[RADIATOR] MSCHAPv2 and LDAP Authentication...
Shay Smith
shay_smith at ddouglas.k12.or.us
Tue Feb 7 16:54:23 CST 2012
Hello,
I'm currently testing Radiator to see if it would be a fit for our
organization. I've been working with the included "eap_multi.cfg" file in
hopes that we could get 802.1x authentication going for our Mac and WIndows
clients. Our LDAP directory has fields for SHA encrypted user passwords as
well as NThash passwords, but I can't figure out how to make authentication
work. I've successfully authenticated with a stock LDAP config. Below are
my current config and a copy of the log entries for an attempted login.
***********************
Config File
***********************
Foreground
LogStdout
LogDir /etc/radiator
DbDir .
Trace 4
AuthPort 1645, 1812
AcctPort 1646, 1813
BindAddress 10.51.254.228
<Client 10.51.254.76>
Secret *****
DupInterval 0
</Client>
<Client localhost>
Secret mysecret
DupInterval 0
</Client>
<Client 10.51.254.228>
Secret mysecret
DupInterval 0
</Client>
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
<Handler TunnelledByPEAP=1>
<AuthBy LDAP2>
NoDefault
#TranslatePasswordHook sub {return "{nthash}$_[0]";}
Host ldap.mesd.k12.or.us
Port 389
AuthDN *****
AuthPassword *****
BaseDN ou=staff,dc=ddouglas,dc=k12,dc=or,dc=us
Version 3
UsernameAttr uid
PasswordAttr userPassword
ServerChecksPassword
HoldServerConnection
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
Version 3
EAPType MSCHAP-V2,TTLS,TLS,MD5-Challenge,Generic-Token
EAPTLS_CAFile /etc/radiator/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile /etc/radiator/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/radiator/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
Debug 255
</AuthBy>
</Handler>
<Handler TunnelledByTTLS=1>
<AuthBy LDAP2>
NoDefault
#TranslatePasswordHook sub {return "{nthash}$_[0]";}
Host ldap.mesd.k12.or.us
Port 389
AuthDN *****
AuthPassword *****
BaseDN ou=staff,dc=ddouglas,dc=k12,dc=or,dc=us
UsernameAttr uid
PasswordAttr userPassword
ServerChecksPassword
HoldServerConnection
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
Version 3
EAPType MSCHAP-V2,MD5,TLS
EAPTLS_CAFile /etc/radiator/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile /etc/radiator/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/radiator/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
Debug 255
</AuthBy>
</Handler>
<Handler>
<AuthBy LDAP2>
NoDefault
#TranslatePasswordHook sub {return "{nthash}$_[0]";}
Host ldap.mesd.k12.or.us
Port 389
AuthDN *****
AuthPassword *****
BaseDN ou=staff,dc=ddouglas,dc=k12,dc=or,dc=us
UsernameAttr uid
PasswordAttr userPassword
ServerChecksPassword
HoldServerConnection
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
Version 3
EAPType PEAP,TTLS,TLS,MD5,Generic-Token,LEAP,MSCHAP-V2,FAST
EAPTLS_CAFile /etc/radiator/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile /etc/radiator/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/radiator/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000.
AutoMPPEKeys
EAPTLS_PEAPVersion 0
EAPTLS_PEAPBrokenV1Label
EAPTLS_DHFile /etc/radiator/certificates/dh2048.pem
Debug 255
</AuthBy>
</Handler>
***********************
Log Dump
***********************
Tue Feb 7 15:18:22 2012: DEBUG: Finished reading configuration file
'/etc/radiator/radius.cfg'
Tue Feb 7 15:18:22 2012: DEBUG: Reading dictionary file './dictionary'
Tue Feb 7 15:18:22 2012: DEBUG: Creating authentication port
10.51.254.228:1645
Tue Feb 7 15:18:22 2012: DEBUG: Creating authentication port
10.51.254.228:1812
Tue Feb 7 15:18:22 2012: DEBUG: Creating accounting port 10.51.254.228:1646
Tue Feb 7 15:18:22 2012: DEBUG: Creating accounting port 10.51.254.228:1813
Tue Feb 7 15:18:22 2012: NOTICE: Server started: Radiator 4.9 on
localhost.localdomain (LOCKED)
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Received from 10.51.254.76 port 1024 ....
Code: Access-Request
Identifier: 238
Authentic: /<20><19>:<146>e<195><185><135><5>#U<204><207><234><235>
Attributes:
Framed-MTU = 1466
NAS-IP-Address = 10.51.254.76
NAS-Identifier = "RADIUS TEST"
User-Name = "gitchy_gimbol"
Service-Type = Framed-User
NAS-Port = 252
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-11-24-a9-7f-88"
Calling-Station-Id = "00-0d-93-84-a4-11"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
EAP-Message = <2><1><0><18><1>gitchy_gimbol
Message-Authenticator =
<229><199><134><145><241><197><7>j7<205>%T<1>$<154><156>
Tue Feb 7 15:19:11 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Feb 7 15:19:11 2012: DEBUG: Deleting session for gitchy_gimbol,
10.51.254.76, 252
Tue Feb 7 15:19:11 2012: DEBUG: Handling with Radius::AuthLDAP2:
Tue Feb 7 15:19:11 2012: DEBUG: Handling with EAP: code 2, 1, 18, 1
Tue Feb 7 15:19:11 2012: DEBUG: Response type 1
Tue Feb 7 15:19:11 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Feb 7 15:19:11 2012: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP
Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Access challenged for gitchy_gimbol: EAP
PEAP Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Sending to 10.51.254.76 port 1024 ....
Code: Access-Challenge
Identifier: 238
Authentic: <155><151>8<243><210>W<219><169><173><254>lxI<199><180><27>
Attributes:
EAP-Message = <1><2><0><6><25>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Received from 10.51.254.76 port 1024 ....
Code: Access-Request
Identifier: 239
Authentic: <182><185><138><161><238><228>Q<211><236>eA<192>5<209><176><249>
Attributes:
Framed-MTU = 1466
NAS-IP-Address = 10.51.254.76
NAS-Identifier = "RADIUS TEST"
User-Name = "gitchy_gimbol"
Service-Type = Framed-User
NAS-Port = 252
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-11-24-a9-7f-88"
Calling-Station-Id = "00-0d-93-84-a4-11"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
EAP-Message =
<2><2><0>p<25><128><0><0><0>f<22><3><1><0>a<1><0><0>]<3><1>O1<170><174>VR<229><127><184><qM{<208>-<178><196>R<1><250><180><238><222><27><182><138><31><25><144><26><240>{<0><0>6<0>/<0><5><0><4><0>5<0><10><0><9><0><3><0><8><0><6><0>2<0>3<0>8<0>9<0><22><0><21><0><20><0><19><0><18><0><17><0>4<0>:<0><24><0><27><0><26><0><23><0><25><0><1><1><0>
Message-Authenticator = Ez<240><223><21>k<175>8<19>c<22><159>cl<152>*
Tue Feb 7 15:19:11 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Feb 7 15:19:11 2012: DEBUG: Deleting session for gitchy_gimbol,
10.51.254.76, 252
Tue Feb 7 15:19:11 2012: DEBUG: Handling with Radius::AuthLDAP2:
Tue Feb 7 15:19:11 2012: DEBUG: Handling with EAP: code 2, 2, 112, 25
Tue Feb 7 15:19:11 2012: DEBUG: Response type 25
Tue Feb 7 15:19:11 2012: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Tue Feb 7 15:19:11 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Feb 7 15:19:11 2012: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP
Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Access challenged for gitchy_gimbol: EAP
PEAP Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Sending to 10.51.254.76 port 1024 ....
Code: Access-Challenge
Identifier: 239
Authentic: h<17>L<19>9U-<235>1<182>qb<132><155>U<233>
Attributes:
EAP-Message =
<1><3><3><242><25><192><0><0><7><178><22><3><1><0>J<2><0><0>F<3><1>O1<177>oo"<241><153><191><171>><197>v(<239><155><165><183>;Y<137>A<28><211><196><154><29><152><144><147>l'
<193><6><217><255><170>N<200>&<255><229><178><203><203><222><155>><194><145><195>a at f~<165><29><149>
~,5<21>}<0>/<0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>111116214828Z<23><13>131115214828Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1%0#<6><3>U<4><3><19><28>t
EAP-Message =
est.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><213>|5<149><252>7<170><164><8><136>w<6><229>,<180><131><28>Q<249>io6<250>5<174><131>}Y<252>P<133><174>Mll<197>8<189>F<197>><18>4<170><221>J<132>0j<160><238>I<214><8>P<180>cl<167><238><5><196><170><142><253>@d;k<163><164><234><146><16><3><24><212><228><245><14><132><154><190><212>:x&7<171><212><247><21>k<215>z(h<10><252><207>G<235><128><152><17>Le<137><130>'<196><182><214><18><180>R"<22>S~<6><164><227><220>f<156><249><235><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><149>J<214><242><222><198>`<209><9>O.<13>b<171><224>%<154><228><221><228>
EAP-Message =
<241>~4<176>J<2><243><12><26>Z{B<137>+<234><0>Nu+P<9><165><244><203><234>912pO<161><165><184><223><200>^<19><167><137><158>W<24><240>T<194><130><8><251><28>0?<179>"<134><180>_<203><20><19><190><173><240>1<255><146>UR<161>g<223>d<7><192>O<27>)<146><248>D<127><145>Yg<242><243><162><192><244>&"<232>d<225>:<30><129>s2;!!<19><202><216>g<213><178>{<0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><163>Gw<236><211>F<201><17>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Tes
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Received from 10.51.254.76 port 1024 ....
Code: Access-Request
Identifier: 240
Authentic: T<139><160><133><154><205><220><213><149>w<215>kQ<154>DH
Attributes:
Framed-MTU = 1466
NAS-IP-Address = 10.51.254.76
NAS-Identifier = "RADIUS TEST"
User-Name = "gitchy_gimbol"
Service-Type = Framed-User
NAS-Port = 252
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-11-24-a9-7f-88"
Calling-Station-Id = "00-0d-93-84-a4-11"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
EAP-Message = <2><3><0><6><25><0>
Message-Authenticator =
<154><30>><210><154>r;h<200><190><235><165>iC<177>K
Tue Feb 7 15:19:11 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Feb 7 15:19:11 2012: DEBUG: Deleting session for gitchy_gimbol,
10.51.254.76, 252
Tue Feb 7 15:19:11 2012: DEBUG: Handling with Radius::AuthLDAP2:
Tue Feb 7 15:19:11 2012: DEBUG: Handling with EAP: code 2, 3, 6, 25
Tue Feb 7 15:19:11 2012: DEBUG: Response type 25
Tue Feb 7 15:19:11 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Feb 7 15:19:11 2012: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP
Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Access challenged for gitchy_gimbol: EAP
PEAP Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Sending to 10.51.254.76 port 1024 ....
Code: Access-Challenge
Identifier: 240
Authentic: (<175><229><252><253>P<181>{i<156>2<154>M<250><252>^
Attributes:
EAP-Message = <1><4><3><208><25><0>t Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0<30><23><13>111116214827Z<23><13>131115214827Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certific
EAP-Message = ate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mikem at open.com.au0
<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><230>7<155><154>=<154>+<199><137><172>(<31>t<184>v<0>u*<204><248><249><25><249><181><168><172>`s<230>=<211>JB<186>e<2><0><8>I0<179>cV'Qb<196>E<225><228><227><151><215>2q<164>%<28>j<168>!<206><214>,<190><223><133>-<173>.<165><142><127><25><229><15><145>+l<172>K<232>W<202><238><130><232><223><25><148><175><208><137><251><211>n<185><184><174>`<216><149><136><163><128><194>6<211>?rK^w<236><150><143><152>^(<229><28><134><12><193><251>Q<132>!<2><3>
EAP-Message =
<1><0><1><163><130><1>30<130><1>/0<29><6><3>U<29><14><4><22><4><20><14><174><229><25><249><1>d[+<252><160>JZ<211><145>W<134>9<238>B0<129><255><6><3>U<29>#<4><129><247>0<129><244><128><20><14><174><229><25><249><1>d[+<252><160>JZ<211><145>W<134>9<238>B<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in productio
EAP-Message = n)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>
mikem at open.com.au
<130><9><0><163>Gw<236><211>F<201><17>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><224><155><161><236><140><231><132><11><160>)w<207>O<218>l<3>E'<216><255><169><179>;<171><147>W<239>a<147><31>q<158><199>0q<236><18><28>T<218><248>,<15><1>I<228><178><23><231>Y?<244>z<30><196>@<196><203><152>k=<145><255>]<134><220>@<251>T<210><216><198><187><15><199><155>mMw<208><145>j<244><150><235><170>3$<180><20><31>gS<151><253>f%V<249><166>i<16>f<237>0<147><131>+<193><31><183>'<5><221>|<240><195><181><131><223><28><225><143><165><215><242>&<1><22><3><1><0><4><14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Received from 10.51.254.76 port 1024 ....
Code: Access-Request
Identifier: 241
Authentic: Q<196>t<26>K<9>t"<167><214><226><231><182>u<147><156>
Attributes:
Framed-MTU = 1466
NAS-IP-Address = 10.51.254.76
NAS-Identifier = "RADIUS TEST"
User-Name = "gitchy_gimbol"
Service-Type = Framed-User
NAS-Port = 252
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-11-24-a9-7f-88"
Calling-Station-Id = "00-0d-93-84-a4-11"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
EAP-Message =
<2><4><0><208><25><128><0><0><0><198><22><3><1><0><134><16><0><0><130><0><128>R<253><8><5><148>W<192><18>=<155>|<218>W<251><241>9`+<247><165><192><27>Y<186><205><231><130>c<226><11>Us<227><213><131>y(<241>"<169>C<212>+<14><172><133><164><127>p<23><237>*g<148><254>DI#s<170><24>{<195><131><201>C<237><216><21>!<149><143>;B<158>R<162><148><174><182><211><131><137><234>J<142><217><162>eL<26><14><14><224><151>i<205><169><183><135><162>n=<244><183>O<224><244>z}x.m{<240><142><156>visIg<225>{I<235><171>:<20><3><1><0><1><1><22><3><1><0>0<249><158><12><128><252><129><172><27><239><133><141>A<196>5><9>\<1><173><14><163>~<206>j<219><12><153><25><143><130><231><235><200>n2Vj<196><31><236><155><215><221><195><131>hM<212>
Message-Authenticator =
<155><129>nP<30><189><237><191><132>9<211><23><172><255>"a
Tue Feb 7 15:19:11 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Feb 7 15:19:11 2012: DEBUG: Deleting session for gitchy_gimbol,
10.51.254.76, 252
Tue Feb 7 15:19:11 2012: DEBUG: Handling with Radius::AuthLDAP2:
Tue Feb 7 15:19:11 2012: DEBUG: Handling with EAP: code 2, 4, 208, 25
Tue Feb 7 15:19:11 2012: DEBUG: Response type 25
Tue Feb 7 15:19:11 2012: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Tue Feb 7 15:19:11 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Feb 7 15:19:11 2012: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP
Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Access challenged for gitchy_gimbol: EAP
PEAP Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Sending to 10.51.254.76 port 1024 ....
Code: Access-Challenge
Identifier: 241
Authentic: <172>8<159><176>t(<2>~<223><173><1><248>{'~<214>
Attributes:
EAP-Message =
<1><5><0>E<25><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>04z<234>Q<225>8t<195><152>/<208><155>R<201><204>S<162>.Fj<138><169><203><139>e%<178><190><231><203>k<219>yn{Sh<15><23><208><201><215>y<230><167>-[+
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Received from 10.51.254.76 port 1024 ....
Code: Access-Request
Identifier: 242
Authentic: <178>_<231>RzE<231><222><10><221>#<136><188>mNx
Attributes:
Framed-MTU = 1466
NAS-IP-Address = 10.51.254.76
NAS-Identifier = "RADIUS TEST"
User-Name = "gitchy_gimbol"
Service-Type = Framed-User
NAS-Port = 252
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-11-24-a9-7f-88"
Calling-Station-Id = "00-0d-93-84-a4-11"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
EAP-Message = <2><5><0><6><25><0>
Message-Authenticator =
<249><178><2><227><157>=<174><143>J<160><127><233><154>~<235><17>
Tue Feb 7 15:19:11 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Feb 7 15:19:11 2012: DEBUG: Deleting session for gitchy_gimbol,
10.51.254.76, 252
Tue Feb 7 15:19:11 2012: DEBUG: Handling with Radius::AuthLDAP2:
Tue Feb 7 15:19:11 2012: DEBUG: Handling with EAP: code 2, 5, 6, 25
Tue Feb 7 15:19:11 2012: DEBUG: Response type 25
Tue Feb 7 15:19:11 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Feb 7 15:19:11 2012: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP
Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Access challenged for gitchy_gimbol: EAP
PEAP Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Sending to 10.51.254.76 port 1024 ....
Code: Access-Challenge
Identifier: 242
Authentic: p<31><217>R<237>O<168><146><216>@<197><238><17>6<168>p
Attributes:
EAP-Message = <1><6><0>+<25><0><23><3><1><0>
y3<169><171><169>Ur)<251>sm<172>Q<185><211><248><202><3>8<210><184><180><<201><138><138>D&-<31><30>b
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Received from 10.51.254.76 port 1024 ....
Code: Access-Request
Identifier: 243
Authentic: @<24><150><225>\<235><196><234>e<167><24>ayL<226><31>
Attributes:
Framed-MTU = 1466
NAS-IP-Address = 10.51.254.76
NAS-Identifier = "RADIUS TEST"
User-Name = "gitchy_gimbol"
Service-Type = Framed-User
NAS-Port = 252
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-11-24-a9-7f-88"
Calling-Station-Id = "00-0d-93-84-a4-11"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
EAP-Message =
<2><6><0>;<25><0><23><3><1><0>0<12>@O]<253><176>x<128><137><195><158><236><255>n<9><21><131><227><231>.mr<12><228><237><215><173>3<144><166>@<157>.U<162><152><148><220><133>Z<131>{\(K3<1>3
Message-Authenticator =
}<209><252><171><157><22><196><239><22><3><223>R=<177><203><204>
Tue Feb 7 15:19:11 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Feb 7 15:19:11 2012: DEBUG: Deleting session for gitchy_gimbol,
10.51.254.76, 252
Tue Feb 7 15:19:11 2012: DEBUG: Handling with Radius::AuthLDAP2:
Tue Feb 7 15:19:11 2012: DEBUG: Handling with EAP: code 2, 6, 59, 25
Tue Feb 7 15:19:11 2012: DEBUG: Response type 25
Tue Feb 7 15:19:11 2012: DEBUG: EAP PEAP inner authentication request for
anonymous
Tue Feb 7 15:19:11 2012: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: ?<169><181><215>:1r<157><138><161>2{<215>|<15>>
Attributes:
EAP-Message = <2><6><0><14><1>gitchy_gimbol
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = 10.51.254.76
NAS-Identifier = "RADIUS TEST"
NAS-Port = 252
Calling-Station-Id = "00-0d-93-84-a4-11"
User-Name = "anonymous"
Tue Feb 7 15:19:11 2012: DEBUG: Handling request with Handler
'TunnelledByPEAP=1', Identifier ''
Tue Feb 7 15:19:11 2012: DEBUG: Deleting session for anonymous,
10.51.254.76, 252
Tue Feb 7 15:19:11 2012: DEBUG: Handling with Radius::AuthLDAP2:
Tue Feb 7 15:19:11 2012: DEBUG: Handling with EAP: code 2, 6, 14, 1
Tue Feb 7 15:19:11 2012: DEBUG: Response type 1
Tue Feb 7 15:19:11 2012: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Tue Feb 7 15:19:11 2012: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP
MSCHAP-V2 Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Access challenged for anonymous: EAP
MSCHAP-V2 Challenge
Tue Feb 7 15:19:11 2012: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: ?<169><181><215>:1r<157><138><161>2{<215>|<15>>
Attributes:
EAP-Message =
<1><7><0>/<26><1><7><0>*<16><202>g<7><208><27><14>'<208>S<140>j<207><226><187><165>.localhost.localdomain
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Feb 7 15:19:11 2012: DEBUG: EAP result: 3, EAP PEAP inner
authentication redispatched to a Handler
Tue Feb 7 15:19:11 2012: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP
inner authentication redispatched to a Handler
Tue Feb 7 15:19:11 2012: DEBUG: Access challenged for gitchy_gimbol: EAP
PEAP inner authentication redispatched to a Handler
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Sending to 10.51.254.76 port 1024 ....
Code: Access-Challenge
Identifier: 243
Authentic: 7<173>o<249><19>|<227><195>9*<28><142>-`<255><238>
Attributes:
EAP-Message =
<1><7><0>K<25><0><23><3><1><0>@v<219>@<224>s4<202>N1<239><184><137>#<137><129><161><'x<141><180><182><254><175><153>S<158>A2S<235><209><17><142><24><221><210><0><182><1><20><253><195><22>!<181>x<207><168>M<191><164>p<206><174>0<166><201><137>F<151><190><166><203>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Received from 10.51.254.76 port 1024 ....
Code: Access-Request
Identifier: 244
Authentic: <129>j<224>9<234>'[<235><30><15><0>E<197><159><127><147>
Attributes:
Framed-MTU = 1466
NAS-IP-Address = 10.51.254.76
NAS-Identifier = "RADIUS TEST"
User-Name = "gitchy_gimbol"
Service-Type = Framed-User
NAS-Port = 252
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-11-24-a9-7f-88"
Calling-Station-Id = "00-0d-93-84-a4-11"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
EAP-Message =
<2><7><0>k<25><0><23><3><1><0>`<165>/Tl<186>h<140><158><16>x}C<128><144><166>3l<127><171><16><16>x+<192><140><141><245>{C<135>J<234><251><250><214><239><249>lE<226><129>N<185><3><237><188><205>.2<127><31><252>y<145><22><200>Xv<243><127><150><212><153><130>+<180>E<206><163>5<19><159>O<203><174><2><167><200><211>y<140><22>5<146><157>>s<224>or<241>.<199><216>`<229>
Message-Authenticator =
<210><249>`<226><24><253><235><228><4><160>hPW<202><214><160>
Tue Feb 7 15:19:11 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Feb 7 15:19:11 2012: DEBUG: Deleting session for gitchy_gimbol,
10.51.254.76, 252
Tue Feb 7 15:19:11 2012: DEBUG: Handling with Radius::AuthLDAP2:
Tue Feb 7 15:19:11 2012: DEBUG: Handling with EAP: code 2, 7, 107, 25
Tue Feb 7 15:19:11 2012: DEBUG: Response type 25
Tue Feb 7 15:19:11 2012: DEBUG: EAP PEAP inner authentication request for
anonymous
Tue Feb 7 15:19:11 2012: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <255>A<247><254><228><148><244><8><157>w<200><4><135>x)<138>
Attributes:
EAP-Message =
<2><7><0>D<26><2><7><0>C19<243>W<19>ZKTq2T<22><218>g<207><223><149><0><0><0><0><0><0><0><0><155>C<0><202><135>%Zh<158><168><209><31><11><240>"N<239>+Z<199>y<148><219><172><0>gitchy_gimbol
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = 10.51.254.76
NAS-Identifier = "RADIUS TEST"
NAS-Port = 252
Calling-Station-Id = "00-0d-93-84-a4-11"
User-Name = "anonymous"
Tue Feb 7 15:19:11 2012: DEBUG: Handling request with Handler
'TunnelledByPEAP=1', Identifier ''
Tue Feb 7 15:19:11 2012: DEBUG: Deleting session for anonymous,
10.51.254.76, 252
Tue Feb 7 15:19:11 2012: DEBUG: Handling with Radius::AuthLDAP2:
Tue Feb 7 15:19:11 2012: DEBUG: Handling with EAP: code 2, 7, 68, 26
Tue Feb 7 15:19:11 2012: DEBUG: Response type 26
Tue Feb 7 15:19:11 2012: INFO: Connecting to ldap.mesd.k12.or.us:389
Tue Feb 7 15:19:11 2012: INFO: Attempting to bind to LDAP server
ldap.mesd.k12.or.us:389
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got result for
uid=gitchy_gimbol,ou=staff,dc=ddouglas,dc=k12,dc=or,dc=us
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got cn: Gitchy Gimbol
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got givenName: Gitchy
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got sn: Gimbol
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got objectClass: MESDperson
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got mail:
Gitchy_Gimbol at ddouglas.k12.or.us
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got maildrop: gitchy_gimbol
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got mailacceptinggeneralid:
Gitchy_Gimbol
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got uid: gitchy_gimbol
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got o: David Douglas
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got ou: District Office
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got uidNumber: 1031
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got apple-generateduid:
DBDE2115-9C46-42A5-91D8-8D43DB208D8E
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got gidNumber: 1028
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got employeeNumber: 999999
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got houseIdentifier: West Powellhurst
District Office
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got telephoneNumber: 5555
Tue Feb 7 15:19:11 2012: DEBUG: LDAP got pwdLastSet: 1328300336
Tue Feb 7 15:19:11 2012: DEBUG: Radius::AuthLDAP2 looks for match with
gitchy_gimbol [anonymous]
Tue Feb 7 15:19:11 2012: DEBUG: Radius::AuthLDAP2 ACCEPT: : gitchy_gimbol
[anonymous]
Tue Feb 7 15:19:11 2012: DEBUG: EAP result: 1, EAP MSCHAP-V2
Authentication failure
Tue Feb 7 15:19:11 2012: DEBUG: AuthBy LDAP2 result: REJECT, EAP MSCHAP-V2
Authentication failure
Tue Feb 7 15:19:11 2012: INFO: Access rejected for anonymous: EAP
MSCHAP-V2 Authentication failure
Tue Feb 7 15:19:11 2012: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Reject
Identifier: UNDEF
Authentic: <255>A<247><254><228><148><244><8><157>w<200><4><135>x)<138>
Attributes:
EAP-Message = <4><7><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Tue Feb 7 15:19:11 2012: DEBUG: EAP result: 3, EAP PEAP inner
authentication redispatched to a Handler
Tue Feb 7 15:19:11 2012: DEBUG: AuthBy LDAP2 result: CHALLENGE, EAP PEAP
inner authentication redispatched to a Handler
Tue Feb 7 15:19:11 2012: DEBUG: Access challenged for gitchy_gimbol: EAP
PEAP inner authentication redispatched to a Handler
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Sending to 10.51.254.76 port 1024 ....
Code: Access-Challenge
Identifier: 244
Authentic: <167><148>C<22><133><129><248><145><243>)<219><243>7q<147><238>
Attributes:
EAP-Message = <1><8><0>+<25><0><23><3><1><0>
B<127>IV]<27>r<4><141>Vu<5><188><175><24><233>%<174><175><133><144><230><171><<226>_<217><16>,k<223><155>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Received from 10.51.254.76 port 1024 ....
Code: Access-Request
Identifier: 245
Authentic:
<189><143><229><141><217><227><186>C]<176><218><199>6<175><20><151>
Attributes:
Framed-MTU = 1466
NAS-IP-Address = 10.51.254.76
NAS-Identifier = "RADIUS TEST"
User-Name = "gitchy_gimbol"
Service-Type = Framed-User
NAS-Port = 252
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-11-24-a9-7f-88"
Calling-Station-Id = "00-0d-93-84-a4-11"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
EAP-Message = <2><8><0>+<25><0><23><3><1><0>
X9zfJ<185>2<198><186><232><226><194>vB<163><13>j9}<17><149>$<30><176><234>&<157><226>-V~<223>
Message-Authenticator = 4I<139><218><141>B><2><236><24>9(j<12><27>?
Tue Feb 7 15:19:11 2012: DEBUG: Handling request with Handler '',
Identifier ''
Tue Feb 7 15:19:11 2012: DEBUG: Deleting session for gitchy_gimbol,
10.51.254.76, 252
Tue Feb 7 15:19:11 2012: DEBUG: Handling with Radius::AuthLDAP2:
Tue Feb 7 15:19:11 2012: DEBUG: Handling with EAP: code 2, 8, 43, 25
Tue Feb 7 15:19:11 2012: DEBUG: Response type 25
Tue Feb 7 15:19:11 2012: DEBUG: EAP result: 1, PEAP Authentication Failure
Tue Feb 7 15:19:11 2012: DEBUG: AuthBy LDAP2 result: REJECT, PEAP
Authentication Failure
Tue Feb 7 15:19:11 2012: INFO: Access rejected for gitchy_gimbol: PEAP
Authentication Failure
Tue Feb 7 15:19:11 2012: DEBUG: Packet dump:
*** Sending to 10.51.254.76 port 1024 ....
Code: Access-Reject
Identifier: 245
Authentic: @<178>#<191>/F<14><204>A<219><188>2<240>o<145>*
Attributes:
EAP-Message = <4><8><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
--
Shay Smith
----------------------------------------
Gmail Evangelist
David Douglas School District
503-261-8235
www.ddouglas.k12.or.us
<http://shay.ddouglas.k12.or.us>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120207/d56f2370/attachment-0001.html
More information about the radiator
mailing list