[RADIATOR] Multiple handlers with inner MSCHAP-V2 authentication

Wed May 18 04:48:23 CDT 2011

Dear all,

Currently I'm trying to create a pretty advanced authentication mechanism using Radiator. What I'd like to do is to use the same procedure (which I've already configured in Radiator for 'normal' RADIUS requests) for EAP requests. I feel like I'm almost there, but it seems the last step doesn't function as I would expected.

It seems that when Radiator dispatches an inner authentication RADIUS request, it's not following the 'normal' procedure. It executes the first AuthBy in the correct Handler. This AuthBy normally sets two variables which are used further in the authentication procedure. With the inner authentication however it quits after a result is returned from this SQL AuthBy query and it returns an Access-Reject. It should continue since there's an ContinueWhileAccept in top of the Handler. The AuthBy returns an Accept as well, but the EAP/PEAP module returns a Reject.

Am I missing something or is it a minor bug in Radiator?

Best regards,

PROXSYS*
Remco van Noorloos

-----------------------------------
--	     DEBUG LOGFILE
-----------------------------------

Wed May 18 11:34:03 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 62
Authentic:  <146>#<154><3>ceQ9<10><230>F0<240><159><0><128>
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><2><0><25><1>PROXSYS\rvannoorloos
	Message-Authenticator = <148><153>I<144><223><137><158><149>/7t<207>h^<24>I

Wed May 18 11:34:03 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:03 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:03 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:03 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:03 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:03 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:03 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:03 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:03 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:03 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:03 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:03 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:03 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:03 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:03 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:03 2011: DEBUG: Handling with EAP: code 2, 2, 25, 1
Wed May 18 11:34:03 2011: DEBUG: Response type 1
Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Access challenged for PROXSYS\rvannoorloos: EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Challenge
Identifier: 62
Authentic:  <191>T<147>L<158><189><199><135><167>)!&<213>"A_
Attributes:
	EAP-Message = <1><3><0><6><25>!
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 63
Authentic:  <241><26>,<218> MG(<212><194>@A<222>da<152>
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><3><0><137><25><128><0><0><0><127><22><3><1><0>z<1><0><0>v<3><1>M<211><146><144>A#<229><221><131><153><232>Lj<25>g<210>77t<247><21><159><201><195>b<7><237>P<205><157>E<147> ] <0><0><247><167><197><249><171><31><191>D+y<205><22><253><197><192><206><6><255><170>Q&<167>j<244>{Z<<159><0><24><0>/<0>5<0><5><0><10><192><19><192><20><192><9><192><10><0>2<0>8<0><19><0><4><1><0><0><21><255><1><0><1><0><0><10><0><6><0><4><0><23><0><24><0><11><0><2><1><0>
	Message-Authenticator = <187><147><138>\L<180>@<218>H<156><27><143><5><1><1><155>

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 3, 137, 25
Wed May 18 11:34:05 2011: DEBUG: Response type 25
Wed May 18 11:34:05 2011: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Access challenged for PROXSYS\rvannoorloos: EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Challenge
Identifier: 63
Authentic:  <163>~<220><176>?<150><199>9<132><166><203><197>-*<192>R
Attributes:
	EAP-Message = <1><4><3><242><25><192><0><0><15><193><22><3><1><0>J<2><0><0>F<3><1>M<211><146><141><<146><222><193>V<<199>ht<145>Y<179><22><<186>C<207>`]<228><200>C<133><6><172><224>A<27> v<24>j<213>#<216><130>.<159><169><232>Ni<245><2>~<252><208>~<154><160><218>L<164><22><193><16><131><167><201>#<244><0>/<0><22><3><1><15>d<11><0><15>`<0><15>]<0><3>m0<130><3>i0<130><2>Q<160><3><2><1><2><2><16>c<250><171><210>(Jtx<164>Q<203>`<196>1M<211>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<1<11>0<9><6><3>U<4><6><19><2>US1<21>0<19><6><3>U<4><10><19><12>Thawte, Inc.1<22>0<20><6><3>U<4><3><19><13>Thawte SSL CA0<30><23><13>110114000000Z<23><13>130314235959Z0<129><133>1<11>0<9><6><3>
	EAP-Message = U<4><6><19><2>NL1<21>0<19><6><3>U<4><8><19><12>Zuid-Holland1<18>0<16><6><3>U<4><7><20><9>Gorinchem1<21>0<19><6><3>U<4><10><20><12>Proxsys B.V.1<20>0<18><6><3>U<4><11><20><11>PROXSYS.NET1<30>0<28><6><3>U<4><3><20><21>*.webmail.proxsys.net0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><201><156>V<255><226><3><137><133><183><228>-e<234>d<254><244><231><251>8<23>Cu<128>><224><222><16>5<154><167>W<130><195>&<151>b<229>lsh<181><7>r<225>1<0><184>>A<207><217>`<189><31><185><12>X/<202><159>$<249><237><133>C<179><1><200>=Y<210>'7<213><239>X<188><152>r<165><254><158>h<155>2t<165><29><176><206>4<224><185><238><136>_r
	EAP-Message = -<219><235>8<222>(<188>-MRU<19><201>9G.<176><240>(E2<22>z<145><184>m`<10><23><199>w<2><3><1><0><1><163><129><160>0<129><157>0<12><6><3>U<29><19><1><1><255><4><2>0<0>0:<6><3>U<29><31><4>3010/<160>-<160>+<134>)http://svr-ov-crl.thawte.com/ThawteOV.crl0<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>+<6><1><5><5><7><3><2>02<6><8>+<6><1><5><5><7><1><1><4>&0$0"<6><8>+<6><1><5><5><7>0<1><134><22>http://ocsp.thawte.com0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>V.<175><157>n<130>.Y@<215>:<150>:9<22><16><206>ab|V<164><171><156><192><156><194><a<211><28><167><225><129>
	EAP-Message = <10>H<2>C<237><250><196>P<187><128><13><231>PH<249><141>V<0><28><199>b<215><244><192><144><173>zB<31>(<215><136><14>:<223>1XaS<232>$k<217><24><216>l<207><160><210>2<135><221><208><164><225>H<167><178><232><196><9><241><6><215><148>J<225>V<195>FH<195>b<207>u<174><2><135><232><201>9<210><195> U<205><19><240><183>]<246><148><140>X<138><27><204>|<156><228><227><165>6<191><9>^<6><246><18><157>m<29><170><227><9>u5Sv<144><154>t#<0><12><25>#n<222><199>b<24><127>2<165><188>t.<243><0><196><255>XP<187><250>\<161><4>5O<H<207><145>3,<154><143>P<232><140>M<138><127>i<220><234><19>ZT<144>/<127><255><182><151>'<148>%<196><172><197><5><168><138><239><181><11>Y<218><16>P;<21><186><15>wA<246><195><182><183>R<181><252><197><206><191><180>V<144>q<228>^<158><30>;t<208><144><190><0><4>p0<130><4>l0<130><3>T<160><3><2><1><2><2><16>M_,4<8><178>L <205>mP
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 64
Authentic:  <164><140><146><151>jz<218>8{\<185>Zb<223><30>u
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><4><0><6><25><0>
	Message-Authenticator = <164><212><28><198>V<212><140>s<227><11><151>K<20>r<194>&

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 4, 6, 25
Wed May 18 11:34:05 2011: DEBUG: Response type 25
Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Access challenged for PROXSYS\rvannoorloos: EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Challenge
Identifier: 64
Authentic:  <169><156><156><202><156>h^<151><179>t<183><175><242>~<193>P
Attributes:
	EAP-Message = <1><5><3><238><25>@~$M<201><236>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><169>1<11>0<9><6><3>U<4><6><19><2>US1<21>0<19><6><3>U<4><10><19><12>thawte, Inc.1(0&<6><3>U<4><11><19><31>Certification Services Division1806<6><3>U<4><11><19>/(c) 2006 thawte, Inc. - For authorized use only1<31>0<29><6><3>U<4><3><19><22>thawte Primary Root CA0<30><23><13>100208000000Z<23><13>200207235959Z0<1<11>0<9><6><3>U<4><6><19><2>US1<21>0<19><6><3>U<4>
	EAP-Message = <10><19><12>Thawte, Inc.1<22>0<20><6><3>U<4><3><19><13>Thawte SSL CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><153><228><133>[vI}/<5><216><197><172><200><200><169><211><220><152><230><215>4<166>/<12><242>"&<216><163><201><20>L<143><5><164>E<232><20><12>X<144><5><26><183><197><193><6><165><128><175><187><29>IkR4<136><195>Y<231><239>k<196>'A<140>+f<29><208><224><163><151><152><25>4KA<213><152><213><199><5><173><162><228><215><237><12><173>O<193><181><176>!<253>>PS<178><196><144><208><212>0gl<154><241><14>t<196><194><220><138><232><151><255><201><146><174><1><138>V<10><152>2<176><0>#<236><144><26>`<195><237><187>:<203><15>c<159><13>D<201>R<225>%<150><191><237>P<149><137><127>V<20><177><183>a<29><28><7><140>:,<247><255><128><222>9E<213><175><26><209>x<216><199>qj
	EAP-Message = <163><25><167>2P!<233><242><14><161><198><19><3>DH<209>f<168>RW<215><17><180><147><139><229><153><159>]<231>xQ<229>M<246><183>Y<180>v<181><9>7M<6>8<19>z<28><8><152>\<196>HJ<203>R<160><169><248><177><157><142>{y<176> /<<150><168><17>bG<187><17><2><3><1><0><1><163><129><251>0<129><248>02<6><8>+<6><1><5><5><7><1><1><4>&0$0"<6><8>+<6><1><5><5><7>0<1><134><22>http://ocsp.thawte.com0<18><6><3>U<29><19><1><1><255><4><8>0<6><1><1><255><2><1><0>04<6><3>U<29><31><4>-0+0)<160>'<160>%<134>#http://crl.thawte.com/ThawtePCA.crl0<14><6><3>U<29><15><1><1><255><4><4><3><2><1><6>0(<6><3>U<29><17><4>!0<31><164><29>0<27>1<25>0<23><6><3>U<4><3><19>
	EAP-Message = <16>VeriSignMPKI-2-90<29><6><3>U<29><14><4><22><4><20><167><162><131><187>4E@=<252><213>0O<18><185>><161><1><159><246><219>0<31><6><3>U<29>#<4><24>0<22><128><20>{[E<207><175><206><203>z<253>1<146><26>j<182><243>F<235>WHP0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><128>"<128><224>l<200><149><22><215>W&<135><243>r4<219><198>rV'><211><150><246>.%<145><165>>3<151><167>K<229>/<251>%}/<7>a<250>o<131>tLLSr <164>z<207>QQV<129><136><176>m<31>6,<200>+<177><136><153><193><254>D<171>HQ|<216><242>Dd*<216>q<167><251><26>/<249><25><141>4<178>#<191><196>LU<29><142>D<232><170>]<154><221><159><253><3><199><186>$C<141>-GD<219><246><216><152><200><178><249><218><239><237>)\i<18><250><209>#<150><15><191><156><13><242>yES7<154>V/<232>
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 65
Authentic:  <144><167>Oa<183><5><207><181><198><138><13>1<156><169><188>u
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><5><0><6><25><0>
	Message-Authenticator = z<253>P<131>N<137>g<21><229>2<13><224>V4<172>`

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 5, 6, 25
Wed May 18 11:34:05 2011: DEBUG: Response type 25
Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Access challenged for PROXSYS\rvannoorloos: EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Challenge
Identifier: 65
Authentic:  ZMYxSu<7>y<207><255><145><196>q<175><176><162>
Attributes:
	EAP-Message = <1><6><3><238><25>@W<16>p<246><238><137><12>I<137><154><193>#<245><194>*<204>A<207>"<171>en<183><148><130>m/@_X<222><235><149>+<166>rhR<25><145>*<174>u<157>N<146><230><202><222>T<234><24><171>%<<230>d<166>y<31>&}a<237>}<210><229>qU<216><147><23>|<20>80<<223><134><227>L<173>I<227><151>Y<206><27><155>+<206><220>e<212><11>(kN<132>FQD<247>3<8>-X<151>!<174><0><4>I0<130><4>E0<130><3><174><160><3><2><1><2><2><16>3eP<8>y<173>s<226>0<185><224><29><13><127><172><145>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><206>1<11>0<9><6><3>U<4><6><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>Western Cape1<18>0<16><6><3>U<4><7><19><9>Cape Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting 
	EAP-Message = cc1(0&<6><3>U<4><11><19><31>Certification Services Division1!0<31><6><3>U<4><3><19><24>Thawte Premium Server CA1(0&<6><9>*<134>H<134><247><13><1><9><1><22><25>premium-server at thawte.com0<30><23><13>061117000000Z<23><13>201230235959Z0<129><169>1<11>0<9><6><3>U<4><6><19><2>US1<21>0<19><6><3>U<4><10><19><12>thawte, Inc.1(0&<6><3>U<4><11><19><31>Certification Services Division1806<6><3>U<4><11><19>/(c) 2006
	EAP-Message =  thawte, Inc. - For authorized use only1<31>0<29><6><3>U<4><3><19><22>thawte Primary Root CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><172><160><240><251><128>Y<212><156><199><164><207><157><161>Ys<9><16>E<12><13>,nh<241>l[HhIY7<252><11>3<25><194>w<127><204><16>-<149>4<28><230><235>M<9><167><28><210><184><201><151>6<2><183><137><212>$_<6><192><204>D<148><148><141><2>bo<235>Z<221><17><141>(<154>\<132><144><16>z<13><189>tf/j8<160><226><213>TD<235><29><7><159><7><186>o<238><233><253>N<11>)<245>><132><160><1><241><156><171><248><28>~<137><164><232><161><216>qe<13><163>Q{<238><188><210>"`<13><185>[<157><223><186><252>Q[<11><175><152><178>
	EAP-Message = <233>.<233><4><232>b<135><222>+<200><215>N<193>Ld<30><221><207><135>X<186>JO<202>h<7><29><28><157>J<198><213>/<145><204>|qr<28><197><192>g<235>2<253><201><146>\<148><218><133><192><155><191>S}+<9><244><140><157><145><31><151>jR<203><222><9>6<164>w<216>{<135>PD<213>>n)i<251>9I&<30><9><165><128>{@-<235><232>'<133><201><254>a<253>~<230>|<151><29><213><157><2><3><1><0><1><163><129><194>0<129><191>0<15><6><3>U<29><19><1><1><255><4><5>0<3><1><1><255>0;<6><3>U<29> <4>40200<6><4>U<29> <0>0(0&<6><8>+<6><1><5><5><7><2><1><22><26>https://www.thawte.com/cps0<14><6><3>U<29><15><1><1><255><4><4><3><2><1><6>0<29><6><3>U<29><14><4><22><4><20>{[E<207><175><206><203>z<253>1<146><26>j<182><243>F<235>WHP0@<6>
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 66
Authentic:  <205><12>I<134><129>j<2><208><217><205><169><229><176><188><192>w
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><6><0><6><25><0>
	Message-Authenticator = <163><188>4O<154><173><173><137><<171>,<188>'<254><139><156>

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 6, 6, 25
Wed May 18 11:34:05 2011: DEBUG: Response type 25
Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Access challenged for PROXSYS\rvannoorloos: EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Challenge
Identifier: 66
Authentic:  <176><175>;<159>G<10>0<239><128><199>9<31><193><231><208><173>
Attributes:
	EAP-Message = <1><7><3><238><25>@<3>U<29><31><4>90705<160>3<160>1<134>/http://crl.thawte.com/ThawtePremiumServerCA.crl0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><132><168>L<201>>*<188><154><226><204><143><11><178>%w<196>a<137><137>cZ<212><163><21>@<212><251>^?<180>C<234>c<23>+k<153>t<158><9><168><221><212>V<21>.zy1_c<150>S<27>4<217><21><234>Omp<202><190><246><130><169><237><218><133>w<204>v<28>j<129><10>!<216>A<153><127>^.<130><193><232><170><247><147><129><5><170><146><180><31><183><154><192><7><23><245><203><198><180>L<14><215>V<220>q t8<214>t<198><214><143>k<175><139><141><160>l)<11>a<224><0><3>+0<130><3>'0<130><2><144><160><3><2><1><2><2><1><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><206>
	EAP-Message = 1<11>0<9><6><3>U<4><6><19><2>ZA1<21>0<19><6><3>U<4><8><19><12>Western Cape1<18>0<16><6><3>U<4><7><19><9>Cape Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting cc1(0&<6><3>U<4><11><19><31>Certification Services Division1!0<31><6><3>U<4><3><19><24>Thawte Premium Server CA1(0&<6><9>*<134>H<134><247><13><1><9><1><22><25>premium-server at thawte.com0<30><23><13>960801000000Z<23><13>201231235959Z0<129><206>1<11>0<9><6><3>U<4><6><19><2>Z
	EAP-Message = A1<21>0<19><6><3>U<4><8><19><12>Western Cape1<18>0<16><6><3>U<4><7><19><9>Cape Town1<29>0<27><6><3>U<4><10><19><20>Thawte Consulting cc1(0&<6><3>U<4><11><19><31>Certification Services Division1!0<31><6><3>U<4><3><19><24>Thawte Premium Server CA1(0&<6><9>*<134>H<134><247><13><1><9><1><22><25>premium-server at thawte.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><210>66j<139><215><194>[<158><218><129>Ab<143>8<238>I<4>U<214><208><239><28><27><149><22>G<239><24>H
	EAP-Message = 5:R<244>+j<6><143>;/<234>V<227><175><134><141><158><23><247><158><180>eu<2>M<239><203><9><162>!Q<216><155><208>g<208><186><13><146><6><20>s<212><147><203><151>*<0><156>\N<12><188><250><21>R<252><242>Dn<218><17>Jn<8><159>/-<227><249><170>:<134>s<182>FSX<200><137><5><189><131><17><184>s?<170><7><141><244>BM<231>@<157><28>7<2><3><1><0><1><163><19>0<17>0<15><6><3>U<29><19><1><1><255><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>&H,<22><194>X<250><232><22>t<12><170><170>_T?<242><215><201>x`^^n7c"w6~<178><23><196>4<185><245><8><133><252><201><1>8<255>M<190><242><22>BC<231><187>ZF<251><193><198><17><31><241>J<176>(F<201><195><196>B}<188><250><171>Yn<213><183>Q<136><17><227><164><133><25>k<130>L<164><12><18><173><233><164><174>?<241><195>Ie<154><140><197><200>>%<183>
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 67
Authentic:  <185>%<155>><236><219><183><194><151>aO<8><6><136>J<158>
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><7><0><6><25><0>
	Message-Authenticator = <3>{<11><239><9><215><203><138>d7<152><228><190>q<186>e

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 7, 6, 25
Wed May 18 11:34:05 2011: DEBUG: Response type 25
Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Access challenged for PROXSYS\rvannoorloos: EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Challenge
Identifier: 67
Authentic:  <156><186><174>[<187><221>,<243><210><135><242><174><153><221>2<248>
Attributes:
	EAP-Message = <1><8><0>'<25><0><148><153><187><146>2q<7><240><134>^<237>P'<166><13><166>#<249><187><203><166><7><20>B<22><3><1><0><4><14><0><0><0>
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 68
Authentic:  5.<17>&<213><216><151>%<208><227><9>if<190>j<215>
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><8><0><208><25><128><0><0><0><198><22><3><1><0><134><16><0><0><130><0><128>~hv<30>t<157><184>G<224><140><30><174>VM<229>N<8>AVb<175><184><219><214>a<<204>,<180><[<136><7>AQ<183><215><1><239><165><129><10>Z/<139><5><145><157><191><225><28><180><241><143>$<157>"<128><198><193>I<206><19>]<127><7><184>U%<1><22>d<192>7<212><246>\O<255><175><173><14><131>z<220><15><233>3<166>]<185>a#Z<147><161>|<168>mY<128><136><170><215><186>U<23><218><144><224><200><11><207>1\<179><210>$<162><160>t<0><151>X<253>bZv<20><3><1><0><1><1><22><3><1><0>0<250>9$a<6><175>[<3>J`@<19><26><211>pYZ<171>O<204><149><242><142>_<140><138><253>y<210><176>:6<19>F<26><139><188>Th<189><172><13><213>,<165><31>t2
	Message-Authenticator = <218><21>}<6>w<26><213><127><203>T<218>b<30>v<184><183>

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 8, 208, 25
Wed May 18 11:34:05 2011: DEBUG: Response type 25
Wed May 18 11:34:05 2011: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Access challenged for PROXSYS\rvannoorloos: EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Challenge
Identifier: 68
Authentic:  ";<222>b<235><9>c<251><188>c<189><127><160>1<201><209>
Attributes:
	EAP-Message = <1><9><0>E<25><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0<19><175>b<19><144>c<4>S<203>g$<233><206><128>~<164><219><225>`<215><227><249><8>5<0><168>jy1<7><22><212><220>|<194>Yq<15><135>z<161>-<2<3>~o<159>
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 69
Authentic:  <152><167><171><216><186><181><29><231><139><128><252>.<143><207>b<255>
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><9><0><6><25><0>
	Message-Authenticator = <233><210><138>MR<237><219>w<185><207><154><229><174><138>;<12>

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 9, 6, 25
Wed May 18 11:34:05 2011: DEBUG: Response type 25
Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Access challenged for PROXSYS\rvannoorloos: EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Challenge
Identifier: 69
Authentic:  xB<159>c<251>I<<210><247>a<151><156>J<201>66
Attributes:
	EAP-Message = <1><10><0>+<25><0><23><3><1><0> qCa<18><216>v{<134><5><141><222><5>E)LiZj^l<127><236>~G<17><175><251><134>M<206><14><253>
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 70
Authentic:  <218><30>CaZ<196><19><151><152><191>/<185><167>x<248><6>
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><10><0>;<25><0><23><3><1><0>0_<165><11>/<190>J<181>k<179>2f~<152><182><235>RO<221><179>:<1>f+<25><17>*<187><211>>i<144><192><24>k<216><203>?<221><155><131>zQ<145> |5<24><186>
	Message-Authenticator = VF<164>FO<202><195>j<185><137>K<176>z<187><159>R

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 10, 59, 25
Wed May 18 11:34:05 2011: DEBUG: Response type 25
Wed May 18 11:34:05 2011: DEBUG: EAP PEAP inner authentication request for anonymous
Wed May 18 11:34:05 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <19><136><231>"><143><10><173><240><238>E<211>NZ<145><240>
Attributes:
	EAP-Message = <2><10><0><21><1>PROXSYS\rvannoorloos
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	NAS-Port = 1
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	User-Name = "anonymous"

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for anonymous, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for anonymous, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for anonymous, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 10, 21, 1
Wed May 18 11:34:05 2011: DEBUG: Response type 1
Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Access challenged for anonymous: EAP PEAP Challenge
Wed May 18 11:34:05 2011: DEBUG: Returned PEAP tunnelled packet dump:
Code:       Access-Challenge
Identifier: UNDEF
Authentic:  <19><136><231>"><143><10><173><240><238>E<211>NZ<145><240>
Attributes:
	EAP-Message = <1><11><0><6><25>!
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: Access challenged for PROXSYS\rvannoorloos: EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Challenge
Identifier: 70
Authentic:  X<183><236><206>0<12><238> <215><255><162><164><247>]<20><129>
Attributes:
	EAP-Message = <1><11><0>+<25><0><23><3><1><0> wHx<19><137><5>)&<31>N<227><143>Q<255><0>z\ap,s=<244><244><220><147><20><24><233><241><226>&
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 71
Authentic:  <250>F<132>(<139>w<25><3><249><150>D)F<252>^&
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><11><0>+<25><0><23><3><1><0> .<246><189><237>!<170><25><144>v<25><211>B<21>G<221><214><150><135><128><31><241><140><240>X<25><142><245><177>@<<4>X
	Message-Authenticator = <195><183><142>,<23><128><187><239><243><178>Q<186>:<216><203>T

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 11, 43, 25
Wed May 18 11:34:05 2011: DEBUG: Response type 25
Wed May 18 11:34:05 2011: DEBUG: EAP PEAP inner authentication request for anonymous
Wed May 18 11:34:05 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <246>djo<135><11><207><232><238><237>CM<128><17><4>H
Attributes:
	EAP-Message = <2><11><0><2><3><26>
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	NAS-Port = 1
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	User-Name = "anonymous"

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for anonymous, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for anonymous, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for anonymous, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 11, 2, 3
Wed May 18 11:34:05 2011: DEBUG: Response type 3
Wed May 18 11:34:05 2011: DEBUG: EAP Nak desires type 26
Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP MSCHAP-V2 Challenge
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP MSCHAP-V2 Challenge
Wed May 18 11:34:05 2011: DEBUG: Access challenged for anonymous: EAP MSCHAP-V2 Challenge
Wed May 18 11:34:05 2011: DEBUG: Returned PEAP tunnelled packet dump:
Code:       Access-Challenge
Identifier: UNDEF
Authentic:  <246>djo<135><11><207><232><238><237>CM<128><17><4>H
Attributes:
	EAP-Message = <1><12><0>(<26><1><12><0>#<16>p<181>\<137><161><244>6<10>Y<195><217><22><237><26><254><24>rvannoorloos01
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: Access challenged for PROXSYS\rvannoorloos: EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Challenge
Identifier: 71
Authentic:  <213>b <157><180>s<141><26>z&qG<244>B><160>
Attributes:
	EAP-Message = <1><12><0>K<25><0><23><3><1><0>@<183><216><217><21>2<160>r<163><222><155>5<186>{<27><169><3>+<195><133><174><7><214>U<169>{<252><136><201><196><162><243>WsH<239><137><144><227><155><142><155><248><14><8>K$x<252><237>G<206><216><20><149><190><11>4<254>O<196>//<247>n
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 72
Authentic:  <12>*K<133>J<159>z<<140><186><205><11><168><177><8><12>
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><12><0>k<25><0><23><3><1><0>`<20><247><241>V"Y<240><180>IE,<160><140>F<215><7><135><159>u<206><172><184>3/<169><238>/r<23><168>7<132><241><182><246><24><177>C<21>Q#<249><213><209>7c<133><241><192><171><160><236>F<186><223>?S<180><158><18><246><159><155><128>[4<140><127>{<13><201><149><195><214><196><29>Z~<242><155>[<217>O<161>@%<155><130><166>^<152>'<200><22><244>E
	Message-Authenticator = A<143><9><197>B<192><209><232>]<217><204><185>`b<255><231>

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 12, 107, 25
Wed May 18 11:34:05 2011: DEBUG: Response type 25
Wed May 18 11:34:05 2011: DEBUG: EAP PEAP inner authentication request for anonymous
Wed May 18 11:34:05 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <216><193><17><246>\<157><236><16>!<235><195><141><227>O<149>(
Attributes:
	EAP-Message = <2><12><0>K<26><2><12><0>J1c1<190><212>%<137><213><31><172><197><24><244>g<19>i<207><0><0><0><0><0><0><0><0>7<201><218>Q<149><227>4<149><21><193><211><9><135><135>aZ<141><188><214><202><172><152><25><21><0>PROXSYS\rvannoorloos
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	NAS-Port = 1
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	User-Name = "anonymous"

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for anonymous, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for anonymous, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for anonymous, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 12, 75, 26
Wed May 18 11:34:05 2011: DEBUG: Response type 26
Wed May 18 11:34:05 2011: DEBUG: Query is: 'EXEC spGetAuthenticationSource 'PROXSYS\rvannoorloos', 'Wireless-IEEE-802-11', 'Framed-User', ''': 
Wed May 18 11:34:05 2011: DEBUG: Radius::AuthSQL looks for match with PROXSYS\rvannoorloos [anonymous]
Wed May 18 11:34:05 2011: DEBUG: Radius::AuthSQL ACCEPT: : PROXSYS\rvannoorloos [anonymous]
Wed May 18 11:34:05 2011: DEBUG: EAP result: 1, EAP MSCHAP-V2 Authentication failure
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, EAP MSCHAP-V2 Authentication failure
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, EAP MSCHAP-V2 Authentication failure
Wed May 18 11:34:05 2011: INFO: Access rejected for anonymous: EAP MSCHAP-V2 Authentication failure
Wed May 18 11:34:05 2011: DEBUG: Returned PEAP tunnelled packet dump:
Code:       Access-Reject
Identifier: UNDEF
Authentic:  <216><193><17><246>\<157><236><16>!<235><195><141><227>O<149>(
Attributes:
	EAP-Message = <4><12><0><4>
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
	Reply-Message = "Request Denied"

Wed May 18 11:34:05 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: Access challenged for PROXSYS\rvannoorloos: EAP PEAP inner authentication redispatched to a Handler
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Challenge
Identifier: 72
Authentic:  <144><128>%<238><215>.<165><207>J<27>(<207><9>!<133>U
Attributes:
	EAP-Message = <1><13><0>+<25><0><23><3><1><0> <134><31><200>q<159><20><221>v-=D<245><218>t#<133><154>)>rDt<251>*Pk<165><3><172><184><245>}
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Received from 172.16.255.20 port 32770 ....
Code:       Access-Request
Identifier: 73
Authentic:  <231><11><202><165><146><152><158><160>Z`<29>As<153>*<144>
Attributes:
	User-Name = "PROXSYS\rvannoorloos"
	Calling-Station-Id = "00-16-ea-6e-10-8c"
	Called-Station-Id = "00-27-0d-ec-0f-00:office-test.wlan.proxsys.net"
	NAS-Port = 1
	NAS-IP-Address = 172.16.255.20
	NAS-Identifier = "NM-WLC"
	Airespace-WLAN-Id = 15
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-IEEE-802-11
	Tunnel-Type = 0:VLAN
	Tunnel-Medium-Type = 0:802
	Tunnel-Private-Group-ID = 316
	EAP-Message = <2><13><0>+<25><0><23><3><1><0> ,<235><25><25>o\<136><168>=j<174><11><28>_<215><185><184><1><228><175><241>)<225><165><199><167><206><148><252><151>(<29>
	Message-Authenticator = h<220><217><245><247><31><142>G<171><20>J<7><164><217>w<149>

Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'DefaultHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AccountingHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, Authentication disabled
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG: Handling request with Handler '', Identifier 'AuthenticationHandler'
Wed May 18 11:34:05 2011: DEBUG:  Deleting session for PROXSYS\rvannoorloos, 172.16.255.20, 1
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Wed May 18 11:34:05 2011: DEBUG: Handling with EAP: code 2, 13, 43, 25
Wed May 18 11:34:05 2011: DEBUG: Response type 25
Wed May 18 11:34:05 2011: DEBUG: EAP result: 1, PEAP Authentication Failure
Wed May 18 11:34:05 2011: DEBUG: AuthBy SQL result: REJECT, PEAP Authentication Failure
Wed May 18 11:34:05 2011: DEBUG: AuthBy HANDLER result: REJECT, PEAP Authentication Failure
Wed May 18 11:34:05 2011: INFO: Access rejected for PROXSYS\rvannoorloos: PEAP Authentication Failure
Wed May 18 11:34:05 2011: DEBUG: Packet dump:
*** Sending to 172.16.255.20 port 32770 ....
Code:       Access-Reject
Identifier: 73
Authentic:  f<219><206>6<236><243><7><213><5><14>U<0><173><235><240><201>
Attributes:
	EAP-Message = <4><13><0><4>
	Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
	Reply-Message = "Request Denied"

-----------------------------------
--	(PART OF) CONFIG FILE
-----------------------------------
#
# Default Handler
#
<Handler>
	Identifier		DefaultHandler

	Log				GenericNormalLogging
	Log				GenericDebugLogging

	AuthLog 		AuthFileLogger
	AuthLog 		AuthSyslogLogger

	AuthByPolicy	ContinueUntilAccept

	#
	# Process Accounting (if Accounting message)
	#
	<AuthBy HANDLER>
		HandlerId	AccountingHandler
	</AuthBy>

	#
	# Process Authentication
	#
	<AuthBy HANDLER>

		HandlerId	AuthenticationHandler
	</AuthBy>
</Handler>

#
# Accounting Handler
#
<Handler>
	Identifier		AccountingHandler

	<AuthBy SQL>
		AuthSelect		

		DBSource		dbi:ODBC:DRIVER={SQL Server};SERVER={%{GlobalVar:DB_ACCOUNTING_SERVER}};DATABASE=%{GlobalVar:DB_ACCOUNTING_NAME}
		DBUsername		%{GlobalVar:DB_ACCOUNTING_USER}
		DBAuth			%{GlobalVar:DB_ACCOUNTING_PASSWORD}

		# But do accounting
		AccountingTable tblAccounting
		AcctColumnDef   User-Name

		AcctInsertQuery	EXEC spProcessRequest '%{Acct-Session-Id}', '%{User-Name}', '%{IntegerVal:Acct-Status-Type}', '%{$Acct-Session-Time}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Framed-IP-Address}', '%{NAS-IP-Address}', '%{Cisco-AV-Pair:isakmp-initator-ip}', '%{Cisco-AV-Pair:webvpn-client-ip-address}', '%{NAS-Port-Type}', '%{Service-Type}', '%{NAS-Port-ID}', '%{Acct-Termination-Cause}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{h323-remote-address}', '%{h323-call-origin}', '%{Cisco-AV-Pair:call-id}', '%{h323-call-type}', '%{Cisco-AV-Pair:in-carrier-id}', '%{h323-setup-time}', '%{h323-disconnect-time}', '%{h323-conf-id}', '%{acct-input-gigawords}', '%{acct-output-gigawords}';
	</AuthBy>
</Handler>

#
# Authentication Handler
#
<Handler>
	Identifier 			AuthenticationHandler
	AuthByPolicy 		ContinueWhileAccept

	#
	# Determine backend
	#
	<AuthBy SQL>
		Identifier 		DETERMINE_AUTH_BACKEND

		EAPType 				PEAP,MSCHAP-V2
		EAPTLS_CAFile 			certificates/proxsys/PROXSYS-Wildcard-CA.pem

		EAPTLS_CertificateFile 	certificates/proxsys/PROXSYS-Wildcard.pem
		EAPTLS_CertificateType 	PEM

		EAPTLS_PrivateKeyFile 	certificates/proxsys/PROXSYS-Wildcard.pem
		EAPTLS_PrivateKeyPassword 123proxsys

		EAPTLS_MaxFragmentSize 	1000

		DBSource		dbi:ODBC:DRIVER={SQL Server};SERVER={%{GlobalVar:DB_PMS_SERVER}};DATABASE=%{GlobalVar:DB_PMS_NAME}
		DBUsername		%{GlobalVar:DB_PMS_USER}
		DBAuth			%{GlobalVar:DB_PMS_PASSWORD}

		AuthSelect		EXEC spGetAuthenticationSource %0, %{Quote:%{NAS-Port-Type}%{OuterRequest:NAS-Port-Type}}, %{Quote:%{Service-Type}%{OuterRequest:Service-Type}}, %{Quote:%{Acct-Session-Id}%{OuterRequest:Acct-Session-Id}}

		AuthColumnDef 	0, AUTH_BACKEND, request
		AuthColumnDef 	1, CONNECTION_ID, request
	</AuthBy>

	#
	# Call correct Handler to perform authentication
	#
    <AuthBy HANDLER>
        HandlerId 		AUTH_USER_%{AUTH_BACKEND}
    </AuthBy>

	#
	# Retrieve Connection ID based on optional previous authentication
	# request. E.g. VPN Phase 1 / 2 authentication scenarios.
	#
	<AuthBy SQL>
		DBSource		dbi:ODBC:DRIVER={SQL Server};SERVER={%{GlobalVar:DB_PMS_SERVER}};DATABASE=%{GlobalVar:DB_PMS_NAME}
		DBUsername		%{GlobalVar:DB_PMS_USER}
		DBAuth			%{GlobalVar:DB_PMS_PASSWORD}

		AuthSelect		EXEC spGetFinalConnectionID %{CONNECTION_ID}, %{Quote:%{Acct-Session-Id}}
		AuthColumnDef 	0, CONNECTION_ID_FINAL, request
	</AuthBy>

	#
	# Call Handler for reply-attributes
	#
    <AuthBy HANDLER>
        HandlerId 		RETRIEVE_REPLY_ATTRIBUTES
    </AuthBy>

</Handler>