[RADIATOR] TTLS and AuthbyLSA
Johnson, Neil M
neil-johnson at uiowa.edu
Mon Jan 10 09:02:23 CST 2011
I'm using eapol_test from the wpa_supplicant sources.
My config file is:
#
# eapol_test -c ttls-eap-mschapv2.conf -a server -s secret
#
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
identity="nmjoo"
anonymous_identity="nmjoo"
password="secret"
phase2="autheap=MSCHAPv2"
#
# Uncomment the following to perform server certificate validation.
# ca_cert = /etc/raddb/certs/ca.der
--
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
319 384-0938
neil-johnson at uiowa.edu
> -----Original Message-----
> From: Heikki Vatiainen [mailto:hvn at open.com.au]
> Sent: Monday, January 10, 2011 7:42 AM
> To: Johnson, Neil M; Mike McCauley
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] TTLS and AuthbyLSA
>
> On 01/08/2011 01:18 AM, Johnson, Neil M wrote:
>
> > I'm trying to test authenticating users using TTLS and AuthByLSA.
> >
> > It appears that when I test for group membership, that the username
> is not getting sent to the group test subroutine.
> >
> > Look for the line "Fri Jan 7 17:11:28 2011: DEBUG: Checking LSA
> Group membership for \\IOWADC1, ITS-WIRELESS-IOWA,"
> >
> > No username is listed after the ","
>
> I took a look at the code and found a couple of points but not
> necessarily a fix, at least yet.
>
> The missing username results from the missing User-Name attribute in
> the
> inner request. The code tries to pull username from User-Name
> attribute,
> but since it is missing, username becomes undefined. I checked a couple
> of old logs, and usually User-Name is there, but looks like your client
> does not use it with the inner authentication.
>
> Another thing to note is EAPAnonymous which behaves differently from
> other EAP types. The others take value for %0 from EAP identity, but
> with TTLS the value is taken from the inner User-Name attribute. So
> even
> with EAPAnonymous you do not currently get anything useful for
> username.
>
> Mike, do you think EAPAnonymous and username generation for the inner
> authentication needs reviewing?
>
> My suggestion:
> - Take username from tunnelled packet's User-Name if it exists
> - Otherwise take it from EAP inner identity
> - rethink what is done with EAPAnonymous if userName is not defined
> - document how EAPAnonymous works with TTLS
>
> The log below shows that the first tunnelled packet is EAP Identity
> response, so I think the above should fix the problem Neil is seeing.
> The ordering of User-Name and EAP inner identity I am suggesting above
> is following the current precedence the code has.
>
> Thanks!
> Heikki
>
> > Config and Logs below.
> >
> > Thanks.
> >
> > #
> > # Main Radiator Config File
> > #
> >
> > #
> > # General Settings
> > #
> > # Uncomment these for testing
> > Foreground
> > LogStdout
> >
> > LogDir e:\LogFiles\Radiator
> > DbDir c:\Program Files\Radiator
> > LogFile %L/%Y/logfile.%y%m%d
> > PidFile %L/radius.pid
> >
> > # User a lower trace level (2) in production systems:
> > Trace 4
> >
> > # Ports to listen on
> > AuthPort 1812
> > AcctPort 1813
> >
> > # RADAR Monitoring
> > <Monitor>
> > Username its-neg
> > Password SECRET
> > </Monitor>
> >
> > #
> > # Clients
> > #
> >
> > # BSB Controllers
> > <Client 192.168.11.132>
> > # ctrl-bsb-2
> > Secret SECRET
> > </Client>
> >
> > <Client 192.168.11.135>
> > # ctrl-bsb-5
> > Secret SECRET
> > </Client>
> >
> > <Client 192.168.11.133>
> > # ctrl-bsb-11
> > Secret SECRET
> > </Client>
> >
> > <Client 192.168.11.134>
> > # ctrl-bsb-12
> > Secret SECRET
> > </Client>
> >
> > # CB Controllers
> > <Client 192.168.11.68>
> > # ctrl-cb-11
> > Secret SECRET
> > </Client>
> >
> > <Client 192.168.11.69>
> > # ctrl-cb-12
> > Secret SECRET
> > </Client>
> >
> > <Client 192.168.11.70>
> > # ctrl-cb-13
> > Secret SECRET
> > </Client>
> >
> > # LC Controllers
> > <Client 192.168.11.10>
> > # ctrl-lc-11-m
> > Secret SECRET
> > </Client>
> >
> > <Client 192.168.11.11>
> > # ctrl-lc-12-m
> > Secret SECRET
> > </Client>
> >
> > <Client 192.168.11.12>
> > # ctrl-lc-13-m
> > Secret SECRET
> > </Client>
> >
> > # Test Controllers
> > <Client 192.168.11.74>
> > # ctrl-test-1-m
> > Secret SECRET
> > </Client>
> >
> > <Client 192.168.134.59>
> > # nat-test-ctrl
> > Secret SECRET
> > </Client>
> >
> > # Desktop
> > <Client 192.168.204.94>
> > # njohnson.its.uiowa.edu
> > Secret SECRET
> > </Client>
> >
> > # Spong Radius Monitoring Client
> > <Client 192.168.63.130>
> > # bright.its.uiowa.edu
> > Secret SECRET
> > </Client>
> >
> > # Eduroam TLRS (Top-Level Radius Server)
> > <Client eduroam1.ns.utk.edu>
> > Secret SECRET
> > Identifier eduroam
> > </Client>
> >
> > #
> > # AuthBy Clauses
> > #
> >
> > # Authenticate with Windows LSA
> > # Normal Users
> > <AuthBy LSA>
> > Identifier ITS-WIRELESS-IOWA
> > UsernameMatchesWithoutRealm
> > DefaultDomain IOWA
> > Group ITS-WIRELESS-IOWA
> > EAPType MSCHAP-V2
> > </AuthBy>
> >
> > # Quarantined Users
> > <AuthBy LSA>
> > Identifier ITS-WIRELESS-QUARANTINE
> > UsernameMatchesWithoutRealm
> > DefaultDomain IOWA
> > Group ITS-WIRELESS-QUARANTINE
> > EAPType MSCHAP-V2
> > AddToReply Tunnel-Medium-Type = 802
> > AddToReply Tunnel-Private-Group-ID = 820
> > AddToReply Tunnel-Type VLAN
> > </AuthBy>
> >
> > # Eduroam Test Users
> > <AuthBy FILE>
> > Identifier EDUROAM_TEST_USERS
> > Filename %D/eduroam_test_users
> > EAPType MSCHAP-V2
> > </AuthBy>
> >
> > #
> > # Handlers
> > #
> > #- NOTE Handlers are matched in order as they appear in the file
> > #
> >
> > #
> > # Eduroam Inner Handlers
> > #
> > <Handler Client-Identifier=eduroam, TunnelledByPEAP=1,
> Realm=/uiowa\.edu$/i >
> > AuthByPolicy ContinueUntilAcceptOrChallenge
> >
> > AuthBy ITS-WIRELESS-IOWA
> > AuthBy ITS-WIRELESS-QUARANTINE
> > AuthBy EDUROAM_TEST_USERS
> > </Handler>
> >
> > #
> > # Handle TTLS requests
> > #
> > <Handler Client-Identifier=eduroam, TunnelledByTTLS=1,
> Realm=/uiowa\.edu$/i >
> > AuthByPolicy ContinueUntilAcceptOrChallenge
> >
> > AuthBy ITS-WIRELESS-IOWA
> > AuthBy ITS-WIRELESS-QUARANTINE
> > AuthBy EDUROAM_TEST_USERS
> > </Handler>
> >
> > #
> > # Normal Inner User Handlers
> > #
> >
> > # This is where we authenticate a PEAP inner request, which will be
> an EAP
> > # request.
> > <Handler TunnelledByPEAP=1>
> > AuthByPolicy ContinueUntilAcceptOrChallenge
> >
> > AuthBy ITS-WIRELESS-IOWA
> > AuthBy ITS-WIRELESS-QUARANTINE
> > AuthBy EDUROAM_TEST_USERS
> > </Handler>
> >
> > #
> > # Handle TTLS requests
> > #
> > <Handler TunnelledByTTLS=1>
> > AuthByPolicy ContinueUntilAcceptOrChallenge
> >
> > AuthBy ITS-WIRELESS-IOWA
> > AuthBy ITS-WIRELESS-QUARANTINE
> > AuthBy EDUROAM_TEST_USERS
> > </Handler>
> >
> > #
> > # Outer Handler for Eduroam requests for us
> > #
> > <Handler Client-Identifier=eduroam, Realm=/uiowa\.edu$/i >
> > # Process Accounting-Requests
> > PreProcessingHook file:"PreProcessingHook.pl"
> >
> > <AuthBy FILE>
> > # Anonymous user
> > Filename %D/users
> >
> > EAPType PEAP, TTLS
> >
> > # Set inner username without Realm
> > EAPAnonymous %0
> >
> > # EAPTLS_CAFile is the name of a file of CA
> certificates
> > # in PEM format.
> > EAPTLS_CAFile %D/certificates/prodCA/CACert.crt
> >
> > # EAPTLS_CertificateFile is the name of a file
> containing
> > # the servers certificate.
> > EAPTLS_CertificateFile
> %D/certificates/certificate.crt
> > EAPTLS_CertificateType PEM
> >
> > # EAPTLS_PrivateKeyFile is the name of the file
> containing
> > # the servers private key.
> > EAPTLS_PrivateKeyFile %D/certificates/privateKey.key
> > EAPTLS_PrivateKeyPassword SECERT
> >
> > # EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
> > # size that will be replied by Radiator.
> > EAPTLS_MaxFragmentSize 1000
> >
> > # Some clients, depending on their configuration, may
> require you to specify
> > # MPPE send and receive keys.
> > AutoMPPEKeys
> >
> > # You can control which version of the draft PEAP
> protocol to honour
> > # with EAPTLS_PEAPVersion.
> > EAPTLS_PEAPVersion 0
> >
> > # Addeded for testing rapid recconects
> > EAPTLS_SessionResumption 0
> >
> > </AuthBy>
> >
> > </Handler>
> >
> > #
> > # Handler for "user at uiowa.edu" or just "user" local authentication
> > #
> > <Handler Realm=/(?:uiowa\.edu$|^$)/i >
> >
> > # Process Accounting-Requests
> > PreProcessingHook file:"PreProcessingHook.pl"
> >
> > # Get rid of realm ?
> > # RewriteUsername s/^([^@]+).*/$1/
> >
> > <AuthBy LSA>
> > UsernameMatchesWithoutRealm
> > DefaultDomain IOWA
> > Group ITS-WIRELESS-IOWA
> >
> > EAPType PEAP, TTLS
> >
> > # Set inner username without Realm
> > EAPAnonymous %0
> >
> > EAPTLS_CAFile %D/certificates/prodCA/CACert.crt
> >
> > EAPTLS_CertificateFile
> %D/certificates/certificate.crt
> > EAPTLS_CertificateType PEM
> >
> > EAPTLS_PrivateKeyFile %D/certificates/privateKey.key
> > EAPTLS_PrivateKeyPassword SECRET
> >
> > EAPTLS_MaxFragmentSize 1000
> >
> > EAPTLS_PEAPVersion 0
> >
> > EAPTLS_SessionResumption 0
> >
> > AutoMPPEKeys
> >
> > </AuthBy>
> >
> > # Process inner/outer identity and dyanmic VLAN assignment
> > PostProcessingHook file:"PostProcessingHook.pl"
> >
> > </Handler>
> >
> > #
> > # Default Handler (Forward to Eduroam-US TLRS)
> > #
> > <Handler>
> > <AuthBy RADIUS>
> > Secret SECRET
> > Host eduroam1.ns.utk.edu
> > AuthPort 1812
> > AcctPort 1813
> > RetryTimeout 8
> >
> > AutoMPPEKeys
> >
> > # Process Accounting and Dynamic VLAN Assignment
> > ReplyHook file:"%D/ReplyHook.pl"
> > </AuthBy>
> >
> > </Handler>
> >
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Received from 128.255.204.94 port 59392 ....
> > Code: Access-Request
> > Identifier: 0
> > Authentic: <228><195>U<218><12><166><250>W>)<170><146><2>;7<23>
> > Attributes:
> > User-Name = "nmjoo"
> > NAS-IP-Address = 127.0.0.1
> > Calling-Station-Id = "02-00-00-00-00-01"
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-IEEE-802-11
> > Connect-Info = "CONNECT 11Mbps 802.11b"
> > EAP-Message = <2><0><0><10><1>nmjoo
> > Message-Authenticator =
> <25><145><242>F<9>5<155><240><179><4>C<242><21><222>E<249>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo,
> 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 0, 10, 1
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 1
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP
> PEAP Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP
> PEAP Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Sending to 128.255.204.94 port 59392 ....
> > Code: Access-Challenge
> > Identifier: 0
> > Authentic: <146><163><221>"I<133><127><209>PDD<178><238><157><208>8
> > Attributes:
> > EAP-Message = <1><1><0><6><25>
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Received from 128.255.204.94 port 59392 ....
> > Code: Access-Request
> > Identifier: 1
> > Authentic:
> <249><219><223><24><152><165><207><23><159>O<253><134><202><221>i<238>
> > Attributes:
> > User-Name = "nmjoo"
> > NAS-IP-Address = 127.0.0.1
> > Calling-Station-Id = "02-00-00-00-00-01"
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-IEEE-802-11
> > Connect-Info = "CONNECT 11Mbps 802.11b"
> > EAP-Message = <2><1><0><6><3><21>
> > Message-Authenticator =
> !v<217>pR<190>!(6<128><29>Y<157>}<189><158>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo,
> 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 1, 6, 3
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 3
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP Nak desires type 21
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Sending to 128.255.204.94 port 59392 ....
> > Code: Access-Challenge
> > Identifier: 1
> > Authentic: <144>0<15>t<149><194><246>*7^<160>h<9>S<23><227>
> > Attributes:
> > EAP-Message = <1><2><0><6><21>
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Received from 128.255.204.94 port 59392 ....
> > Code: Access-Request
> > Identifier: 2
> > Authentic: <248>[<230>;<187><180>*<197><169><142>S%<188>5GY
> > Attributes:
> > User-Name = "nmjoo"
> > NAS-IP-Address = 127.0.0.1
> > Calling-Station-Id = "02-00-00-00-00-01"
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-IEEE-802-11
> > Connect-Info = "CONNECT 11Mbps 802.11b"
> > EAP-Message =
> <2><2><0>v<21><0><22><3><1><0>k<1><0><0>g<3><1>M'<157><160>t<244>nx<165
> ><26><148><156><248>}<174><232>yR<198><1><134>=--
> e<218><128>k<1>S<175>q<0><0>:<0>9<0>8<0><136><0><135><0>5<0><132><0><22
> ><0><19><0><10><0>3<0>2<0><154><0><153><0>E<0>D<0>/<0><150><0>A<0><5><0
> ><4><0><21><0><18><0><9><0><20><0><17><0><8><0><6><0><3><0><255><1><0><
> 0><4><0>#<0><0>
> > Message-Authenticator =
> <24><4>><185>;<227><15><7>4x<148>8<168><221><130><10>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo,
> 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 2, 118,
> 21
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS data, 24576, 2, -1
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS SSL_accept result: -1, 2,
> 8576
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Sending to 128.255.204.94 port 59392 ....
> > Code: Access-Challenge
> > Identifier: 2
> > Authentic: <21><17><172><235>~Ff<164><25><20>l<131><132><184>AP
> > Attributes:
> > EAP-Message =
> <1><3><3><242><21><192><0><0><15><199><22><3><1><0>J<2><0><0>F<3><1>M'<
> 157><160>s<159><180><221>gm#<248><192><137><141>QH<195><232><222>k<166>
> <228>\<219><210>P<149><182><14><147><153>
> <159><170><141><16><234>\6<205><155><<237>2<236><134><216><29><1>jn<173
> ><184>{<207><242>#<138><4><22>[u;:<0>5<0><22><3><1><15>j<11><0><15>f<0>
> <15>c<0><6>
> 0<130><6><28>0<130><5><4><160><3><2><1><2><2><17><0><172><251><184><24>
> <131>(_<250><234><249>R<143><15><5><251><245>0<13><6><9>*<134>H<134><24
> 7><13><1><1><5><5><0>0<129><137>1<11>0<9><6><3>U<4><6><19><2>GB1<27>0<2
> 5><6><3>U<4><8><19><18>Greater
> Manchester1<16>0<14><6><3>U<4><7><19><7>Salford1<26>0<24><6><3>U<4><10>
> <19><17>COMODO CA Limited1/0-<6><3>U<4><3><19>&
> > EAP-Message = COMODO High-Assurance Secure Server
> CA0<30><23><13>101101000000Z<23><13>111101235959Z0<130><1><29>1<11>0<9>
> <6><3>U<4><6><19><2>US1<14>0<12><6><3>U<4><17><19><5>522421<11>0<9><6><
> 3>U<4><8><19><2>IA1<18>0<16><6><3>U<4><7><19><9>Iowa
> City1<25>0<23><6><3>U<4><9><19><16>416-3 North
> Hall1<31>0<29><6><3>U<4><9><19><22>The University of
> Iowa1301<6><3>U<4><9><19>*ITS Telecommunication and Network
> Services1<27>0<25>
> > EAP-Message = <6><3>U<4><10><19><18>University of
> Iowa1<19>0<17><6><3>U<4><11><19><10>ITS-TNS-
> NS1<20>0<18><6><3>U<4><11><19><11>PlatinumSSL1$0"<6><3>U<4><3><19><27>n
> et-auth-
> test.its.uiowa.edu0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5
> ><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><198><191><24><169>
> <160><142><1><142><127><198><185>l<174><25><254>t<141>$<157><199><137>d
> -
> <162>M<253><23><183>i<136>W<149>N<224>.\<254><236>3<<130><189>/VW<163>0
> *<170>I<194><131><232><215><179>$k<162><205><206>1#F!N&<6><246><24><149
> >m<208>4<182><222><239>q<243>-
> <224>!<20><21><236>y<132><196>%<221><221><137>C<167><209><186><171><211
> >c<250><184>b<4><147><241><195><194><180><227>=<207>-P<222>x
> > EAP-Message =
> <201><221><13><249><208><232><182><145><193><199><180>pL'<151><5>er<194
> ><149>Wi@<214>S<173><228><138>V<194>I<201><27><30><234><156><141><188><
> 231><141>I<143>p<205>8,<176><10>2Tx1<218>[B<249><16><200><175><178>|u<2
> 8><11>
> <132>L<238><246><193><250>0<220><178><192>D<139><167><222>8<206><142><2
> 03>y<241><226><17><153>z<127><127><9>e<9>C(<193>P<0><216><0><20>+<215><
> 205><18><8>Zo<221>@<138>/b#<16><206><186>PO<178><217><226>M<158><163><2
> 22><134>Z<139>P<14>_+Pr<249><235>s<144>Z<147><2><3><1><0><1><163><130><
> 1><230>0<130><1><226>0<31><6><3>U<29>#<4><24>0<22><128><20>?<213><181><
> 208><214>DyPJ<23><163><155><140>J<220><184><176>"dk0<29><6><3>U<29><14>
> <4><22><4><20><215><139><250><146><170>)<143><183><221><149>U<148>Sy<1>
> <12><227><133>n]0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><160>0<12
> ><6><3>U<29><19><1><1><255><4><2>0<0>0<29>
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Received from 128.255.204.94 port 59392 ....
> > Code: Access-Request
> > Identifier: 3
> > Authentic: Q<4>o <138>d<127><21>]<220>.<183>&[<10><244>
> > Attributes:
> > User-Name = "nmjoo"
> > NAS-IP-Address = 127.0.0.1
> > Calling-Station-Id = "02-00-00-00-00-01"
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-IEEE-802-11
> > Connect-Info = "CONNECT 11Mbps 802.11b"
> > EAP-Message = <2><3><0><6><21><0>
> > Message-Authenticator =
> <163><234><25><240><195>$4Y<171>n<21>H<242>-6\
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo,
> 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 3, 6, 21
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Sending to 128.255.204.94 port 59392 ....
> > Code: Access-Challenge
> > Identifier: 3
> > Authentic: <183><237>8<160>n<203><167>5a<250><210><200>5Q^<25>
> > Attributes:
> > EAP-Message =
> <1><4><3><238><21>@<6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1>
> <6><8>+<6><1><5><5><7><3><2>0F<6><3>U<29>
> <4>?0=0;<6><12>+<6><1><4><1><178>1<1><2><1><3><4>0+0)<6><8>+<6><1><5><5
> ><7><2><1><22><29>https://secure.comodo.com/CPS0O<6><3>U<29><31><4>H0F0
> D<160>B<160>@<134>>http://crl.comodoca.com/COMODOHigh-
> AssuranceSecureServerCA.crl0<129><128><6><8>+<6><1><5><5><7><1><1><4>t0
> r0J<6><8>+<6><1><5><5><7>0<2><134>>http://crt.comodoca.com/COMODOHigh
> > EAP-Message = -
> AssuranceSecureServerCA.crt0$<6><8>+<6><1><5><5><7>0<1><134><24>http://
> ocsp.comodoca.com0G<6><3>U<29><17><4>@0><130><27>net-auth-
> test.its.uiowa.edu<130><31>www.net-auth-
> test.its.uiowa.edu0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><13
> 0><1><1><0>)Lh<215><226><187>Sv<149><17>O<221>."M>(<246>c}d<242><30><10
> >^<175>2<155><233><191>4<192>!<250><0><150>F\!<137><182><134>s<19>5<230
> ><194>B<17>2{<189>$<15><5>9<227><146><246><173><135>@D\vd<174><195>_<16
> 2>c<158><134><142><254><212>N<181><180><222><150><175><211>X<242><16><1
> 53>)<154>$d<207><178><167>
> > EAP-Message =
> <233>?<31><201><3><204><251><161>6<169><241><209>&'<166>`<14><181><255>
> }<202><160>V<171><203><243>pc<245>BU<25><241>?<162><130><161><242><10>
> <134>/<171><29><5>e<166><174><18>WOj<7><18><250>Z<234><181><127><246>;8
> x<229>F<248><240><148>A<141><151><158>Fp)<157><23><229><225><7><<238>^J
> <136><26><235><127><240>jG|<205>[0)HFO<198>/<149>?{n<130><165><252><159
> ><2>~<232><12>O<231><253><253><244><3>U'<16><196><174>e<237><209><184><
> 221>d<217><247>z<149><N!<19><138>Z<210><241><26><9<159>8d<5>N<203><211>
> <231><8><148><9><25><5><236><210><150><139><0><5><0>0<130><4><252>0<130
> ><3><228><160><3><2><1><2><2><16><22><144><195>)<182>x<6><7>Q<31><5><17
> 6>4HF<203>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0o1<11>0<9><6>
> <3>U<4><6><19><2>SE1<20>0<18><6><3>U<4><10><19><11>AddTrust AB1&0$<6>
> > EAP-Message = <3>U<4><11><19><29>AddTrust External TTP
> Network1"0 <6><3>U<4><3><19><25>AddTrust External CA
> Root0<30><23><13>100416000000Z<23><13>200530104838Z0<129><137>1<11>0<9>
> <6><3>U<4><6><19><2>GB1<27>0<25><6><3>U<4><8><19><18>Greater
> Manchester1<16>0<14><6><3>U<4><7><19><7>Salford1<26>0<24><6><3>U<4><10>
> <19><17>COMODO CA Limited1/0-<6><3>U<4><3><19>&COMODO High-Assurance
> Secure Server CA0<130><1>"
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Received from 128.255.204.94 port 59392 ....
> > Code: Access-Request
> > Identifier: 4
> > Authentic: 4]!<191><14>D`<138><127>KL<252>8<144><136><143>
> > Attributes:
> > User-Name = "nmjoo"
> > NAS-IP-Address = 127.0.0.1
> > Calling-Station-Id = "02-00-00-00-00-01"
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-IEEE-802-11
> > Connect-Info = "CONNECT 11Mbps 802.11b"
> > EAP-Message = <2><4><0><6><21><0>
> > Message-Authenticator =
> !<13><213>`V<239><14><197><195>YN<148>B<28><177><194>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo,
> 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 4, 6, 21
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Sending to 128.255.204.94 port 59392 ....
> > Code: Access-Challenge
> > Identifier: 4
> > Authentic:
> <186><161><131><144><181><29><240>US<251><247><155>!,<183>(
> > Attributes:
> > EAP-Message =
> <1><5><3><238><21>@0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><1
> 30><1><15><0>0<130><1><10><2><130><1><1><0><231><135><218><192>w<228><1
> 87>:<250>j$<200><128>A<172><210><22><19><21>=<250><247><248>*v<220><168
> >-9<8><206>HJ<190><15>}<240><222><186><187>G<213><189>-
> <215><27><171><15>
> <129>#<8>r<177><192><17><149><13><230><234><169><135><255><199>n<30>Of2
> <186>S<188><5><170><28>,<12><239>M7Gk<16><12><219><197><160><152>~X<219
> >7<214><174><233><6><189><215><168>e<243>7<185><199>m<206>w<199>&<224><
> 215>t<31><166><152><22><187><12>k<200><190>w<208><239>X<167>)<160><185>
> <184>i<5>6<203><178><218>X<163><11>u<173>=<139>"<130>
> >p<134><153><28><185>O<207>w<164><7><26>#c<209>8V<132><236><191><143><1
> 97>N<244><24><150><155><26><232><147><236><141><175><21><156>$<240>Z;<2
> 32><15><185><168>Z<1><211><178><28>`<201><156>R<4><221><146><167><254><
> 12><172><226>E<141><3>a<188>y<224>w.<135>A<
> > EAP-Message =
> X_<203><245><197>w<242>X<200>M(<208><154><250><243>s<9>$ht<188>
> L<216>,<176><170><232><217>Nm<242><140>$<211><147>]<145><2><3><1><0><1>
> <163><130><1>w0<130><1>s0<31><6><3>U<29>#<4><24>0<22><128><20><173><189
> ><152>z4<180>&<247><250><196>&T<239><3><189><224>$<203>T<26>0<29><6><3>
> U<29><14><4><22><4><20>?<213><181><208><214>DyPJ<23><163><155><140>J<22
> 0><184><176>"dk0<14><6><3>U<29><15><1><1><255><4><4><3><2><1><6>0<18><6
> ><3>U<29><19><1><1><255><4><8>0<6><1><1><255><2><1><0>0<17><6><3>U<29>
> <4><10>0<8>0<6><6><4>U<29>
> <0>0D<6><3>U<29><31><4>=0;09<160>7<160>5<134>3http://crl.usertrust.com/
> AddTrustExternalCARoot.crl0<129><179><6><8>+<6><1><5><5><7><1><1>
> > EAP-Message =
> <4><129><166>0<129><163>0?<6><8>+<6><1><5><5><7>0<2><134>3http://crt.us
> ertrust.com/AddTrustExternalCARoot.p7c09<6><8>+<6><1><5><5><7>0<2><134>
> -
> http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%<6><8>+<6><1><5><5><7>0<
> 1><134><25>http://ocsp.usertrust.com0<13><6><9>*<134>H<134><247><13><1>
> <1><5><5><0><3><130><1><1><0><19><133><31>R<128><24><201>S<247><254>.<2
> 6><175><204><217><11><<194><211><133><129><16><240>(<141><185>@~,<158><
> 143><214>6<134><10>L<20>-
> <214><151>C<146>A<25>7K<150><158><235><169>0y<18><149><179><2>6W<237>+<
> 185><29><152><26>
> > EAP-Message =
> <163><24><10>?<155>9<139><205><161>I)L/<249><208><149><140><200>M<149><
> 186><168>C<207>3<170>%*Z<14><170>'<201>Nk<177><230>s<31><179>t<4><195><
> 243>L<226><168><235>g<183>]<184><8><5><26>V<154>T)<133><245>)N<128>;<14
> 9><208>{S<150><17>V<193><2><211><234><178><127><202><143><156>pJ<20><14
> 1>Z<185><22>`u<214><205>'<30><22><205>[3<142>y@<207>(H<231><220>q<22>Nt
> <145>u<185>*<140><241>p<172>&<221><4><185>@<194><133><222><28><147>@<20
> 8><204>n<195><155><170><239>`e<223>`"<240>Z<165>z<162>/<228>ps<238><<21
> 2>&+h<7><193>
> z<232><152>Z>{<159><2><139>b<192><133><129><128>`5~<165><29><12><210><1
> 56><223>bE<13><219><252>7<251><245>%"<0><4>:0<130><4>60<130><3><30><160
> ><3><2><1><2><2><1><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0o
> 1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6><3>
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Received from 128.255.204.94 port 59392 ....
> > Code: Access-Request
> > Identifier: 5
> > Authentic: <4><13><13><128><179><250>V<241>1-<141><204>)<223><155>.
> > Attributes:
> > User-Name = "nmjoo"
> > NAS-IP-Address = 127.0.0.1
> > Calling-Station-Id = "02-00-00-00-00-01"
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-IEEE-802-11
> > Connect-Info = "CONNECT 11Mbps 802.11b"
> > EAP-Message = <2><5><0><6><21><0>
> > Message-Authenticator =
> <199><191><254><244><233><16><1>Q<30><17><6><148> <151><12>j
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo,
> 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 5, 6, 21
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Sending to 128.255.204.94 port 59392 ....
> > Code: Access-Challenge
> > Identifier: 5
> > Authentic: <1>Z<202>O<243>9K<205><159><j{<242><230><29><246>
> > Attributes:
> > EAP-Message = <1><6><3><238><21>@U<4><10><19><11>AddTrust
> AB1&0$<6><3>U<4><11><19><29>AddTrust External TTP Network1"0
> <6><3>U<4><3><19><25>AddTrust External CA
> Root0<30><23><13>000530104838Z<23><13>200530104838Z0o1<11>0<9><6><3>U<4
> ><6><19><2>SE1<20>0<18><6><3>U<4><10><19><11>AddTrust
> AB1&0$<6><3>U<4><11><19><29>AddTrust External TTP Network1"0
> <6><3>U<4><3><19><25>AddTrust External CA
> Root0<130><1>"0<13><6><9>*<134>
> > EAP-Message =
> H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1
> ><1><0><183><247><26>3<230><242><0><4>-
> 9<224>N[<237><31><188>l<15><205><181><250>#<182><206><222><155><17>3<15
> 1><164>)L}<147><159><189>J<188><147><237><3><26><227><143><207><229>mPZ
> <214><151>)<148>Z<128><176>Iz<219>.<149><253><184><202><191>78-
> <30>><145>A<173>pV<199><240>O?<232>2<158>t<202><200><144>T<233><198>_<1
> 5>x<157><154>@<<14><172>a<170>^<20><143><158><135><161>jP<220><215><154
> >N<175><5><179><166>q<148><156>q<179>P`<10><199><19><157>8<7><134><2><1
> 68><233><168>i&<24><144><171>L<176>O#<171>:O<132><216><223><206><159><2
> 25>io<187><215>B<215>kD<228><199><173><238>mA_rZq<8>7<179>ye<164>Y<160>
> <148>7<247><0>/<13><194><146>r<218><208>8r<219><20><168>E<196>]*}<183><
> 180><214><196><238><172><205><19>D<183><201>+<221>C<0>%<250>a<185>ijX#<
> 17><183><167>3<143>VuY
> > EAP-Message =
> <245><205>)<215>F<183><10>+e<182><211>Bo<21><178><184>{<251><239><233>]
> S<213>4Z'<2><3><1><0><1><163><129><220>0<129><217>0<29><6><3>U<29><14><
> 4><22><4><20><173><189><152>z4<180>&<247><250><196>&T<239><3><189><224>
> $<203>T<26>0<11><6><3>U<29><15><4><4><3><2><1><6>0<15><6><3>U<29><19><1
> ><1><255><4><5>0<3><1><1><255>0<129><153><6><3>U<29>#<4><129><145>0<129
> ><142><128><20><173><189><152>z4<180>&<247><250><196>&T<239><3><189><22
> 4>$<203>T<26><161>s<164>q0o1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6>
> <3>U<4><10><19><11>AddTrust AB1&0$<6><3>U<4><11><19><29>AddTrust
> External TTP Network1"0 <6><3>U<4><3><19><25>AddTrust External CA
> Root<130><1>
> > EAP-Message =
> <1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><176
> ><155><224><133>%<194><214>#<226><15><150><6><146><157>A<152><156><217>
> <132>y<129><217><30>[<20><7>#6e<143><176><216>w<187><172>AlG`<131>Q<176
> ><249>2=<231><252><246>&<19><199><128><22><165><191>Z<252><135><207>xy<
> 137>!<154><226>L<7><10><134>5<188><242><222>Q<196><210><150><183><220>~
> N<238>p<253><28>9<235><12><2>Q<20>-
> <142><189><22><224><193><223>Fu<231>$<173><236><244>B<180><133><147>p<1
> 6>g<186><157><6>5J<24><211>+z<204>QB<161>zc<209><230><187><161><197>+<1
> 94>6<190><19><13><230><189>c~y{<167><9><13>@<171>j<221><143><138><195><
> 246><246><140><26>B<5>Q<212>E<245><159><167>b!h<21>
> C<<153><231>|<189>$<216><169><145><23>s<136>?V<27>18<24><180>q<15><154>
> <205><200><14><158><142>.<27><225><140><152><131><203><31>1<241>DL<198>
> <4>sIv`<15><199><248><189><23><128>k.<233>
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Received from 128.255.204.94 port 59392 ....
> > Code: Access-Request
> > Identifier: 6
> > Authentic: U<14><245>_<199><183><14><149><197><206>g<1><199><189>)T
> > Attributes:
> > User-Name = "nmjoo"
> > NAS-IP-Address = 127.0.0.1
> > Calling-Station-Id = "02-00-00-00-00-01"
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-IEEE-802-11
> > Connect-Info = "CONNECT 11Mbps 802.11b"
> > EAP-Message = <2><6><0><6><21><0>
> > Message-Authenticator =
> <242><246><222>}d<235>u<133>c<136><0><236>Xl<183><228>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo,
> 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 6, 6, 21
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Sending to 128.255.204.94 port 59392 ....
> > Code: Access-Challenge
> > Identifier: 6
> > Authentic: B<3><136>V[<205><182>1K<209><168><221>E<157><177>,
> > Attributes:
> > EAP-Message = <1><7><0>-<21><0><204>L<14>Z<154>y<15>
> <10>.<213><158>c&<30>U<146><148><216><130><23>Z{<208><188><199><143>N<1
> 34><4><22><3><1><0><4><14><0><0><0>
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Received from 128.255.204.94 port 59392 ....
> > Code: Access-Request
> > Identifier: 7
> > Authentic:
> <183><228><246><187><190><209><14><127>R<133><203>2<18>u<233><236>
> > Attributes:
> > User-Name = "nmjoo"
> > NAS-IP-Address = 127.0.0.1
> > Calling-Station-Id = "02-00-00-00-00-01"
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-IEEE-802-11
> > Connect-Info = "CONNECT 11Mbps 802.11b"
> > EAP-Message =
> <2><7><1>L<21><0><22><3><1><1><6><16><0><1><2><1><0><31><233>e<233><247
> ><244>@O<210><250><147><175>x<174><235>><156><235><229><10>op<226>5$|<1
> 84><165><147><222>,R<229><127><238><139><220><219>>%PWN<145><175><168><
> 208><247>z<242><229><220>#<231><213><151>+<142><1>D<231><145>]<2><136>F
> <251><220><214>A<228><17><2><205><251>9?<172><17>C<224><224>0<1><21>|<2
> 13>.<209><130><161>9<250>_Y<171><180><5><234>w<192>QZ<131><136><4><182>
> <25>a<174>[@op<11>;<199><179><5><166>F<1><200>n<20><173><137><211><30><
> 227>L<198><187><145><209><18><148>;<186><150><242><215>|H<248>7<214>E+<
> 20>_<140>-
> V<215><2><203><5><23><21>y7;<29><194>.<253>5<216><188><18><142>?<233>5<
> 226><13>=)<160><163><236>z<18><163><246><220><235>n#<216>k%h_*a<133>L)(
> <138>y<190><31>MdQ<134><6>0XZq<7>G<135>!<197><214><226><176>D<17>P<253>
> <245>]I<145><183><235><190><145>J4
> > EAP-Message =
> <249><248><133><14><205>8<13><174>}ib<29><209><244>o<236>,<225><8>m<20>
> <3><1><0><1><1><22><3><1><0>0
> <209>b<144><19><20>f<254><212><150><221>v4<183><149>n<152><132>|<139>H<
> 193><181><182><249>H<183><30><7>(%f<178>q<212><9>.<213><240>'<23>i6<18>
> N<25><30><31>
> > Message-Authenticator =
> <0>a<161><140>H<221><195><205>pD5<208>b <222><237>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo,
> 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 7, 332,
> 21
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS data, 8576, 7, 2
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP
> TTLS Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Sending to 128.255.204.94 port 59392 ....
> > Code: Access-Challenge
> > Identifier: 7
> > Authentic: <243><177><196><201><236><136>EDv<198><4>:<16>n<<19>
> > Attributes:
> > EAP-Message =
> <1><8><0>E<21><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0<197>-
> <202>Uk<155><250><147><201><191><180><132>3<30>(z<179><174>+K<10><149>@
> n<147><22><237><225><202>A<134>^~<223>5<134><170><165>\<14>C<27><232><1
> 37><214><169>y<230>
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Received from 128.255.204.94 port 59392 ....
> > Code: Access-Request
> > Identifier: 8
> > Authentic:
> <24><252><208><129>e<23><2><146><237><252>v`<227><18><168><245>
> > Attributes:
> > User-Name = "nmjoo"
> > NAS-IP-Address = 127.0.0.1
> > Calling-Station-Id = "02-00-00-00-00-01"
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-IEEE-802-11
> > Connect-Info = "CONNECT 11Mbps 802.11b"
> > EAP-Message = <2><8><0>`<21><0><23><3><1><0>
> <226><221>'<5>=<249>g<236>J<207><173><187><239><128><246><188><129>}B<1
> 62>&M+<205>,O<167><209>r<170>Y<166><23><3><1><0>0<238><149><159>m<16>d<
> 195>wB<129>@<31>1<l<224>=<226>d<182>I<209><1><226>k<135><172>c<25>w<187
> >8<192>='<129>OP7<243><137><162>e<247>H]<223><210>
> > Message-Authenticator =
> <188>7o<188><208>MmUH<12><26>A<222><252><237><130>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo,
> 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 8, 96, 21
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS data, 3, 8, 7
> > Fri Jan 7 17:11:28 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
> > Code: UNDEF
> > Identifier: UNDEF
> > Authentic: UNDEF
> > Attributes:
> > EAP-Message = <2><0><0><10><1>nmjoo
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS inner authentication
> request for
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for , 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA: ITS-
> WIRELESS-IOWA
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 0, 10, 1
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 1
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP MSCHAP-V2
> Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP
> MSCHAP-V2 Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for : EAP MSCHAP-
> V2 Challenge
> > Fri Jan 7 17:11:28 2011: DEBUG: Returned TTLS tunnelled Diameter
> Packet dump:
> > Code: Access-Challenge
> > Identifier: UNDEF
> > Authentic: <151>znx<251>!kw<183><239>e<18>'6<201>Z
> > Attributes:
> > EAP-Message =
> <1><1><0>"<26><1><1><0><29><16><157><234>gS+<250><142>H<204>j<211><20><
> 160>Aj<179>itsnt929
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP result: 3, EAP TTLS inner
> authentication redispatched to a Handler
> > Fri Jan 7 17:11:28 2011: DEBUG: AuthBy LSA result: CHALLENGE, EAP
> TTLS inner authentication redispatched to a Handler
> > Fri Jan 7 17:11:28 2011: DEBUG: Access challenged for nmjoo: EAP
> TTLS inner authentication redispatched to a Handler
> > Fri Jan 7 17:11:28 2011: DEBUG: PostProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Sending to 128.255.204.94 port 59392 ....
> > Code: Access-Challenge
> > Identifier: 8
> > Authentic:
> <244><189><164>C<201>Wr<150><163>n/<172><8><194><199><182>
> > Attributes:
> > EAP-Message =
> <1><9><0>o<21><128><0><0><0>e<23><3><1><0>`<20>C<4><220><208>s+<145><12
> ><<146><9><195>M)<172><214>HW<175>xAS<253><5><161><147><163><192><197>f
> <16><153><185>J;a<233>l<11>&},{<219><222><226><143>u<198>4<155><16>^<18
> 0>s<181>YX6N<4>7<159><229><167>S<224><145>c<183><216>GsR<154>v<16>Y'<22
> 7><235>G<140>p<2><186><27>G<2><144><181><139><214><176><137>
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Packet dump:
> > *** Received from 128.255.204.94 port 59392 ....
> > Code: Access-Request
> > Identifier: 9
> > Authentic: <255><4>~<194>:[DJ<210>B<19><161><202><24><234><9>
> > Attributes:
> > User-Name = "nmjoo"
> > NAS-IP-Address = 127.0.0.1
> > Calling-Station-Id = "02-00-00-00-00-01"
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-IEEE-802-11
> > Connect-Info = "CONNECT 11Mbps 802.11b"
> > EAP-Message = <2><9><0><144><21><0><23><3><1><0>
> <175><219>o<199><15>R<227>_g7<203><17><156>pg<171><9><251><26>H[<205><2
> 01><166><6><228>x<182>Q<145><246><203><23><3><1><0>`<252>X<222><224><22
> 4><196><217>n#<185><178><127><141><30><140>>"<163>g<233>n<177><207><127
> >Y<7><187><201><17>\<28>C<133>y<177>;]<218><220><166><14><219><176><231
> ><240><148>F<201>2g=P`<206>/lZr<175><216><218><165>#<138><235><141><222
> ><210><253><26>0<201><135><255><179><170><20>{<223><20><179>'Y<165><30>
> <239><206><13><157>M<167><23>}@<190><248>
> > Message-Authenticator =
> <10><165><200><247><210>iIL<144><224>n<255><137><170><242>(
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'Realm=/(?:uiowa\.edu$|^$)/i ', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: PreProcessing Hook: called.
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for nmjoo,
> 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA:
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 9, 144,
> 21
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 21
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS data, 3, 9, 8
> > Fri Jan 7 17:11:28 2011: DEBUG: TTLS Tunnelled Diameter Packet dump:
> > Code: UNDEF
> > Identifier: UNDEF
> > Authentic: UNDEF
> > Attributes:
> > EAP-Message =
> <2><1><0>@<26><2><1><0>;1<147>}<205><25>^q<165>D<186>@<190><179><213><2
> 35>O<203><0><0><0><0><0><0><0><0><222><141><0>zQm<211>2<30><164><161><1
> 37><0>GV<241>R<153><25><147><251>U<214><26><0>nmjoo
> >
> > Fri Jan 7 17:11:28 2011: DEBUG: EAP TTLS inner authentication
> request for
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling request with Handler
> 'TunnelledByTTLS=1', Identifier ''
> > Fri Jan 7 17:11:28 2011: DEBUG: Deleting session for , 127.0.0.1,
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with Radius::AuthLSA: ITS-
> WIRELESS-IOWA
> > Fri Jan 7 17:11:28 2011: DEBUG: Handling with EAP: code 2, 1, 64, 26
> > Fri Jan 7 17:11:28 2011: DEBUG: Response type 26
> > Fri Jan 7 17:11:28 2011: DEBUG: Radius::AuthLSA looks for match with
> nmjoo []
> > Fri Jan 7 17:11:28 2011: DEBUG: Checking LSA Group membership for
> \\IOWADC1, ITS-WIRELESS-IOWA,
> > Fri Jan 7 17:11:29 2011: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA
> User is not a member of any Group: nmjoo []
> > Fri Jan 7 17:11:29 2011: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> no such user nmjoo
> > Fri Jan 7 17:11:29 2011: DEBUG: AuthBy LSA result: REJECT, EAP
> MSCHAP V2 failed: no such user nmjoo
> > Fri Jan 7 17:11:29 2011: DEBUG: Handling with Radius::AuthLSA: ITS-
> WIRELESS-QUARANTINE
> > Fri Jan 7 17:11:29 2011: DEBUG: Handling with EAP: code 2, 1, 64, 26
> > Fri Jan 7 17:11:29 2011: DEBUG: Response type 26
> > Fri Jan 7 17:11:29 2011: DEBUG: Radius::AuthLSA looks for match with
> nmjoo []
> > Fri Jan 7 17:11:29 2011: DEBUG: Checking LSA Group membership for
> \\IOWADC1, ITS-WIRELESS-QUARANTINE,
> > Fri Jan 7 17:11:29 2011: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA
> User is not a member of any Group: nmjoo []
> > Fri Jan 7 17:11:29 2011: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> no such user nmjoo
> > Fri Jan 7 17:11:29 2011: DEBUG: AuthBy LSA result: REJECT, EAP
> MSCHAP V2 failed: no such user nmjoo
> > Fri Jan 7 17:11:29 2011: DEBUG: Handling with Radius::AuthFILE:
> EDUROAM_TEST_USERS
> > Fri Jan 7 17:11:29 2011: DEBUG: Handling with EAP: code 2, 1, 64, 26
> > Fri Jan 7 17:11:29 2011: DEBUG: Response type 26
> > Fri Jan 7 17:11:29 2011: DEBUG: Radius::AuthFILE looks for match
> with nmjoo []
> > Fri Jan 7 17:11:29 2011: DEBUG: Radius::AuthFILE REJECT: No such
> user: nmjoo []
> > Fri Jan 7 17:11:29 2011: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> no such user nmjoo
> > Fri Jan 7 17:11:29 2011: DEBUG: AuthBy FILE result: REJECT, EAP
> MSCHAP V2 failed: no such user nmjoo
> > Fri Jan 7 17:11:29 2011: INFO: Access rejected for : EAP MSCHAP V2
> failed: no such user nmjoo
> > Fri Jan 7 17:11:29 2011: DEBUG: Returned TTLS tunnelled Diameter
> Packet dump:
> > Code: Access-Reject
> > Identifier: UNDEF
> > Authentic: `<205><129><218><178>D{<228><139>Hu<213>6b<10><198>
> > Attributes:
> > EAP-Message = <4><1><0><4>
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > Reply-Message = "Request Denied"
> >
> > Fri Jan 7 17:11:29 2011: DEBUG: EAP result: 1, EAP TTLS inner
> authentication redispatched to a Handler
> > Fri Jan 7 17:11:29 2011: DEBUG: AuthBy LSA result: REJECT, EAP TTLS
> inner authentication redispatched to a Handler
> > Fri Jan 7 17:11:29 2011: INFO: Access rejected for nmjoo: EAP TTLS
> inner authentication redispatched to a Handler
> > Fri Jan 7 17:11:29 2011: DEBUG: PostProcessing Hook: called.
> > Fri Jan 7 17:11:29 2011: DEBUG: Packet dump:
> > *** Sending to 128.255.204.94 port 59392 ....
> > Code: Access-Reject
> > Identifier: 9
> > Authentic:
> <151>V<196><173><208><240><171>@<27>K@<249>j<205><205><217>
> > Attributes:
> > EAP-Message = <4><9><0><4>
> > Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> > Reply-Message = "Request Denied"
> >
> >
> > --
> > Neil Johnson
> > Network Engineer
> > Information Technology Services
> > The University of Iowa
> > 319 384-0938
> > neil-johnson at uiowa.edu
> >
> >
> > _______________________________________________
> > radiator mailing list
> > radiator at open.com.au
> > http://www.open.com.au/mailman/listinfo/radiator
>
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
More information about the radiator
mailing list