[RADIATOR] TTLS and AuthbyLSA

Heikki Vatiainen hvn at open.com.au
Mon Jan 10 07:42:01 CST 2011


On 01/08/2011 01:18 AM, Johnson, Neil M wrote:

> I'm trying to test authenticating users using TTLS and AuthByLSA.
> 
> It appears that when I test for group membership, that the username is not getting sent to the group test subroutine.
> 
> Look for the line "Fri Jan  7 17:11:28 2011: DEBUG: Checking LSA Group membership for \\IOWADC1, ITS-WIRELESS-IOWA,"
> 
> No username is listed after the ","

I took a look at the code and found a couple of points but not
necessarily a fix, at least yet.

The missing username results from the missing User-Name attribute in the
inner request. The code tries to pull username from User-Name attribute,
but since it is missing, username becomes undefined. I checked a couple
of old logs, and usually User-Name is there, but looks like your client
does not use it with the inner authentication.

Another thing to note is EAPAnonymous which behaves differently from
other EAP types. The others take value for %0 from EAP identity, but
with TTLS the value is taken from the inner User-Name attribute. So even
with EAPAnonymous you do not currently get anything useful for username.

Mike, do you think EAPAnonymous and username generation for the inner
authentication needs reviewing?

My suggestion:
- Take username from tunnelled packet's User-Name if it exists
- Otherwise take it from EAP inner identity
- rethink what is done with EAPAnonymous if userName is not defined
- document how EAPAnonymous works with TTLS

The log below shows that the first tunnelled packet is EAP Identity
response, so I think the above should fix the problem Neil is seeing.
The ordering of User-Name and EAP inner identity I am suggesting above
is following the current precedence the code has.

Thanks!
Heikki

> Config and Logs below.
> 
> Thanks.
> 
> #
> #  Main Radiator Config File
> #
> 
> #
> # General Settings
> #
> # Uncomment these for testing
> Foreground
> LogStdout
> 
> LogDir          e:\LogFiles\Radiator
> DbDir           c:\Program Files\Radiator
> LogFile         %L/%Y/logfile.%y%m%d
> PidFile         %L/radius.pid
> 
> # User a lower trace level (2) in production systems:
> Trace           4
> 
> # Ports to listen on
> AuthPort 1812
> AcctPort 1813
> 
> # RADAR Monitoring
> <Monitor>
>         Username its-neg
>         Password SECRET
> </Monitor>
> 
> #
> # Clients
> #
> 
> # BSB Controllers
> <Client 192.168.11.132>
>         # ctrl-bsb-2
>         Secret  SECRET
> </Client>
> 
> <Client 192.168.11.135>
>         # ctrl-bsb-5
>         Secret  SECRET
> </Client>
> 
> <Client 192.168.11.133>
>         # ctrl-bsb-11
>         Secret  SECRET
> </Client>
> 
> <Client 192.168.11.134>
>         # ctrl-bsb-12
>         Secret  SECRET
> </Client>
> 
> # CB Controllers
> <Client 192.168.11.68>
>         # ctrl-cb-11
>         Secret  SECRET
> </Client>
> 
> <Client 192.168.11.69>
>         # ctrl-cb-12
>         Secret  SECRET
> </Client>
> 
> <Client 192.168.11.70>
>         # ctrl-cb-13
>         Secret  SECRET
> </Client>
> 
> # LC Controllers
> <Client 192.168.11.10>
>         # ctrl-lc-11-m
>         Secret  SECRET
> </Client>
> 
> <Client 192.168.11.11>
>         # ctrl-lc-12-m
>         Secret  SECRET
> </Client>
> 
> <Client 192.168.11.12>
>         # ctrl-lc-13-m
>         Secret  SECRET
> </Client>
> 
> # Test Controllers
> <Client 192.168.11.74>
>         # ctrl-test-1-m
>         Secret  SECRET
> </Client>
> 
> <Client 192.168.134.59>
>         # nat-test-ctrl
>         Secret  SECRET
> </Client>
> 
> # Desktop
> <Client 192.168.204.94>
>         # njohnson.its.uiowa.edu
>         Secret SECRET
> </Client>
> 
> # Spong Radius Monitoring Client
> <Client 192.168.63.130>
>         # bright.its.uiowa.edu
>         Secret SECRET
> </Client>
> 
> # Eduroam TLRS (Top-Level Radius Server)
> <Client eduroam1.ns.utk.edu>
>         Secret SECRET
>         Identifier eduroam
> </Client>
> 
> #
> # AuthBy Clauses
> #
> 
> # Authenticate with Windows LSA
> # Normal Users
> <AuthBy LSA>
>         Identifier ITS-WIRELESS-IOWA
>         UsernameMatchesWithoutRealm
>         DefaultDomain IOWA
>         Group ITS-WIRELESS-IOWA
>         EAPType MSCHAP-V2
> </AuthBy>
> 
> # Quarantined Users
> <AuthBy LSA>
>         Identifier ITS-WIRELESS-QUARANTINE
>         UsernameMatchesWithoutRealm
>         DefaultDomain IOWA
>         Group ITS-WIRELESS-QUARANTINE
>         EAPType MSCHAP-V2
>         AddToReply Tunnel-Medium-Type = 802
>         AddToReply Tunnel-Private-Group-ID = 820
>         AddToReply Tunnel-Type VLAN
> </AuthBy>
> 
> # Eduroam Test Users
> <AuthBy FILE>
>         Identifier EDUROAM_TEST_USERS
>         Filename %D/eduroam_test_users
>         EAPType MSCHAP-V2
> </AuthBy>
> 
> #
> # Handlers
> #
> #- NOTE Handlers are matched in order as they appear in the file
> #
> 
> #
> # Eduroam Inner Handlers
> #
> <Handler Client-Identifier=eduroam, TunnelledByPEAP=1, Realm=/uiowa\.edu$/i >
>         AuthByPolicy ContinueUntilAcceptOrChallenge
> 
>         AuthBy ITS-WIRELESS-IOWA
>         AuthBy ITS-WIRELESS-QUARANTINE
>         AuthBy EDUROAM_TEST_USERS
> </Handler>
> 
> #
> # Handle TTLS requests
> #
> <Handler Client-Identifier=eduroam, TunnelledByTTLS=1, Realm=/uiowa\.edu$/i >
>         AuthByPolicy ContinueUntilAcceptOrChallenge
> 
>         AuthBy ITS-WIRELESS-IOWA
>         AuthBy ITS-WIRELESS-QUARANTINE
>         AuthBy EDUROAM_TEST_USERS
> </Handler>
> 
> #
> # Normal Inner User Handlers
> #
> 
> # This is where we authenticate a PEAP inner request, which will be an EAP
> # request.
> <Handler TunnelledByPEAP=1>
>         AuthByPolicy ContinueUntilAcceptOrChallenge
> 
>         AuthBy ITS-WIRELESS-IOWA
>         AuthBy ITS-WIRELESS-QUARANTINE
>         AuthBy EDUROAM_TEST_USERS
> </Handler>
> 
> #
> # Handle TTLS requests
> #
> <Handler TunnelledByTTLS=1>
>         AuthByPolicy ContinueUntilAcceptOrChallenge
> 
>         AuthBy ITS-WIRELESS-IOWA
>         AuthBy ITS-WIRELESS-QUARANTINE
>         AuthBy EDUROAM_TEST_USERS
> </Handler>
> 
> #
> # Outer Handler for Eduroam requests for us
> #
> <Handler Client-Identifier=eduroam, Realm=/uiowa\.edu$/i >
>         # Process Accounting-Requests
>         PreProcessingHook file:"PreProcessingHook.pl"
> 
>         <AuthBy FILE>
>                 # Anonymous user
>                 Filename %D/users
> 
>                 EAPType PEAP, TTLS
> 
>                 # Set inner username without Realm
>                 EAPAnonymous %0
> 
>                 # EAPTLS_CAFile is the name of a file of CA certificates
>                 # in PEM format.
>                 EAPTLS_CAFile %D/certificates/prodCA/CACert.crt
> 
>                 # EAPTLS_CertificateFile is the name of a file containing
>                 # the servers certificate.
>                 EAPTLS_CertificateFile %D/certificates/certificate.crt
>                 EAPTLS_CertificateType PEM
> 
>                 # EAPTLS_PrivateKeyFile is the name of the file containing
>                 # the servers private key.
>                 EAPTLS_PrivateKeyFile %D/certificates/privateKey.key
>                 EAPTLS_PrivateKeyPassword SECERT
> 
>                 # EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
>                 # size that will be replied by Radiator.
>                 EAPTLS_MaxFragmentSize 1000
> 
>                 # Some clients, depending on their configuration, may require you to specify
>                 # MPPE send and receive keys.
>                 AutoMPPEKeys
> 
>                 # You can control which version of the draft PEAP protocol to honour
>                 # with EAPTLS_PEAPVersion.
>                 EAPTLS_PEAPVersion 0
> 
>                 # Addeded for testing rapid recconects
>                 EAPTLS_SessionResumption 0
> 
>         </AuthBy>
> 
> </Handler>
> 
> #
> # Handler for "user at uiowa.edu" or just "user" local authentication
> #
> <Handler Realm=/(?:uiowa\.edu$|^$)/i >
> 
>         # Process Accounting-Requests
>         PreProcessingHook file:"PreProcessingHook.pl"
> 
>         # Get rid of realm ?
>         # RewriteUsername     s/^([^@]+).*/$1/
> 
>         <AuthBy LSA>
>                 UsernameMatchesWithoutRealm
>                 DefaultDomain IOWA
>                 Group ITS-WIRELESS-IOWA
> 
>                 EAPType PEAP, TTLS
> 
>                 # Set inner username without Realm
>                 EAPAnonymous %0
> 
>                 EAPTLS_CAFile %D/certificates/prodCA/CACert.crt
> 
>                 EAPTLS_CertificateFile %D/certificates/certificate.crt
>                 EAPTLS_CertificateType PEM
> 
>                 EAPTLS_PrivateKeyFile %D/certificates/privateKey.key
>                 EAPTLS_PrivateKeyPassword SECRET
> 
>                 EAPTLS_MaxFragmentSize 1000
> 
>                 EAPTLS_PEAPVersion 0
> 
>                 EAPTLS_SessionResumption 0
> 
>                 AutoMPPEKeys
> 
>         </AuthBy>
> 
>         # Process inner/outer identity and dyanmic VLAN assignment
>         PostProcessingHook file:"PostProcessingHook.pl"
> 
> </Handler>
> 
> #
> # Default Handler (Forward to Eduroam-US TLRS)
> #
> <Handler>
>         <AuthBy RADIUS>
>                 Secret SECRET
>                 Host eduroam1.ns.utk.edu
>                 AuthPort 1812
>                 AcctPort 1813
>                 RetryTimeout 8
> 
>                 AutoMPPEKeys
> 
>                 # Process Accounting and Dynamic VLAN Assignment
>                 ReplyHook file:"%D/ReplyHook.pl"
>         </AuthBy>
> 
> </Handler>
> 
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Received from 128.255.204.94 port 59392 ....
> Code:       Access-Request
> Identifier: 0
> Authentic:  <228><195>U<218><12><166><250>W>)<170><146><2>;7<23>
> Attributes:
>         User-Name = "nmjoo"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = <2><0><0><10><1>nmjoo
>         Message-Authenticator = <25><145><242>F<9>5<155><240><179><4>C<242><21><222>E<249>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for nmjoo, 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 0, 10, 1
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 1
> Fri Jan  7 17:11:28 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP PEAP Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP PEAP Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Sending to 128.255.204.94 port 59392 ....
> Code:       Access-Challenge
> Identifier: 0
> Authentic:  <146><163><221>"I<133><127><209>PDD<178><238><157><208>8
> Attributes:
>         EAP-Message = <1><1><0><6><25>
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Received from 128.255.204.94 port 59392 ....
> Code:       Access-Request
> Identifier: 1
> Authentic:  <249><219><223><24><152><165><207><23><159>O<253><134><202><221>i<238>
> Attributes:
>         User-Name = "nmjoo"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = <2><1><0><6><3><21>
>         Message-Authenticator = !v<217>pR<190>!(6<128><29>Y<157>}<189><158>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for nmjoo, 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 1, 6, 3
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 3
> Fri Jan  7 17:11:28 2011: DEBUG: EAP Nak desires type 21
> Fri Jan  7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Sending to 128.255.204.94 port 59392 ....
> Code:       Access-Challenge
> Identifier: 1
> Authentic:  <144>0<15>t<149><194><246>*7^<160>h<9>S<23><227>
> Attributes:
>         EAP-Message = <1><2><0><6><21>
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Received from 128.255.204.94 port 59392 ....
> Code:       Access-Request
> Identifier: 2
> Authentic:  <248>[<230>;<187><180>*<197><169><142>S%<188>5GY
> Attributes:
>         User-Name = "nmjoo"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = <2><2><0>v<21><0><22><3><1><0>k<1><0><0>g<3><1>M'<157><160>t<244>nx<165><26><148><156><248>}<174><232>yR<198><1><134>=--e<218><128>k<1>S<175>q<0><0>:<0>9<0>8<0><136><0><135><0>5<0><132><0><22><0><19><0><10><0>3<0>2<0><154><0><153><0>E<0>D<0>/<0><150><0>A<0><5><0><4><0><21><0><18><0><9><0><20><0><17><0><8><0><6><0><3><0><255><1><0><0><4><0>#<0><0>
>         Message-Authenticator = <24><4>><185>;<227><15><7>4x<148>8<168><221><130><10>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for nmjoo, 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 2, 118, 21
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 21
> Fri Jan  7 17:11:28 2011: DEBUG: EAP TTLS data, 24576, 2, -1
> Fri Jan  7 17:11:28 2011: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
> Fri Jan  7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Sending to 128.255.204.94 port 59392 ....
> Code:       Access-Challenge
> Identifier: 2
> Authentic:  <21><17><172><235>~Ff<164><25><20>l<131><132><184>AP
> Attributes:
>         EAP-Message = <1><3><3><242><21><192><0><0><15><199><22><3><1><0>J<2><0><0>F<3><1>M'<157><160>s<159><180><221>gm#<248><192><137><141>QH<195><232><222>k<166><228>\<219><210>P<149><182><14><147><153> <159><170><141><16><234>\6<205><155><<237>2<236><134><216><29><1>jn<173><184>{<207><242>#<138><4><22>[u;:<0>5<0><22><3><1><15>j<11><0><15>f<0><15>c<0><6> 0<130><6><28>0<130><5><4><160><3><2><1><2><2><17><0><172><251><184><24><131>(_<250><234><249>R<143><15><5><251><245>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><137>1<11>0<9><6><3>U<4><6><19><2>GB1<27>0<25><6><3>U<4><8><19><18>Greater Manchester1<16>0<14><6><3>U<4><7><19><7>Salford1<26>0<24><6><3>U<4><10><19><17>COMODO CA Limited1/0-<6><3>U<4><3><19>&
>         EAP-Message = COMODO High-Assurance Secure Server CA0<30><23><13>101101000000Z<23><13>111101235959Z0<130><1><29>1<11>0<9><6><3>U<4><6><19><2>US1<14>0<12><6><3>U<4><17><19><5>522421<11>0<9><6><3>U<4><8><19><2>IA1<18>0<16><6><3>U<4><7><19><9>Iowa City1<25>0<23><6><3>U<4><9><19><16>416-3 North Hall1<31>0<29><6><3>U<4><9><19><22>The University of Iowa1301<6><3>U<4><9><19>*ITS Telecommunication and Network Services1<27>0<25>
>         EAP-Message = <6><3>U<4><10><19><18>University of Iowa1<19>0<17><6><3>U<4><11><19><10>ITS-TNS-NS1<20>0<18><6><3>U<4><11><19><11>PlatinumSSL1$0"<6><3>U<4><3><19><27>net-auth-test.its.uiowa.edu0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><198><191><24><169><160><142><1><142><127><198><185>l<174><25><254>t<141>$<157><199><137>d-<162>M<253><23><183>i<136>W<149>N<224>.\<254><236>3<<130><189>/VW<163>0*<170>I<194><131><232><215><179>$k<162><205><206>1#F!N&<6><246><24><149>m<208>4<182><222><239>q<243>-<224>!<20><21><236>y<132><196>%<221><221><137>C<167><209><186><171><211>c<250><184>b<4><147><241><195><194><180><227>=<207>-P<222>x
>         EAP-Message = <201><221><13><249><208><232><182><145><193><199><180>pL'<151><5>er<194><149>Wi@<214>S<173><228><138>V<194>I<201><27><30><234><156><141><188><231><141>I<143>p<205>8,<176><10>2Tx1<218>[B<249><16><200><175><178>|u<28><11> <132>L<238><246><193><250>0<220><178><192>D<139><167><222>8<206><142><203>y<241><226><17><153>z<127><127><9>e<9>C(<193>P<0><216><0><20>+<215><205><18><8>Zo<221>@<138>/b#<16><206><186>PO<178><217><226>M<158><163><222><134>Z<139>P<14>_+Pr<249><235>s<144>Z<147><2><3><1><0><1><163><130><1><230>0<130><1><226>0<31><6><3>U<29>#<4><24>0<22><128><20>?<213><181><208><214>DyPJ<23><163><155><140>J<220><184><176>"dk0<29><6><3>U<29><14><4><22><4><20><215><139><250><146><170>)<143><183><221><149>U<148>Sy<1><12><227><133>n]0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><160>0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<29>
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Received from 128.255.204.94 port 59392 ....
> Code:       Access-Request
> Identifier: 3
> Authentic:  Q<4>o <138>d<127><21>]<220>.<183>&[<10><244>
> Attributes:
>         User-Name = "nmjoo"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = <2><3><0><6><21><0>
>         Message-Authenticator = <163><234><25><240><195>$4Y<171>n<21>H<242>-6\
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for nmjoo, 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 3, 6, 21
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 21
> Fri Jan  7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Sending to 128.255.204.94 port 59392 ....
> Code:       Access-Challenge
> Identifier: 3
> Authentic:  <183><237>8<160>n<203><167>5a<250><210><200>5Q^<25>
> Attributes:
>         EAP-Message = <1><4><3><238><21>@<6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>+<6><1><5><5><7><3><2>0F<6><3>U<29> <4>?0=0;<6><12>+<6><1><4><1><178>1<1><2><1><3><4>0+0)<6><8>+<6><1><5><5><7><2><1><22><29>https://secure.comodo.com/CPS0O<6><3>U<29><31><4>H0F0D<160>B<160>@<134>>http://crl.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crl0<129><128><6><8>+<6><1><5><5><7><1><1><4>t0r0J<6><8>+<6><1><5><5><7>0<2><134>>http://crt.comodoca.com/COMODOHigh
>         EAP-Message = -AssuranceSecureServerCA.crt0$<6><8>+<6><1><5><5><7>0<1><134><24>http://ocsp.comodoca.com0G<6><3>U<29><17><4>@0><130><27>net-auth-test.its.uiowa.edu<130><31>www.net-auth-test.its.uiowa.edu0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>)Lh<215><226><187>Sv<149><17>O<221>."M>(<246>c}d<242><30><10>^<175>2<155><233><191>4<192>!<250><0><150>F\!<137><182><134>s<19>5<230><194>B<17>2{<189>$<15><5>9<227><146><246><173><135>@D\vd<174><195>_<162>c<158><134><142><254><212>N<181><180><222><150><175><211>X<242><16><153>)<154>$d<207><178><167>
>         EAP-Message = <233>?<31><201><3><204><251><161>6<169><241><209>&'<166>`<14><181><255>}<202><160>V<171><203><243>pc<245>BU<25><241>?<162><130><161><242><10> <134>/<171><29><5>e<166><174><18>WOj<7><18><250>Z<234><181><127><246>;8x<229>F<248><240><148>A<141><151><158>Fp)<157><23><229><225><7><<238>^J<136><26><235><127><240>jG|<205>[0)HFO<198>/<149>?{n<130><165><252><159><2>~<232><12>O<231><253><253><244><3>U'<16><196><174>e<237><209><184><221>d<217><247>z<149><N!<19><138>Z<210><241><26><9<159>8d<5>N<203><211><231><8><148><9><25><5><236><210><150><139><0><5><0>0<130><4><252>0<130><3><228><160><3><2><1><2><2><16><22><144><195>)<182>x<6><7>Q<31><5><176>4HF<203>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0o1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6><3>U<4><10><19><11>AddTrust AB1&0$<6>
>         EAP-Message = <3>U<4><11><19><29>AddTrust External TTP Network1"0 <6><3>U<4><3><19><25>AddTrust External CA Root0<30><23><13>100416000000Z<23><13>200530104838Z0<129><137>1<11>0<9><6><3>U<4><6><19><2>GB1<27>0<25><6><3>U<4><8><19><18>Greater Manchester1<16>0<14><6><3>U<4><7><19><7>Salford1<26>0<24><6><3>U<4><10><19><17>COMODO CA Limited1/0-<6><3>U<4><3><19>&COMODO High-Assurance Secure Server CA0<130><1>"
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Received from 128.255.204.94 port 59392 ....
> Code:       Access-Request
> Identifier: 4
> Authentic:  4]!<191><14>D`<138><127>KL<252>8<144><136><143>
> Attributes:
>         User-Name = "nmjoo"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = <2><4><0><6><21><0>
>         Message-Authenticator = !<13><213>`V<239><14><197><195>YN<148>B<28><177><194>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for nmjoo, 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 4, 6, 21
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 21
> Fri Jan  7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Sending to 128.255.204.94 port 59392 ....
> Code:       Access-Challenge
> Identifier: 4
> Authentic:  <186><161><131><144><181><29><240>US<251><247><155>!,<183>(
> Attributes:
>         EAP-Message = <1><5><3><238><21>@0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><231><135><218><192>w<228><187>:<250>j$<200><128>A<172><210><22><19><21>=<250><247><248>*v<220><168>-9<8><206>HJ<190><15>}<240><222><186><187>G<213><189>-<215><27><171><15> <129>#<8>r<177><192><17><149><13><230><234><169><135><255><199>n<30>Of2<186>S<188><5><170><28>,<12><239>M7Gk<16><12><219><197><160><152>~X<219>7<214><174><233><6><189><215><168>e<243>7<185><199>m<206>w<199>&<224><215>t<31><166><152><22><187><12>k<200><190>w<208><239>X<167>)<160><185><184>i<5>6<203><178><218>X<163><11>u<173>=<139>"<130> >p<134><153><28><185>O<207>w<164><7><26>#c<209>8V<132><236><191><143><197>N<244><24><150><155><26><232><147><236><141><175><21><156>$<240>Z;<232><15><185><168>Z<1><211><178><28>`<201><156>R<4><221><146><167><254><12><172><226>E<141><3>a<188>y<224>w.<135>A<
>         EAP-Message = X_<203><245><197>w<242>X<200>M(<208><154><250><243>s<9>$ht<188> L<216>,<176><170><232><217>Nm<242><140>$<211><147>]<145><2><3><1><0><1><163><130><1>w0<130><1>s0<31><6><3>U<29>#<4><24>0<22><128><20><173><189><152>z4<180>&<247><250><196>&T<239><3><189><224>$<203>T<26>0<29><6><3>U<29><14><4><22><4><20>?<213><181><208><214>DyPJ<23><163><155><140>J<220><184><176>"dk0<14><6><3>U<29><15><1><1><255><4><4><3><2><1><6>0<18><6><3>U<29><19><1><1><255><4><8>0<6><1><1><255><2><1><0>0<17><6><3>U<29> <4><10>0<8>0<6><6><4>U<29> <0>0D<6><3>U<29><31><4>=0;09<160>7<160>5<134>3http://crl.usertrust.com/AddTrustExternalCARoot.crl0<129><179><6><8>+<6><1><5><5><7><1><1>
>         EAP-Message = <4><129><166>0<129><163>0?<6><8>+<6><1><5><5><7>0<2><134>3http://crt.usertrust.com/AddTrustExternalCARoot.p7c09<6><8>+<6><1><5><5><7>0<2><134>-http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%<6><8>+<6><1><5><5><7>0<1><134><25>http://ocsp.usertrust.com0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><19><133><31>R<128><24><201>S<247><254>.<26><175><204><217><11><<194><211><133><129><16><240>(<141><185>@~,<158><143><214>6<134><10>L<20>-<214><151>C<146>A<25>7K<150><158><235><169>0y<18><149><179><2>6W<237>+<185><29><152><26>
>         EAP-Message = <163><24><10>?<155>9<139><205><161>I)L/<249><208><149><140><200>M<149><186><168>C<207>3<170>%*Z<14><170>'<201>Nk<177><230>s<31><179>t<4><195><243>L<226><168><235>g<183>]<184><8><5><26>V<154>T)<133><245>)N<128>;<149><208>{S<150><17>V<193><2><211><234><178><127><202><143><156>pJ<20><141>Z<185><22>`u<214><205>'<30><22><205>[3<142>y@<207>(H<231><220>q<22>Nt<145>u<185>*<140><241>p<172>&<221><4><185>@<194><133><222><28><147>@<208><204>n<195><155><170><239>`e<223>`"<240>Z<165>z<162>/<228>ps<238><<212>&+h<7><193> z<232><152>Z>{<159><2><139>b<192><133><129><128>`5~<165><29><12><210><156><223>bE<13><219><252>7<251><245>%"<0><4>:0<130><4>60<130><3><30><160><3><2><1><2><2><1><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0o1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6><3>
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Received from 128.255.204.94 port 59392 ....
> Code:       Access-Request
> Identifier: 5
> Authentic:  <4><13><13><128><179><250>V<241>1-<141><204>)<223><155>.
> Attributes:
>         User-Name = "nmjoo"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = <2><5><0><6><21><0>
>         Message-Authenticator = <199><191><254><244><233><16><1>Q<30><17><6><148> <151><12>j
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for nmjoo, 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 5, 6, 21
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 21
> Fri Jan  7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Sending to 128.255.204.94 port 59392 ....
> Code:       Access-Challenge
> Identifier: 5
> Authentic:  <1>Z<202>O<243>9K<205><159><j{<242><230><29><246>
> Attributes:
>         EAP-Message = <1><6><3><238><21>@U<4><10><19><11>AddTrust AB1&0$<6><3>U<4><11><19><29>AddTrust External TTP Network1"0 <6><3>U<4><3><19><25>AddTrust External CA Root0<30><23><13>000530104838Z<23><13>200530104838Z0o1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6><3>U<4><10><19><11>AddTrust AB1&0$<6><3>U<4><11><19><29>AddTrust External TTP Network1"0 <6><3>U<4><3><19><25>AddTrust External CA Root0<130><1>"0<13><6><9>*<134>
>         EAP-Message = H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><183><247><26>3<230><242><0><4>-9<224>N[<237><31><188>l<15><205><181><250>#<182><206><222><155><17>3<151><164>)L}<147><159><189>J<188><147><237><3><26><227><143><207><229>mPZ<214><151>)<148>Z<128><176>Iz<219>.<149><253><184><202><191>78-<30>><145>A<173>pV<199><240>O?<232>2<158>t<202><200><144>T<233><198>_<15>x<157><154>@<<14><172>a<170>^<20><143><158><135><161>jP<220><215><154>N<175><5><179><166>q<148><156>q<179>P`<10><199><19><157>8<7><134><2><168><233><168>i&<24><144><171>L<176>O#<171>:O<132><216><223><206><159><225>io<187><215>B<215>kD<228><199><173><238>mA_rZq<8>7<179>ye<164>Y<160><148>7<247><0>/<13><194><146>r<218><208>8r<219><20><168>E<196>]*}<183><180><214><196><238><172><205><19>D<183><201>+<221>C<0>%<250>a<185>ijX#<17><183><167>3<143>VuY
>         EAP-Message = <245><205>)<215>F<183><10>+e<182><211>Bo<21><178><184>{<251><239><233>]S<213>4Z'<2><3><1><0><1><163><129><220>0<129><217>0<29><6><3>U<29><14><4><22><4><20><173><189><152>z4<180>&<247><250><196>&T<239><3><189><224>$<203>T<26>0<11><6><3>U<29><15><4><4><3><2><1><6>0<15><6><3>U<29><19><1><1><255><4><5>0<3><1><1><255>0<129><153><6><3>U<29>#<4><129><145>0<129><142><128><20><173><189><152>z4<180>&<247><250><196>&T<239><3><189><224>$<203>T<26><161>s<164>q0o1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6><3>U<4><10><19><11>AddTrust AB1&0$<6><3>U<4><11><19><29>AddTrust External TTP Network1"0 <6><3>U<4><3><19><25>AddTrust External CA Root<130><1>
>         EAP-Message = <1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><176><155><224><133>%<194><214>#<226><15><150><6><146><157>A<152><156><217><132>y<129><217><30>[<20><7>#6e<143><176><216>w<187><172>AlG`<131>Q<176><249>2=<231><252><246>&<19><199><128><22><165><191>Z<252><135><207>xy<137>!<154><226>L<7><10><134>5<188><242><222>Q<196><210><150><183><220>~N<238>p<253><28>9<235><12><2>Q<20>-<142><189><22><224><193><223>Fu<231>$<173><236><244>B<180><133><147>p<16>g<186><157><6>5J<24><211>+z<204>QB<161>zc<209><230><187><161><197>+<194>6<190><19><13><230><189>c~y{<167><9><13>@<171>j<221><143><138><195><246><246><140><26>B<5>Q<212>E<245><159><167>b!h<21> C<<153><231>|<189>$<216><169><145><23>s<136>?V<27>18<24><180>q<15><154><205><200><14><158><142>.<27><225><140><152><131><203><31>1<241>DL<198><4>sIv`<15><199><248><189><23><128>k.<233>
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Received from 128.255.204.94 port 59392 ....
> Code:       Access-Request
> Identifier: 6
> Authentic:  U<14><245>_<199><183><14><149><197><206>g<1><199><189>)T
> Attributes:
>         User-Name = "nmjoo"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = <2><6><0><6><21><0>
>         Message-Authenticator = <242><246><222>}d<235>u<133>c<136><0><236>Xl<183><228>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for nmjoo, 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 6, 6, 21
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 21
> Fri Jan  7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Sending to 128.255.204.94 port 59392 ....
> Code:       Access-Challenge
> Identifier: 6
> Authentic:  B<3><136>V[<205><182>1K<209><168><221>E<157><177>,
> Attributes:
>         EAP-Message = <1><7><0>-<21><0><204>L<14>Z<154>y<15> <10>.<213><158>c&<30>U<146><148><216><130><23>Z{<208><188><199><143>N<134><4><22><3><1><0><4><14><0><0><0>
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Received from 128.255.204.94 port 59392 ....
> Code:       Access-Request
> Identifier: 7
> Authentic:  <183><228><246><187><190><209><14><127>R<133><203>2<18>u<233><236>
> Attributes:
>         User-Name = "nmjoo"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = <2><7><1>L<21><0><22><3><1><1><6><16><0><1><2><1><0><31><233>e<233><247><244>@O<210><250><147><175>x<174><235>><156><235><229><10>op<226>5$|<184><165><147><222>,R<229><127><238><139><220><219>>%PWN<145><175><168><208><247>z<242><229><220>#<231><213><151>+<142><1>D<231><145>]<2><136>F<251><220><214>A<228><17><2><205><251>9?<172><17>C<224><224>0<1><21>|<213>.<209><130><161>9<250>_Y<171><180><5><234>w<192>QZ<131><136><4><182><25>a<174>[@op<11>;<199><179><5><166>F<1><200>n<20><173><137><211><30><227>L<198><187><145><209><18><148>;<186><150><242><215>|H<248>7<214>E+<20>_<140>-V<215><2><203><5><23><21>y7;<29><194>.<253>5<216><188><18><142>?<233>5<226><13>=)<160><163><236>z<18><163><246><220><235>n#<216>k%h_*a<133>L)(<138>y<190><31>MdQ<134><6>0XZq<7>G<135>!<197><214><226><176>D<17>P<253><245>]I<145><183><235><190><145>J4
>         EAP-Message = <249><248><133><14><205>8<13><174>}ib<29><209><244>o<236>,<225><8>m<20><3><1><0><1><1><22><3><1><0>0 <209>b<144><19><20>f<254><212><150><221>v4<183><149>n<152><132>|<139>H<193><181><182><249>H<183><30><7>(%f<178>q<212><9>.<213><240>'<23>i6<18>N<25><30><31>
>         Message-Authenticator = <0>a<161><140>H<221><195><205>pD5<208>b <222><237>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for nmjoo, 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 7, 332, 21
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 21
> Fri Jan  7 17:11:28 2011: DEBUG: EAP TTLS data, 8576, 7, 2
> Fri Jan  7 17:11:28 2011: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
> Fri Jan  7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Sending to 128.255.204.94 port 59392 ....
> Code:       Access-Challenge
> Identifier: 7
> Authentic:  <243><177><196><201><236><136>EDv<198><4>:<16>n<<19>
> Attributes:
>         EAP-Message = <1><8><0>E<21><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0<197>-<202>Uk<155><250><147><201><191><180><132>3<30>(z<179><174>+K<10><149>@n<147><22><237><225><202>A<134>^~<223>5<134><170><165>\<14>C<27><232><137><214><169>y<230>
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Received from 128.255.204.94 port 59392 ....
> Code:       Access-Request
> Identifier: 8
> Authentic:  <24><252><208><129>e<23><2><146><237><252>v`<227><18><168><245>
> Attributes:
>         User-Name = "nmjoo"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = <2><8><0>`<21><0><23><3><1><0> <226><221>'<5>=<249>g<236>J<207><173><187><239><128><246><188><129>}B<162>&M+<205>,O<167><209>r<170>Y<166><23><3><1><0>0<238><149><159>m<16>d<195>wB<129>@<31>1<l<224>=<226>d<182>I<209><1><226>k<135><172>c<25>w<187>8<192>='<129>OP7<243><137><162>e<247>H]<223><210>
>         Message-Authenticator = <188>7o<188><208>MmUH<12><26>A<222><252><237><130>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for nmjoo, 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 8, 96, 21
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 21
> Fri Jan  7 17:11:28 2011: DEBUG: EAP TTLS data, 3, 8, 7
> Fri Jan  7 17:11:28 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       UNDEF
> Identifier: UNDEF
> Authentic:  UNDEF
> Attributes:
>         EAP-Message = <2><0><0><10><1>nmjoo
> 
> Fri Jan  7 17:11:28 2011: DEBUG: EAP TTLS inner authentication request for
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'TunnelledByTTLS=1', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for , 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA: ITS-WIRELESS-IOWA
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 0, 10, 1
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 1
> Fri Jan  7 17:11:28 2011: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP MSCHAP-V2 Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: Access challenged for : EAP MSCHAP-V2 Challenge
> Fri Jan  7 17:11:28 2011: DEBUG: Returned TTLS tunnelled Diameter Packet dump:
> Code:       Access-Challenge
> Identifier: UNDEF
> Authentic:  <151>znx<251>!kw<183><239>e<18>'6<201>Z
> Attributes:
>         EAP-Message = <1><1><0>"<26><1><1><0><29><16><157><234>gS+<250><142>H<204>j<211><20><160>Aj<179>itsnt929
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS inner authentication redispatched to a Handler
> Fri Jan  7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP TTLS inner authentication redispatched to a Handler
> Fri Jan  7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP TTLS inner authentication redispatched to a Handler
> Fri Jan  7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Sending to 128.255.204.94 port 59392 ....
> Code:       Access-Challenge
> Identifier: 8
> Authentic:  <244><189><164>C<201>Wr<150><163>n/<172><8><194><199><182>
> Attributes:
>         EAP-Message = <1><9><0>o<21><128><0><0><0>e<23><3><1><0>`<20>C<4><220><208>s+<145><12><<146><9><195>M)<172><214>HW<175>xAS<253><5><161><147><163><192><197>f<16><153><185>J;a<233>l<11>&},{<219><222><226><143>u<198>4<155><16>^<180>s<181>YX6N<4>7<159><229><167>S<224><145>c<183><216>GsR<154>v<16>Y'<227><235>G<140>p<2><186><27>G<2><144><181><139><214><176><137>
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Packet dump:
> *** Received from 128.255.204.94 port 59392 ....
> Code:       Access-Request
> Identifier: 9
> Authentic:  <255><4>~<194>:[DJ<210>B<19><161><202><24><234><9>
> Attributes:
>         User-Name = "nmjoo"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = <2><9><0><144><21><0><23><3><1><0> <175><219>o<199><15>R<227>_g7<203><17><156>pg<171><9><251><26>H[<205><201><166><6><228>x<182>Q<145><246><203><23><3><1><0>`<252>X<222><224><224><196><217>n#<185><178><127><141><30><140>>"<163>g<233>n<177><207><127>Y<7><187><201><17>\<28>C<133>y<177>;]<218><220><166><14><219><176><231><240><148>F<201>2g=P`<206>/lZr<175><216><218><165>#<138><235><141><222><210><253><26>0<201><135><255><179><170><20>{<223><20><179>'Y<165><30><239><206><13><157>M<167><23>}@<190><248>
>         Message-Authenticator = <10><165><200><247><210>iIL<144><224>n<255><137><170><242>(
> 
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for nmjoo, 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 9, 144, 21
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 21
> Fri Jan  7 17:11:28 2011: DEBUG: EAP TTLS data, 3, 9, 8
> Fri Jan  7 17:11:28 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
> Code:       UNDEF
> Identifier: UNDEF
> Authentic:  UNDEF
> Attributes:
>         EAP-Message = <2><1><0>@<26><2><1><0>;1<147>}<205><25>^q<165>D<186>@<190><179><213><235>O<203><0><0><0><0><0><0><0><0><222><141><0>zQm<211>2<30><164><161><137><0>GV<241>R<153><25><147><251>U<214><26><0>nmjoo
> 
> Fri Jan  7 17:11:28 2011: DEBUG: EAP TTLS inner authentication request for
> Fri Jan  7 17:11:28 2011: DEBUG: Handling request with Handler 'TunnelledByTTLS=1', Identifier ''
> Fri Jan  7 17:11:28 2011: DEBUG:  Deleting session for , 127.0.0.1,
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA: ITS-WIRELESS-IOWA
> Fri Jan  7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 1, 64, 26
> Fri Jan  7 17:11:28 2011: DEBUG: Response type 26
> Fri Jan  7 17:11:28 2011: DEBUG: Radius::AuthLSA looks for match with nmjoo []
> Fri Jan  7 17:11:28 2011: DEBUG: Checking LSA Group membership for \\IOWADC1, ITS-WIRELESS-IOWA,
> Fri Jan  7 17:11:29 2011: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA User is not a member of any Group: nmjoo []
> Fri Jan  7 17:11:29 2011: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user nmjoo
> Fri Jan  7 17:11:29 2011: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP V2 failed: no such user nmjoo
> Fri Jan  7 17:11:29 2011: DEBUG: Handling with Radius::AuthLSA: ITS-WIRELESS-QUARANTINE
> Fri Jan  7 17:11:29 2011: DEBUG: Handling with EAP: code 2, 1, 64, 26
> Fri Jan  7 17:11:29 2011: DEBUG: Response type 26
> Fri Jan  7 17:11:29 2011: DEBUG: Radius::AuthLSA looks for match with nmjoo []
> Fri Jan  7 17:11:29 2011: DEBUG: Checking LSA Group membership for \\IOWADC1, ITS-WIRELESS-QUARANTINE,
> Fri Jan  7 17:11:29 2011: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA User is not a member of any Group: nmjoo []
> Fri Jan  7 17:11:29 2011: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user nmjoo
> Fri Jan  7 17:11:29 2011: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP V2 failed: no such user nmjoo
> Fri Jan  7 17:11:29 2011: DEBUG: Handling with Radius::AuthFILE: EDUROAM_TEST_USERS
> Fri Jan  7 17:11:29 2011: DEBUG: Handling with EAP: code 2, 1, 64, 26
> Fri Jan  7 17:11:29 2011: DEBUG: Response type 26
> Fri Jan  7 17:11:29 2011: DEBUG: Radius::AuthFILE looks for match with nmjoo []
> Fri Jan  7 17:11:29 2011: DEBUG: Radius::AuthFILE REJECT: No such user: nmjoo []
> Fri Jan  7 17:11:29 2011: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user nmjoo
> Fri Jan  7 17:11:29 2011: DEBUG: AuthBy FILE result: REJECT, EAP MSCHAP V2 failed: no such user nmjoo
> Fri Jan  7 17:11:29 2011: INFO: Access rejected for : EAP MSCHAP V2 failed: no such user nmjoo
> Fri Jan  7 17:11:29 2011: DEBUG: Returned TTLS tunnelled Diameter Packet dump:
> Code:       Access-Reject
> Identifier: UNDEF
> Authentic:  `<205><129><218><178>D{<228><139>Hu<213>6b<10><198>
> Attributes:
>         EAP-Message = <4><1><0><4>
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>         Reply-Message = "Request Denied"
> 
> Fri Jan  7 17:11:29 2011: DEBUG: EAP result: 1, EAP TTLS inner authentication redispatched to a Handler
> Fri Jan  7 17:11:29 2011: DEBUG: AuthBy LSA result: REJECT, EAP TTLS inner authentication redispatched to a Handler
> Fri Jan  7 17:11:29 2011: INFO: Access rejected for nmjoo: EAP TTLS inner authentication redispatched to a Handler
> Fri Jan  7 17:11:29 2011: DEBUG: PostProcessing Hook: called.
> Fri Jan  7 17:11:29 2011: DEBUG: Packet dump:
> *** Sending to 128.255.204.94 port 59392 ....
> Code:       Access-Reject
> Identifier: 9
> Authentic:  <151>V<196><173><208><240><171>@<27>K@<249>j<205><205><217>
> Attributes:
>         EAP-Message = <4><9><0><4>
>         Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>         Reply-Message = "Request Denied"
> 
> 
> --
> Neil Johnson
> Network Engineer
> Information Technology Services
> The University of Iowa
> 319 384-0938
> neil-johnson at uiowa.edu
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list