[RADIATOR] eap + apple products - failed auth

chema chema at uniovi.es
Tue Feb 28 13:25:32 CST 2012


 Hi, now i can´t remember exactly the differences between the two types. 
 Among others, it relates to the inner capabilities of the authentication 
 protocol.
 Keep in mind that is only used for authentication, which is protected 
 also by the wireless methods on the air (WPA, WPA2, etc). I don't think 
 it's a security hole. I mean, there are some protection layers in the 
 process. You must secure the air using something like WPA2, the channel 
 between the NAS and Radius using shared secrets, protected vlans, SSL 
 tunnels, the way between APs and NAS, and so ... PEAP protects the inner 
 authentication inside the other layers.

 On Tue, 28 Feb 2012 13:10:40 -0500, James wrote:
> Yes, setting the EAPTLS_PEAPVersion set to '0' seems to work.
>
> Does this result in any sort of "less secure" communications? What is
> the difference between the two PEAP draft versions?
>
> -james
>
>
> On Tue, Feb 28, 2012 at 13:06, chema <chema at uniovi.es> wrote:
>>  Hi,
>>
>>  Sometime ago, we had the same problem, and our solution was making 
>> this
>>  change (EAPTLS_PEAPVersion to 0). We had no previous problems using
>>  PAP/TTLS.
>>  Hope you can solve this. Regards
>>
>>  On Tue, 28 Feb 2012 17:48:53 +0000, Adam Bishop wrote:
>>> Hi,
>>>
>>> Try setting EAPTLS_PEAPVersion as 0 instead of 1 - been a while 
>>> since
>>> I wrote my configuration but I think that was the value that made 
>>> OS
>>> X
>>> and iOS clients work for me.
>>>
>>> Regards,
>>>
>>> Adam Bishop
>>>
>>> On 28 Feb 2012, at 17:38, James wrote:
>>>
>>>> All,
>>>>
>>>> I'm facing a pretty weird problem while trying to set up EAP
>>>> authentication. Windows and Linux devices seem to work fine 
>>>> without
>>>> issues -- the clients are prompted to authenticate, accept the
>>>> certificate, and then they're successfully auth'ed and hop onto 
>>>> the
>>>> wireless network.
>>>>
>>>> Apple products (OS X, iPad and iPod) seem to have a strange issue,
>>>> however: Radiator sends an Access-Accept, the client sees that
>>>> authentication was successful, but the client will disconnect and
>>>> then
>>>> reconnect ensuing in an authentication loop. Logs on OS X indicate
>>>> that authentication *IS* successful, but the operating system
>>>> eventually reports a timeout in the 4-way handshake.
>>>>
>>>> Here's the Radiator configuration:
>>>>
>>>> -->8--
>>>>
>>>> DefineFormattedGlobalVar    ConfigDir   /opt/radiator/config
>>>> LogDir  /opt/radiator/logs
>>>> DbDir   /opt/radiator/db
>>>> Trace   4
>>>> AuthPort 1645
>>>> AcctPort 1646
>>>> PidFile  %L/wireless.pid
>>>> LogFile
>>>> <Log FILE>
>>>>    Identifier radiatorLog
>>>>    Filename %L/%d.%v.%Y/wireless.log
>>>>    Trace   4
>>>>    LogMicroseconds
>>>> </Log>
>>>> <Client DEFAULT>
>>>>    Secret whatever
>>>>    DupInterval 0
>>>> </Client>
>>>> <SessionDatabase NULL>
>>>>    Identifier Null
>>>> </SessionDatabase>
>>>> <AuthLog FILE>
>>>>    Identifier authLogger
>>>>    Filename %L/%d.%v.%Y/wireless.auth
>>>>    LogSuccess 1
>>>>    LogFailure 1
>>>>    SuccessFormat %q %v %e %Y @ %s (child process %O) -> AUTHORIZED
>>>> %T
>>>> request from %c (nas = %N) for user %U
>>>>    FailureFormat %q %v %e %Y @ %s (child process %O) -> DENIED %T
>>>> request from %c (nas = %N) for user %U
>>>> </AuthLog>
>>>> include %{GlobalVar:ConfigDir}/auth.wireless
>>>> <Handler TunnelledByPEAP=1>
>>>>    AuthBy dm-wifi
>>>>    AuthLog authLogger
>>>>    Log radiatorLog
>>>>    AcctLogFileName %L/%d.%v.%Y/wireless.log
>>>> </Handler>
>>>> <Handler>
>>>>    AuthBy eap-outer
>>>>    AuthLog authLogger
>>>>    Log radiatorLog
>>>>    AcctLogFileName %L/%d.%v.%Y/wireless.log
>>>> </Handler>
>>>> <AuthBy NTLM>
>>>>    Identifier dm-wifi
>>>>    NtlmAuthProg /usr/bin/ntlm_auth 
>>>>  --helper-protocol=ntlm-server-1
>>>>    DefaultDomain DHE
>>>>    EAPType MSCHAP-V2
>>>> </AuthBy>
>>>> <AuthBy FILE>
>>>>    Identifier eap-outer
>>>>    Filename %D/users
>>>>    EAPType MSCHAP-V2,PEAP,FAST,TLS,TTLS
>>>>    EAPTLS_CAFile %{GlobalVar:ConfigDir}/certs/duke.ca.cert
>>>>    EAPTLS_CertificateFile
>>>> %{GlobalVar:ConfigDir}/certs/wifi-radius1.cert
>>>>    EAPTLS_CertificateType PEM
>>>>    EAPTLS_PrivateKeyFile
>>>> %{GlobalVar:ConfigDir}/certs/wifi-radius1.key
>>>>    EAPTLS_PrivateKeyPassword whatever
>>>>    EAPTLS_MaxFragmentSize 1000
>>>>    AutoMPPEKeys
>>>>    EAPTLS_PEAPVersion 1
>>>> </AuthBy>
>>>>
>>>> --8<--
>>>>
>>>> Tue Feb 28 12:27:59 2012 737876: DEBUG: Packet dump:
>>>> *** Received from 10.11.55.232 port 32768 ....
>>>> Code:       Access-Request
>>>> Identifier: 145
>>>> Authentic:  ES<<16><147>F<136><228>l<229>#z<234><212><182><128>
>>>> Attributes:
>>>>      User-Name = "testUser"
>>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>>      Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>>>>      NAS-Port = 29
>>>>      cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>>>>      NAS-IP-Address = 10.11.55.232
>>>>      NAS-Identifier = "cisco-wism"
>>>>      Airespace-WLAN-Id = 7
>>>>      Service-Type = Framed-User
>>>>      Framed-MTU = 1300
>>>>      NAS-Port-Type = Wireless-IEEE-802-11
>>>>      Tunnel-Type = 0:VLAN
>>>>      Tunnel-Medium-Type = 0:802
>>>>      Tunnel-Private-Group-ID = 924
>>>>      EAP-Message = <2><9><0>+<25><1><23><3><1><0>
>>>>
>>>> 
>>>> |<195><27><180>;<16>F<128>"K<158><253>3<141><243>+<216><11><159><183><227><2>6rs<166>f<144><141><244><3><150>
>>>>      Message-Authenticator =
>>>> <196><237><143><215><203><146>/v<170><219><21><233><214><29>"<193>
>>>>
>>>> Tue Feb 28 12:27:59 2012 738099: DEBUG: Handling request with
>>>> Handler
>>>> '', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 738216: DEBUG: Handling request with
>>>> Handler
>>>> '', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 738406: DEBUG: Handling with
>>>> Radius::AuthFILE: eap-outer
>>>> Tue Feb 28 12:27:59 2012 738611: DEBUG: Handling with EAP: code 2,
>>>> 9, 43, 25
>>>> Tue Feb 28 12:27:59 2012 738738: DEBUG: Response type 25
>>>> Tue Feb 28 12:27:59 2012 739078: DEBUG: EAP PEAP inner
>>>> authentication
>>>> request for anonymous
>>>> Tue Feb 28 12:27:59 2012 739300: DEBUG: PEAP Tunnelled request
>>>> Packet dump:
>>>> Code:       Access-Request
>>>> Identifier: UNDEF
>>>> Authentic: 
>>>>  <199><244><220><211><14><18>.<159><18>B}<30><209><202>kr
>>>> Attributes:
>>>>      EAP-Message = <2><0><0><10><1>testUser
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>      NAS-IP-Address = 10.11.55.232
>>>>      NAS-Identifier = "cisco-wism"
>>>>      NAS-Port = 29
>>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>>      User-Name = "anonymous"
>>>>
>>>> Tue Feb 28 12:27:59 2012 739446: DEBUG: Handling request with
>>>> Handler
>>>> 'TunnelledByPEAP=1', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 739556: DEBUG: Handling request with
>>>> Handler
>>>> 'TunnelledByPEAP=1', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 739737: DEBUG: Handling with
>>>> Radius::AuthNTLM: dm-wifi
>>>> Tue Feb 28 12:27:59 2012 739910: DEBUG: Handling with EAP: code 2,
>>>> 0, 10, 1
>>>> Tue Feb 28 12:27:59 2012 740035: DEBUG: Response type 1
>>>> Tue Feb 28 12:27:59 2012 740206: DEBUG: EAP result: 3, EAP 
>>>> MSCHAP-V2
>>>> Challenge
>>>> Tue Feb 28 12:27:59 2012 740326: DEBUG: AuthBy NTLM result:
>>>> CHALLENGE,
>>>> EAP MSCHAP-V2 Challenge
>>>> Tue Feb 28 12:27:59 2012 740434: DEBUG: AuthBy NTLM result:
>>>> CHALLENGE,
>>>> EAP MSCHAP-V2 Challenge
>>>> Tue Feb 28 12:27:59 2012 740560: DEBUG: Access challenged for
>>>> anonymous: EAP MSCHAP-V2 Challenge
>>>> Tue Feb 28 12:27:59 2012 740680: DEBUG: Access challenged for
>>>> anonymous: EAP MSCHAP-V2 Challenge
>>>> Tue Feb 28 12:27:59 2012 740931: DEBUG: Returned PEAP tunnelled
>>>> packet dump:
>>>> Code:       Access-Challenge
>>>> Identifier: UNDEF
>>>> Authentic: 
>>>>  <199><244><220><211><14><18>.<159><18>B}<30><209><202>kr
>>>> Attributes:
>>>>      EAP-Message =
>>>> 
>>>> <1><1><0>*<26><1><1><0>%<16><214><185><12><255>~v<196><242>]<176>QX<162><12><128>ywifi-radius-temp
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Tue Feb 28 12:27:59 2012 741140: DEBUG: EAP result: 3, EAP PEAP
>>>> inner
>>>> authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 741267: DEBUG: AuthBy FILE result:
>>>> CHALLENGE,
>>>> EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 741377: DEBUG: AuthBy FILE result:
>>>> CHALLENGE,
>>>> EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 741504: DEBUG: Access challenged for
>>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 741619: DEBUG: Access challenged for
>>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 741984: DEBUG: Packet dump:
>>>> *** Sending to 10.11.55.232 port 32768 ....
>>>> Code:       Access-Challenge
>>>> Identifier: 145
>>>> Authentic: 
>>>>  +r<221>"<169>)<140><154>0<188><185><183><167><220>[<23>
>>>> Attributes:
>>>>      EAP-Message =
>>>> 
>>>> <1><10><0>K<25><1><23><3><1><0>@5<212>O<151>\,I<180><210>>7<185>|<18><188>[<218>Y<148><144><231><173>w<180><138><218>c<225><160>=C]n<233><13><196>"o<242><11><165><198><18>&<215>]<242>M<151><159><145><140>'6D<163>a<177><183>W<170>)<129>T
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Tue Feb 28 12:27:59 2012 746317: DEBUG: Packet dump:
>>>> *** Received from 10.11.55.232 port 32768 ....
>>>> Code:       Access-Request
>>>> Identifier: 146
>>>> Authentic:
>>>> 
>>>> <28>2<198><208><212>(<13><254><13><162><148><227><134><229><246><201>
>>>> Attributes:
>>>>      User-Name = "testUser"
>>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>>      Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>>>>      NAS-Port = 29
>>>>      cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>>>>      NAS-IP-Address = 10.11.55.232
>>>>      NAS-Identifier = "cisco-wism"
>>>>      Airespace-WLAN-Id = 7
>>>>      Service-Type = Framed-User
>>>>      Framed-MTU = 1300
>>>>      NAS-Port-Type = Wireless-IEEE-802-11
>>>>      Tunnel-Type = 0:VLAN
>>>>      Tunnel-Medium-Type = 0:802
>>>>      Tunnel-Private-Group-ID = 924
>>>>      EAP-Message =
>>>> 
>>>> <2><10><0>k<25><1><23><3><1><0>`<229><182>~U<231>LL<224><11><25><145><2>v<140>y?y4<170><224>Q<24>8<169><158>f<184>&<165><166><147>%<253><143>/<224>D<160><202><131>
>>>>
>>>> 
>>>> <229><203>4<237><2><145>Z@<129><137>$<200><229><218><181><10><235><210><161><133>H!<28>F<205>?<173>:[<184>`<210>)<19><184><21><<187>A4<139><169>t<237>5<7><f<189>QY<195><209>D<141>
>>>>      Message-Authenticator =
>>>> <30><<150><197>JcR<14><223>lY<161><24>w/<250>
>>>>
>>>> Tue Feb 28 12:27:59 2012 746562: DEBUG: Handling request with
>>>> Handler
>>>> '', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 746682: DEBUG: Handling request with
>>>> Handler
>>>> '', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 746872: DEBUG: Handling with
>>>> Radius::AuthFILE: eap-outer
>>>> Tue Feb 28 12:27:59 2012 747078: DEBUG: Handling with EAP: code 2,
>>>> 10, 107, 25
>>>> Tue Feb 28 12:27:59 2012 747210: DEBUG: Response type 25
>>>> Tue Feb 28 12:27:59 2012 747489: DEBUG: EAP PEAP inner
>>>> authentication
>>>> request for anonymous
>>>> Tue Feb 28 12:27:59 2012 747762: DEBUG: PEAP Tunnelled request
>>>> Packet dump:
>>>> Code:       Access-Request
>>>> Identifier: UNDEF
>>>> Authentic: 
>>>>  <30>7<160><153><167><133>'<151>KG<136><213>u<30><242><3>
>>>> Attributes:
>>>>      EAP-Message =
>>>> 
>>>> <2><1><0>@<26><2><1><0>;1<190>b<188><197>3Q<236><201><196><174><137>l<16><223><224>h<0><0><0><0><0><0><0><0><232><133><210><161>Jr[<249><233><7><227>7<132><241>x<145>HE<217>=vu<21><233><0>testUser
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>      NAS-IP-Address = 10.11.55.232
>>>>      NAS-Identifier = "cisco-wism"
>>>>      NAS-Port = 29
>>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>>      User-Name = "anonymous"
>>>>
>>>> Tue Feb 28 12:27:59 2012 747906: DEBUG: Handling request with
>>>> Handler
>>>> 'TunnelledByPEAP=1', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 748018: DEBUG: Handling request with
>>>> Handler
>>>> 'TunnelledByPEAP=1', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 748192: DEBUG: Handling with
>>>> Radius::AuthNTLM: dm-wifi
>>>> Tue Feb 28 12:27:59 2012 748362: DEBUG: Handling with EAP: code 2,
>>>> 1, 64, 26
>>>> Tue Feb 28 12:27:59 2012 748490: DEBUG: Response type 26
>>>> Tue Feb 28 12:27:59 2012 748661: DEBUG: Radius::AuthNTLM looks for
>>>> match with testUser [anonymous]
>>>> Tue Feb 28 12:27:59 2012 748801: DEBUG: Radius::AuthNTLM ACCEPT: :
>>>> testUser [anonymous]
>>>> Tue Feb 28 12:27:59 2012 749086: DEBUG: Passing attribute
>>>> Request-User-Session-Key: Yes
>>>> Tue Feb 28 12:27:59 2012 749251: DEBUG: Passing attribute
>>>> Request-LanMan-Session-Key: Yes
>>>> Tue Feb 28 12:27:59 2012 749395: DEBUG: Passing attribute
>>>> LANMAN-Challenge: some-challenge
>>>> Tue Feb 28 12:27:59 2012 749542: DEBUG: Passing attribute
>>>> NT-Response:
>>>> some-response
>>>> Tue Feb 28 12:27:59 2012 749687: DEBUG: Passing attribute
>>>> NT-Domain::
>>>> some-domain
>>>> Tue Feb 28 12:27:59 2012 749832: DEBUG: Passing attribute 
>>>> Username::
>>>> some-username
>>>> Tue Feb 28 12:27:59 2012 754539: DEBUG: Received attribute:
>>>> Authenticated: Yes
>>>> Tue Feb 28 12:27:59 2012 754685: DEBUG: Received attribute:
>>>> User-Session-Key: session-key
>>>> Tue Feb 28 12:27:59 2012 754809: DEBUG: Received attribute: .
>>>> Tue Feb 28 12:27:59 2012 755114: DEBUG: EAP result: 3, EAP MSCHAP 
>>>> V2
>>>> Challenge: Success
>>>> Tue Feb 28 12:27:59 2012 755241: DEBUG: AuthBy NTLM result:
>>>> CHALLENGE,
>>>> EAP MSCHAP V2 Challenge: Success
>>>> Tue Feb 28 12:27:59 2012 755351: DEBUG: AuthBy NTLM result:
>>>> CHALLENGE,
>>>> EAP MSCHAP V2 Challenge: Success
>>>> Tue Feb 28 12:27:59 2012 755478: DEBUG: Access challenged for
>>>> anonymous: EAP MSCHAP V2 Challenge: Success
>>>> Tue Feb 28 12:27:59 2012 755588: DEBUG: Access challenged for
>>>> anonymous: EAP MSCHAP V2 Challenge: Success
>>>> Tue Feb 28 12:27:59 2012 755815: DEBUG: Returned PEAP tunnelled
>>>> packet dump:
>>>> Code:       Access-Challenge
>>>> Identifier: UNDEF
>>>> Authentic: 
>>>>  <30>7<160><153><167><133>'<151>KG<136><213>u<30><242><3>
>>>> Attributes:
>>>>      EAP-Message =
>>>> <1><2><0>=<26><3><1><0>8S=537886D34156194318425B12CE9ED8969124063C
>>>> M=success
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Tue Feb 28 12:27:59 2012 756011: DEBUG: EAP result: 3, EAP PEAP
>>>> inner
>>>> authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 756137: DEBUG: AuthBy FILE result:
>>>> CHALLENGE,
>>>> EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 756247: DEBUG: AuthBy FILE result:
>>>> CHALLENGE,
>>>> EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 756374: DEBUG: Access challenged for
>>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 756485: DEBUG: Access challenged for
>>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 756882: DEBUG: Packet dump:
>>>> *** Sending to 10.11.55.232 port 32768 ....
>>>> Code:       Access-Challenge
>>>> Identifier: 146
>>>> Authentic:  .<152>4<150><245><134>JV<14><147><241><182><18>}$<26>
>>>> Attributes:
>>>>      EAP-Message =
>>>> 
>>>> <1><11><0>k<25><1><23><3><1><0>`<215>8]<183>m<197>N<250>kl<10><179>y><178><137><183>v<233><<255>{<177>r<207><186><1><9>*<142><207>Rl<31><173><25><237>%*<151><219>ts<16>H<218><169><10><252>eY<245>+<245><213><157>b<202><207><147><237><156>i<15><253><175><204><16><167><239>e<198><175><228>X<175><180><150><184>s<179>4<146>&w<20><203><175><16><155>*<162><133><224><129>-
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Tue Feb 28 12:27:59 2012 760841: DEBUG: Packet dump:
>>>> *** Received from 10.11.55.232 port 32768 ....
>>>> Code:       Access-Request
>>>> Identifier: 147
>>>> Authentic:
>>>> <219><222>T<233><179><159><5>S<22><172><227><160><206>l<162>G
>>>> Attributes:
>>>>      User-Name = "testUser"
>>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>>      Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>>>>      NAS-Port = 29
>>>>      cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>>>>      NAS-IP-Address = 10.11.55.232
>>>>      NAS-Identifier = "cisco-wism"
>>>>      Airespace-WLAN-Id = 7
>>>>      Service-Type = Framed-User
>>>>      Framed-MTU = 1300
>>>>      NAS-Port-Type = Wireless-IEEE-802-11
>>>>      Tunnel-Type = 0:VLAN
>>>>      Tunnel-Medium-Type = 0:802
>>>>      Tunnel-Private-Group-ID = 924
>>>>      EAP-Message = <2><11><0>+<25><1><23><3><1><0>
>>>>
>>>> 
>>>> <12><177><248><244><30><235>n_<205><245>@/<3><224>$Ov$<237><138>+R<245><167>>/<27><134><201>v1<128>
>>>>      Message-Authenticator =
>>>> <249>=<217><165><5><31>|<7><149>]<201><180><209><187><234><175>
>>>>
>>>> Tue Feb 28 12:27:59 2012 761081: DEBUG: Handling request with
>>>> Handler
>>>> '', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 761204: DEBUG: Handling request with
>>>> Handler
>>>> '', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 761434: DEBUG: Handling with
>>>> Radius::AuthFILE: eap-outer
>>>> Tue Feb 28 12:27:59 2012 761631: DEBUG: Handling with EAP: code 2,
>>>> 11, 43, 25
>>>> Tue Feb 28 12:27:59 2012 761761: DEBUG: Response type 25
>>>> Tue Feb 28 12:27:59 2012 762048: DEBUG: EAP PEAP inner
>>>> authentication
>>>> request for anonymous
>>>> Tue Feb 28 12:27:59 2012 762274: DEBUG: PEAP Tunnelled request
>>>> Packet dump:
>>>> Code:       Access-Request
>>>> Identifier: UNDEF
>>>> Authentic:
>>>> <162><242><137><247><165><197>\<<169><158>L<188>5<1>f<246>
>>>> Attributes:
>>>>      EAP-Message = <2><2><0><6><26><3>
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>      NAS-IP-Address = 10.11.55.232
>>>>      NAS-Identifier = "cisco-wism"
>>>>      NAS-Port = 29
>>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>>      User-Name = "anonymous"
>>>>
>>>> Tue Feb 28 12:27:59 2012 762416: DEBUG: Handling request with
>>>> Handler
>>>> 'TunnelledByPEAP=1', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 762614: DEBUG: Handling request with
>>>> Handler
>>>> 'TunnelledByPEAP=1', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 762809: DEBUG: Handling with
>>>> Radius::AuthNTLM: dm-wifi
>>>> Tue Feb 28 12:27:59 2012 762984: DEBUG: Handling with EAP: code 2,
>>>> 2, 6, 26
>>>> Tue Feb 28 12:27:59 2012 763143: DEBUG: Response type 26
>>>> Tue Feb 28 12:27:59 2012 763319: DEBUG: EAP result: 0,
>>>> Tue Feb 28 12:27:59 2012 763440: DEBUG: AuthBy NTLM result: 
>>>> ACCEPT,
>>>> Tue Feb 28 12:27:59 2012 763548: DEBUG: AuthBy NTLM result: 
>>>> ACCEPT,
>>>> Tue Feb 28 12:27:59 2012 763677: DEBUG: Access accepted for
>>>> anonymous
>>>> Tue Feb 28 12:27:59 2012 763788: DEBUG: Access accepted for
>>>> anonymous
>>>> Tue Feb 28 12:27:59 2012 764183: DEBUG: Returned PEAP tunnelled
>>>> packet dump:
>>>> Code:       Access-Accept
>>>> Identifier: UNDEF
>>>> Authentic:
>>>> <162><242><137><247><165><197>\<<169><158>L<188>5<1>f<246>
>>>> Attributes:
>>>>      EAP-Message = <3><2><0><4>
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Tue Feb 28 12:27:59 2012 764406: DEBUG: EAP result: 3, EAP PEAP
>>>> inner
>>>> authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 764535: DEBUG: AuthBy FILE result:
>>>> CHALLENGE,
>>>> EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 764659: DEBUG: AuthBy FILE result:
>>>> CHALLENGE,
>>>> EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 764791: DEBUG: Access challenged for
>>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 764905: DEBUG: Access challenged for
>>>> testUser: EAP PEAP inner authentication redispatched to a Handler
>>>> Tue Feb 28 12:27:59 2012 765255: DEBUG: Packet dump:
>>>> *** Sending to 10.11.55.232 port 32768 ....
>>>> Code:       Access-Challenge
>>>> Identifier: 147
>>>> Authentic:
>>>> <241>:\<176><204><154>`O<196><183><201><153><173><8><247><136>
>>>> Attributes:
>>>>      EAP-Message = <1><12><0>+<25><1><23><3><1><0>
>>>>
>>>> 
>>>> @l<31><147>[<223><1>`<236><233>~<226><189><208><215>@X<248>a<210><160><213>-<8>].s<148><226><245><217><26>
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>
>>>> Tue Feb 28 12:27:59 2012 769812: DEBUG: Packet dump:
>>>> *** Received from 10.11.55.232 port 32768 ....
>>>> Code:       Access-Request
>>>> Identifier: 148
>>>> Authentic: 
>>>>  <191><247><200>F<176>Q<229>!<235>P<254>g<187><229><228>t
>>>> Attributes:
>>>>      User-Name = "testUser"
>>>>      Calling-Station-Id = "b3-dd-ae-87-22-b3"
>>>>      Called-Station-Id = "bb-3d-b3-ae-00-b0:test"
>>>>      NAS-Port = 29
>>>>      cisco-avpair = "audit-session-id=0abff816000000f84f4d0bcd"
>>>>      NAS-IP-Address = 10.11.55.232
>>>>      NAS-Identifier = "cisco-wism"
>>>>      Airespace-WLAN-Id = 7
>>>>      Service-Type = Framed-User
>>>>      Framed-MTU = 1300
>>>>      NAS-Port-Type = Wireless-IEEE-802-11
>>>>      Tunnel-Type = 0:VLAN
>>>>      Tunnel-Medium-Type = 0:802
>>>>      Tunnel-Private-Group-ID = 924
>>>>      EAP-Message = <2><12><0>+<25><1><23><3><1><0>
>>>>
>>>> 
>>>> c<231><169>g(<173><133><225><149>{<193><185><201><139>2<160><20><169>I<253><145><173>)<226>B<22><29>G<222>`6<183>
>>>>      Message-Authenticator =
>>>> (<217><144>3I<171><10><194><28><15><8><18><242><139><198>W
>>>>
>>>> Tue Feb 28 12:27:59 2012 770148: DEBUG: Handling request with
>>>> Handler
>>>> '', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 770331: DEBUG: Handling request with
>>>> Handler
>>>> '', Identifier ''
>>>> Tue Feb 28 12:27:59 2012 770707: DEBUG: Handling with
>>>> Radius::AuthFILE: eap-outer
>>>> Tue Feb 28 12:27:59 2012 770989: DEBUG: Handling with EAP: code 2,
>>>> 12, 43, 25
>>>> Tue Feb 28 12:27:59 2012 771224: DEBUG: Response type 25
>>>> Tue Feb 28 12:27:59 2012 771782: DEBUG: EAP result: 0,
>>>> Tue Feb 28 12:27:59 2012 771975: DEBUG: AuthBy FILE result: 
>>>> ACCEPT,
>>>> Tue Feb 28 12:27:59 2012 772145: DEBUG: AuthBy FILE result: 
>>>> ACCEPT,
>>>> Tue Feb 28 12:27:59 2012 772338: DEBUG: Access accepted for 
>>>> testUser
>>>> Tue Feb 28 12:27:59 2012 772508: DEBUG: Access accepted for 
>>>> testUser
>>>> Tue Feb 28 12:27:59 2012 773368: DEBUG: Packet dump:
>>>> *** Sending to 10.11.55.232 port 32768 ....
>>>> Code:       Access-Accept
>>>> Identifier: 148
>>>> Authentic:  C<196><31><206><169>bF<220>j<237>K<1><183>+c<4>
>>>> Attributes:
>>>>      EAP-Message = <3><12><0><4>
>>>>      Message-Authenticator =
>>>> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>>>>      MS-MPPE-Send-Key =
>>>>
>>>> 
>>>> <131>9<217>1<158><174><131>q><23>)<182><132>*<175><161>><26>I<187><143>t<217><26><245><14>;<167>%;W<200>
>>>>      MS-MPPE-Recv-Key =
>>>>
>>>> 
>>>> <193>$B<0>sn"<10><190>_U<221>1<173>#<153><7><198>+5<188>}<200>F<251>|^<230><218>G)<175>
>>>>
>>>> -->8--
>>>>
>>>> Thoughts on what may be happening? I can't seem to find anything 
>>>> on
>>>> the web about this, but I'm also hard-pressed to believe we're the
>>>> only folks that have run into this. The client simply refuses to
>>>> connect. It's worth noting that OS X indicates the client is
>>>> "connected" with a self-assigned 169.x.x.x IP address, but the 
>>>> logs
>>>> really indicate that en1 (the wireless interface) continues to go
>>>> up/down and re-attempt authentication.
>>>>
>>>> Any help would be greatly appreciated.
>>>>
>>>> -james
>>>> _______________________________________________
>>>> radiator mailing list
>>>> radiator at open.com.au
>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>
>>>
>>> JANET(UK) is a trading name of The JNT Association, a company 
>>> limited
>>> by guarantee which is registered in England under No. 2881024
>>> and whose Registered Office is at Lumen House, Library Avenue,
>>> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
>>>
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator



More information about the radiator mailing list