[RADIATOR] TTLS and AuthbyLSA
Johnson, Neil M
neil-johnson at uiowa.edu
Fri Jan 7 17:18:40 CST 2011
I'm trying to test authenticating users using TTLS and AuthByLSA.
It appears that when I test for group membership, that the username is not getting sent to the group test subroutine.
Look for the line "Fri Jan 7 17:11:28 2011: DEBUG: Checking LSA Group membership for \\IOWADC1, ITS-WIRELESS-IOWA,"
No username is listed after the ","
Config and Logs below.
Thanks.
#
# Main Radiator Config File
#
#
# General Settings
#
# Uncomment these for testing
Foreground
LogStdout
LogDir e:\LogFiles\Radiator
DbDir c:\Program Files\Radiator
LogFile %L/%Y/logfile.%y%m%d
PidFile %L/radius.pid
# User a lower trace level (2) in production systems:
Trace 4
# Ports to listen on
AuthPort 1812
AcctPort 1813
# RADAR Monitoring
<Monitor>
Username its-neg
Password SECRET
</Monitor>
#
# Clients
#
# BSB Controllers
<Client 192.168.11.132>
# ctrl-bsb-2
Secret SECRET
</Client>
<Client 192.168.11.135>
# ctrl-bsb-5
Secret SECRET
</Client>
<Client 192.168.11.133>
# ctrl-bsb-11
Secret SECRET
</Client>
<Client 192.168.11.134>
# ctrl-bsb-12
Secret SECRET
</Client>
# CB Controllers
<Client 192.168.11.68>
# ctrl-cb-11
Secret SECRET
</Client>
<Client 192.168.11.69>
# ctrl-cb-12
Secret SECRET
</Client>
<Client 192.168.11.70>
# ctrl-cb-13
Secret SECRET
</Client>
# LC Controllers
<Client 192.168.11.10>
# ctrl-lc-11-m
Secret SECRET
</Client>
<Client 192.168.11.11>
# ctrl-lc-12-m
Secret SECRET
</Client>
<Client 192.168.11.12>
# ctrl-lc-13-m
Secret SECRET
</Client>
# Test Controllers
<Client 192.168.11.74>
# ctrl-test-1-m
Secret SECRET
</Client>
<Client 192.168.134.59>
# nat-test-ctrl
Secret SECRET
</Client>
# Desktop
<Client 192.168.204.94>
# njohnson.its.uiowa.edu
Secret SECRET
</Client>
# Spong Radius Monitoring Client
<Client 192.168.63.130>
# bright.its.uiowa.edu
Secret SECRET
</Client>
# Eduroam TLRS (Top-Level Radius Server)
<Client eduroam1.ns.utk.edu>
Secret SECRET
Identifier eduroam
</Client>
#
# AuthBy Clauses
#
# Authenticate with Windows LSA
# Normal Users
<AuthBy LSA>
Identifier ITS-WIRELESS-IOWA
UsernameMatchesWithoutRealm
DefaultDomain IOWA
Group ITS-WIRELESS-IOWA
EAPType MSCHAP-V2
</AuthBy>
# Quarantined Users
<AuthBy LSA>
Identifier ITS-WIRELESS-QUARANTINE
UsernameMatchesWithoutRealm
DefaultDomain IOWA
Group ITS-WIRELESS-QUARANTINE
EAPType MSCHAP-V2
AddToReply Tunnel-Medium-Type = 802
AddToReply Tunnel-Private-Group-ID = 820
AddToReply Tunnel-Type VLAN
</AuthBy>
# Eduroam Test Users
<AuthBy FILE>
Identifier EDUROAM_TEST_USERS
Filename %D/eduroam_test_users
EAPType MSCHAP-V2
</AuthBy>
#
# Handlers
#
#- NOTE Handlers are matched in order as they appear in the file
#
#
# Eduroam Inner Handlers
#
<Handler Client-Identifier=eduroam, TunnelledByPEAP=1, Realm=/uiowa\.edu$/i >
AuthByPolicy ContinueUntilAcceptOrChallenge
AuthBy ITS-WIRELESS-IOWA
AuthBy ITS-WIRELESS-QUARANTINE
AuthBy EDUROAM_TEST_USERS
</Handler>
#
# Handle TTLS requests
#
<Handler Client-Identifier=eduroam, TunnelledByTTLS=1, Realm=/uiowa\.edu$/i >
AuthByPolicy ContinueUntilAcceptOrChallenge
AuthBy ITS-WIRELESS-IOWA
AuthBy ITS-WIRELESS-QUARANTINE
AuthBy EDUROAM_TEST_USERS
</Handler>
#
# Normal Inner User Handlers
#
# This is where we authenticate a PEAP inner request, which will be an EAP
# request.
<Handler TunnelledByPEAP=1>
AuthByPolicy ContinueUntilAcceptOrChallenge
AuthBy ITS-WIRELESS-IOWA
AuthBy ITS-WIRELESS-QUARANTINE
AuthBy EDUROAM_TEST_USERS
</Handler>
#
# Handle TTLS requests
#
<Handler TunnelledByTTLS=1>
AuthByPolicy ContinueUntilAcceptOrChallenge
AuthBy ITS-WIRELESS-IOWA
AuthBy ITS-WIRELESS-QUARANTINE
AuthBy EDUROAM_TEST_USERS
</Handler>
#
# Outer Handler for Eduroam requests for us
#
<Handler Client-Identifier=eduroam, Realm=/uiowa\.edu$/i >
# Process Accounting-Requests
PreProcessingHook file:"PreProcessingHook.pl"
<AuthBy FILE>
# Anonymous user
Filename %D/users
EAPType PEAP, TTLS
# Set inner username without Realm
EAPAnonymous %0
# EAPTLS_CAFile is the name of a file of CA certificates
# in PEM format.
EAPTLS_CAFile %D/certificates/prodCA/CACert.crt
# EAPTLS_CertificateFile is the name of a file containing
# the servers certificate.
EAPTLS_CertificateFile %D/certificates/certificate.crt
EAPTLS_CertificateType PEM
# EAPTLS_PrivateKeyFile is the name of the file containing
# the servers private key.
EAPTLS_PrivateKeyFile %D/certificates/privateKey.key
EAPTLS_PrivateKeyPassword SECERT
# EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
# size that will be replied by Radiator.
EAPTLS_MaxFragmentSize 1000
# Some clients, depending on their configuration, may require you to specify
# MPPE send and receive keys.
AutoMPPEKeys
# You can control which version of the draft PEAP protocol to honour
# with EAPTLS_PEAPVersion.
EAPTLS_PEAPVersion 0
# Addeded for testing rapid recconects
EAPTLS_SessionResumption 0
</AuthBy>
</Handler>
#
# Handler for "user at uiowa.edu" or just "user" local authentication
#
<Handler Realm=/(?:uiowa\.edu$|^$)/i >
# Process Accounting-Requests
PreProcessingHook file:"PreProcessingHook.pl"
# Get rid of realm ?
# RewriteUsername s/^([^@]+).*/$1/
<AuthBy LSA>
UsernameMatchesWithoutRealm
DefaultDomain IOWA
Group ITS-WIRELESS-IOWA
EAPType PEAP, TTLS
# Set inner username without Realm
EAPAnonymous %0
EAPTLS_CAFile %D/certificates/prodCA/CACert.crt
EAPTLS_CertificateFile %D/certificates/certificate.crt
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/privateKey.key
EAPTLS_PrivateKeyPassword SECRET
EAPTLS_MaxFragmentSize 1000
EAPTLS_PEAPVersion 0
EAPTLS_SessionResumption 0
AutoMPPEKeys
</AuthBy>
# Process inner/outer identity and dyanmic VLAN assignment
PostProcessingHook file:"PostProcessingHook.pl"
</Handler>
#
# Default Handler (Forward to Eduroam-US TLRS)
#
<Handler>
<AuthBy RADIUS>
Secret SECRET
Host eduroam1.ns.utk.edu
AuthPort 1812
AcctPort 1813
RetryTimeout 8
AutoMPPEKeys
# Process Accounting and Dynamic VLAN Assignment
ReplyHook file:"%D/ReplyHook.pl"
</AuthBy>
</Handler>
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Received from 128.255.204.94 port 59392 ....
Code: Access-Request
Identifier: 0
Authentic: <228><195>U<218><12><166><250>W>)<170><146><2>;7<23>
Attributes:
User-Name = "nmjoo"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><0><0><10><1>nmjoo
Message-Authenticator = <25><145><242>F<9>5<155><240><179><4>C<242><21><222>E<249>
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo, 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 0, 10, 1
Fri Jan 7 17:11:28 2011: DEBUG: Response type 1
Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP PEAP Challenge
Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP PEAP Challenge
Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Sending to 128.255.204.94 port 59392 ....
Code: Access-Challenge
Identifier: 0
Authentic: <146><163><221>"I<133><127><209>PDD<178><238><157><208>8
Attributes:
EAP-Message = <1><1><0><6><25>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Received from 128.255.204.94 port 59392 ....
Code: Access-Request
Identifier: 1
Authentic: <249><219><223><24><152><165><207><23><159>O<253><134><202><221>i<238>
Attributes:
User-Name = "nmjoo"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><1><0><6><3><21>
Message-Authenticator = !v<217>pR<190>!(6<128><29>Y<157>}<189><158>
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo, 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 1, 6, 3
Fri Jan 7 17:11:28 2011: DEBUG: Response type 3
Fri Jan 7 17:11:28 2011: DEBUG: EAP Nak desires type 21
Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Sending to 128.255.204.94 port 59392 ....
Code: Access-Challenge
Identifier: 1
Authentic: <144>0<15>t<149><194><246>*7^<160>h<9>S<23><227>
Attributes:
EAP-Message = <1><2><0><6><21>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Received from 128.255.204.94 port 59392 ....
Code: Access-Request
Identifier: 2
Authentic: <248>[<230>;<187><180>*<197><169><142>S%<188>5GY
Attributes:
User-Name = "nmjoo"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><2><0>v<21><0><22><3><1><0>k<1><0><0>g<3><1>M'<157><160>t<244>nx<165><26><148><156><248>}<174><232>yR<198><1><134>=--e<218><128>k<1>S<175>q<0><0>:<0>9<0>8<0><136><0><135><0>5<0><132><0><22><0><19><0><10><0>3<0>2<0><154><0><153><0>E<0>D<0>/<0><150><0>A<0><5><0><4><0><21><0><18><0><9><0><20><0><17><0><8><0><6><0><3><0><255><1><0><0><4><0>#<0><0>
Message-Authenticator = <24><4>><185>;<227><15><7>4x<148>8<168><221><130><10>
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo, 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 2, 118, 21
Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS data, 24576, 2, -1
Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Sending to 128.255.204.94 port 59392 ....
Code: Access-Challenge
Identifier: 2
Authentic: <21><17><172><235>~Ff<164><25><20>l<131><132><184>AP
Attributes:
EAP-Message = <1><3><3><242><21><192><0><0><15><199><22><3><1><0>J<2><0><0>F<3><1>M'<157><160>s<159><180><221>gm#<248><192><137><141>QH<195><232><222>k<166><228>\<219><210>P<149><182><14><147><153> <159><170><141><16><234>\6<205><155><<237>2<236><134><216><29><1>jn<173><184>{<207><242>#<138><4><22>[u;:<0>5<0><22><3><1><15>j<11><0><15>f<0><15>c<0><6> 0<130><6><28>0<130><5><4><160><3><2><1><2><2><17><0><172><251><184><24><131>(_<250><234><249>R<143><15><5><251><245>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><137>1<11>0<9><6><3>U<4><6><19><2>GB1<27>0<25><6><3>U<4><8><19><18>Greater Manchester1<16>0<14><6><3>U<4><7><19><7>Salford1<26>0<24><6><3>U<4><10><19><17>COMODO CA Limited1/0-<6><3>U<4><3><19>&
EAP-Message = COMODO High-Assurance Secure Server CA0<30><23><13>101101000000Z<23><13>111101235959Z0<130><1><29>1<11>0<9><6><3>U<4><6><19><2>US1<14>0<12><6><3>U<4><17><19><5>522421<11>0<9><6><3>U<4><8><19><2>IA1<18>0<16><6><3>U<4><7><19><9>Iowa City1<25>0<23><6><3>U<4><9><19><16>416-3 North Hall1<31>0<29><6><3>U<4><9><19><22>The University of Iowa1301<6><3>U<4><9><19>*ITS Telecommunication and Network Services1<27>0<25>
EAP-Message = <6><3>U<4><10><19><18>University of Iowa1<19>0<17><6><3>U<4><11><19><10>ITS-TNS-NS1<20>0<18><6><3>U<4><11><19><11>PlatinumSSL1$0"<6><3>U<4><3><19><27>net-auth-test.its.uiowa.edu0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><198><191><24><169><160><142><1><142><127><198><185>l<174><25><254>t<141>$<157><199><137>d-<162>M<253><23><183>i<136>W<149>N<224>.\<254><236>3<<130><189>/VW<163>0*<170>I<194><131><232><215><179>$k<162><205><206>1#F!N&<6><246><24><149>m<208>4<182><222><239>q<243>-<224>!<20><21><236>y<132><196>%<221><221><137>C<167><209><186><171><211>c<250><184>b<4><147><241><195><194><180><227>=<207>-P<222>x
EAP-Message = <201><221><13><249><208><232><182><145><193><199><180>pL'<151><5>er<194><149>Wi@<214>S<173><228><138>V<194>I<201><27><30><234><156><141><188><231><141>I<143>p<205>8,<176><10>2Tx1<218>[B<249><16><200><175><178>|u<28><11> <132>L<238><246><193><250>0<220><178><192>D<139><167><222>8<206><142><203>y<241><226><17><153>z<127><127><9>e<9>C(<193>P<0><216><0><20>+<215><205><18><8>Zo<221>@<138>/b#<16><206><186>PO<178><217><226>M<158><163><222><134>Z<139>P<14>_+Pr<249><235>s<144>Z<147><2><3><1><0><1><163><130><1><230>0<130><1><226>0<31><6><3>U<29>#<4><24>0<22><128><20>?<213><181><208><214>DyPJ<23><163><155><140>J<220><184><176>"dk0<29><6><3>U<29><14><4><22><4><20><215><139><250><146><170>)<143><183><221><149>U<148>Sy<1><12><227><133>n]0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><160>0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<29>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Received from 128.255.204.94 port 59392 ....
Code: Access-Request
Identifier: 3
Authentic: Q<4>o <138>d<127><21>]<220>.<183>&[<10><244>
Attributes:
User-Name = "nmjoo"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><3><0><6><21><0>
Message-Authenticator = <163><234><25><240><195>$4Y<171>n<21>H<242>-6\
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo, 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 3, 6, 21
Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Sending to 128.255.204.94 port 59392 ....
Code: Access-Challenge
Identifier: 3
Authentic: <183><237>8<160>n<203><167>5a<250><210><200>5Q^<25>
Attributes:
EAP-Message = <1><4><3><238><21>@<6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>+<6><1><5><5><7><3><2>0F<6><3>U<29> <4>?0=0;<6><12>+<6><1><4><1><178>1<1><2><1><3><4>0+0)<6><8>+<6><1><5><5><7><2><1><22><29>https://secure.comodo.com/CPS0O<6><3>U<29><31><4>H0F0D<160>B<160>@<134>>http://crl.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crl0<129><128><6><8>+<6><1><5><5><7><1><1><4>t0r0J<6><8>+<6><1><5><5><7>0<2><134>>http://crt.comodoca.com/COMODOHigh
EAP-Message = -AssuranceSecureServerCA.crt0$<6><8>+<6><1><5><5><7>0<1><134><24>http://ocsp.comodoca.com0G<6><3>U<29><17><4>@0><130><27>net-auth-test.its.uiowa.edu<130><31>www.net-auth-test.its.uiowa.edu0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>)Lh<215><226><187>Sv<149><17>O<221>."M>(<246>c}d<242><30><10>^<175>2<155><233><191>4<192>!<250><0><150>F\!<137><182><134>s<19>5<230><194>B<17>2{<189>$<15><5>9<227><146><246><173><135>@D\vd<174><195>_<162>c<158><134><142><254><212>N<181><180><222><150><175><211>X<242><16><153>)<154>$d<207><178><167>
EAP-Message = <233>?<31><201><3><204><251><161>6<169><241><209>&'<166>`<14><181><255>}<202><160>V<171><203><243>pc<245>BU<25><241>?<162><130><161><242><10> <134>/<171><29><5>e<166><174><18>WOj<7><18><250>Z<234><181><127><246>;8x<229>F<248><240><148>A<141><151><158>Fp)<157><23><229><225><7><<238>^J<136><26><235><127><240>jG|<205>[0)HFO<198>/<149>?{n<130><165><252><159><2>~<232><12>O<231><253><253><244><3>U'<16><196><174>e<237><209><184><221>d<217><247>z<149><N!<19><138>Z<210><241><26><9<159>8d<5>N<203><211><231><8><148><9><25><5><236><210><150><139><0><5><0>0<130><4><252>0<130><3><228><160><3><2><1><2><2><16><22><144><195>)<182>x<6><7>Q<31><5><176>4HF<203>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0o1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6><3>U<4><10><19><11>AddTrust AB1&0$<6>
EAP-Message = <3>U<4><11><19><29>AddTrust External TTP Network1"0 <6><3>U<4><3><19><25>AddTrust External CA Root0<30><23><13>100416000000Z<23><13>200530104838Z0<129><137>1<11>0<9><6><3>U<4><6><19><2>GB1<27>0<25><6><3>U<4><8><19><18>Greater Manchester1<16>0<14><6><3>U<4><7><19><7>Salford1<26>0<24><6><3>U<4><10><19><17>COMODO CA Limited1/0-<6><3>U<4><3><19>&COMODO High-Assurance Secure Server CA0<130><1>"
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Received from 128.255.204.94 port 59392 ....
Code: Access-Request
Identifier: 4
Authentic: 4]!<191><14>D`<138><127>KL<252>8<144><136><143>
Attributes:
User-Name = "nmjoo"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><4><0><6><21><0>
Message-Authenticator = !<13><213>`V<239><14><197><195>YN<148>B<28><177><194>
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo, 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 4, 6, 21
Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Sending to 128.255.204.94 port 59392 ....
Code: Access-Challenge
Identifier: 4
Authentic: <186><161><131><144><181><29><240>US<251><247><155>!,<183>(
Attributes:
EAP-Message = <1><5><3><238><21>@0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><231><135><218><192>w<228><187>:<250>j$<200><128>A<172><210><22><19><21>=<250><247><248>*v<220><168>-9<8><206>HJ<190><15>}<240><222><186><187>G<213><189>-<215><27><171><15> <129>#<8>r<177><192><17><149><13><230><234><169><135><255><199>n<30>Of2<186>S<188><5><170><28>,<12><239>M7Gk<16><12><219><197><160><152>~X<219>7<214><174><233><6><189><215><168>e<243>7<185><199>m<206>w<199>&<224><215>t<31><166><152><22><187><12>k<200><190>w<208><239>X<167>)<160><185><184>i<5>6<203><178><218>X<163><11>u<173>=<139>"<130> >p<134><153><28><185>O<207>w<164><7><26>#c<209>8V<132><236><191><143><197>N<244><24><150><155><26><232><147><236><141><175><21><156>$<240>Z;<232><15><185><168>Z<1><211><178><28>`<201><156>R<4><221><146><167><254><12><172><226>E<141><3>a<188>y<224>w.<135>A<
EAP-Message = X_<203><245><197>w<242>X<200>M(<208><154><250><243>s<9>$ht<188> L<216>,<176><170><232><217>Nm<242><140>$<211><147>]<145><2><3><1><0><1><163><130><1>w0<130><1>s0<31><6><3>U<29>#<4><24>0<22><128><20><173><189><152>z4<180>&<247><250><196>&T<239><3><189><224>$<203>T<26>0<29><6><3>U<29><14><4><22><4><20>?<213><181><208><214>DyPJ<23><163><155><140>J<220><184><176>"dk0<14><6><3>U<29><15><1><1><255><4><4><3><2><1><6>0<18><6><3>U<29><19><1><1><255><4><8>0<6><1><1><255><2><1><0>0<17><6><3>U<29> <4><10>0<8>0<6><6><4>U<29> <0>0D<6><3>U<29><31><4>=0;09<160>7<160>5<134>3http://crl.usertrust.com/AddTrustExternalCARoot.crl0<129><179><6><8>+<6><1><5><5><7><1><1>
EAP-Message = <4><129><166>0<129><163>0?<6><8>+<6><1><5><5><7>0<2><134>3http://crt.usertrust.com/AddTrustExternalCARoot.p7c09<6><8>+<6><1><5><5><7>0<2><134>-http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%<6><8>+<6><1><5><5><7>0<1><134><25>http://ocsp.usertrust.com0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><19><133><31>R<128><24><201>S<247><254>.<26><175><204><217><11><<194><211><133><129><16><240>(<141><185>@~,<158><143><214>6<134><10>L<20>-<214><151>C<146>A<25>7K<150><158><235><169>0y<18><149><179><2>6W<237>+<185><29><152><26>
EAP-Message = <163><24><10>?<155>9<139><205><161>I)L/<249><208><149><140><200>M<149><186><168>C<207>3<170>%*Z<14><170>'<201>Nk<177><230>s<31><179>t<4><195><243>L<226><168><235>g<183>]<184><8><5><26>V<154>T)<133><245>)N<128>;<149><208>{S<150><17>V<193><2><211><234><178><127><202><143><156>pJ<20><141>Z<185><22>`u<214><205>'<30><22><205>[3<142>y@<207>(H<231><220>q<22>Nt<145>u<185>*<140><241>p<172>&<221><4><185>@<194><133><222><28><147>@<208><204>n<195><155><170><239>`e<223>`"<240>Z<165>z<162>/<228>ps<238><<212>&+h<7><193> z<232><152>Z>{<159><2><139>b<192><133><129><128>`5~<165><29><12><210><156><223>bE<13><219><252>7<251><245>%"<0><4>:0<130><4>60<130><3><30><160><3><2><1><2><2><1><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0o1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6><3>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Received from 128.255.204.94 port 59392 ....
Code: Access-Request
Identifier: 5
Authentic: <4><13><13><128><179><250>V<241>1-<141><204>)<223><155>.
Attributes:
User-Name = "nmjoo"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><5><0><6><21><0>
Message-Authenticator = <199><191><254><244><233><16><1>Q<30><17><6><148> <151><12>j
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo, 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 5, 6, 21
Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Sending to 128.255.204.94 port 59392 ....
Code: Access-Challenge
Identifier: 5
Authentic: <1>Z<202>O<243>9K<205><159><j{<242><230><29><246>
Attributes:
EAP-Message = <1><6><3><238><21>@U<4><10><19><11>AddTrust AB1&0$<6><3>U<4><11><19><29>AddTrust External TTP Network1"0 <6><3>U<4><3><19><25>AddTrust External CA Root0<30><23><13>000530104838Z<23><13>200530104838Z0o1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6><3>U<4><10><19><11>AddTrust AB1&0$<6><3>U<4><11><19><29>AddTrust External TTP Network1"0 <6><3>U<4><3><19><25>AddTrust External CA Root0<130><1>"0<13><6><9>*<134>
EAP-Message = H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><183><247><26>3<230><242><0><4>-9<224>N[<237><31><188>l<15><205><181><250>#<182><206><222><155><17>3<151><164>)L}<147><159><189>J<188><147><237><3><26><227><143><207><229>mPZ<214><151>)<148>Z<128><176>Iz<219>.<149><253><184><202><191>78-<30>><145>A<173>pV<199><240>O?<232>2<158>t<202><200><144>T<233><198>_<15>x<157><154>@<<14><172>a<170>^<20><143><158><135><161>jP<220><215><154>N<175><5><179><166>q<148><156>q<179>P`<10><199><19><157>8<7><134><2><168><233><168>i&<24><144><171>L<176>O#<171>:O<132><216><223><206><159><225>io<187><215>B<215>kD<228><199><173><238>mA_rZq<8>7<179>ye<164>Y<160><148>7<247><0>/<13><194><146>r<218><208>8r<219><20><168>E<196>]*}<183><180><214><196><238><172><205><19>D<183><201>+<221>C<0>%<250>a<185>ijX#<17><183><167>3<143>VuY
EAP-Message = <245><205>)<215>F<183><10>+e<182><211>Bo<21><178><184>{<251><239><233>]S<213>4Z'<2><3><1><0><1><163><129><220>0<129><217>0<29><6><3>U<29><14><4><22><4><20><173><189><152>z4<180>&<247><250><196>&T<239><3><189><224>$<203>T<26>0<11><6><3>U<29><15><4><4><3><2><1><6>0<15><6><3>U<29><19><1><1><255><4><5>0<3><1><1><255>0<129><153><6><3>U<29>#<4><129><145>0<129><142><128><20><173><189><152>z4<180>&<247><250><196>&T<239><3><189><224>$<203>T<26><161>s<164>q0o1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6><3>U<4><10><19><11>AddTrust AB1&0$<6><3>U<4><11><19><29>AddTrust External TTP Network1"0 <6><3>U<4><3><19><25>AddTrust External CA Root<130><1>
EAP-Message = <1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><176><155><224><133>%<194><214>#<226><15><150><6><146><157>A<152><156><217><132>y<129><217><30>[<20><7>#6e<143><176><216>w<187><172>AlG`<131>Q<176><249>2=<231><252><246>&<19><199><128><22><165><191>Z<252><135><207>xy<137>!<154><226>L<7><10><134>5<188><242><222>Q<196><210><150><183><220>~N<238>p<253><28>9<235><12><2>Q<20>-<142><189><22><224><193><223>Fu<231>$<173><236><244>B<180><133><147>p<16>g<186><157><6>5J<24><211>+z<204>QB<161>zc<209><230><187><161><197>+<194>6<190><19><13><230><189>c~y{<167><9><13>@<171>j<221><143><138><195><246><246><140><26>B<5>Q<212>E<245><159><167>b!h<21> C<<153><231>|<189>$<216><169><145><23>s<136>?V<27>18<24><180>q<15><154><205><200><14><158><142>.<27><225><140><152><131><203><31>1<241>DL<198><4>sIv`<15><199><248><189><23><128>k.<233>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Received from 128.255.204.94 port 59392 ....
Code: Access-Request
Identifier: 6
Authentic: U<14><245>_<199><183><14><149><197><206>g<1><199><189>)T
Attributes:
User-Name = "nmjoo"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><6><0><6><21><0>
Message-Authenticator = <242><246><222>}d<235>u<133>c<136><0><236>Xl<183><228>
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo, 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 6, 6, 21
Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Sending to 128.255.204.94 port 59392 ....
Code: Access-Challenge
Identifier: 6
Authentic: B<3><136>V[<205><182>1K<209><168><221>E<157><177>,
Attributes:
EAP-Message = <1><7><0>-<21><0><204>L<14>Z<154>y<15> <10>.<213><158>c&<30>U<146><148><216><130><23>Z{<208><188><199><143>N<134><4><22><3><1><0><4><14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Received from 128.255.204.94 port 59392 ....
Code: Access-Request
Identifier: 7
Authentic: <183><228><246><187><190><209><14><127>R<133><203>2<18>u<233><236>
Attributes:
User-Name = "nmjoo"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><7><1>L<21><0><22><3><1><1><6><16><0><1><2><1><0><31><233>e<233><247><244>@O<210><250><147><175>x<174><235>><156><235><229><10>op<226>5$|<184><165><147><222>,R<229><127><238><139><220><219>>%PWN<145><175><168><208><247>z<242><229><220>#<231><213><151>+<142><1>D<231><145>]<2><136>F<251><220><214>A<228><17><2><205><251>9?<172><17>C<224><224>0<1><21>|<213>.<209><130><161>9<250>_Y<171><180><5><234>w<192>QZ<131><136><4><182><25>a<174>[@op<11>;<199><179><5><166>F<1><200>n<20><173><137><211><30><227>L<198><187><145><209><18><148>;<186><150><242><215>|H<248>7<214>E+<20>_<140>-V<215><2><203><5><23><21>y7;<29><194>.<253>5<216><188><18><142>?<233>5<226><13>=)<160><163><236>z<18><163><246><220><235>n#<216>k%h_*a<133>L)(<138>y<190><31>MdQ<134><6>0XZq<7>G<135>!<197><214><226><176>D<17>P<253><245>]I<145><183><235><190><145>J4
EAP-Message = <249><248><133><14><205>8<13><174>}ib<29><209><244>o<236>,<225><8>m<20><3><1><0><1><1><22><3><1><0>0 <209>b<144><19><20>f<254><212><150><221>v4<183><149>n<152><132>|<139>H<193><181><182><249>H<183><30><7>(%f<178>q<212><9>.<213><240>'<23>i6<18>N<25><30><31>
Message-Authenticator = <0>a<161><140>H<221><195><205>pD5<208>b <222><237>
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo, 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 7, 332, 21
Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS data, 8576, 7, 2
Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Sending to 128.255.204.94 port 59392 ....
Code: Access-Challenge
Identifier: 7
Authentic: <243><177><196><201><236><136>EDv<198><4>:<16>n<<19>
Attributes:
EAP-Message = <1><8><0>E<21><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0<197>-<202>Uk<155><250><147><201><191><180><132>3<30>(z<179><174>+K<10><149>@n<147><22><237><225><202>A<134>^~<223>5<134><170><165>\<14>C<27><232><137><214><169>y<230>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Received from 128.255.204.94 port 59392 ....
Code: Access-Request
Identifier: 8
Authentic: <24><252><208><129>e<23><2><146><237><252>v`<227><18><168><245>
Attributes:
User-Name = "nmjoo"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><8><0>`<21><0><23><3><1><0> <226><221>'<5>=<249>g<236>J<207><173><187><239><128><246><188><129>}B<162>&M+<205>,O<167><209>r<170>Y<166><23><3><1><0>0<238><149><159>m<16>d<195>wB<129>@<31>1<l<224>=<226>d<182>I<209><1><226>k<135><172>c<25>w<187>8<192>='<129>OP7<243><137><162>e<247>H]<223><210>
Message-Authenticator = <188>7o<188><208>MmUH<12><26>A<222><252><237><130>
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo, 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 8, 96, 21
Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS data, 3, 8, 7
Fri Jan 7 17:11:28 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: UNDEF
Identifier: UNDEF
Authentic: UNDEF
Attributes:
EAP-Message = <2><0><0><10><1>nmjoo
Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS inner authentication request for
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'TunnelledByTTLS=1', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for , 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA: ITS-WIRELESS-IOWA
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 0, 10, 1
Fri Jan 7 17:11:28 2011: DEBUG: Response type 1
Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP MSCHAP-V2 Challenge
Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for : EAP MSCHAP-V2 Challenge
Fri Jan 7 17:11:28 2011: DEBUG: Returned TTLS tunnelled Diameter Packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: <151>znx<251>!kw<183><239>e<18>'6<201>Z
Attributes:
EAP-Message = <1><1><0>"<26><1><1><0><29><16><157><234>gS+<250><142>H<204>j<211><20><160>Aj<179>itsnt929
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS inner authentication redispatched to a Handler
Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS inner authentication redispatched to a Handler
Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS inner authentication redispatched to a Handler
Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Sending to 128.255.204.94 port 59392 ....
Code: Access-Challenge
Identifier: 8
Authentic: <244><189><164>C<201>Wr<150><163>n/<172><8><194><199><182>
Attributes:
EAP-Message = <1><9><0>o<21><128><0><0><0>e<23><3><1><0>`<20>C<4><220><208>s+<145><12><<146><9><195>M)<172><214>HW<175>xAS<253><5><161><147><163><192><197>f<16><153><185>J;a<233>l<11>&},{<219><222><226><143>u<198>4<155><16>^<180>s<181>YX6N<4>7<159><229><167>S<224><145>c<183><216>GsR<154>v<16>Y'<227><235>G<140>p<2><186><27>G<2><144><181><139><214><176><137>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
*** Received from 128.255.204.94 port 59392 ....
Code: Access-Request
Identifier: 9
Authentic: <255><4>~<194>:[DJ<210>B<19><161><202><24><234><9>
Attributes:
User-Name = "nmjoo"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = <2><9><0><144><21><0><23><3><1><0> <175><219>o<199><15>R<227>_g7<203><17><156>pg<171><9><251><26>H[<205><201><166><6><228>x<182>Q<145><246><203><23><3><1><0>`<252>X<222><224><224><196><217>n#<185><178><127><141><30><140>>"<163>g<233>n<177><207><127>Y<7><187><201><17>\<28>C<133>y<177>;]<218><220><166><14><219><176><231><240><148>F<201>2g=P`<206>/lZr<175><216><218><165>#<138><235><141><222><210><253><26>0<201><135><255><179><170><20>{<223><20><179>'Y<165><30><239><206><13><157>M<167><23>}@<190><248>
Message-Authenticator = <10><165><200><247><210>iIL<144><224>n<255><137><170><242>(
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo, 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 9, 144, 21
Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS data, 3, 9, 8
Fri Jan 7 17:11:28 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: UNDEF
Identifier: UNDEF
Authentic: UNDEF
Attributes:
EAP-Message = <2><1><0>@<26><2><1><0>;1<147>}<205><25>^q<165>D<186>@<190><179><213><235>O<203><0><0><0><0><0><0><0><0><222><141><0>zQm<211>2<30><164><161><137><0>GV<241>R<153><25><147><251>U<214><26><0>nmjoo
Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS inner authentication request for
Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler 'TunnelledByTTLS=1', Identifier ''
Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for , 127.0.0.1,
Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA: ITS-WIRELESS-IOWA
Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 1, 64, 26
Fri Jan 7 17:11:28 2011: DEBUG: Response type 26
Fri Jan 7 17:11:28 2011: DEBUG: Radius::AuthLSA looks for match with nmjoo []
Fri Jan 7 17:11:28 2011: DEBUG: Checking LSA Group membership for \\IOWADC1, ITS-WIRELESS-IOWA,
Fri Jan 7 17:11:29 2011: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA User is not a member of any Group: nmjoo []
Fri Jan 7 17:11:29 2011: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user nmjoo
Fri Jan 7 17:11:29 2011: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP V2 failed: no such user nmjoo
Fri Jan 7 17:11:29 2011: DEBUG: Handling with Radius::AuthLSA: ITS-WIRELESS-QUARANTINE
Fri Jan 7 17:11:29 2011: DEBUG: Handling with EAP: code 2, 1, 64, 26
Fri Jan 7 17:11:29 2011: DEBUG: Response type 26
Fri Jan 7 17:11:29 2011: DEBUG: Radius::AuthLSA looks for match with nmjoo []
Fri Jan 7 17:11:29 2011: DEBUG: Checking LSA Group membership for \\IOWADC1, ITS-WIRELESS-QUARANTINE,
Fri Jan 7 17:11:29 2011: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA User is not a member of any Group: nmjoo []
Fri Jan 7 17:11:29 2011: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user nmjoo
Fri Jan 7 17:11:29 2011: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP V2 failed: no such user nmjoo
Fri Jan 7 17:11:29 2011: DEBUG: Handling with Radius::AuthFILE: EDUROAM_TEST_USERS
Fri Jan 7 17:11:29 2011: DEBUG: Handling with EAP: code 2, 1, 64, 26
Fri Jan 7 17:11:29 2011: DEBUG: Response type 26
Fri Jan 7 17:11:29 2011: DEBUG: Radius::AuthFILE looks for match with nmjoo []
Fri Jan 7 17:11:29 2011: DEBUG: Radius::AuthFILE REJECT: No such user: nmjoo []
Fri Jan 7 17:11:29 2011: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user nmjoo
Fri Jan 7 17:11:29 2011: DEBUG: AuthBy FILE result: REJECT, EAP MSCHAP V2 failed: no such user nmjoo
Fri Jan 7 17:11:29 2011: INFO: Access rejected for : EAP MSCHAP V2 failed: no such user nmjoo
Fri Jan 7 17:11:29 2011: DEBUG: Returned TTLS tunnelled Diameter Packet dump:
Code: Access-Reject
Identifier: UNDEF
Authentic: `<205><129><218><178>D{<228><139>Hu<213>6b<10><198>
Attributes:
EAP-Message = <4><1><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Fri Jan 7 17:11:29 2011: DEBUG: EAP result: 1, EAP TTLS inner authentication redispatched to a Handler
Fri Jan 7 17:11:29 2011: DEBUG: AuthBy LSA result: REJECT, EAP TTLS inner authentication redispatched to a Handler
Fri Jan 7 17:11:29 2011: INFO: Access rejected for nmjoo: EAP TTLS inner authentication redispatched to a Handler
Fri Jan 7 17:11:29 2011: DEBUG: PostProcessing Hook: called.
Fri Jan 7 17:11:29 2011: DEBUG: Packet dump:
*** Sending to 128.255.204.94 port 59392 ....
Code: Access-Reject
Identifier: 9
Authentic: <151>V<196><173><208><240><171>@<27>K@<249>j<205><205><217>
Attributes:
EAP-Message = <4><9><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
--
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
319 384-0938
neil-johnson at uiowa.edu
More information about the radiator
mailing list