[RADIATOR] eap + apple products - failed auth

Martin Bérubé mberube at jeancoutu.com
Tue Feb 28 11:49:17 CST 2012


Hello James,

Are you using MD5 hashing for the issuer certificate ?
Apple dropped support for MD5 hashing for all certificates, except the CA (root) ones, starting with iOS 5.


Martin Bérubé
Analyste Technique
Architecture Et Sécurité
Tél. : (450) 463-1890 poste 3362
Avant d'imprimer, pensez à l'environnement.



> -----Message d'origine-----
> De : radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] De
> la part de James
> Envoyé : 28 février 2012 12:38
> À : radiator at open.com.au
> Objet : [RADIATOR] eap + apple products - failed auth
>
> All,
>
> I'm facing a pretty weird problem while trying to set up EAP authentication.
> Windows and Linux devices seem to work fine without issues -- the clients
> are prompted to authenticate, accept the certificate, and then they're
> successfully auth'ed and hop onto the wireless network.
>
> Apple products (OS X, iPad and iPod) seem to have a strange issue,
> however: Radiator sends an Access-Accept, the client sees that
> authentication was successful, but the client will disconnect and then
> reconnect ensuing in an authentication loop. Logs on OS X indicate that
> authentication *IS* successful, but the operating system eventually reports
> a timeout in the 4-way handshake.
>
> Here's the Radiator configuration:
>
> -->8--
>
> DefineFormattedGlobalVar    ConfigDir   /opt/radiator/config
> LogDir  /opt/radiator/logs
> DbDir   /opt/radiator/db
> Trace   4
> AuthPort 1645
> AcctPort 1646
> PidFile  %L/wireless.pid
> LogFile
> <Log FILE>
>     Identifier radiatorLog
>     Filename %L/%d.%v.%Y/wireless.log
>     Trace   4
>     LogMicroseconds
> </Log>
> <Client DEFAULT>
>     Secret whatever
>     DupInterval 0
> </Client>
> <SessionDatabase NULL>
>     Identifier Null
> </SessionDatabase>
> <AuthLog FILE>
>     Identifier authLogger
>     Filename %L/%d.%v.%Y/wireless.auth
>     LogSuccess 1
>     LogFailure 1
>     SuccessFormat %q %v %e %Y @ %s (child process %O) -> AUTHORIZED %T
> request from %c (nas = %N) for user %U
>     FailureFormat %q %v %e %Y @ %s (child process %O) -> DENIED %T request
> from %c (nas = %N) for user %U </AuthLog> include
> %{GlobalVar:ConfigDir}/auth.wireless
> <Handler TunnelledByPEAP=1>
>     AuthBy dm-wifi
>     AuthLog authLogger
>     Log radiatorLog
>     AcctLogFileName %L/%d.%v.%Y/wireless.log </Handler> <Handler>
>     AuthBy eap-outer
>     AuthLog authLogger
>     Log radiatorLog
>     AcctLogFileName %L/%d.%v.%Y/wireless.log </Handler> <AuthBy NTLM>
>     Identifier dm-wifi
>     NtlmAuthProg /usr/bin/ntlm_auth  --helper-protocol=ntlm-server-1
>     DefaultDomain DHE
>     EAPType MSCHAP-V2
> </AuthBy>
> <AuthBy FILE>
>     Identifier eap-outer
>     Filename %D/users
>     EAPType MSCHAP-V2,PEAP,FAST,TLS,TTLS
>     EAPTLS_CAFile %{GlobalVar:ConfigDir}/certs/duke.ca.cert
>     EAPTLS_CertificateFile %{GlobalVar:ConfigDir}/certs/wifi-radius1.cert
>     EAPTLS_CertificateType PEM
>     EAPTLS_PrivateKeyFile %{GlobalVar:ConfigDir}/certs/wifi-radius1.key
>     EAPTLS_PrivateKeyPassword whatever
>     EAPTLS_MaxFragmentSize 1000
>     AutoMPPEKeys
>     EAPTLS_PEAPVersion 1
> </AuthBy>
>
> --8<--
>
> Tue Feb 28 12:27:59 2012 737876: DEBUG: Packet dump:
> *** Received from 10.11.55.232 port 32768 ....
> Code:       Access-Request
> Identifier: 145
> Authentic:  ES<<16><147>F<136><228>l<229>#z<234><212><182><128>
> Attributes:
>       User-Name = "testUser"
>       Calling-Station-Id = "b3-dd-ae-87-22-b3"
>       Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>       NAS-Port = 29
>       cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>       NAS-IP-Address = 10.11.55.232
>       NAS-Identifier = "cisco-wism"
>       Airespace-WLAN-Id = 7
>       Service-Type = Framed-User
>       Framed-MTU = 1300
>       NAS-Port-Type = Wireless-IEEE-802-11
>       Tunnel-Type = 0:VLAN
>       Tunnel-Medium-Type = 0:802
>       Tunnel-Private-Group-ID = 924
>       EAP-Message = <2><9><0>+<25><1><23><3><1><0>
> |<195><27><180>;<16>F<128>"K<158><253>3<141><243>+<216><11><159><183><22
> |7><2>6rs<166>f<144><141><244><3><150>
>       Message-Authenticator =
> <196><237><143><215><203><146>/v<170><219><21><233><214><29>"<193>
>
> Tue Feb 28 12:27:59 2012 738099: DEBUG: Handling request with Handler '',
> Identifier ''
> Tue Feb 28 12:27:59 2012 738216: DEBUG: Handling request with Handler '',
> Identifier ''
> Tue Feb 28 12:27:59 2012 738406: DEBUG: Handling with
> Radius::AuthFILE: eap-outer
> Tue Feb 28 12:27:59 2012 738611: DEBUG: Handling with EAP: code 2, 9, 43, 25
> Tue Feb 28 12:27:59 2012 738738: DEBUG: Response type 25 Tue Feb 28 12:27:59
> 2012 739078: DEBUG: EAP PEAP inner authentication request for anonymous Tue
> Feb 28 12:27:59 2012 739300: DEBUG: PEAP Tunnelled request Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <199><244><220><211><14><18>.<159><18>B}<30><209><202>kr
> Attributes:
>       EAP-Message = <2><0><0><10><1>testUser
>       Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>       NAS-IP-Address = 10.11.55.232
>       NAS-Identifier = "cisco-wism"
>       NAS-Port = 29
>       Calling-Station-Id = "b3-dd-ae-87-22-b3"
>       User-Name = "anonymous"
>
> Tue Feb 28 12:27:59 2012 739446: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> Tue Feb 28 12:27:59 2012 739556: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> Tue Feb 28 12:27:59 2012 739737: DEBUG: Handling with Radius::AuthNTLM: dm-
> wifi Tue Feb 28 12:27:59 2012 739910: DEBUG: Handling with EAP: code 2, 0,
> 10, 1 Tue Feb 28 12:27:59 2012 740035: DEBUG: Response type 1 Tue Feb 28
> 12:27:59 2012 740206: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge Tue Feb
> 28 12:27:59 2012 740326: DEBUG: AuthBy NTLM result: CHALLENGE, EAP MSCHAP-V2
> Challenge Tue Feb 28 12:27:59 2012 740434: DEBUG: AuthBy NTLM result:
> CHALLENGE, EAP MSCHAP-V2 Challenge Tue Feb 28 12:27:59 2012 740560: DEBUG:
> Access challenged for
> anonymous: EAP MSCHAP-V2 Challenge
> Tue Feb 28 12:27:59 2012 740680: DEBUG: Access challenged for
> anonymous: EAP MSCHAP-V2 Challenge
> Tue Feb 28 12:27:59 2012 740931: DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Challenge
> Identifier: UNDEF
> Authentic:  <199><244><220><211><14><18>.<159><18>B}<30><209><202>kr
> Attributes:
>       EAP-Message =
> <1><1><0>*<26><1><1><0>%<16><214><185><12><255>~v<196><242>]<176>QX<162><12>
> <128>ywifi-radius-temp
>       Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Feb 28 12:27:59 2012 741140: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redispatched to a Handler Tue Feb 28 12:27:59 2012 741267:
> DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication
> redispatched to a Handler Tue Feb 28 12:27:59 2012 741377: DEBUG: AuthBy
> FILE result: CHALLENGE, EAP PEAP inner authentication redispatched to a
> Handler Tue Feb 28 12:27:59 2012 741504: DEBUG: Access challenged for
> testUser: EAP PEAP inner authentication redispatched to a Handler Tue Feb 28
> 12:27:59 2012 741619: DEBUG: Access challenged for
> testUser: EAP PEAP inner authentication redispatched to a Handler Tue Feb 28
> 12:27:59 2012 741984: DEBUG: Packet dump:
> *** Sending to 10.11.55.232 port 32768 ....
> Code:       Access-Challenge
> Identifier: 145
> Authentic:  +r<221>"<169>)<140><154>0<188><185><183><167><220>[<23>
> Attributes:
>       EAP-Message =
> <1><10><0>K<25><1><23><3><1><0>@5<212>O<151>\,I<180><210>>7<185>|<18><188>[<
> 218>Y<148><144><231><173>w<180><138><218>c<225><160>=C]n<233><13><196>"o<242
> ><11><165><198><18>&<215>]<242>M<151><159><145><140>'6D<163>a<177><183>W<170
> >)<129>T
>       Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Feb 28 12:27:59 2012 746317: DEBUG: Packet dump:
> *** Received from 10.11.55.232 port 32768 ....
> Code:       Access-Request
> Identifier: 146
> Authentic:
> <28>2<198><208><212>(<13><254><13><162><148><227><134><229><246><201>
> Attributes:
>       User-Name = "testUser"
>       Calling-Station-Id = "b3-dd-ae-87-22-b3"
>       Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>       NAS-Port = 29
>       cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>       NAS-IP-Address = 10.11.55.232
>       NAS-Identifier = "cisco-wism"
>       Airespace-WLAN-Id = 7
>       Service-Type = Framed-User
>       Framed-MTU = 1300
>       NAS-Port-Type = Wireless-IEEE-802-11
>       Tunnel-Type = 0:VLAN
>       Tunnel-Medium-Type = 0:802
>       Tunnel-Private-Group-ID = 924
>       EAP-Message =
> <2><10><0>k<25><1><23><3><1><0>`<229><182>~U<231>LL<224><11><25><145><2>v<14
> 0>y?y4<170><224>Q<24>8<169><158>f<184>&<165><166><147>%<253><143>/<224>D<160
> ><202><131>
> <229><203>4<237><2><145>Z@<129><137>$<200><229><218><181><10><235><210><161>
> <133>H!<28>F<205>?<173>:[<184>`<210>)<19><184><21><<187>A4<139><169>t<237>5<
> 7><f<189>QY<195><209>D<141>
>       Message-Authenticator = <30><<150><197>JcR<14><223>lY<161><24>w/<250>
>
> Tue Feb 28 12:27:59 2012 746562: DEBUG: Handling request with Handler '',
> Identifier ''
> Tue Feb 28 12:27:59 2012 746682: DEBUG: Handling request with Handler '',
> Identifier ''
> Tue Feb 28 12:27:59 2012 746872: DEBUG: Handling with
> Radius::AuthFILE: eap-outer
> Tue Feb 28 12:27:59 2012 747078: DEBUG: Handling with EAP: code 2, 10, 107,
> 25 Tue Feb 28 12:27:59 2012 747210: DEBUG: Response type 25 Tue Feb 28
> 12:27:59 2012 747489: DEBUG: EAP PEAP inner authentication request for
> anonymous Tue Feb 28 12:27:59 2012 747762: DEBUG: PEAP Tunnelled request
> Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <30>7<160><153><167><133>'<151>KG<136><213>u<30><242><3>
> Attributes:
>       EAP-Message =
> <2><1><0>@<26><2><1><0>;1<190>b<188><197>3Q<236><201><196><174><137>l<16><22
> 3><224>h<0><0><0><0><0><0><0><0><232><133><210><161>Jr[<249><233><7><227>7<1
> 32><241>x<145>HE<217>=vu<21><233><0>testUser
>       Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>       NAS-IP-Address = 10.11.55.232
>       NAS-Identifier = "cisco-wism"
>       NAS-Port = 29
>       Calling-Station-Id = "b3-dd-ae-87-22-b3"
>       User-Name = "anonymous"
>
> Tue Feb 28 12:27:59 2012 747906: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> Tue Feb 28 12:27:59 2012 748018: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> Tue Feb 28 12:27:59 2012 748192: DEBUG: Handling with Radius::AuthNTLM: dm-
> wifi Tue Feb 28 12:27:59 2012 748362: DEBUG: Handling with EAP: code 2, 1,
> 64, 26 Tue Feb 28 12:27:59 2012 748490: DEBUG: Response type 26 Tue Feb 28
> 12:27:59 2012 748661: DEBUG: Radius::AuthNTLM looks for match with testUser
> [anonymous] Tue Feb 28 12:27:59 2012 748801: DEBUG: Radius::AuthNTLM ACCEPT:
> :
> testUser [anonymous]
> Tue Feb 28 12:27:59 2012 749086: DEBUG: Passing attribute
> Request-User-Session-Key: Yes
> Tue Feb 28 12:27:59 2012 749251: DEBUG: Passing attribute
> Request-LanMan-Session-Key: Yes
> Tue Feb 28 12:27:59 2012 749395: DEBUG: Passing attribute
> LANMAN-Challenge: some-challenge
> Tue Feb 28 12:27:59 2012 749542: DEBUG: Passing attribute NT-Response:
> some-response
> Tue Feb 28 12:27:59 2012 749687: DEBUG: Passing attribute NT-Domain::
> some-domain
> Tue Feb 28 12:27:59 2012 749832: DEBUG: Passing attribute Username::
> some-username
> Tue Feb 28 12:27:59 2012 754539: DEBUG: Received attribute: Authenticated:
> Yes Tue Feb 28 12:27:59 2012 754685: DEBUG: Received attribute:
> User-Session-Key: session-key
> Tue Feb 28 12:27:59 2012 754809: DEBUG: Received attribute: .
> Tue Feb 28 12:27:59 2012 755114: DEBUG: EAP result: 3, EAP MSCHAP V2
> Challenge: Success
> Tue Feb 28 12:27:59 2012 755241: DEBUG: AuthBy NTLM result: CHALLENGE, EAP
> MSCHAP V2 Challenge: Success Tue Feb 28 12:27:59 2012 755351: DEBUG: AuthBy
> NTLM result: CHALLENGE, EAP MSCHAP V2 Challenge: Success Tue Feb 28 12:27:59
> 2012 755478: DEBUG: Access challenged for
> anonymous: EAP MSCHAP V2 Challenge: Success Tue Feb 28 12:27:59 2012 755588:
> DEBUG: Access challenged for
> anonymous: EAP MSCHAP V2 Challenge: Success Tue Feb 28 12:27:59 2012 755815:
> DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Challenge
> Identifier: UNDEF
> Authentic:  <30>7<160><153><167><133>'<151>KG<136><213>u<30><242><3>
> Attributes:
>       EAP-Message =
> <1><2><0>=<26><3><1><0>8S=537886D34156194318425B12CE9ED8969124063C
> M=success
>       Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Feb 28 12:27:59 2012 756011: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redispatched to a Handler Tue Feb 28 12:27:59 2012 756137:
> DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication
> redispatched to a Handler Tue Feb 28 12:27:59 2012 756247: DEBUG: AuthBy
> FILE result: CHALLENGE, EAP PEAP inner authentication redispatched to a
> Handler Tue Feb 28 12:27:59 2012 756374: DEBUG: Access challenged for
> testUser: EAP PEAP inner authentication redispatched to a Handler Tue Feb 28
> 12:27:59 2012 756485: DEBUG: Access challenged for
> testUser: EAP PEAP inner authentication redispatched to a Handler Tue Feb 28
> 12:27:59 2012 756882: DEBUG: Packet dump:
> *** Sending to 10.11.55.232 port 32768 ....
> Code:       Access-Challenge
> Identifier: 146
> Authentic:  .<152>4<150><245><134>JV<14><147><241><182><18>}$<26>
> Attributes:
>       EAP-Message =
> <1><11><0>k<25><1><23><3><1><0>`<215>8]<183>m<197>N<250>kl<10><179>y><178><1
> 37><183>v<233><<255>{<177>r<207><186><1><9>*<142><207>Rl<31><173><25><237>%*
> <151><219>ts<16>H<218><169><10><252>eY<245>+<245><213><157>b<202><207><147><
> 237><156>i<15><253><175><204><16><167><239>e<198><175><228>X<175><180><150><
> 184>s<179>4<146>&w<20><203><175><16><155>*<162><133><224><129>-
>       Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Feb 28 12:27:59 2012 760841: DEBUG: Packet dump:
> *** Received from 10.11.55.232 port 32768 ....
> Code:       Access-Request
> Identifier: 147
> Authentic:  <219><222>T<233><179><159><5>S<22><172><227><160><206>l<162>G
> Attributes:
>       User-Name = "testUser"
>       Calling-Station-Id = "b3-dd-ae-87-22-b3"
>       Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>       NAS-Port = 29
>       cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>       NAS-IP-Address = 10.11.55.232
>       NAS-Identifier = "cisco-wism"
>       Airespace-WLAN-Id = 7
>       Service-Type = Framed-User
>       Framed-MTU = 1300
>       NAS-Port-Type = Wireless-IEEE-802-11
>       Tunnel-Type = 0:VLAN
>       Tunnel-Medium-Type = 0:802
>       Tunnel-Private-Group-ID = 924
>       EAP-Message = <2><11><0>+<25><1><23><3><1><0>
> <12><177><248><244><30><235>n_<205><245>@/<3><224>$Ov$<237><138>+R<245><167>
> >/<27><134><201>v1<128>
>       Message-Authenticator =
> <249>=<217><165><5><31>|<7><149>]<201><180><209><187><234><175>
>
> Tue Feb 28 12:27:59 2012 761081: DEBUG: Handling request with Handler '',
> Identifier ''
> Tue Feb 28 12:27:59 2012 761204: DEBUG: Handling request with Handler '',
> Identifier ''
> Tue Feb 28 12:27:59 2012 761434: DEBUG: Handling with
> Radius::AuthFILE: eap-outer
> Tue Feb 28 12:27:59 2012 761631: DEBUG: Handling with EAP: code 2, 11, 43,
> 25 Tue Feb 28 12:27:59 2012 761761: DEBUG: Response type 25 Tue Feb 28
> 12:27:59 2012 762048: DEBUG: EAP PEAP inner authentication request for
> anonymous Tue Feb 28 12:27:59 2012 762274: DEBUG: PEAP Tunnelled request
> Packet dump:
> Code:       Access-Request
> Identifier: UNDEF
> Authentic:  <162><242><137><247><165><197>\<<169><158>L<188>5<1>f<246>
> Attributes:
>       EAP-Message = <2><2><0><6><26><3>
>       Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>       NAS-IP-Address = 10.11.55.232
>       NAS-Identifier = "cisco-wism"
>       NAS-Port = 29
>       Calling-Station-Id = "b3-dd-ae-87-22-b3"
>       User-Name = "anonymous"
>
> Tue Feb 28 12:27:59 2012 762416: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> Tue Feb 28 12:27:59 2012 762614: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> Tue Feb 28 12:27:59 2012 762809: DEBUG: Handling with Radius::AuthNTLM: dm-
> wifi Tue Feb 28 12:27:59 2012 762984: DEBUG: Handling with EAP: code 2, 2,
> 6, 26 Tue Feb 28 12:27:59 2012 763143: DEBUG: Response type 26 Tue Feb 28
> 12:27:59 2012 763319: DEBUG: EAP result: 0, Tue Feb 28 12:27:59 2012 763440:
> DEBUG: AuthBy NTLM result: ACCEPT, Tue Feb 28 12:27:59 2012 763548: DEBUG:
> AuthBy NTLM result: ACCEPT, Tue Feb 28 12:27:59 2012 763677: DEBUG: Access
> accepted for anonymous Tue Feb 28 12:27:59 2012 763788: DEBUG: Access
> accepted for anonymous Tue Feb 28 12:27:59 2012 764183: DEBUG: Returned PEAP
> tunnelled packet dump:
> Code:       Access-Accept
> Identifier: UNDEF
> Authentic:  <162><242><137><247><165><197>\<<169><158>L<188>5<1>f<246>
> Attributes:
>       EAP-Message = <3><2><0><4>
>       Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Feb 28 12:27:59 2012 764406: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redispatched to a Handler Tue Feb 28 12:27:59 2012 764535:
> DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner authentication
> redispatched to a Handler Tue Feb 28 12:27:59 2012 764659: DEBUG: AuthBy
> FILE result: CHALLENGE, EAP PEAP inner authentication redispatched to a
> Handler Tue Feb 28 12:27:59 2012 764791: DEBUG: Access challenged for
> testUser: EAP PEAP inner authentication redispatched to a Handler Tue Feb 28
> 12:27:59 2012 764905: DEBUG: Access challenged for
> testUser: EAP PEAP inner authentication redispatched to a Handler Tue Feb 28
> 12:27:59 2012 765255: DEBUG: Packet dump:
> *** Sending to 10.11.55.232 port 32768 ....
> Code:       Access-Challenge
> Identifier: 147
> Authentic:  <241>:\<176><204><154>`O<196><183><201><153><173><8><247><136>
> Attributes:
>       EAP-Message = <1><12><0>+<25><1><23><3><1><0>
> @l<31><147>[<223><1>`<236><233>~<226><189><208><215>@X<248>a<210><160><213>-
> <8>].s<148><226><245><217><26>
>       Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> Tue Feb 28 12:27:59 2012 769812: DEBUG: Packet dump:
> *** Received from 10.11.55.232 port 32768 ....
> Code:       Access-Request
> Identifier: 148
> Authentic:  <191><247><200>F<176>Q<229>!<235>P<254>g<187><229><228>t
> Attributes:
>       User-Name = "testUser"
>       Calling-Station-Id = "b3-dd-ae-87-22-b3"
>       Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>       NAS-Port = 29
>       cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>       NAS-IP-Address = 10.11.55.232
>       NAS-Identifier = "cisco-wism"
>       Airespace-WLAN-Id = 7
>       Service-Type = Framed-User
>       Framed-MTU = 1300
>       NAS-Port-Type = Wireless-IEEE-802-11
>       Tunnel-Type = 0:VLAN
>       Tunnel-Medium-Type = 0:802
>       Tunnel-Private-Group-ID = 924
>       EAP-Message = <2><12><0>+<25><1><23><3><1><0>
> c<231><169>g(<173><133><225><149>{<193><185><201><139>2<160><20><169>I<253><
> 145><173>)<226>B<22><29>G<222>`6<183>
>       Message-Authenticator =
> (<217><144>3I<171><10><194><28><15><8><18><242><139><198>W
>
> Tue Feb 28 12:27:59 2012 770148: DEBUG: Handling request with Handler '',
> Identifier ''
> Tue Feb 28 12:27:59 2012 770331: DEBUG: Handling request with Handler '',
> Identifier ''
> Tue Feb 28 12:27:59 2012 770707: DEBUG: Handling with
> Radius::AuthFILE: eap-outer
> Tue Feb 28 12:27:59 2012 770989: DEBUG: Handling with EAP: code 2, 12, 43,
> 25 Tue Feb 28 12:27:59 2012 771224: DEBUG: Response type 25 Tue Feb 28
> 12:27:59 2012 771782: DEBUG: EAP result: 0, Tue Feb 28 12:27:59 2012 771975:
> DEBUG: AuthBy FILE result: ACCEPT, Tue Feb 28 12:27:59 2012 772145: DEBUG:
> AuthBy FILE result: ACCEPT, Tue Feb 28 12:27:59 2012 772338: DEBUG: Access
> accepted for testUser Tue Feb 28 12:27:59 2012 772508: DEBUG: Access
> accepted for testUser Tue Feb 28 12:27:59 2012 773368: DEBUG: Packet dump:
> *** Sending to 10.11.55.232 port 32768 ....
> Code:       Access-Accept
> Identifier: 148
> Authentic:  C<196><31><206><169>bF<220>j<237>K<1><183>+c<4>
> Attributes:
>       EAP-Message = <3><12><0><4>
>       Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>       MS-MPPE-Send-Key =
> <131>9<217>1<158><174><131>q><23>)<182><132>*<175><161>><26>I<187><143>t<217
> ><26><245><14>;<167>%;W<200>
>       MS-MPPE-Recv-Key =
> <193>$B<0>sn"<10><190>_U<221>1<173>#<153><7><198>+5<188>}<200>F<251>|^<230><
> 218>G)<175>
>
> -->8--
>
> Thoughts on what may be happening? I can't seem to find anything on the web
> about this, but I'm also hard-pressed to believe we're the only folks that
> have run into this. The client simply refuses to connect. It's worth noting
> that OS X indicates the client is "connected" with a self-assigned 169.x.x.x
> IP address, but the logs really indicate that en1 (the wireless interface)
> continues to go up/down and re-attempt authentication.
>
> Any help would be greatly appreciated.
>
> -james
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
AVERTISSEMENT CONCERNANT LA CONFIDENTIALITE

Ce message, incluant ses pieces jointes, est strictement reserve a l'usage de l'individu ou de l'entite a qui il est
adresse et contient de l'information privilegiee et confidentielle. La dissemination, distribution ou copie de cette
communication est strictement prohibee.  Si vous n'etes pas le destinataire projete veuillez retourner
immediatement un courrier electronique a l'expediteur et effacez toutes les copies.


CONFIDENTIALITY WARNING

This message, including its attachments, is strictly intended for the use of the individual or the entity to which it is addressed
and contains privileged and confidential information. Disclosure, distribution or copy of this communication is strictly
prohibited. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator and
deleting all copies.



More information about the radiator mailing list