[RADIATOR] PEAP Issue
Adam Bishop
Adam.Bishop at ja.net
Tue Feb 1 07:49:11 CST 2011
Encountering an odd issue with MSCHAPv2/PEAP
I have 2 Radiator instances – one based on Debian 5, one on Ubuntu 10.04LTS. They share a config file (barring secrets), and the Debian one works fine. There is a difference in patch level – If I remember correctly, the Debian install is a few patches out of date.
The Ubuntu one accepts PAP, TTLS/PAP and TTLS/MSCHAPv2, but PEAP/MSCHAPv2 fails. The system is authenticated against active directory - ntlm–auth --request-nt-key works.
The only thing that stands out in the proxied trace is the MD5 failure - libdigest–md5-perl is installed (as far as I know) and seems to be used:
root at orps3:/var/log/radiator# lsof -p 1488 | grep -i md5
radiusd 1488 root mem REG 251,3 18640 525298 /usr/lib/perl/5.10.1/auto/Digest/MD5/MD5.so
The direct trace is just weird – NTLM_AUTH seems to give the OK, then… Nothing.
Any suggestions anyone has are appreciated.
Adam Bishop
--- Config ---
AcctPort 1813
AuthPort 1812
BindAddress 0.0.0.0
DbDir /etc/radiator/
DictionaryFile /etc/radiator/dictionary,/etc/radiator/dictionary.aerohive
Foreground 0
Group radiator
LicenseOwner UKERNA
LivingstonHole 2
LivingstonMIB .iso.org.dod.internet.private.enterprises.307
LivingstonOffs 29
LogDir /var/log/radiator/
LogFile %L/logfile
LogStdout 1
MaxChildren 0
PidFile %L/radiusd.pid
PmwhoProg /usr/local/sbin/pmwho
SnmpNASErrorTimeout 60
SnmpgetProg /usr/bin/snmpget
SnmpsetProg /usr/bin/snmpset
SnmpwalkProg /usr/bin/snmpwalk
Trace 4
<Client 193.63.63.101>
DupInterval 10
FramedGroupMaxPortsPerClassC 255
LivingstonHole 2
LivingstonOffs 29
NasType unknown
SNMPCommunity public
Secret
</Client>
<Client 193.63.63.102>
DupInterval 10
FramedGroupMaxPortsPerClassC 255
LivingstonHole 2
LivingstonOffs 29
NasType unknown
SNMPCommunity public
Secret
</Client>
<Client 193.63.63.103>
DupInterval 10
FramedGroupMaxPortsPerClassC 255
Identifier HiveAP1
LivingstonHole 2
LivingstonOffs 29
NasType unknown
NoIgnoreDuplicates
SNMPCommunity public
Secret
</Client>
<Client 193.63.63.104>
DupInterval 10
FramedGroupMaxPortsPerClassC 255
Identifier HiveAP1
LivingstonHole 2
LivingstonOffs 29
NasType unknown
NoIgnoreDuplicates
SNMPCommunity public
Secret
</Client>
<Client roaming0.ja.net>
DupInterval 10
FramedGroupMaxPortsPerClassC 255
LivingstonHole 2
LivingstonOffs 29
NasType unknown
NoIgnoreDuplicates
SNMPCommunity public
Secret
</Client>
<Client roaming1.ja.net>
DupInterval 10
FramedGroupMaxPortsPerClassC 255
LivingstonHole 2
LivingstonOffs 29
NasType unknown
NoIgnoreDuplicates
SNMPCommunity public
Secret
</Client>
<Client roaming2.ja.net>
DupInterval 10
FramedGroupMaxPortsPerClassC 255
LivingstonHole 2
LivingstonOffs 29
NasType unknown
NoIgnoreDuplicates
SNMPCommunity public
Secret
</Client>
<Handler TunnelledByPEAP = 1>
AuthByPolicy ContinueWhileIgnore
RejectHasReason 1
<AuthBy NTLM>
AutoMPPEKeys 1
CachePasswordExpiry 86400
DomainFormat %0
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_MaxFragmentSize 1000
EAPTLS_PEAPBrokenV1Label 1
EAPTLS_PEAPVersion 1
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
EAPType PEAP
EAPType TTLS
EAPType MSCHAP-V2
EAPType MD5-Challenge
NoDefault 1
NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
PasswordPrompt password
SIPDigestRealm DefaultSipRealm
UsernameFormat %0
UsernameMatchesWithoutRealm 1
</AuthBy>
</Handler>
<Handler Realm = dev.ja.net>
AuthByPolicy ContinueWhileIgnore
RejectHasReason 1
<AuthBy NTLM>
AutoMPPEKeys 1
CachePasswordExpiry 86400
DomainFormat %0
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_MaxFragmentSize 1000
EAPTLS_PEAPBrokenV1Label 1
EAPTLS_PEAPVersion 1
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
EAPType PEAP
EAPType TTLS
EAPType MSCHAP-V2
EAPType MD5-Challenge
NoDefault 1
NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
PasswordPrompt password
SIPDigestRealm DefaultSipRealm
UsernameFormat %0
UsernameMatchesWithoutRealm 1
</AuthBy>
</Handler>
<ServerHTTP >
AuditTrail %D/audit.txt
AuthByPolicy ContinueWhileIgnore
BindAddress 0.0.0.0
DefaultPrivilegeLevel 15
LogMaxLines 500
MaxBufferSize 100000
Port 9048
Protocol tcp
SessionTimeout 3600
TLS_CAFile ./certificates/demoCA/cacert.pem
TLS_CertificateFile ./certificates/cert-srv.pem
TLS_CertificateType PEM
TLS_ExpectedPeerName .+
TLS_PrivateKeyFile ./certificates/cert-srv.pem
TLS_PrivateKeyPassword whatever
Trace 4
<AuthBy NTLM>
CachePasswordExpiry 86400
DomainFormat %0
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 1
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
NoDefault 1
NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
PasswordPrompt password
SIPDigestRealm DefaultSipRealm
UsernameFormat %0
</AuthBy>
</ServerHTTP>
<StatsLog FILE>
Filename %L/statistics
Interval 600
</StatsLog>
--- Proxied Trace 4 ---
*** Received from 194.82.174.185 port 63780 ....
Code: Access-Request
Identifier: 75
Authentic: @<225>`?+<22>e<130>K<18><10>e<<183><31>v
Attributes:
User-Name = "jrs at dev.ja.net<mailto:jrs at dev.ja.net>"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "JANET Roaming test"
EAP-Message = <2><0><0><19><1>jrs at dev.ja.net<mailto:jrs at dev.ja.net>
Message-Authenticator = 9<193><130>N<26><173><23><234><183>9<221><239><164>?Yi
Proxy-State = OSC-Extended-Id=75
Tue Feb 1 11:26:48 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier ''
Tue Feb 1 11:26:48 2011: DEBUG: Deleting session for jrs at dev.ja.net<mailto:jrs at dev.ja.net>, 127.0.0.1,
Tue Feb 1 11:26:48 2011: DEBUG: Handling with Radius::AuthNTLM:
Tue Feb 1 11:26:48 2011: DEBUG: Handling with EAP: code 2, 0, 19, 1
Tue Feb 1 11:26:48 2011: DEBUG: Response type 1
Tue Feb 1 11:26:48 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Feb 1 11:26:48 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge
Tue Feb 1 11:26:48 2011: DEBUG: Access challenged for jrs at dev.ja.net<mailto:jrs at dev.ja.net>: EAP PEAP Challenge
Tue Feb 1 11:26:48 2011: DEBUG: Packet dump:
*** Sending to 194.82.174.185 port 63780 ....
Code: Access-Challenge
Identifier: 75
Authentic: <138>!<13><159><140>A[+Z<210>U<30>A<130><212><199>
Attributes:
EAP-Message = <1><1><0><6><25>!
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = OSC-Extended-Id=75
Tue Feb 1 11:26:49 2011: DEBUG: Packet dump:
*** Received from 194.82.174.185 port 63780 ....
Code: Access-Request
Identifier: 76
Authentic: VU'<198><158><253>P><213><221><29>[<153><9><203>:
Attributes:
User-Name = "jrs at dev.ja.net<mailto:jrs at dev.ja.net>"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "JANET Roaming test"
EAP-Message = <2><1><0>l<25><1><22><3><1><0>a<1><0><0>]<3><1>MG<237><148>~<1>v<4><164>p<154><199><175><19>$<31>E<243><hd<4><192><245><11><6>/<228>8E<173><0><0><0>6<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/<0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><17><0><8><0><6><0><3><0><255><1><0>
Message-Authenticator = <23>G<208><23>Zrk<138>f<195><191>)<164>-<147>X
Proxy-State = OSC-Extended-Id=76
Tue Feb 1 11:26:49 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier ''
Tue Feb 1 11:26:49 2011: DEBUG: Deleting session for jrs at dev.ja.net<mailto:jrs at dev.ja.net>, 127.0.0.1,
Tue Feb 1 11:26:49 2011: DEBUG: Handling with Radius::AuthNTLM:
Tue Feb 1 11:26:49 2011: DEBUG: Handling with EAP: code 2, 1, 108, 25
Tue Feb 1 11:26:49 2011: DEBUG: Response type 25
Tue Feb 1 11:26:49 2011: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Tue Feb 1 11:26:49 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Feb 1 11:26:49 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge
Tue Feb 1 11:26:49 2011: DEBUG: Access challenged for jrs at dev.ja.net<mailto:jrs at dev.ja.net>: EAP PEAP Challenge
Tue Feb 1 11:26:49 2011: DEBUG: Packet dump:
*** Sending to 194.82.174.185 port 63780 ....
Code: Access-Challenge
Identifier: 76
Authentic: <168><22><192>Y<0>9<161><178>k<179><186>c^<17><224>$
Attributes:
EAP-Message = <1><2><3><242><25><193><0><0><7><185><22><3><1><0>Q<2><0><0>M<3><1>MG<237><249>1<17><150><209><227><23><154>R<143>O<173>h<28><141>C<193><154><138><177><151>#C<187><4><225><140><170>p QSs<184><194>-<31><254><145>Zd<9>+<156><185>J<225><17>\Ac<213><251><195>t0<21><183><134><254>E<154><0>5<0><0><5><255><1><0><1><0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certific
EAP-Message = ate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<mailto:mikem at open.com.au0><30><23><13>100128213155Z<23><13>120128213155Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1%0#<6>
EAP-Message = <3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><203>?(<193><229><128><183><136>q<166><202><21><168><224><157>M<139><204>{<209><131><10><156><164><254>Z<214><231><254>g<245>+y~<210><147><171><8><131><143><139><186>{<221><224>)<161>`<140>z<193><247><244><210><152><149><4><204><225><139><204><159><29><1><12><162><219><142><176>)/<189><163>vV<208><250><213><212><144><137><211><207><10><215><19><206><14><228>umT<7><239><198>_Y<231><197><202><14><166><211><145><181><226><226>|<201>E<128>F<165><189><<250><20><18><227>6t<243><177>ZNv<133><153><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><30><137>N<139><212>><249><25><151><161>N<31><183>
EAP-Message = <246><141>'<233>V<198><203><206><146>9*<19><219>0<28><209><244>e<17><199>`<236>g<189>q<<200><185>{<219><252><31>+<245><10><208>M<181>!<248><20><1>K)E<2><158><128>#<169><162><179><224>W08<19><<16>ts<226>~<11>4<8><251>!d<201><223><230>~E<133><166>r<0>:<19>4<206>D<136>8<232>n<26><195>v<13><192>&ws<175>n at 0D<175><29>E<162>:<239>d <17>?<153><184>C4?<0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><249><170>@<232><246>7<146>$0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = OSC-Extended-Id=76
Tue Feb 1 11:26:49 2011: DEBUG: Packet dump:
*** Received from 194.82.174.185 port 63780 ....
Code: Access-Request
Identifier: 77
Authentic: <205>|<21><254>x<148>i'a<17><10><131><158>|<178>w
Attributes:
User-Name = "jrs at dev.ja.net<mailto:jrs at dev.ja.net>"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "JANET Roaming test"
EAP-Message = <2><2><0><6><25><1>
Message-Authenticator = <179><128><9><149><215><203>r<154>I<136><239>_<219><247>HW
Proxy-State = OSC-Extended-Id=77
Tue Feb 1 11:26:49 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier ''
Tue Feb 1 11:26:49 2011: DEBUG: Deleting session for jrs at dev.ja.net<mailto:jrs at dev.ja.net>, 127.0.0.1,
Tue Feb 1 11:26:49 2011: DEBUG: Handling with Radius::AuthNTLM:
Tue Feb 1 11:26:49 2011: DEBUG: Handling with EAP: code 2, 2, 6, 25
Tue Feb 1 11:26:49 2011: DEBUG: Response type 25
Tue Feb 1 11:26:49 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Feb 1 11:26:49 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge
Tue Feb 1 11:26:49 2011: DEBUG: Access challenged for jrs at dev.ja.net<mailto:jrs at dev.ja.net>: EAP PEAP Challenge
Tue Feb 1 11:26:49 2011: DEBUG: Packet dump:
*** Sending to 194.82.174.185 port 63780 ....
Code: Access-Challenge
Identifier: 77
Authentic: <241>|<17><233><129>ye<255>8y}zrY<14><185>
Attributes:
EAP-Message = <1><3><3><215><25><1><4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<mailto:mikem at open.com.au0><30><23><13>100128213155Z<23><13>120128213155Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test C
EAP-Message = ertificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<mailto:mikem at open.com.au0><129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><221><135><194>,<1>U3|N'<174><232><18>VB6<20><197>'x<167><242><198>I<253>[<184>:<254><240><168><221>Se><13><130><251><23> <4><29> q#<228><181>#<236>9<182>0Q<253><0><227>eL<190>6K<4>8<240>L<178><255>^IS_T)n<206><147>%<251><255>o<229><128><30><140><14><149><22><21>+Yf<128><155><190><241><153>:<226>;<219><240><182>#<151><209>|<141><223><128>w<213>@<14><206><228> <203><132><0>w<134><255>Q
EAP-Message = hd<12><190>9<2><3><1><0><1><163><130><1>30<130><1>/0<29><6><3>U<29><14><4><22><4><20><151>NFk<218><183>Rv/<18>-<225>P<190>E<209><205><183> p0<129><255><6><3>U<29>#<4><129><247>0<129><244><128><20><151>NFk<218><183>Rv/<18>-<225>P<190>E<209><205><183> p<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in pr
EAP-Message = oduction)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au<mailto:mikem at open.com.au><130><9><0><249><170>@<232><246>7<146>$0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>y<18>9X<176><<236><203><168><151><202><144><201>Q$<166><217><249><17>|<163>8<129><232>dr<236><211><240>WP<162>B<157><250>9<224><152>JA<213><127>><247>:<227><191><18><232>u,<172><237><188>?<8><239>E<239>m<203><152><10>`<18>V$<184><7><205><137><138>p<139><152><240><20><3>{<150>7<156><193><4><153><190><8><216><173><9><185>9<158><211>^ex<144><208><128><251>+<15><146>KQ<249><234><171><3><14>2<206><9>K<220><201>f<159>f<~<149><21>c<227>V<203><22><3><1><0><4><14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = OSC-Extended-Id=77
Tue Feb 1 11:26:49 2011: DEBUG: Packet dump:
*** Received from 194.82.174.185 port 63780 ....
Code: Access-Request
Identifier: 78
Authentic: <185>H<26>y<3><222><157>G<194><132>,w<2><19>3<246>
Attributes:
User-Name = "jrs at dev.ja.net<mailto:jrs at dev.ja.net>"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "JANET Roaming test"
EAP-Message = <2><3><0><204><25><1><22><3><1><0><134><16><0><0><130><0><128><195><200>Mk<158><208>h<132>6<227><169><186>if<135>3<142>v/<175><199><203><246><128><129><181>F"NN<159><140>|<184><238>3<18>v<131>=q<171><182><6><145><199><5><29>3sb<20><164>$<247>3<193>g<246>N<201><31><27><135><163>3t<213><29><203>KC<194><222>d|<131><131>P<182><236><21><178><245>i<186><207>Z<128><23><148><184><202><1><144><143><185><182><141><25>g<26><165><171><161>5o<21>({<188><176><190><241>C<174><226><24>:`<164>'\<23>s<232>@L<20><3><1><0><1><1><22><3><1><0>0<217><147><193>5<169>co<235><136>rc<234>>|<<31><134><162>z<20>54<12><21>YX7<132>C5<138><206><14><197>!<12>2<203><178><237><22><25><232><222>Au<215><163>
Message-Authenticator = <191><166><210>0<230>m<245><192>+<210><132>.<255><171><31><250>
Proxy-State = OSC-Extended-Id=78
Tue Feb 1 11:26:49 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier ''
Tue Feb 1 11:26:49 2011: DEBUG: Deleting session for jrs at dev.ja.net<mailto:jrs at dev.ja.net>, 127.0.0.1,
Tue Feb 1 11:26:49 2011: DEBUG: Handling with Radius::AuthNTLM:
Tue Feb 1 11:26:49 2011: DEBUG: Handling with EAP: code 2, 3, 204, 25
Tue Feb 1 11:26:49 2011: DEBUG: Response type 25
Tue Feb 1 11:26:49 2011: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Tue Feb 1 11:26:49 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Feb 1 11:26:49 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge
Tue Feb 1 11:26:49 2011: DEBUG: Access challenged for jrs at dev.ja.net<mailto:jrs at dev.ja.net>: EAP PEAP Challenge
Tue Feb 1 11:26:49 2011: DEBUG: Packet dump:
*** Sending to 194.82.174.185 port 63780 ....
Code: Access-Challenge
Identifier: 78
Authentic: <247>r<242>Er<177><136>rV<135><5><249>M_m`
Attributes:
EAP-Message = <1><4><0>E<25><129><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0$uLY]<21><134>\<249><243><253><148><135>^<165>6<28><6><229>F<168><252>U<152><183><181>.<219><174>?Qo<160>q<2><184><150><<237><198><14><0><155>U<153>,<240><24>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = OSC-Extended-Id=78
Tue Feb 1 11:26:50 2011: DEBUG: Packet dump:
*** Received from 194.82.174.185 port 63780 ....
Code: Access-Request
Identifier: 79
Authentic: Pa_ua<7>N<184>8<192>~p?6<29>;
Attributes:
User-Name = "jrs at dev.ja.net<mailto:jrs at dev.ja.net>"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "JANET Roaming test"
EAP-Message = <2><4><0><6><25><1>
Message-Authenticator = <151><11><9><208>f<168><228>]MC<15><128><250><144><223><241>
Proxy-State = OSC-Extended-Id=79
Tue Feb 1 11:26:50 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier ''
Tue Feb 1 11:26:50 2011: DEBUG: Deleting session for jrs at dev.ja.net<mailto:jrs at dev.ja.net>, 127.0.0.1,
Tue Feb 1 11:26:50 2011: DEBUG: Handling with Radius::AuthNTLM:
Tue Feb 1 11:26:50 2011: DEBUG: Handling with EAP: code 2, 4, 6, 25
Tue Feb 1 11:26:50 2011: DEBUG: Response type 25
Tue Feb 1 11:26:50 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Feb 1 11:26:50 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge
Tue Feb 1 11:26:50 2011: DEBUG: Access challenged for jrs at dev.ja.net<mailto:jrs at dev.ja.net>: EAP PEAP Challenge
Tue Feb 1 11:26:50 2011: DEBUG: Packet dump:
*** Sending to 194.82.174.185 port 63780 ....
Code: Access-Challenge
Identifier: 79
Authentic: <202>W7t<241><214><201>lq<26><231><236><149><152><146><234>
Attributes:
EAP-Message = <1><5><0>+<25><1><23><3><1><0> <4><131><135><207><180>DK<168><212><230>'<183><134><178><202>:<146>K<26><178><194><177><12><203>50<185>F<31>0<201><238>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = OSC-Extended-Id=79
Tue Feb 1 11:26:50 2011: DEBUG: Packet dump:
*** Received from 194.82.174.185 port 63780 ....
Code: Access-Request
Identifier: 80
Authentic: .<4><220><255><234>X<213>lEB<234><176>Y<228><164>A
Attributes:
User-Name = "jrs at dev.ja.net<mailto:jrs at dev.ja.net>"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "JANET Roaming test"
EAP-Message = <2><5><0>`<25><1><23><3><1><0> <154>ut<138>pwf<218>gf:4bm9P<191><128><24><144><240>U<153>I<199><201><224><220><137><185><6>S<23><3><1><0>0<6>Q<27><22>:*<176>@<185><26><143><209><185>_<8><212>|<14><172><138><173><242>q<161><31>QT;&<149>@"<149><3>S<147><244><139><235><133>1<157><211>o<26><220><170><233>
Message-Authenticator = <221>\#A<169>J<142><192>F<145><164>S<137><154><199><13>
Proxy-State = OSC-Extended-Id=80
Tue Feb 1 11:26:50 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier ''
Tue Feb 1 11:26:50 2011: DEBUG: Deleting session for jrs at dev.ja.net<mailto:jrs at dev.ja.net>, 127.0.0.1,
Tue Feb 1 11:26:50 2011: DEBUG: Handling with Radius::AuthNTLM:
Tue Feb 1 11:26:50 2011: DEBUG: Handling with EAP: code 2, 5, 96, 25
Tue Feb 1 11:26:50 2011: DEBUG: Response type 25
Tue Feb 1 11:26:50 2011: DEBUG: EAP PEAP inner authentication request for anonymous
Tue Feb 1 11:26:50 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <216><183><31><249><161><145>zv<195><31>bLY<139><23>o
Attributes:
EAP-Message = <2><0><0><19><1>jrs at dev.ja.net<mailto:jrs at dev.ja.net>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
User-Name = "anonymous"
Tue Feb 1 11:26:50 2011: DEBUG: Handling request with Handler 'TunnelledByPEAP = 1', Identifier ''
Tue Feb 1 11:26:50 2011: DEBUG: Deleting session for anonymous, 127.0.0.1,
Tue Feb 1 11:26:50 2011: DEBUG: Handling with Radius::AuthNTLM:
Tue Feb 1 11:26:50 2011: DEBUG: Handling with EAP: code 2, 0, 19, 1
Tue Feb 1 11:26:50 2011: DEBUG: Response type 1
Tue Feb 1 11:26:50 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Feb 1 11:26:50 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge
Tue Feb 1 11:26:50 2011: DEBUG: Access challenged for anonymous: EAP PEAP Challenge
Tue Feb 1 11:26:50 2011: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: <216><183><31><249><161><145>zv<195><31>bLY<139><23>o
Attributes:
EAP-Message = <1><1><0><6><25>!
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Feb 1 11:26:50 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
Tue Feb 1 11:26:50 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
Tue Feb 1 11:26:50 2011: DEBUG: Access challenged for jrs at dev.ja.net<mailto:jrs at dev.ja.net>: EAP PEAP inner authentication redispatched to a Handler
Tue Feb 1 11:26:50 2011: DEBUG: Packet dump:
*** Sending to 194.82.174.185 port 63780 ....
Code: Access-Challenge
Identifier: 80
Authentic: (qU<214>X<229>4<192>G<161>e<242><21><179>5\
Attributes:
EAP-Message = <1><6><0>+<25><1><23><3><1><0> <150><137><249><202><150><173><229><135>&i<182><169>X<198><15>><177>-`<202>NV/<138>hG|<14><204><207><241><128>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = OSC-Extended-Id=80
Tue Feb 1 11:26:50 2011: DEBUG: Packet dump:
*** Received from 194.82.174.185 port 63780 ....
Code: Access-Request
Identifier: 81
Authentic: X;w<25><10><162><128>,<2>nJ<21><180><160><177><178>
Attributes:
User-Name = "jrs at dev.ja.net<mailto:jrs at dev.ja.net>"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "JANET Roaming test"
EAP-Message = <2><6><0>P<25><1><23><3><1><0> <231><201>o0\<145><8><216>)j<254>|<183><234>&<140><11>B$<174><8>p<221><204><163><239><180><128><191>`<208><245><23><3><1><0> <200><5><11><131><18>U:<232>%gZ<236><25><244><215>+<148><158><200>n<255><147><215><23><201>t2<211>.<149>5<171>
Message-Authenticator = |<9>:<11><137>$i<221><137>"<135><171><22>$x<21>
Proxy-State = OSC-Extended-Id=81
Tue Feb 1 11:26:50 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier ''
Tue Feb 1 11:26:50 2011: DEBUG: Deleting session for jrs at dev.ja.net<mailto:jrs at dev.ja.net>, 127.0.0.1,
Tue Feb 1 11:26:50 2011: DEBUG: Handling with Radius::AuthNTLM:
Tue Feb 1 11:26:50 2011: DEBUG: Handling with EAP: code 2, 6, 80, 25
Tue Feb 1 11:26:50 2011: DEBUG: Response type 25
Tue Feb 1 11:26:50 2011: DEBUG: EAP PEAP inner authentication request for anonymous
Tue Feb 1 11:26:50 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: Q<187><20><21>I<198><218>+w<251><149><6><7>K<183>&
Attributes:
EAP-Message = <2><1><0><10><3><4><26><6><5><17>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
User-Name = "anonymous"
Tue Feb 1 11:26:50 2011: DEBUG: Handling request with Handler 'TunnelledByPEAP = 1', Identifier ''
Tue Feb 1 11:26:50 2011: DEBUG: Deleting session for anonymous, 127.0.0.1,
Tue Feb 1 11:26:50 2011: DEBUG: Handling with Radius::AuthNTLM:
Tue Feb 1 11:26:50 2011: DEBUG: Handling with EAP: code 2, 1, 10, 3
Tue Feb 1 11:26:50 2011: DEBUG: Response type 3
Tue Feb 1 11:26:50 2011: DEBUG: EAP Nak desires type 4
Tue Feb 1 11:26:50 2011: DEBUG: EAP result: 1, Desired EAP type MD5-Challenge (4) not permitted
Tue Feb 1 11:26:50 2011: DEBUG: AuthBy NTLM result: REJECT, Desired EAP type MD5-Challenge (4) not permitted
Tue Feb 1 11:26:50 2011: INFO: Access rejected for anonymous: Desired EAP type MD5-Challenge (4) not permitted
Tue Feb 1 11:26:50 2011: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Reject
Identifier: UNDEF
Authentic: Q<187><20><21>I<198><218>+w<251><149><6><7>K<183>&
Attributes:
Reply-Message = "Desired EAP type MD5-Challenge (4) not permitted"
Tue Feb 1 11:26:50 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
Tue Feb 1 11:26:50 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
Tue Feb 1 11:26:50 2011: DEBUG: Access challenged for jrs at dev.ja.net<mailto:jrs at dev.ja.net>: EAP PEAP inner authentication redispatched to a Handler
Tue Feb 1 11:26:50 2011: DEBUG: Packet dump:
*** Sending to 194.82.174.185 port 63780 ....
Code: Access-Challenge
Identifier: 81
Authentic: '9<220><197>I<182><29>whiv"@<9>l<191>
Attributes:
EAP-Message = <1><7><0>+<25><1><23><3><1><0> <239>'%9t]<3><25><141><177><144><10>U@<195><27><160><227>2<217>'<166><237>J<131>z<134>.4<6><192><154>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Proxy-State = OSC-Extended-Id=81
Tue Feb 1 11:26:51 2011: DEBUG: Packet dump:
*** Received from 194.82.174.185 port 63780 ....
Code: Access-Request
Identifier: 82
Authentic: <25>j<254>e<198>Ul<17><244><203><197><174><1><166><183><131>
Attributes:
User-Name = "jrs at dev.ja.net<mailto:jrs at dev.ja.net>"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "JANET Roaming test"
EAP-Message = <2><7><0>P<25><1><23><3><1><0> <224><2>t<159><193><252><178><244>&<247><217><194>Z<15><211><203><4><186><18><170><210>.}<207><160><255><250><20><2><147>n_<23><3><1><0> <138><132><130><191>`[P<237><154>:<<11><239>K<215><3><31><153>u<192><20><244>Z<19>}<8><4>8rA<134><173>
Message-Authenticator = <169><180><28><188>3<230><153>"<241><220><141><138><19>N<20><144>
Proxy-State = OSC-Extended-Id=82
Tue Feb 1 11:26:51 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier ''
Tue Feb 1 11:26:51 2011: DEBUG: Deleting session for jrs at dev.ja.net<mailto:jrs at dev.ja.net>, 127.0.0.1,
Tue Feb 1 11:26:51 2011: DEBUG: Handling with Radius::AuthNTLM:
Tue Feb 1 11:26:51 2011: DEBUG: Handling with EAP: code 2, 7, 80, 25
Tue Feb 1 11:26:51 2011: DEBUG: Response type 25
Tue Feb 1 11:26:51 2011: DEBUG: EAP result: 1, PEAP Authentication Failure
Tue Feb 1 11:26:51 2011: DEBUG: AuthBy NTLM result: REJECT, PEAP Authentication Failure
Tue Feb 1 11:26:51 2011: INFO: Access rejected for jrs at dev.ja.net<mailto:jrs at dev.ja.net>: PEAP Authentication Failure
Tue Feb 1 11:26:51 2011: DEBUG: Packet dump:
*** Sending to 194.82.174.185 port 63780 ....
Code: Access-Reject
Identifier: 82
Authentic: <24>4<157>i2<12>4s<200>7<1>YdZQ<162>
Attributes:
EAP-Message = <4><7><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "PEAP Authentication Failure"
Proxy-State = OSC-Extended-Id=82
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
More information about the radiator
mailing list