[RADIATOR] Eduroam, Radiator and MS NPS

Heikki Vatiainen hvn at open.com.au
Mon Jul 9 15:58:28 CDT 2012


On 07/08/2012 04:37 PM, Safonov Roman wrote:

> Now we have WPA-2 Enterprise wireless network that authenticated with
> Windows NPS/AD. We use Juniper wireless controller and it works as PEAP
> off-load so I don’t need to use Radiator as PEAP server because I
> receive MSCHAP credentials to Radiator and according to a realm
> (subdomain) forward them to an appropriate MS NPS.
> 
> We have 25-30 subdomains so I’ve built Radiator with realms for each
> subdomain and it works.
> 
> Now I need to connect Eduroam to this scheme. But Eduroam sends to me
> all data (outer, inner etc.) and I need to work as full PEAP-MSCHAP server.
> 
> OK. I’ve built one more proxy Radiator server (for tests) and it
> forwards RADIUS-MSCHAP requests to the main Radiator. And here I receive
> “Request Denied”.

>From the log:

Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 2, EAP MSCHAP-V2 unknown
mschaptype 3

The client is sending unexpected tunnelled EAP-MSCHAP-V2 success.

Can you try without 'Fork' and 'Synchronous' options? They should not be
needed. If it does not work after that, please send a log showing what
happens.

Thanks,
Heikki


> Below my radius.cfg file:
> 
> <Handler ConvertedFromEAPMSCHAPV2=1>
> 
>         <AuthBy RADIUS>
> 
>                 Fork
> 
>                 Synchronous
> 
>                 Host 132.68.7.4
> 
>                 Secret test
> 
>                 AuthPort 1812
> 
>                 AcctPort 1813
> 
>                 Retries 0
> 
>                 RetryTimeout 2
> 
>                 StripFromRequest ConvertedFromEAPMSCHAPV2
> 
>         </AuthBy>
> 
> </Handler>
> 
> <Handler TunnelledByPEAP=1>
> 
>         <AuthBy FILE>
> 
>                 EAPType MSCHAP-V2
> 
>                 EAP_PEAP_MSCHAP_Convert 1
> 
>         </AuthBy>
> 
> </Handler>
> 
> <Handler>
> 
>         <AuthBy FILE>
> 
>                 # file containing the word "anonymous" w/o quotes on its
> own line
> 
>                 Filename %D/outer_auth
> 
>                 AutoMPPEKeys
> 
>                 EAPType PEAP,MSCHAP-V2
> 
>                 EAPTLS_CAFile %D/romansca/ca/ca-crt.pem
> 
>                 EAPTLS_CertificateFile %D/romansca/server-crt.pem
> 
>                 EAPTLS_PrivateKeyFile %D/romansca/server-key.pem
> 
>                 EAPTLS_CertificateType PEM
> 
>                 EAPTLS_PrivateKeyPassword whatever
> 
>                 EAPTLS_MaxFragmentSize 1024
> 
>                 EAPTLS_PEAPVersion 0
> 
>                 EAPTTLS_NoAckRequired
> 
>         </AuthBy>
> 
> </Handler>
> 
>  
> 
> And log. It’s very long – sorry. From log I see that main Radiator
> (132.68.7.4) answers Access-Accept but in the end I receive Reject in
> any case and can’t connect. What’s wrong?
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 174
> 
> Authentic:  H<244><164><221><1><222>!]<4><227><127><17>"<244><7>b
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         EAP-Message = <2><1><0><14><1>romans at cc
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> !&De<228>}<147><151><200><24><232><146><192><199><149>J
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 1, 14, 1
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 1
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 174
> 
> Authentic:  <15>ga<222>'`<4><143><232><196>S.<236><128>9<154>
> 
> Attributes:
> 
>         EAP-Message = <1><2><0><6><25>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 175
> 
> Authentic: 
> <158>U<171>Y<210><25><192><199><224><165><215><219><208><138><142><217>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message =
> <2><2><0>j<25><0><22><3><1><0>_<1><0><0>[<3><1>O<249>{<247>g&<191><161><27><203><<176><198><7><237><239><249><202>:<181>e+<189><211><190>i(<227><160><21>}<157><0><0>4<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/<0>f<0><5><0><4><0>e<0>d<0>c<0>b<0>a<0>`<0><21><0><18><0><9><0><20><0><17><0><8><0><6><0><3><1><0>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <144><10><231><149>V<212><135><206><154><209>1G]<156>x#
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 2, 106, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 175
> 
> Authentic:  N<208>;l<236>!<129><240><239><219>o<141>]<234>:<237>
> 
> Attributes:
> 
>         EAP-Message =
> <1><3><4><10><25><192><0><0><12><143><22><3><1><0>J<2><0><0>F<3><1>O<249>{<242>e<231><6><24><183><21><198>h<29><202>.<193><187><250><8><14><170>)n1<156><229><240>E<215>?E<220>
> <211><207><213>/v8U<246><242>f<31><245><148>P<254>}<217>4<133><168>5.<229>p<241>O<7><167><220>?
> #<0>5<0><22><3><1><12>2<11><0><12>.<0><12>+<0><5><152>0<130><5><148>0<130><3>|<2><1><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><137>1<11>0<9><6><3>U<4><6><19><2>IL1<14>0<12><6><3>U<4><8><19><5>Haifa1<14>0<12><6><3>U<4><7><19><5>Haifa1<17>0<15><6><3>U<4><10><19><8>Technion1<12>0<10><6><3>U<4><11><19><3>TCC1<16>0<14><6><3>U<4><3><19><7>trs9-ca1'0%<6><9>*<134>H<134><247><13><1><9><1><22><24>romans@
> 
>         EAP-Message =
> cc.technion.ac.il0<30><23><13>120708073907Z<23><13>130708073907Z0<129><149>1<11>0<9><6><3>U<4><6><19><2>IL1<14>0<12><6><3>U<4><8><19><5>Haifa1<14>0<12><6><3>U<4><7><19><5>Haifa1<17>0<15><6><3>U<4><10><19><8>Technion1<12>0<10><6><3>U<4><11><19><3>TCC1<28>0<26><6><3>U<4><3><19><19>trs9.technion.ac.il1'0%<6><9>*<134>H<134><247><13><1><9><1><22><24>romans at cc.technion.ac.il0<130><2>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><2><15><0>0<130><2><10><2><130><2><1><0><177><209>
> <13><252><205>k<10>&&<147><19><2><14>}<188><155>r<237>
> 
>         EAP-Message =
> C<170><172><203>p<254>c/<142><237><232><140><225>aG<184><143><185><233>2w<190>x<132><166><214>V(<2>G<187>R3<157><235><154><250>J<188>,<254><185>?s<144><172>rV<128><175><228><149><146><144><233>U&<237><236><22><140><189>Tn<232><214><199><211><197>p<201><232><231><237><1><11>~<155>p<7><137>hc5<209><13><244><177><245><28><10>G?<129>=<219><239>dH<134><228><155><24><143>'<253><218>fF<133>RZ<198><213><167><131><254>c<2><7>x[#<218><202>(<9>Z<234>3<151><201><247><209><4><20><11><209>2<145>?|<253><189>,<169><177><145><240><16>C<254><208>G<176><9>j<9>D<175><254><242><192><180><29><150><18><160>4q><236><155>|<255><222>"<234><193>m<209><7><5><23><251>u<142><160><133>{<3><219><142>8<2><7>:C<216><255><229><149><245>7<213>R!<208><171>
> <22><161><22><29>e><175>4E<i<187>H<164><11><137><239>U4d<255>q5<203>8o<231><13><31>4<224><136>S<134>`!<223><150>z<224><201><144><160>
> 
>         EAP-Message =
> ,<217>#]Kj<130><3>el<186>q<194><232><186><158><9><252><8><234>-<254><165><233><183><200>,<10><146><21><220>x9<208><0>}<250>0<193><21>[<195><189>-W<168><244>@<180>5<228><188><147><157>F<217><132><221><202><237><148><225>]<0><200>v<140>?<201><229>0d:<240>w<230>P<13><160>5<223><147><13><31>%6<178><243>><155>W<223>)j]\$<157><181><173><250><197><163>PYA<203>xI&<133>i<190><255><240><168><141><145><144><30>j.6F}t<11>18]<181>c<176><6>I<149><166><6><15><206><239><162><182><246><228>3<234>_<15>klx<200>0Krl<171><198><31><163><152><183><183><184><138><214>/<132><209>:<138>U"<130>r<16><188><230>x<21>=AM<138>M<N<190><235>G<29>`<128><23><210><236><222><5><197>s#<235><16><251><0>V<230><227><196>'^<219><161><137>X<203><223>Q<146>2<28>
> <141><168><27><12><243><207>h<158><181>sa<247>c<14>/<169><13><2><3><1><0><1>0<13><6><9>*<134>H<134>
> 
>         EAP-Message =
> <247><13><1><1><5><5><0><3><130><2><1><0>?<228><182>/<13><156><210><31><167>>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 176
> 
> Authentic:  D<247>d<172>'|<151><214><147><207>Jvk9<186><207>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><3><0><6><25><0>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> U<28>t3<248><190><21>]<17><226>A<183><222><201><174><231>
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 3, 6, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 176
> 
> Authentic:  X<156><183>2A'<138> <20><214><211>!5<207><242><204>
> 
> Attributes:
> 
>         EAP-Message =
> <1><4><4><6><25>@<213><13><196><171><220><252><150><(<26><214><30>{)<200><168>9<210><142><198><206><5><198><180>"<247>n<233><2>V<243><29><247><138><178>
> <246><22><167><133>V<167><18><217>K<150><216><227><166><193><202><130><28><230><224><168><207>C<23><14>'o<154>X;1<211><249>8<169>-[<8>O<220><9><8>1;<3><18><136><230>OAso<7><132><203><19><223><185><220><136>O<250><232>T3<15><147>TC<19><244>:<204><197><235>l<179>F[<148>m<*<128><24>LoZIb<191><240><31><161><156><206>N<29><223><200><216>c<146><152>:<238>W<174><4><254>bqBI<154>)<138><150>EZ<129><158>Q<189><198><164>-A<189>97<29>+"<10><28>vj<225><200><30><247>oNM<215>
> <192><255>5<201><229><20><215><237>a<236><184>N<202><175><207><143><168>P<210>A<180><223><6>p<210><176><209><15><202><<216><23><157><8><141><217>v<169><175><186><168>erh.<18><198>iZ(<243><154><184><251>pa<226><233><184>t<128><4>r<132>h
> 
>         EAP-Message = <5>M6<195>B<186>HO<17>u<162><12><166>V
> <1>eC<182><19><228>g<249><246><1><200><2>6i<165><129>}<23>6FP<240><180><202><178>V<172>Q<139><31><159>C$l<252>Z<203>W<202><231><196>&;=8Q<187>^<252>Y<23><19>8`<212>w
> 4<250>s]d<249><199><243><176><203>W<159><244><245><175><147><177><2>+<252>T<222><195><188>f1<208><236><171><9>}H<160><189><8><246><2><146>y<145><232><13>q<12><130>Z<14><155><186><12><157>L
> 3<182>xj4Y<15> <140><145><3><193><224>d<16><4><15><27>o<171>ijr
> <235><10><213><20><152><246><152>CE<190><166><158><219>;<196><216><237>t<225>(<210><255><5><164>r<236><206><173><130><177>d<21>j<131>G<218><209>!?<6>`^<195><<245><12>><190><182><240><140><207><143>kM<158>1=%<208>r<219><170>?
> !<24><140><250><197>Qx<248><18><181><201>CL{<248><127><28>C-<158>cz<192><213>r<134><251>-}y*<177>E<25><233><240><215>_<21>
> 
>         EAP-Message =
> 2<25><0><6><141>0<130><6><137>0<130><4>q<160><3><2><1><2><2><9><0><144><16><147>3S<236><29><133>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><137>1<11>0<9><6><3>U<4><6><19><2>IL1<14>0<12><6><3>U<4><8><19><5>Haifa1<14>0<12><6><3>U<4><7><19><5>Haifa1<17>0<15><6><3>U<4><10><19><8>Technion1<12>0<10><6><3>U<4><11><19><3>TCC1<16>0<14><6><3>U<4><3><19><7>trs9-ca1'0%<6><9>*<134>H<134><247><13><1><9><1><22><24>romans at cc.technion.ac.il0<30><23><13>120708073527Z<23><13>130708073527Z0<129><137>1<11>0<9><6><3>U<4><6><19><2>IL1<14>0<12><6><3>U<4><8><19><5>Haifa1<14>0<12><6>
> 
>         EAP-Message =
> <3>U<4><7><19><5>Haifa1<17>0<15><6><3>U<4><10><19><8>Technion1<12>0<10><6><3>U<4><11><19><3>TCC1<16>0<14><6><3>U<4><3><19><7>trs9-ca1'0%<6><9>*<134>H<134><247><13><1><9><1><22><24>romans at cc.technion.ac.il0<130><2>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><2><15><0>0<130><2><10><2><130><2><1><0><163><232><203>C[<11>u<7>ioj<170>Ob<24><200><26><242><160><196>\<250><3>l<235><10><255>l6+<163><252><184><24><3><202><23><151><179>bW<157><186>y<18><190><185><175>+<138><149><163><154><19><191><146>,<171>F<134><153>^<156><246>E<243><132>5<<228>d.Bi<135>B<13><185>X<22><161><202>$[<135><172>t<199><224>0<174><188><204><197><218><159><200>f<150><229><173><141><25><240>1<250><184><219><179>6D9<248><170><2>y<4>
> 
>         EAP-Message =
> <252><182><219><164><150>w~<179><127><254><235>?g<171><232><179><155>K
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 177
> 
> Authentic:  <230><241><182><12>k<222><173><192><168><148>rq<160>+Y<209>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><4><0><6><25><0>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <139><176><229>I<200>v<179>1O<210><150><249><234><156>T<187>
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 4, 6, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 177
> 
> Authentic: 
> }p<193><230><170><163><185><240><241><252><7><172>5<153><12><227>
> 
> Attributes:
> 
>         EAP-Message =
> <1><5><4><6><25>@V<215>X<229><134><134>R<199>V<202><236><23><15>><242><187>4!F<204><151><30><233><173><171><227>&r<<8>?b<143><163>qGJ5<9>F<195><143><255>q<147>;<169><210><171><157>%<11>\<11>lQd<219>J<179>(;Y<21><205><22><254>~<187><231><140><134><6><184><241><U<234><133><195>XZE*<31><218><23><222>j<15><199><191>V<16><170><222><163><221><161><237><23><184><166><207><164>y<232>F<191><163>k<219><183><134><6><222>a<173><192><172><143><134>b<140><15><240><26>Y<161>C<219>|<203>D<165><216><230><244><8><141><12><217>4&<249>j<15><1>aK;<212><180>P_M7<172><206><217><138><23><27><188><231>[R<178><196><215>t<194><216><6>Q<204>f{iJ)<7>1<152><12><137>m<27>v<<233>V<175><168><195><235><244><130><254>>U<14>z<135><140><22><177><2><130>dd<178>4#<138><202><189><206><128><167>0]<221><165><250><13><173><158><205><205>'T<235><155><132><202><156><241><249><230>#<185><16><247>3;<165>
> 
>         EAP-Message =
> <157><191><194><207><207>|<235>uV<206>M<12>x<178><243>h<234>sG<31>SA1<219>.<207><233>nr<152><151>m<157><3>N1<184><229><132><221>W<163><131><233>c<208><141>+=WB<230><146><185><18><215>L"<181><185><176>45<24><228><184><241>jZ<213><31><227>4<227><138>|<252>j<231><143><162><167><155>gFV-<172>FZ<246>E<21><185><236><3><22>+<226><<205><219><172>7<171><133>W\<17><2>K<211>\<157><161><240>g<193><190>QT<210><142><254><239><208><190><180><22><141><2><3><1><0><1><163><129><241>0<129><238>0<29><6><3>U<29><14><4><22><4><20>y<225>G,<238><238><192>x<181>.<155><240><177><208><129>G<141><6><7>)0<129><190><6><3>U<29>#<4><129><182>0<129><179><128><20>y<225>G,<238><238><192>x<181>.<155><240><177><208><129>G<141><6><7>)<161><129><143><164><129><140>0<129><137>1<11>0<9><6><3>U<4><6><19><2>IL1<14>0<12><6><3>U<4><8><19><5>Haifa1<14>0<12><6><3>U
> 
>         EAP-Message =
> <4><7><19><5>Haifa1<17>0<15><6><3>U<4><10><19><8>Technion1<12>0<10><6><3>U<4><11><19><3>TCC1<16>0<14><6><3>U<4><3><19><7>trs9-ca1'0%<6><9>*<134>H<134><247><13><1><9><1><22><24>romans at cc.technion.ac.il<130><9><0><144><16><147>3S<236><29><133>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><2><1><0><129><21><212>:<133><132>.]<132><244><153><152><170>;<187><169><140>L1<189><171><15><147><154><190><174><155>M<134><147><235><200><229><148><135><168><176>
> q!<174>19<17>-<195><164>d<22><146><181>U<228><232>=<213><198>:<195><149><23><223>58R<154><227><255><252><1><8><147><8><30><227><181>o<239><223><232><2><18><131>+<195><250><138><8><164><170><182>0<238><130>*<214>5<185><175><228><<208>B<15><189>\<1>
> 
>         EAP-Message = <5><205>O<204><207><149><21><177><4><17><201><198>
> <172><162><197><208><165><139><145>e<228><11><188>G%J.<211><152><8>_\;y<6><26><156>W<142><<229>^<180>r<139>,@<209>f<199><222>\<217><24><187><23>|<210>j<172><24><228><186>4<137>0<232><9>%V**z<155><173><31>P<212><139><154><247><136><172>p<12>T<141><206><172><27><149><152><14>5j<198><219><167>;<198>i<224>L<198>s<2><251>I<158>c<172><241><157><140>}<249><226><167>s$<147><227>x<159>S<169><202><150>$<218>+~H<7><184><7><139><184>9<204><241><167><221><236><251>v<233>u<232>&3v5PH<179>]<225><203><177><203><127>-Q!<255><131>?w<161><238><207>J<235>m|<230>?O%x<5><5>"f<2>qP<249>a<168>'<252><239><177><198>@k<204>w<181><131><199><28><11>&<244>?$<4><217><219><237><186><228><183>r<30>I<153><20><179>g<20>4<9><196><174><252><196>4<26><230>P<146><228>e<20><224><247><188><198>6',
> <173><228><179>4<188><226>
> 
>         EAP-Message =
> l<169><187><254><184>+<247><203><254><144>s<181><25><231>U<194><158><194>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 178
> 
> Authentic:  <153>@<17><218><243><187>:s<162><158><<185><12><196><236><228>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><5><0><6><25><0>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <183><166>X<192>z<196><172><160><2><167><14><222>I<177><21>b
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 5, 6, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 178
> 
> Authentic:  <223><149><197><167>$<214>W<245><251>u<195><223><28><160>}<246>
> 
> Attributes:
> 
>         EAP-Message =
> <1><6><0><149><25><0><154><129><185>'P<181><241><134>z<163><25>F<19><2>%G<12>M`<221>#<14><127><130><195><253><134><249><136><148><146>g<137><223>v14<207><208><148><127>!0@<18>]<139><165><160><210>+<169><190><170><136><23><146><239><128><127><198><252><16>!<<10><175><179>/z<242><202><27>L<161><229><31><147>L:<216>gS<25><127>2AVah<152>;<237><147>q<169><202>=6<170>@SN<3>U<208><205><195><220>R<190><31><174>J<196>=<14><150><234>3hA<235>Y<162><166><157><7><214><169>V<230>_<235><22><3><1><0><4><14><0><0><0>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 179
> 
> Authentic:  <12><192><160><201><242><233>7d<251><178>H<224>QV\<172>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message =
> <2><6><2>L<25><0><22><3><1><2><6><16><0><2><2><2><0><141><234><244>|r\w<220><#<167><203><24>0<208><181>><217><243><144>-<15><7>A<144><208><210><234><17><247>Qm<187><16><227>N<170><198>$<179><7><190><187><194>@QYA<127><6>U<166>4<229><133>p<137><164><153><179>k`g56<228>c2<223><167><16><226><231><252><29><157>fs<3><251>!<197>E<247><23>`<133><171><250>a<222><211>*I<225><203><243><172><249><231><13><252><164><13><211><148><150><0><239><198><164>dS<182><242><221><179>=<152>GGw<~o<185><191>m<19><207><171>NQ<212><156><2>i<194><244><173>7<9>?<0><234>Y<252><239>(<160><29><167><181><30><131>)<196>:<191><140><155>c<220><225><193><251><12><1><211>|<189><27><156><145><6><187><192><198><207><245>!
> ExN<228><154>nb<232>6<225><201>I<139><224><188><139><180><227><175>~*<248><215><218><156><12><234><215><1><10>T<202><210><186><194><30><203>hN<157><15><182><154><1>9<18>E<176><16>}<238>m<205>
> 
>         EAP-Message =
> j<237>2V^F<17><168><127><178>/z<206><136>+<157><167>k<143><141><145><242><188>p<142><152>r<193><135><30>\F<211><138><226><250>2<155><159><127><178>~:k!<179><135>57Q<143>+~<229><213>\<204><18>[/<131><213><136>g<153><225>n<191><168><140><25><170><6><196>t<189>$<246><167>(<188><221><188>b6p!O<129><152><219><180><166><166>k<N<198><16>~<192><1><<146><187>]<187>B<160><226><242><161><172><129>0<139><226>r"<27>l<240><160>U^<169><164><194><235><239>*=<161>h<171><237><147><192>{<146><220>|<156>s<30><30><31><2><200><9>6<200><129>O<161><14>0<129><164><20><211><6><194><142><216><226><187><221><194>Jl$<20><27><181><245><134><31>z<233><245>FM<134><156><234><132>n<251><1>QS<206><127><245><211>I<132>Z<202><8><151><201>_<198><10><4>;tnX<11><130><163>I<227><221><12><226><199><14>M<175>!<128><176>>"<140><194><129><174><6>8\;d<22>A=<237><16><147>lG<29>]M5q<251>M
> 
>         EAP-Message =
> P<187><201>G<22><138>N<219>Q<0>xe<187>s+<154><27><22><218>AN<141><220>*<197><20><3><1><0><1><1><22><3><1><0>0<194><186><4><243><21><248><28>T<234><163>^WDb"<132>|<202><182><238>lU<145>`3=wYt2<231><253><215>px_",<6><4><239><202>k<28>(<155><215><127>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <231>0D<250><192>\I<194><166>q@<147>l<4><230><153>
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 6, 588, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 179
> 
> Authentic:  <202><6><1><245><148><184><202><171>ILW<248><157><<255>z
> 
> Attributes:
> 
>         EAP-Message =
> <1><7><0>E<25><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0<238><136><161><204>f<238><187>O<246><193>)<217>4<31>X#<143><252><31><180><144><192><27>A#<212>U7]<135><246>M<153>I<232>7<149><211>$x<166><252><254><138><155>X<<17>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 180
> 
> Authentic:  a<172><184>B.QJ<139><203><161><10><135><169><189><183><22>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><7><0><6><25><0>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <157>T<7><253><209>=<17><249><9><2>&<237><155><225><202>\
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 7, 6, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 180
> 
> Authentic:  <155>HdS<247><183>J<133><146>?8;<185>^<176><146>
> 
> Attributes:
> 
>         EAP-Message = <1><8><0>+<25><0><23><3><1><0>
> <147><250>5<203><211><141><248><18><173><164><216><29>-<2><192>*)<136><30><230><232>:|<2><228><7><252><138>)A<158><170>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 181
> 
> Authentic:  F<159><177><238><3><212>iv<240><128><243>BO<188><234><174>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><8><0>P<25><0><23><3><1><0>
> e<159><188><211>><154><154><3><183>Lf<27><212><163><9><16><170>N<159><6>+<205>:|<240><214><213><229><11>4<139><156><23><3><1><0>
> w<208><24>N<233><<171><199>Y<209><251><139>=*<167><27><142><239><171>9'<167>n<136><151>wl<226><199><232><129><6>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <243><188>y<236><134><159><26>2<211>V<177>3<195><199>1<225>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 8, 80, 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP PEAP inner authentication request
> for romans at cc
> 
> Sun Jul  8 15:24:19 2012: DEBUG: PEAP Tunnelled request Packet dump:
> 
> Code:       Access-Request
> 
> Identifier: UNDEF
> 
> Authentic:  <200><19><22><212><203><232><183><217><240>Y<20>_l'<211><137>
> 
> Attributes:
> 
>         EAP-Message = <2><8><0><10><1>romans at cc
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         NAS-Port = 12112
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         User-Name = "romans at cc"
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 8, 10, 1
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 1
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> MSCHAP-V2 Challenge
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc: EAP
> MSCHAP-V2 Challenge
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Returned PEAP tunnelled packet dump:
> 
> Code:       Access-Challenge
> 
> Identifier: UNDEF
> 
> Authentic:  <200><19><22><212><203><232><183><217><240>Y<20>_l'<211><137>
> 
> Attributes:
> 
>         EAP-Message =
> <1><9><0>&<26><1><9><0>!<16>/!<142><189>I2<165><18><11>;ve<24>\<144><127>trs9-eduroam
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 181
> 
> Authentic:  <233><236><238>k2<220>T}I<233><24>a<218><194>E<149>
> 
> Attributes:
> 
>         EAP-Message = <1><9><0>K<25><0><23><3><1><0>@f+<159>0
> Q<137><210>Sp<1>S<138><134><151><245><12>nYG<18><239><221><143><152>Z<143><3><14><197><228>Qo<160><139><170><176><162><154>Kl<143><212>D<216><129>T<226><150>^"{JP<143><230><166><5>o<168><227>R<199>m
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 182
> 
> Authentic: 
> <14><246><20><234><224><246>r<170><147><182><246><172><14>M<197><29>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><9><0><144><25><0><23><3><1><0>
> \<219><222><217>H<12>y<235><141><214><2><224><26><29><13><128><15>A1<201>c<215>(<192><143>u%[<25><<183><16><23><3><1><0>`<173>^<250>$7<17><171>xi<210><229><200>*s<167><166>M<154><254><1><190>C{<195><176><172>-<22>7;<202><239><20><8>f:<9>A<31><198>5<144><131>=<173>!<1>tM<11><151><177><141>o<201>Q<213>MG<135>_<233><216>rg<214>k'<146><217><253>0<29>Q<187>"FZ<238><1><5><175>x<129>9;C<21><26>c<30><183>t<177><244>k
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <148><147><181><157><7>@9<23>Z<244><142>t<144><213>~V
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 9, 144, 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP PEAP inner authentication request
> for romans at cc
> 
> Sun Jul  8 15:24:19 2012: DEBUG: PEAP Tunnelled request Packet dump:
> 
> Code:       Access-Request
> 
> Identifier: UNDEF
> 
> Authentic:  6c<134><16><147>-s<152><8><192><186><239><246>"<22>d
> 
> Attributes:
> 
>         EAP-Message =
> <2><9><0>@<26><2><9><0>?1Bv<242><234><143><128><251><158><218>r<149><223>X<145>b<244><0><0><0><0><0><0><0><0><7><5><129><180><200><175>W<216>LS<175><132><215>}<243><202><142>-}.<23><0>l<174><0>romans at cc
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         NAS-Port = 12112
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         User-Name = "romans at cc"
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 9, 64, 26
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 26
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Converted EAP-MSCHAPV2 Packet dump:
> 
> Code:       Access-Request
> 
> Identifier: UNDEF
> 
> Authentic:  u3<18><1><136>k<12>_<9><165><232>)<176><150><184><206>
> 
> Attributes:
> 
>         User-Name = "romans at cc"
> 
>         ConvertedFromEAPMSCHAPV2 = 1
> 
>         MS-CHAP2-Response =
> <1><0>Bv<242><234><143><128><251><158><218>r<149><223>X<145>b<244><0><0><0><0><0><0><0><0><7><5><129><180><200><175>W<216>LS<175><132><215>}<243><202><142>-}.<23><0>l<174>
> 
>         MS-CHAP-Challenge = /!<142><189>I2<165><18><11>;ve<24>\<144><127>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler
> 'ConvertedFromEAPMSCHAPV2=1', Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249,
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthRADIUS
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy RADIUS creates new local socket
> '0.0.0.0:0' for sending requests
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.68.7.4 port 1812 ....
> 
> Code:       Access-Request
> 
> Identifier: 1
> 
> Authentic:  u3<18><1><136>k<12>_<9><165><232>)<176><150><184><206>
> 
> Attributes:
> 
>         User-Name = "romans at cc"
> 
>         MS-CHAP2-Response =
> <1><0>Bv<242><234><143><128><251><158><218>r<149><223>X<145>b<244><0><0><0><0><0><0><0><0><7><5><129><180><200><175>W<216>LS<175><132><215>}<243><202><142>-}.<23><0>l<174>
> 
>         MS-CHAP-Challenge = /!<142><189>I2<165><18><11>;ve<24>\<144><127>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy RADIUS result: IGNORE, forked
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 2, EAP-MSCHAPV2 converted
> to Radius MSCHAPV2 and redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: IGNORE,
> EAP-MSCHAPV2 converted to Radius MSCHAPV2 and redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 2, EAP PEAP inner
> authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: IGNORE, EAP PEAP
> inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Received reply in AuthRADIUS for req 1
> from 132.68.7.4:1812
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Received from 132.68.7.4 port 1812 ....
> 
> Code:       Access-Accept
> 
> Identifier: 1
> 
> Authentic:  <206><27><162>1}MC<226><206>N<216><156>4U<210>-
> 
> Attributes:
> 
>         Framed-Protocol = PPP
> 
>         Service-Type = Framed-User
> 
>         Class =
> "q<246><7><201><0><0><1>7<0><1><2><0><132>D<3><6><3><6><0><0><0><0><0><0><132>D<3><6><1><205>\<244><208><237><245>Q<0><0><0><0><0><0><2><191>"
> 
>         MS-MPPE-Recv-Key =
> <220><218>jKAv<13><191><131><198><19><164><213>j<228><245>
> 
>         MS-MPPE-Send-Key = AjX<144><198><184><130>R"<211><230>d#<153>-9
> 
>         MS-CHAP2-Success = "<1>S=DA49CBF8FAB40EF2174AFAB6E6B068875C240284"
> 
>         MS-CHAP-Domain = "<1>CC-ROOT"
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy RADIUS result: ACCEPT,
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access accepted for romans at cc
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Converted EAP-MSCHAPV2 response Packet
> dump:
> 
> Code:       Access-Accept
> 
> Identifier: UNDEF
> 
> Authentic:  u3<18><1><136>k<12>_<9><165><232>)<176><150><184><206>
> 
> Attributes:
> 
>         Framed-Protocol = PPP
> 
>         Service-Type = Framed-User
> 
>         Class =
> "q<246><7><201><0><0><1>7<0><1><2><0><132>D<3><6><3><6><0><0><0><0><0><0><132>D<3><6><1><205>\<244><208><237><245>Q<0><0><0><0><0><0><2><191>"
> 
>         MS-MPPE-Recv-Key =
> <220><218>jKAv<13><191><131><198><19><164><213>j<228><245>
> 
>         MS-MPPE-Send-Key = AjX<144><198><184><130>R"<211><230>d#<153>-9
> 
>         MS-CHAP2-Success = "<1>S=DA49CBF8FAB40EF2174AFAB6E6B068875C240284"
> 
>         MS-CHAP-Domain = "<1>CC-ROOT"
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc:
> Converted MSCHAPV2 authentication success
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Returned PEAP tunnelled packet dump:
> 
> Code:       Access-Challenge
> 
> Identifier: UNDEF
> 
> Authentic:  6c<134><16><147>-s<152><8><192><186><239><246>"<22>d
> 
> Attributes:
> 
>         EAP-Message =
> <1><10><0>=<26><3><9><0>8S=DA49CBF8FAB40EF2174AFAB6E6B068875C240284
> M=success
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Inner authentication challenged
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 182
> 
> Authentic:  <241><15><241><12><249>L<130><4><150>n8$<160><142><18><194>
> 
> Attributes:
> 
>         EAP-Message =
> <1><10><0>[<25><0><23><3><1><0>PoDAr<170><9><201><205><149><131><211><254><157><12><184>T^%h<17>v<214>I<239>j<1><148>*v<167>k_<22><239>8<249>8<246><186>$<193>h<177><226>U<226>NRB<9><221>5<228>r<254><163><204>ri<186>E<135><<13><250>Z<202>5<138><9><199>W<3><27>h<131>}#<135>A
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 3, EAP-MSCHAPV2 converted
> to Radius MSCHAPV2 and redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: CHALLENGE,
> EAP-MSCHAPV2 converted to Radius MSCHAPV2 and redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc:
> EAP-MSCHAPV2 converted to Radius MSCHAPV2 and redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Returned PEAP tunnelled packet dump:
> 
> Code:       Access-Challenge
> 
> Identifier: UNDEF
> 
> Authentic:  6c<134><16><147>-s<152><8><192><186><239><246>"<22>d
> 
> Attributes:
> 
>         EAP-Message =
> <1><10><0>=<26><3><9><0>8S=DA49CBF8FAB40EF2174AFAB6E6B068875C240284
> M=success
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Inner authentication challenged
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 182
> 
> Authentic:  8h<180>`D<140>C8<18>!<156><153>R<129><169><212>
> 
> Attributes:
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>         EAP-Message =
> <1><10><0>[<25><0><23><3><1><0>P<193><13><180>M<17><223><219><146>v<3><22>@<1><3><232>HP<28><14>i<29>,<203><239><242><180><6><24><231><189><145><191><179>+<168>b<165><21>lS<17>kJ<4>qp<29><212>x<28>P:@<176><28><245><154><168><24><247>w<217>v<6>_L<174><236><195><251><217><224>w<253><203><239><217><1><195><16>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 182
> 
> Authentic:  <235>D<21><9><16><234><31><245>P\Xgu<134><182>U
> 
> Attributes:
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>         EAP-Message =
> <1><10><0>[<25><0><23><3><1><0>P<193><13><180>M<17><223><219><146>v<3><22>@<1><3><232>HP<28><14>i<29>,<203><239><242><180><6><24><231><189><145><191><179>+<168>b<165><21>lS<17>kJ<4>qp<29><212>x<28>P:@<176><28><245><154><168><24><247>w<217>v<6>_L<174><236><195><251><217><224>w<253><203><239><217><1><195><16>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 183
> 
> Authentic:  =}<151><27><163><247><250>a<237><173>p<255><198>f<219><202>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><10><0>P<25><0><23><3><1><0>
> <181><200><128><170><248><127><16><209><5>h'8<0>
> <172><189>k<228>BH<177><4><199><18><191><212><132>~<156><178>N<25><23><3><1><0>
> <249><228><236>o0<20><150><174><251><248><13><245><210><31><19>7&<138>K^n<223><143>x$H<163><237><229>^/<4>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> 9~<16><180>-<220><246><177><244><173><7><199>!<219><233>*
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 10, 80, 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP PEAP inner authentication request
> for romans at cc
> 
> Sun Jul  8 15:24:19 2012: DEBUG: PEAP Tunnelled request Packet dump:
> 
> Code:       Access-Request
> 
> Identifier: UNDEF
> 
> Authentic:  +l)n<22>5<200><198>*Y<193><24>5<239><138>F
> 
> Attributes:
> 
>         EAP-Message = <2><10><0><2><26><3>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         NAS-Port = 12112
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         User-Name = "romans at cc"
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 10, 2, 26
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 26
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 2, EAP MSCHAP-V2 unknown
> mschaptype 3
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: IGNORE, EAP
> MSCHAP-V2 unknown mschaptype 3
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 2, EAP PEAP inner
> authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: IGNORE, EAP PEAP
> inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 183
> 
> Authentic:  =}<151><27><163><247><250>a<237><173>p<255><198>f<219><202>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><10><0>P<25><0><23><3><1><0>
> <181><200><128><170><248><127><16><209><5>h'8<0>
> <172><189>k<228>BH<177><4><199><18><191><212><132>~<156><178>N<25><23><3><1><0>
> <249><228><236>o0<20><150><174><251><248><13><245><210><31><19>7&<138>K^n<223><143>x$H<163><237><229>^/<4>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> 9~<16><180>-<220><246><177><244><173><7><199>!<219><233>*
> 
>  
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:24 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Handling with EAP: code 2, 10, 80, 25
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:24 2012: ERR: EAP PEAP TLS read failed:  10926: 1 -
> error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad
> record mac
> 
>  
> 
> Sun Jul  8 15:24:24 2012: DEBUG: EAP result: 1, EAP PEAP TLS read failed
> 
> Sun Jul  8 15:24:24 2012: DEBUG: AuthBy FILE result: REJECT, EAP PEAP
> TLS read failed
> 
> Sun Jul  8 15:24:24 2012: INFO: Access rejected for romans at cc: EAP PEAP
> TLS read failed
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Reject
> 
> Identifier: 183
> 
> Authentic:  "0J<171><232>QM<239><12><15><24><196><179>p<5><26>
> 
> Attributes:
> 
>         Reply-Message = "Request Denied"
> 
>  
> 
>  
> 
> Thanks in advance.
> 
>  
> 
> Regards,
> 
> Roman Safonov
> 
> Networking Engineer
> 
> Taub Computer Center
> 
> Technion, Haifa
> 
> Tel. 04-829-4992
> 
> Fax 04-8236-212
> 
> Email: romans at cc.technion.ac.il <mailto:romans at cc.technion.ac.il>
> 
>  
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.




More information about the radiator mailing list