[RADIATOR] eap + apple products - failed auth

James jtp at nc.rr.com
Tue Feb 28 12:10:40 CST 2012


Yes, setting the EAPTLS_PEAPVersion set to '0' seems to work.

Does this result in any sort of "less secure" communications? What is
the difference between the two PEAP draft versions?

-james


On Tue, Feb 28, 2012 at 13:06, chema <chema at uniovi.es> wrote:
>  Hi,
>
>  Sometime ago, we had the same problem, and our solution was making this
>  change (EAPTLS_PEAPVersion to 0). We had no previous problems using
>  PAP/TTLS.
>  Hope you can solve this. Regards
>
>  On Tue, 28 Feb 2012 17:48:53 +0000, Adam Bishop wrote:
>> Hi,
>>
>> Try setting EAPTLS_PEAPVersion as 0 instead of 1 - been a while since
>> I wrote my configuration but I think that was the value that made OS
>> X
>> and iOS clients work for me.
>>
>> Regards,
>>
>> Adam Bishop
>>
>> On 28 Feb 2012, at 17:38, James wrote:
>>
>>> All,
>>>
>>> I'm facing a pretty weird problem while trying to set up EAP
>>> authentication. Windows and Linux devices seem to work fine without
>>> issues -- the clients are prompted to authenticate, accept the
>>> certificate, and then they're successfully auth'ed and hop onto the
>>> wireless network.
>>>
>>> Apple products (OS X, iPad and iPod) seem to have a strange issue,
>>> however: Radiator sends an Access-Accept, the client sees that
>>> authentication was successful, but the client will disconnect and
>>> then
>>> reconnect ensuing in an authentication loop. Logs on OS X indicate
>>> that authentication *IS* successful, but the operating system
>>> eventually reports a timeout in the 4-way handshake.
>>>
>>> Here's the Radiator configuration:
>>>
>>> -->8--
>>>
>>> DefineFormattedGlobalVar    ConfigDir   /opt/radiator/config
>>> LogDir  /opt/radiator/logs
>>> DbDir   /opt/radiator/db
>>> Trace   4
>>> AuthPort 1645
>>> AcctPort 1646
>>> PidFile  %L/wireless.pid
>>> LogFile
>>> <Log FILE>
>>>    Identifier radiatorLog
>>>    Filename %L/%d.%v.%Y/wireless.log
>>>    Trace   4
>>>    LogMicroseconds
>>> </Log>
>>> <Client DEFAULT>
>>>    Secret whatever
>>>    DupInterval 0
>>> </Client>
>>> <SessionDatabase NULL>
>>>    Identifier Null
>>> </SessionDatabase>
>>> <AuthLog FILE>
>>>    Identifier authLogger
>>>    Filename %L/%d.%v.%Y/wireless.auth
>>>    LogSuccess 1
>>>    LogFailure 1
>>>    SuccessFormat %q %v %e %Y @ %s (child process %O) -> AUTHORIZED
>>> %T
>>> request from %c (nas = %N) for user %U
>>>    FailureFormat %q %v %e %Y @ %s (child process %O) -> DENIED %T
>>> request from %c (nas = %N) for user %U
>>> </AuthLog>
>>> include %{GlobalVar:ConfigDir}/auth.wireless
>>> <Handler TunnelledByPEAP=1>
>>>    AuthBy dm-wifi
>>>    AuthLog authLogger
>>>    Log radiatorLog
>>>    AcctLogFileName %L/%d.%v.%Y/wireless.log
>>> </Handler>
>>> <Handler>
>>>    AuthBy eap-outer
>>>    AuthLog authLogger
>>>    Log radiatorLog
>>>    AcctLogFileName %L/%d.%v.%Y/wireless.log
>>> </Handler>
>>> <AuthBy NTLM>
>>>    Identifier dm-wifi
>>>    NtlmAuthProg /usr/bin/ntlm_auth  --helper-protocol=ntlm-server-1
>>>    DefaultDomain DHE
>>>    EAPType MSCHAP-V2
>>> </AuthBy>
>>> <AuthBy FILE>
>>>    Identifier eap-outer
>>>    Filename %D/users
>>>    EAPType MSCHAP-V2,PEAP,FAST,TLS,TTLS
>>>    EAPTLS_CAFile %{GlobalVar:ConfigDir}/certs/duke.ca.cert
>>>    EAPTLS_CertificateFile
>>> %{GlobalVar:ConfigDir}/certs/wifi-radius1.cert
>>>    EAPTLS_CertificateType PEM
>>>    EAPTLS_PrivateKeyFile
>>> %{GlobalVar:ConfigDir}/certs/wifi-radius1.key
>>>    EAPTLS_PrivateKeyPassword whatever
>>>    EAPTLS_MaxFragmentSize 1000
>>>    AutoMPPEKeys
>>>    EAPTLS_PEAPVersion 1
>>> </AuthBy>
>>>
>>> --8<--
>>>
>>> Tue Feb 28 12:27:59 2012 737876: DEBUG: Packet dump:
>>> *** Received from 10.11.55.232 port 32768 ....
>>> Code:       Access-Request
>>> Identifier: 145
>>> Authentic:  ES<<16><147>F<136><228>l<229>#z<234><212><182><128>
>>> Attributes:
>>>      User-Name = "testUser"
>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>      Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>>>      NAS-Port = 29
>>>      cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>>>      NAS-IP-Address = 10.11.55.232
>>>      NAS-Identifier = "cisco-wism"
>>>      Airespace-WLAN-Id = 7
>>>      Service-Type = Framed-User
>>>      Framed-MTU = 1300
>>>      NAS-Port-Type = Wireless-IEEE-802-11
>>>      Tunnel-Type = 0:VLAN
>>>      Tunnel-Medium-Type = 0:802
>>>      Tunnel-Private-Group-ID = 924
>>>      EAP-Message = <2><9><0>+<25><1><23><3><1><0>
>>>
>>> |<195><27><180>;<16>F<128>"K<158><253>3<141><243>+<216><11><159><183><227><2>6rs<166>f<144><141><244><3><150>
>>>      Message-Authenticator =
>>> <196><237><143><215><203><146>/v<170><219><21><233><214><29>"<193>
>>>
>>> Tue Feb 28 12:27:59 2012 738099: DEBUG: Handling request with
>>> Handler
>>> '', Identifier ''
>>> Tue Feb 28 12:27:59 2012 738216: DEBUG: Handling request with
>>> Handler
>>> '', Identifier ''
>>> Tue Feb 28 12:27:59 2012 738406: DEBUG: Handling with
>>> Radius::AuthFILE: eap-outer
>>> Tue Feb 28 12:27:59 2012 738611: DEBUG: Handling with EAP: code 2,
>>> 9, 43, 25
>>> Tue Feb 28 12:27:59 2012 738738: DEBUG: Response type 25
>>> Tue Feb 28 12:27:59 2012 739078: DEBUG: EAP PEAP inner
>>> authentication
>>> request for anonymous
>>> Tue Feb 28 12:27:59 2012 739300: DEBUG: PEAP Tunnelled request
>>> Packet dump:
>>> Code:       Access-Request
>>> Identifier: UNDEF
>>> Authentic:  <199><244><220><211><14><18>.<159><18>B}<30><209><202>kr
>>> Attributes:
>>>      EAP-Message = <2><0><0><10><1>testUser
>>>      Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>      NAS-IP-Address = 10.11.55.232
>>>      NAS-Identifier = "cisco-wism"
>>>      NAS-Port = 29
>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>      User-Name = "anonymous"
>>>
>>> Tue Feb 28 12:27:59 2012 739446: DEBUG: Handling request with
>>> Handler
>>> 'TunnelledByPEAP=1', Identifier ''
>>> Tue Feb 28 12:27:59 2012 739556: DEBUG: Handling request with
>>> Handler
>>> 'TunnelledByPEAP=1', Identifier ''
>>> Tue Feb 28 12:27:59 2012 739737: DEBUG: Handling with
>>> Radius::AuthNTLM: dm-wifi
>>> Tue Feb 28 12:27:59 2012 739910: DEBUG: Handling with EAP: code 2,
>>> 0, 10, 1
>>> Tue Feb 28 12:27:59 2012 740035: DEBUG: Response type 1
>>> Tue Feb 28 12:27:59 2012 740206: DEBUG: EAP result: 3, EAP MSCHAP-V2
>>> Challenge
>>> Tue Feb 28 12:27:59 2012 740326: DEBUG: AuthBy NTLM result:
>>> CHALLENGE,
>>> EAP MSCHAP-V2 Challenge
>>> Tue Feb 28 12:27:59 2012 740434: DEBUG: AuthBy NTLM result:
>>> CHALLENGE,
>>> EAP MSCHAP-V2 Challenge
>>> Tue Feb 28 12:27:59 2012 740560: DEBUG: Access challenged for
>>> anonymous: EAP MSCHAP-V2 Challenge
>>> Tue Feb 28 12:27:59 2012 740680: DEBUG: Access challenged for
>>> anonymous: EAP MSCHAP-V2 Challenge
>>> Tue Feb 28 12:27:59 2012 740931: DEBUG: Returned PEAP tunnelled
>>> packet dump:
>>> Code:       Access-Challenge
>>> Identifier: UNDEF
>>> Authentic:  <199><244><220><211><14><18>.<159><18>B}<30><209><202>kr
>>> Attributes:
>>>      EAP-Message =
>>> <1><1><0>*<26><1><1><0>%<16><214><185><12><255>~v<196><242>]<176>QX<162><12><128>ywifi-radius-temp
>>>      Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Tue Feb 28 12:27:59 2012 741140: DEBUG: EAP result: 3, EAP PEAP
>>> inner
>>> authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 741267: DEBUG: AuthBy FILE result:
>>> CHALLENGE,
>>> EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 741377: DEBUG: AuthBy FILE result:
>>> CHALLENGE,
>>> EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 741504: DEBUG: Access challenged for
>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 741619: DEBUG: Access challenged for
>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 741984: DEBUG: Packet dump:
>>> *** Sending to 10.11.55.232 port 32768 ....
>>> Code:       Access-Challenge
>>> Identifier: 145
>>> Authentic:  +r<221>"<169>)<140><154>0<188><185><183><167><220>[<23>
>>> Attributes:
>>>      EAP-Message =
>>> <1><10><0>K<25><1><23><3><1><0>@5<212>O<151>\,I<180><210>>7<185>|<18><188>[<218>Y<148><144><231><173>w<180><138><218>c<225><160>=C]n<233><13><196>"o<242><11><165><198><18>&<215>]<242>M<151><159><145><140>'6D<163>a<177><183>W<170>)<129>T
>>>      Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Tue Feb 28 12:27:59 2012 746317: DEBUG: Packet dump:
>>> *** Received from 10.11.55.232 port 32768 ....
>>> Code:       Access-Request
>>> Identifier: 146
>>> Authentic:
>>> <28>2<198><208><212>(<13><254><13><162><148><227><134><229><246><201>
>>> Attributes:
>>>      User-Name = "testUser"
>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>      Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>>>      NAS-Port = 29
>>>      cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>>>      NAS-IP-Address = 10.11.55.232
>>>      NAS-Identifier = "cisco-wism"
>>>      Airespace-WLAN-Id = 7
>>>      Service-Type = Framed-User
>>>      Framed-MTU = 1300
>>>      NAS-Port-Type = Wireless-IEEE-802-11
>>>      Tunnel-Type = 0:VLAN
>>>      Tunnel-Medium-Type = 0:802
>>>      Tunnel-Private-Group-ID = 924
>>>      EAP-Message =
>>> <2><10><0>k<25><1><23><3><1><0>`<229><182>~U<231>LL<224><11><25><145><2>v<140>y?y4<170><224>Q<24>8<169><158>f<184>&<165><166><147>%<253><143>/<224>D<160><202><131>
>>>
>>> <229><203>4<237><2><145>Z@<129><137>$<200><229><218><181><10><235><210><161><133>H!<28>F<205>?<173>:[<184>`<210>)<19><184><21><<187>A4<139><169>t<237>5<7><f<189>QY<195><209>D<141>
>>>      Message-Authenticator =
>>> <30><<150><197>JcR<14><223>lY<161><24>w/<250>
>>>
>>> Tue Feb 28 12:27:59 2012 746562: DEBUG: Handling request with
>>> Handler
>>> '', Identifier ''
>>> Tue Feb 28 12:27:59 2012 746682: DEBUG: Handling request with
>>> Handler
>>> '', Identifier ''
>>> Tue Feb 28 12:27:59 2012 746872: DEBUG: Handling with
>>> Radius::AuthFILE: eap-outer
>>> Tue Feb 28 12:27:59 2012 747078: DEBUG: Handling with EAP: code 2,
>>> 10, 107, 25
>>> Tue Feb 28 12:27:59 2012 747210: DEBUG: Response type 25
>>> Tue Feb 28 12:27:59 2012 747489: DEBUG: EAP PEAP inner
>>> authentication
>>> request for anonymous
>>> Tue Feb 28 12:27:59 2012 747762: DEBUG: PEAP Tunnelled request
>>> Packet dump:
>>> Code:       Access-Request
>>> Identifier: UNDEF
>>> Authentic:  <30>7<160><153><167><133>'<151>KG<136><213>u<30><242><3>
>>> Attributes:
>>>      EAP-Message =
>>> <2><1><0>@<26><2><1><0>;1<190>b<188><197>3Q<236><201><196><174><137>l<16><223><224>h<0><0><0><0><0><0><0><0><232><133><210><161>Jr[<249><233><7><227>7<132><241>x<145>HE<217>=vu<21><233><0>testUser
>>>      Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>      NAS-IP-Address = 10.11.55.232
>>>      NAS-Identifier = "cisco-wism"
>>>      NAS-Port = 29
>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>      User-Name = "anonymous"
>>>
>>> Tue Feb 28 12:27:59 2012 747906: DEBUG: Handling request with
>>> Handler
>>> 'TunnelledByPEAP=1', Identifier ''
>>> Tue Feb 28 12:27:59 2012 748018: DEBUG: Handling request with
>>> Handler
>>> 'TunnelledByPEAP=1', Identifier ''
>>> Tue Feb 28 12:27:59 2012 748192: DEBUG: Handling with
>>> Radius::AuthNTLM: dm-wifi
>>> Tue Feb 28 12:27:59 2012 748362: DEBUG: Handling with EAP: code 2,
>>> 1, 64, 26
>>> Tue Feb 28 12:27:59 2012 748490: DEBUG: Response type 26
>>> Tue Feb 28 12:27:59 2012 748661: DEBUG: Radius::AuthNTLM looks for
>>> match with testUser [anonymous]
>>> Tue Feb 28 12:27:59 2012 748801: DEBUG: Radius::AuthNTLM ACCEPT: :
>>> testUser [anonymous]
>>> Tue Feb 28 12:27:59 2012 749086: DEBUG: Passing attribute
>>> Request-User-Session-Key: Yes
>>> Tue Feb 28 12:27:59 2012 749251: DEBUG: Passing attribute
>>> Request-LanMan-Session-Key: Yes
>>> Tue Feb 28 12:27:59 2012 749395: DEBUG: Passing attribute
>>> LANMAN-Challenge: some-challenge
>>> Tue Feb 28 12:27:59 2012 749542: DEBUG: Passing attribute
>>> NT-Response:
>>> some-response
>>> Tue Feb 28 12:27:59 2012 749687: DEBUG: Passing attribute
>>> NT-Domain::
>>> some-domain
>>> Tue Feb 28 12:27:59 2012 749832: DEBUG: Passing attribute Username::
>>> some-username
>>> Tue Feb 28 12:27:59 2012 754539: DEBUG: Received attribute:
>>> Authenticated: Yes
>>> Tue Feb 28 12:27:59 2012 754685: DEBUG: Received attribute:
>>> User-Session-Key: session-key
>>> Tue Feb 28 12:27:59 2012 754809: DEBUG: Received attribute: .
>>> Tue Feb 28 12:27:59 2012 755114: DEBUG: EAP result: 3, EAP MSCHAP V2
>>> Challenge: Success
>>> Tue Feb 28 12:27:59 2012 755241: DEBUG: AuthBy NTLM result:
>>> CHALLENGE,
>>> EAP MSCHAP V2 Challenge: Success
>>> Tue Feb 28 12:27:59 2012 755351: DEBUG: AuthBy NTLM result:
>>> CHALLENGE,
>>> EAP MSCHAP V2 Challenge: Success
>>> Tue Feb 28 12:27:59 2012 755478: DEBUG: Access challenged for
>>> anonymous: EAP MSCHAP V2 Challenge: Success
>>> Tue Feb 28 12:27:59 2012 755588: DEBUG: Access challenged for
>>> anonymous: EAP MSCHAP V2 Challenge: Success
>>> Tue Feb 28 12:27:59 2012 755815: DEBUG: Returned PEAP tunnelled
>>> packet dump:
>>> Code:       Access-Challenge
>>> Identifier: UNDEF
>>> Authentic:  <30>7<160><153><167><133>'<151>KG<136><213>u<30><242><3>
>>> Attributes:
>>>      EAP-Message =
>>> <1><2><0>=<26><3><1><0>8S=537886D34156194318425B12CE9ED8969124063C
>>> M=success
>>>      Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Tue Feb 28 12:27:59 2012 756011: DEBUG: EAP result: 3, EAP PEAP
>>> inner
>>> authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 756137: DEBUG: AuthBy FILE result:
>>> CHALLENGE,
>>> EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 756247: DEBUG: AuthBy FILE result:
>>> CHALLENGE,
>>> EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 756374: DEBUG: Access challenged for
>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 756485: DEBUG: Access challenged for
>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 756882: DEBUG: Packet dump:
>>> *** Sending to 10.11.55.232 port 32768 ....
>>> Code:       Access-Challenge
>>> Identifier: 146
>>> Authentic:  .<152>4<150><245><134>JV<14><147><241><182><18>}$<26>
>>> Attributes:
>>>      EAP-Message =
>>> <1><11><0>k<25><1><23><3><1><0>`<215>8]<183>m<197>N<250>kl<10><179>y><178><137><183>v<233><<255>{<177>r<207><186><1><9>*<142><207>Rl<31><173><25><237>%*<151><219>ts<16>H<218><169><10><252>eY<245>+<245><213><157>b<202><207><147><237><156>i<15><253><175><204><16><167><239>e<198><175><228>X<175><180><150><184>s<179>4<146>&w<20><203><175><16><155>*<162><133><224><129>-
>>>      Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Tue Feb 28 12:27:59 2012 760841: DEBUG: Packet dump:
>>> *** Received from 10.11.55.232 port 32768 ....
>>> Code:       Access-Request
>>> Identifier: 147
>>> Authentic:
>>> <219><222>T<233><179><159><5>S<22><172><227><160><206>l<162>G
>>> Attributes:
>>>      User-Name = "testUser"
>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>      Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>>>      NAS-Port = 29
>>>      cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>>>      NAS-IP-Address = 10.11.55.232
>>>      NAS-Identifier = "cisco-wism"
>>>      Airespace-WLAN-Id = 7
>>>      Service-Type = Framed-User
>>>      Framed-MTU = 1300
>>>      NAS-Port-Type = Wireless-IEEE-802-11
>>>      Tunnel-Type = 0:VLAN
>>>      Tunnel-Medium-Type = 0:802
>>>      Tunnel-Private-Group-ID = 924
>>>      EAP-Message = <2><11><0>+<25><1><23><3><1><0>
>>>
>>> <12><177><248><244><30><235>n_<205><245>@/<3><224>$Ov$<237><138>+R<245><167>>/<27><134><201>v1<128>
>>>      Message-Authenticator =
>>> <249>=<217><165><5><31>|<7><149>]<201><180><209><187><234><175>
>>>
>>> Tue Feb 28 12:27:59 2012 761081: DEBUG: Handling request with
>>> Handler
>>> '', Identifier ''
>>> Tue Feb 28 12:27:59 2012 761204: DEBUG: Handling request with
>>> Handler
>>> '', Identifier ''
>>> Tue Feb 28 12:27:59 2012 761434: DEBUG: Handling with
>>> Radius::AuthFILE: eap-outer
>>> Tue Feb 28 12:27:59 2012 761631: DEBUG: Handling with EAP: code 2,
>>> 11, 43, 25
>>> Tue Feb 28 12:27:59 2012 761761: DEBUG: Response type 25
>>> Tue Feb 28 12:27:59 2012 762048: DEBUG: EAP PEAP inner
>>> authentication
>>> request for anonymous
>>> Tue Feb 28 12:27:59 2012 762274: DEBUG: PEAP Tunnelled request
>>> Packet dump:
>>> Code:       Access-Request
>>> Identifier: UNDEF
>>> Authentic:
>>> <162><242><137><247><165><197>\<<169><158>L<188>5<1>f<246>
>>> Attributes:
>>>      EAP-Message = <2><2><0><6><26><3>
>>>      Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>      NAS-IP-Address = 10.11.55.232
>>>      NAS-Identifier = "cisco-wism"
>>>      NAS-Port = 29
>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>      User-Name = "anonymous"
>>>
>>> Tue Feb 28 12:27:59 2012 762416: DEBUG: Handling request with
>>> Handler
>>> 'TunnelledByPEAP=1', Identifier ''
>>> Tue Feb 28 12:27:59 2012 762614: DEBUG: Handling request with
>>> Handler
>>> 'TunnelledByPEAP=1', Identifier ''
>>> Tue Feb 28 12:27:59 2012 762809: DEBUG: Handling with
>>> Radius::AuthNTLM: dm-wifi
>>> Tue Feb 28 12:27:59 2012 762984: DEBUG: Handling with EAP: code 2,
>>> 2, 6, 26
>>> Tue Feb 28 12:27:59 2012 763143: DEBUG: Response type 26
>>> Tue Feb 28 12:27:59 2012 763319: DEBUG: EAP result: 0,
>>> Tue Feb 28 12:27:59 2012 763440: DEBUG: AuthBy NTLM result: ACCEPT,
>>> Tue Feb 28 12:27:59 2012 763548: DEBUG: AuthBy NTLM result: ACCEPT,
>>> Tue Feb 28 12:27:59 2012 763677: DEBUG: Access accepted for
>>> anonymous
>>> Tue Feb 28 12:27:59 2012 763788: DEBUG: Access accepted for
>>> anonymous
>>> Tue Feb 28 12:27:59 2012 764183: DEBUG: Returned PEAP tunnelled
>>> packet dump:
>>> Code:       Access-Accept
>>> Identifier: UNDEF
>>> Authentic:
>>> <162><242><137><247><165><197>\<<169><158>L<188>5<1>f<246>
>>> Attributes:
>>>      EAP-Message = <3><2><0><4>
>>>      Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Tue Feb 28 12:27:59 2012 764406: DEBUG: EAP result: 3, EAP PEAP
>>> inner
>>> authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 764535: DEBUG: AuthBy FILE result:
>>> CHALLENGE,
>>> EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 764659: DEBUG: AuthBy FILE result:
>>> CHALLENGE,
>>> EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 764791: DEBUG: Access challenged for
>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 764905: DEBUG: Access challenged for
>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>> Tue Feb 28 12:27:59 2012 765255: DEBUG: Packet dump:
>>> *** Sending to 10.11.55.232 port 32768 ....
>>> Code:       Access-Challenge
>>> Identifier: 147
>>> Authentic:
>>> <241>:\<176><204><154>`O<196><183><201><153><173><8><247><136>
>>> Attributes:
>>>      EAP-Message = <1><12><0>+<25><1><23><3><1><0>
>>>
>>> @l<31><147>[<223><1>`<236><233>~<226><189><208><215>@X<248>a<210><160><213>-<8>].s<148><226><245><217><26>
>>>      Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>
>>> Tue Feb 28 12:27:59 2012 769812: DEBUG: Packet dump:
>>> *** Received from 10.11.55.232 port 32768 ....
>>> Code:       Access-Request
>>> Identifier: 148
>>> Authentic:  <191><247><200>F<176>Q<229>!<235>P<254>g<187><229><228>t
>>> Attributes:
>>>      User-Name = "testUser"
>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>      Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>>>      NAS-Port = 29
>>>      cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>>>      NAS-IP-Address = 10.11.55.232
>>>      NAS-Identifier = "cisco-wism"
>>>      Airespace-WLAN-Id = 7
>>>      Service-Type = Framed-User
>>>      Framed-MTU = 1300
>>>      NAS-Port-Type = Wireless-IEEE-802-11
>>>      Tunnel-Type = 0:VLAN
>>>      Tunnel-Medium-Type = 0:802
>>>      Tunnel-Private-Group-ID = 924
>>>      EAP-Message = <2><12><0>+<25><1><23><3><1><0>
>>>
>>> c<231><169>g(<173><133><225><149>{<193><185><201><139>2<160><20><169>I<253><145><173>)<226>B<22><29>G<222>`6<183>
>>>      Message-Authenticator =
>>> (<217><144>3I<171><10><194><28><15><8><18><242><139><198>W
>>>
>>> Tue Feb 28 12:27:59 2012 770148: DEBUG: Handling request with
>>> Handler
>>> '', Identifier ''
>>> Tue Feb 28 12:27:59 2012 770331: DEBUG: Handling request with
>>> Handler
>>> '', Identifier ''
>>> Tue Feb 28 12:27:59 2012 770707: DEBUG: Handling with
>>> Radius::AuthFILE: eap-outer
>>> Tue Feb 28 12:27:59 2012 770989: DEBUG: Handling with EAP: code 2,
>>> 12, 43, 25
>>> Tue Feb 28 12:27:59 2012 771224: DEBUG: Response type 25
>>> Tue Feb 28 12:27:59 2012 771782: DEBUG: EAP result: 0,
>>> Tue Feb 28 12:27:59 2012 771975: DEBUG: AuthBy FILE result: ACCEPT,
>>> Tue Feb 28 12:27:59 2012 772145: DEBUG: AuthBy FILE result: ACCEPT,
>>> Tue Feb 28 12:27:59 2012 772338: DEBUG: Access accepted for testUser
>>> Tue Feb 28 12:27:59 2012 772508: DEBUG: Access accepted for testUser
>>> Tue Feb 28 12:27:59 2012 773368: DEBUG: Packet dump:
>>> *** Sending to 10.11.55.232 port 32768 ....
>>> Code:       Access-Accept
>>> Identifier: 148
>>> Authentic:  C<196><31><206><169>bF<220>j<237>K<1><183>+c<4>
>>> Attributes:
>>>      EAP-Message = <3><12><0><4>
>>>      Message-Authenticator =
>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>      MS-MPPE-Send-Key =
>>>
>>> <131>9<217>1<158><174><131>q><23>)<182><132>*<175><161>><26>I<187><143>t<217><26><245><14>;<167>%;W<200>
>>>      MS-MPPE-Recv-Key =
>>>
>>> <193>$B<0>sn"<10><190>_U<221>1<173>#<153><7><198>+5<188>}<200>F<251>|^<230><218>G)<175>
>>>
>>> -->8--
>>>
>>> Thoughts on what may be happening? I can't seem to find anything on
>>> the web about this, but I'm also hard-pressed to believe we're the
>>> only folks that have run into this. The client simply refuses to
>>> connect. It's worth noting that OS X indicates the client is
>>> "connected" with a self-assigned 169.x.x.x IP address, but the logs
>>> really indicate that en1 (the wireless interface) continues to go
>>> up/down and re-attempt authentication.
>>>
>>> Any help would be greatly appreciated.
>>>
>>> -james
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>> JANET(UK) is a trading name of The JNT Association, a company limited
>> by guarantee which is registered in England under No. 2881024
>> and whose Registered Office is at Lumen House, Library Avenue,
>> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


More information about the radiator mailing list