12 2011: DEBUG: Response type 1
Mon Apr 11 05:46:12 2011: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Mon Apr 11 05:46:12 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP MSCHAP-V2 Challenge
Mon Apr 11 05:46:12 2011: DEBUG: Access challenged for anonymous: EAP MSCHAP-V2 Challenge
Mon Apr 11 05:46:12 2011: DEBUG: Returned TTLS tunnelled Diameter Packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: fS<217><10><184><192>x]<148><152><254><165><19>^<245><147>
Attributes:
EAP-Message = <1><7><0>)<26><1><7><0>$<16><23><206>c<129><234><225>n<214><201><243>f<208><248><184><20><219>RadiatorServer1
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:46:12 2011: DEBUG: EAP result: 3, EAP TTLS inner authentication redispatched to a Handler
Mon Apr 11 05:46:12 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS inner authentication redispatched to a Handler
Mon Apr 11 05:46:12 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS inner authentication redispatched to a Handler
Mon Apr 11 05:46:12 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 62756 ....
Code: Access-Challenge
Identifier: 5
Authentic: <22>}<142>[<18><133>!<25><168><241>T<16><134><177>Q<20>
Attributes:
EAP-Message = <1><7><0><127><21><128><0><0><0>u<23><3><1><0>p<190><11><18><133>|<28>!~<3><235>Y:ht$<5>d<5><22> <16><208>><171><232><7><231><7><226><236>^^<247><235><220>#<23>B<29>t<28><208>2<252>k6<235><24><12><255><181><158>q<157>Q<185>.<170><238><241><160><205>G<246>/<193>)<244><152>!;<254><23><176><0><12><133><170><240><194>S<27>H<141><186><200>N=<203><223>{<143><11>F<192>S<174>=<194><11><147>%<30><160><240>0<247>54<144>g<221>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:46:12 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 62756 ....
Code: Access-Request
Identifier: 6
Authentic: <246>"<145><157><225><139><31><218><176><202><153><2><185>r<157>I
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><7><0><139><21><128><0><0><0><129><23><3><1><0>p<229><221><202>e<195><159>l<185><183><216><1>8&<160>d<181>a<179><19><146>na<250><146><213><247><164><20><208>#<9>t<213>*<191><223>9<158>~zz6<254><z<211><20><10>&<134>`<238><192><161><201>t<180>t<172>7<169><25>Qe?OlA<159>R<241><192><252><219>m<210>U<3><158>+<135><138><25>v<17><191>f <10>]w E9Y<207><176><211>T<5><231>5<214><228><234><133>_<193><221><238><181><16><0><0><0><1><0><0><0><0><0><0><0><0>
Message-Authenticator = <165><152><151>i$<201>9<211><235><218>Y<142><241>g#<200>
Mon Apr 11 05:46:12 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:46:12 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:46:12 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:46:12 2011: DEBUG: Handling with EAP: code 2, 7, 139, 21
Mon Apr 11 05:46:12 2011: DEBUG: Response type 21
Mon Apr 11 05:46:12 2011: DEBUG: EAP TTLS data, 3, 7, 6
Mon Apr 11 05:46:12 2011: DEBUG: EAP result: 1, EAP TTLS read failed: 2352: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Mon Apr 11 05:46:12 2011: DEBUG: AuthBy FILE result: REJECT, EAP TTLS read failed: 2352: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Mon Apr 11 05:46:12 2011: INFO: Access rejected for DVM-AMARNE-DC\anonymous: EAP TTLS read failed: 2352: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Mon Apr 11 05:46:12 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 62756 ....
Code: Access-Reject
Identifier: 6
Authentic: <179>~<25><150><242><188><191><189>_<127><180><130>O<26><21><209>
Attributes:
EAP-Message = <4><7><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
-------------- next part --------------
Mon Apr 11 05:41:27 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 53692 ....
Code: Access-Request
Identifier: 0
Authentic: )#<190><132><225>l<214><174>R<144>I<241><241><187><233><235>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><1><0><28><1>DVM-AMARNE-DC\anonymous
Message-Authenticator = <206><144><158><145><16>)Q<146><184><214><248><252><226><131>wu
Mon Apr 11 05:41:27 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:41:27 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:41:27 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:41:27 2011: DEBUG: Handling with EAP: code 2, 1, 28, 1
Mon Apr 11 05:41:27 2011: DEBUG: Response type 1
Mon Apr 11 05:41:27 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Apr 11 05:41:27 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Mon Apr 11 05:41:27 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS Challenge
Mon Apr 11 05:41:27 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 53692 ....
Code: Access-Challenge
Identifier: 0
Authentic: <232><137>d7<224>Qq<136><132><223>n<138><164><223>.<128>
Attributes:
EAP-Message = <1><2><0><6><21>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 53692 ....
Code: Access-Request
Identifier: 1
Authentic: <179><166><219><<135><12>><153>$^<13><28><6><183>G<222>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><2><0>i<21><128><0><0><0>_<22><3><1><0>Z<1><0><0>V<3><1>M<162><247><6>K<138><175><154>c<149><183>c<3><215><3><152><203>~_<140>Y<27>gTY<151>T<233><253>v<241><174><0><0><24><0>/<0>5<0><5><0><10><192><19><192><20><192><9><192><10><0>2<0>8<0><19><0><4><1><0><0><21><255><1><0><1><0><0><10><0><6><0><4><0><23><0><24><0><11><0><2><1><0>
Message-Authenticator = <228><181><205>9L\6<151><26>k2+.<221><249>Z
Mon Apr 11 05:41:28 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:41:28 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:41:28 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:41:28 2011: DEBUG: Handling with EAP: code 2, 2, 105, 21
Mon Apr 11 05:41:28 2011: DEBUG: Response type 21
Mon Apr 11 05:41:28 2011: DEBUG: EAP TTLS data, 24576, 2, -1
Mon Apr 11 05:41:28 2011: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
Mon Apr 11 05:41:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 53692 ....
Code: Access-Challenge
Identifier: 1
Authentic: <138><237><170><223><133>~H(]q]cr<129><191>W
Attributes:
EAP-Message = <1><3><4><10><21><192><0><0><9>K<22><3><1><0>J<2><0><0>F<3><1>M<162><246><248><224><172> <202>J<16>B<221><6>3<235><185>$<2><251><194><205>7,l<29>}<169><135><171><28><199><184> <169><225><255><240>v8&}#<169><5><162><15><143><225>Xr)<162>Ot<146><229><192><249><153><0>0<145><151>jN<0>/<0><22><3><1><8><238><11><0><8><234><0><8><231><0><5><154>0<130><5><150>0<130><4>~<160><3><2><1><2><2><19>M<0><0><0>#V<155>kCK<186><211><207><0><0><0><0><0>#0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>041<27>0<25><6><3>U<4><11><19><18>Microsoft PKI Team1<21>0<19><6><3>U<4><3><19><12>VM-AMARNE-DC0<30><23><13>110329161910Z<23><13>120328161910Z0=1;09<6><3>U<4><3><19>2R
EAP-Message = adiatorServer1.dVM-AMARNE-DC.nttest.microsoft.com0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><196><134>kt" <183>E<230><134><164><20>;<165><148><8><23><222>^<227><216>8]<182><151>V<169><11><161>R<227><170>E4<27><19><228><218><250><238><20><17><30><128><225><19><183><194><15><225><214><224>\r<23><177>e<247><241><128>q;\<160><162><129><232><7><20><11><186><242>oy<217><162>L<231>)<135><222><151>6<162><146>X<233><22><11><149>%><192><219><225><171><156><183><195><170><129><164>:2<163>3<193><166>]<151>V'&<137>[<133><226>V<187>sIF<143>5i<193><136><167>!<249>S<163><248><142><244><0><180>)<212><243><177><176>?$<127><250><129>5<179><220><226>7<141>\<<165><224><5><223><228><160><174>$Z<207><128>E<172><212>bN
EAP-Message = <166><217><180><143><206>a<160><203>Z<192><242>q<194><254><25><199><216><244>70<167>p<190>D<230>!<175><245><21><23>?<209><241>-<180><212><205><148><140><130><2>Inv<208><147><176><209><232>OiE<24>A<162><237>O<130><132><238>=<227><208>p<180>LD<233><167><18><158><4><148><226><228>_<19><19>J<174><226><199><233>Rc<2><3><1><0><1><163><130><2><150>0<130><2><146>0<29><6><9>+<6><1><4><1><130>7<20><2><4><16><30><14><0>M<0>a<0>c<0>h<0>i<0>n<0>e0<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><2><6><8>+<6><1><5><5><7><3><1>0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><160>0<29><6><3>U<29><14><4><22><4><20><224>:<203>k<142><177><151><24>a<210><8><167><255><149>Z<220><164><152><227>]0<31><6><3>U<29>#<4><24>0<22><128><20><219><161><182><221><30>FD<143><232>]<154>HV)FT<25>9<236><249>0<129><232><6><3>U<29><31><4><129><224>0<129>
EAP-Message = <221>0<129><218><160><129><215><160><129><212><134><129><209>ldap:///CN=VM-AMARNE-DC,CN=VM-AMARNE-DC,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=dVM-AMARNE-DC,DC=nttest,DC=microsoft,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint0<129><215><6><8>+<6><1><5><5><7><1><1><4><129><202>0<129><199>0<129><196><6><8>+<6><1><5><5><7>0
EAP-Message = <2><134><129><183>ldap:///CN=VM-AMAR
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 53692 ....
Code: Access-Request
Identifier: 2
Authentic: <179><18>M<200>C<187><139><166><31><3>Z}<9>8%<31>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><3><0><6><21><0>
Message-Authenticator = <138>v<7>p<23>s<169>4Sp<154><129><134><169><191><6>
Mon Apr 11 05:41:28 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:41:28 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:41:28 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:41:28 2011: DEBUG: Handling with EAP: code 2, 3, 6, 21
Mon Apr 11 05:41:28 2011: DEBUG: Response type 21
Mon Apr 11 05:41:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 53692 ....
Code: Access-Challenge
Identifier: 2
Authentic: a.<10><168><202><224><8>P<224>m<182><176>Bu;<228>
Attributes:
EAP-Message = <1><4><4><6><21>@NE-DC,CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=dVM-AMARNE-DC,DC=nttest,DC=microsoft,DC=com?cACertificate?base?objectClass=certificationAuthority0=<6><3>U<29><17><4>604<130>2RadiatorServer1.dVM-AMARNE-DC.nttest.microsoft.com0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1>
EAP-Message = <0><27>%<188>F<145>L<203><222><215><192>*n<182>}<233><237><205>V<195>yC<244><130>u<145>w|<229><199><140>;R<212><206><193><238>z-<143>7<157>C<173><161><237><10><8><243><208><248>a<247>0t<178><180><20><197>4<183><198><0><10><176>Yi<212><238>llx<8>i<14><143><226><201><14>;6<10><201>@g<218><232><229>P<20>W<250><147><25><24><146>q,kv<211><26><146><218>_Z<196>+<24><217>?N><129>U<139><202><160><160><146>,/p\<216><229><190><234><135><216>)<175><216><174>*<206><149><4><173><240>B<200>R-<27><235>w<227><11><185><234>4nVK<223><172><31><155>R@ O<197><158>z <1><189><199>`<254><248><199><235><143>g<30>=<138>%<218><134><238><241><174>/<231><136><176><2>W<206><23><175><216>&/{_<4><192><156><185><3><148><24><243>!4<253><158><167><181><194><147><153><176><250><159><175><226>L<232><192>.<206>x-<211>X]V<244>Z<244><174><17>[M9<167><148>+<197>(V*n|<196><2><149>
EAP-Message = <24><131><145>]<0><3>G0<130><3>C0<130><2>+<160><3><2><1><2><2><16>sE<147><211>[<152><155><146>K<155><17><169><13><133><5>Y0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>041<27>0<25><6><3>U<4><11><19><18>Microsoft PKI Team1<21>0<19><6><3>U<4><3><19><12>VM-AMARNE-DC0<30><23><13>110328133139Z<23><13>160328134137Z041<27>0<25><6><3>U<4><11><19><18>Microsoft PKI Team1<21>0<19><6><3>U<4><3><19><12>VM-AMARNE-DC0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><221><161><246>_<131><144><25>B<170><162>/<241>u<192><203><148><239><31>u<217><235><203><251>+m<151><164>
EAP-Message = <139>x2<214><25><208><196><191><164><146><236>`*<170><11><229><150><13>r<165><21>\<219><24><22>`5c<219>><241><18><195>/4BO<131>V<209><230>\<222><164><159><253><26>X%<239><25><1><244>x<139><20><229><221>,6<237>a$W<3><142><228>c4(n>9<200><143><203><227><252>VN<186>d(<235><22><135>-<163>U<161>;<210>oH<153><150><235><177><216><156><210><142>>m<7><225><229><242><200><e<229><240>"<219><29>3F<17>J<13><12><16>Z<206><253>b<160><2>P<234><180>AAIfw<220><128>p<173><146>!<254><164><130><132>w<197><206>rz<250><138><0>>e<229>R/<140><3><214><138><228>,<8><18><222><26><185><133>2<233>h'<207><167>f<25><165><25><190>/<162>f<167>|<175><223>/<19><173>R<138><229>P<199>L<193><230><23><129><179><219><183>U<170>E<161>6<128><130>?<8><14><163>x<162><211><18>T<205><171><23>#<160>d<189><2><3><1><0><1><163>Q0O0<11><6><3>U<29><15><4><4><3><2><1><134>0<15>
EAP-Message = <6><3>U<29><19><1><1><255><4><5>0<3><1><1><255>0<29><6>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 53692 ....
Code: Access-Request
Identifier: 3
Authentic: ]<212><203><252><150><245>E;<19><13><137><10><28><219><174>2
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><4><0><6><21><0>
Message-Authenticator = :<239><184>Y/<158>x<151>O<141><140>V<20><155><144><212>
Mon Apr 11 05:41:28 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:41:28 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:41:28 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:41:28 2011: DEBUG: Handling with EAP: code 2, 4, 6, 21
Mon Apr 11 05:41:28 2011: DEBUG: Response type 21
Mon Apr 11 05:41:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 53692 ....
Code: Access-Challenge
Identifier: 3
Authentic: J<165><145><154>]H<156><183><217><175>4<177><138><158><12>E
Attributes:
EAP-Message = <1><5><1>Q<21><0><3>U<29><14><4><22><4><20><219><161><182><221><30>FD<143><232>]<154>HV)FT<25>9<236><249>0<16><6><9>+<6><1><4><1><130>7<21><1><4><3><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><170>g<188>p<182><13>Y.W"U-<230><209><159>i}<216><166><191><18><28><161><193>=<176>l><243><231><31><235><192>h<221>D<233><4><8>f+<148><254>cB<9>f<253><167>|Y?<175><189><183><22>e<250><136>ko<251>4<236>e(Ut<187><227><223><234><136>k<180><246>$I<200><23><250><133><233><14>"<247>[<31><152><235>y<198>V<142>E<205><238><216><206><202><241>D<133>p<20>Z<153>j<7><251><237><255>RJe<138><230>v<238><193>tHK<250><251><254><222>_<25>D/<188><251><146>n<166><21>l<218>V<193><211><27>f<17>=T<223>#<220>N8<169><231><21><12>&4<7><130>]~<247><248><233><186><192>9<186>w<13>sm<214><11><14><232><8>I<200><236>
EAP-Message = <5><162><172><192>.<205><15><170><152><235><22><179>J<184>P<136><15><240><27><225><17><153><218><31>$#<255><6><158>]<157>&7<3><11><216><237><151><3><141><230><251><134>"ME<222><129>`<149><140><244><193><222><21><11>UJ<6><180><164><244><229><224><226><164><179>J<194>v<246>j<239>vU<22><3><1><0><4><14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 53692 ....
Code: Access-Request
Identifier: 4
Authentic: <154>P<238>@x6<253><18>I2<246><158>}I<220>
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><5><1>P<21><128><0><0><1>F<22><3><1><1><6><16><0><1><2><1><0>mjNa<182><134><173>m<221>j<249><193>w<236> 8<157>*`L{~<225><151>4<200><16>V<21><135><182><244><141><151><165><198>F<142><27>Ij<228><243>'<160><220><187><213><254>-1?<156>B$,:<182><244>{<189><153>qF<253><19><218>Q<197><127><176>o<131><10><8><219>T-<218>l<128><215><191><31><162><215><7><154>~Zm<247><245>C<225><185><148>3!<228><15><226><10>C<238><227>'9<217><166><27><222>8Lq4<239><244>(;<151><136><165><178><155><157><127>_<132>Y<30><25><19>Kg<12><178><154><241><223><166>?<216>}<255>]V<222>r<230><14>"<189><172><228><167><245><224>/<247>+<227><179>]<169>%z<209><215><207><188>:<206><191><243>Z<26>q/<171><146><149><241><228><147>'<246><196>w<17><16>}<171><216>|<26><231>/l at i<155>V<188>)WC0L<22><146>B<240>1<180>.<3><158><166>d<160>S<243><209><193><179><251><154><249><166><190><144>
EAP-Message = <213>h<131>[c<227><240><31><155>0:<164><160><192>"<129>b"N<211>PJ~<156><20><3><1><0><1><1><22><3><1><0>0[<243><201><127>@<137><238>l<171><222><162>t<179><157><199><135>zZ<200><239><197>#<2>=<238><249>FFd<134><3>'<192>&?<210><161><1><9>`<199>+<214>+<4><213>r<177>
Message-Authenticator = <19>Ksz<167>1/<6><234><211><25><200><3><168>P<12>
Mon Apr 11 05:41:28 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:41:28 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:41:28 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:41:28 2011: DEBUG: Handling with EAP: code 2, 5, 336, 21
Mon Apr 11 05:41:28 2011: DEBUG: Response type 21
Mon Apr 11 05:41:28 2011: DEBUG: EAP TTLS data, 8576, 5, 2
Mon Apr 11 05:41:28 2011: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
Mon Apr 11 05:41:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS Challenge
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 53692 ....
Code: Access-Challenge
Identifier: 4
Authentic: A|<0><207>#<20><176>t<155><176>@<194><144>A<192>f
Attributes:
EAP-Message = <1><6><0>E<21><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0<133>6<214><236><<27><144><195>J<235>h<176>XPp<139>^c<10><156><238><139>1<224>_<2><156><20><205><250>v<253><148>b<14>>I<139><221>^<176> <137><190><195><245><139><175>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 53692 ....
Code: Access-Request
Identifier: 5
Authentic: <173>O<20><242>D at f<208>k<196>0<183>2;<161>"
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><6><0>W<21><128><0><0><0>M<23><3><1><0>@<8><225><233><254>t<234><221>j2<197>r<187><247><137>5<132>a<245><254>;<189><29><166><197><142><233><170>"<129>>]<233><21><161><214><194><233><168><224>n<137><137><245><143><148><140><197><150>[7N<219>I<225>|<205>|X<158><23><234><159><149>,<0>t<0><0><0><0><0><0>
Message-Authenticator = xCL<251><199><30><172><28><224>.B<17>x<236>m<166>
Mon Apr 11 05:41:28 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:41:28 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:41:28 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:41:28 2011: DEBUG: Handling with EAP: code 2, 6, 87, 21
Mon Apr 11 05:41:28 2011: DEBUG: Response type 21
Mon Apr 11 05:41:28 2011: DEBUG: EAP TTLS data, 3, 6, 5
Mon Apr 11 05:41:28 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: UNDEF
Identifier: UNDEF
Authentic: UNDEF
Attributes:
EAP-Message = <2><6><0><26><1>DVM-AMARNE-DC\eapauto
Mon Apr 11 05:41:28 2011: DEBUG: EAP TTLS inner authentication request for anonymous
Mon Apr 11 05:41:28 2011: DEBUG: Handling request with Handler 'TunnelledByTTLS=1', Identifier ''
Mon Apr 11 05:41:28 2011: DEBUG: Deleting session for anonymous, 192.168.10.3,
Mon Apr 11 05:41:28 2011: DEBUG: Handling with Radius::AuthRADIUS
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.2 port 1645 ....
Code: Access-Request
Identifier: 3
Authentic: 4<227>?<29><153><139><7><155>P<194><133><31><161><178><167><8>
Attributes:
EAP-Message = <2><6><0><26><1>DVM-AMARNE-DC\eapauto
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
Mon Apr 11 05:41:28 2011: DEBUG: AuthBy RADIUS result: IGNORE,
Mon Apr 11 05:41:28 2011: DEBUG: EAP result: 2, EAP TTLS inner authentication redispatched to a Handler
Mon Apr 11 05:41:28 2011: DEBUG: AuthBy FILE result: IGNORE, EAP TTLS inner authentication redispatched to a Handler
Mon Apr 11 05:41:28 2011: DEBUG: Received reply in AuthRADIUS for req 3 from 192.168.10.2:1645
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Received from 192.168.10.2 port 1645 ....
Code: Access-Challenge
Identifier: 3
Authentic: <172><222><209>?<185>N,<176><178>,<200><228>7<10><31><148>
Attributes:
Session-Timeout = 60
EAP-Message = <1><7><0>(<26><1><7><0>#<16>N<253><222><2><4><252>MN<172><156>?`<236>,<22>gVM-AMARNE-SRV1
State = ^@<7><3><0><0><1>7<0><1><23><0><254><128><0><0><0><0><0><0>a<192><182>=^<215><30>$<0><0><0><4>Cs,<195>
Message-Authenticator = <236><173>d<210><147><226><156><196><197><17>~<230>[<131>&z
Mon Apr 11 05:41:28 2011: DEBUG: Access challenged for anonymous: Proxied
Mon Apr 11 05:41:28 2011: DEBUG: Returned TTLS tunnelled Diameter Packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: 4<227>?<29><153><139><7><155>P<194><133><31><161><178><167><8>
Attributes:
Session-Timeout = 60
EAP-Message = <1><7><0>(<26><1><7><0>#<16>N<253><222><2><4><252>MN<172><156>?`<236>,<22>gVM-AMARNE-SRV1
State = ^@<7><3><0><0><1>7<0><1><23><0><254><128><0><0><0><0><0><0>a<192><182>=^<215><30>$<0><0><0><4>Cs,<195>
Message-Authenticator = <236><173>d<210><147><226><156><196><197><17>~<230>[<131>&z
Mon Apr 11 05:41:28 2011: DEBUG: Access challenged for DVM-AMARNE-DC\anonymous: EAP TTLS Inner authentication challenged
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 53692 ....
Code: Access-Challenge
Identifier: 5
Authentic: q<176><241><246>R<22><171>=<224>&<255>!<243>t<167><217>
Attributes:
EAP-Message = <1><7><0><175><21><128><0><0><0><165><23><3><1><0><160><20>)WF<207><140><248>5<192><191>?<23><251><232><199><18><11><30><157><182><0>Y<150><4><197><221><16>$8p<245>ok%d<200><250><224><<169>vw<203><230><15><245><3>2Zz<241>'<238><146>m<4><195>]<147>Y<154><214>;<173><168>[<3>/<242>d<164><19><172>XPcr<16><172><167><233><162><211>;<23><131>"M!<165><252>UM])}<176>G<134>m<138>m]<?4<1>O<172><164><146><4>6<26><172><185><16><<244><203><159><237><<175><165><134><182>wS(<152><239><6><19>u|<221><137><134>R<135><198>p<201>a<252>F<196><171>U^<253><182>P#<187>)<168><237><252>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Received from 192.168.10.3 port 53692 ....
Code: Access-Request
Identifier: 6
Authentic: <246>"<145><157><225><139><31><218><176><202><153><2><185>r<157>I
Attributes:
NAS-Identifier = "vnas-1.0"
NAS-Port = 0
NAS-Port-Type = Wireless-IEEE-802-11
User-Name = "DVM-AMARNE-DC\anonymous"
EAP-Message = <2><7><0><139><21><128><0><0><0><129><23><3><1><0>p(i<233><248><241><150><215>2]y<245>@<229><144>@0<211><181><173><9>dCc<216>ix<162><181><242>V<248><8>D<6>8H1<225><173>N<235><139><22><242><194>n<0>zj<171><128><165>E<215><128><185><171>c<<6><17><162><179>`<232>^<170><214><222><217>I<12><170>@<216><154><127><11><10><251><174><214>4<160><197>%/-<233>*<210><196> ur<172><194><154><179><255><127><26><13><188>n<30><23>P<17><6>i<209><0><0><0><0><0><0><0><0><0><0><0><0>
Message-Authenticator = 5G<127>t<139>!U<152><132>{)<251>6<209><154><31>
Mon Apr 11 05:41:28 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 05:41:28 2011: DEBUG: Deleting session for DVM-AMARNE-DC\anonymous, 192.168.10.3, 0
Mon Apr 11 05:41:28 2011: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 11 05:41:28 2011: DEBUG: Handling with EAP: code 2, 7, 139, 21
Mon Apr 11 05:41:28 2011: DEBUG: Response type 21
Mon Apr 11 05:41:28 2011: DEBUG: EAP TTLS data, 3, 7, 6
Mon Apr 11 05:41:28 2011: DEBUG: EAP result: 1, EAP TTLS read failed: 3384: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Mon Apr 11 05:41:28 2011: DEBUG: AuthBy FILE result: REJECT, EAP TTLS read failed: 3384: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Mon Apr 11 05:41:28 2011: INFO: Access rejected for DVM-AMARNE-DC\anonymous: EAP TTLS read failed: 3384: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Mon Apr 11 05:41:28 2011: DEBUG: Packet dump:
*** Sending to 192.168.10.3 port 53692 ....
Code: Access-Reject
Identifier: 6
Authentic: <179>~<25><150><242><188><191><189>_<127><180><130>O<26><21><209>
Attributes:
EAP-Message = <4><7><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eap_ttls.cfg
Type: application/octet-stream
Size: 1332 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20110411/0f51958b/attachment-0001.obj
-------------- next part --------------
Foreground
LogStdout
#LogDir %D
LogFile %D\log_eapttls
DbDir C:\Program Files\Radiator
DictionaryFile %D\Dictionary
AuthPort 1812,1645
AcctPort 1813,1646
# User a lower trace level in production systems:
Trace 4
<Client 192.168.10.3>
Secret secret
DupInterval 0
</Client>
<Client 192.168.10.2>
Secret secret
DupInterval 0
</Client>
<Client 192.168.10.16>
Secret secret
DupInterval 0
</Client>
<Client 192.168.10.4>
Secret secret
DupInterval 0
</Client>
<Client 192.168.10.11>
Secret secret
DupInterval 0
</Client>
<Client DEFAULT>
Secret secret
DupInterval 0
</Client>
<Handler TunnelledByTTLS=1>
<AuthBy RADIUS>
Host 192.168.10.2
AuthPort 1645
AcctPort 1646
Secret secret
</AuthBy>
</Handler>
<Handler TunnelledByPEAP=1>
<AuthBy LSA>
Domain dVM-AMARNE-DC
# DefaultDomain dVM-AMARNE-DC
UsernameMatchesWithoutRealm
# EAPType MSCHAP-V2
EAPType MSCHAP-V2,TLS
</AuthBy>
</Handler>
<Handler>
<AuthBy FILE>
EAPType TTLS
EAPTLS_CAFile %D/root.pem
EAPTLS_CertificateFile %D/eapauto.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/eapauto.pem
EAPTLS_PrivateKeyPassword !password1
EAPTLS_MaxFragmentSize 1024
AutoMPPEKeys
</AuthBy>
</Handler>
More information about the radiator
mailing list