[RADIATOR] Eduroam, Radiator and MS NPS

Safonov Roman romans at cc.technion.ac.il
Tue Jul 10 23:59:10 CDT 2012


Thanks a lot, Heikki.

It helped. Without Fork and Synchronous now it works.

Roman Safonov
Networking Engineer
TCC, Technion, Haifa
Email: romans at cc.technion.ac.il


-----Original Message-----
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On
Behalf Of Heikki Vatiainen
Sent: Monday, July 09, 2012 11:58 PM
To: radiator at open.com.au
Subject: Re: [RADIATOR] Eduroam, Radiator and MS NPS

On 07/08/2012 04:37 PM, Safonov Roman wrote:

> Now we have WPA-2 Enterprise wireless network that authenticated with
> Windows NPS/AD. We use Juniper wireless controller and it works as PEAP
> off-load so I don’t need to use Radiator as PEAP server because I
> receive MSCHAP credentials to Radiator and according to a realm
> (subdomain) forward them to an appropriate MS NPS.
> 
> We have 25-30 subdomains so I’ve built Radiator with realms for each
> subdomain and it works.
> 
> Now I need to connect Eduroam to this scheme. But Eduroam sends to me
> all data (outer, inner etc.) and I need to work as full PEAP-MSCHAP
server.
> 
> OK. I’ve built one more proxy Radiator server (for tests) and it
> forwards RADIUS-MSCHAP requests to the main Radiator. And here I receive
> “Request Denied”.

>From the log:

Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 2, EAP MSCHAP-V2 unknown
mschaptype 3

The client is sending unexpected tunnelled EAP-MSCHAP-V2 success.

Can you try without 'Fork' and 'Synchronous' options? They should not be
needed. If it does not work after that, please send a log showing what
happens.

Thanks,
Heikki


> Below my radius.cfg file:
> 
> <Handler ConvertedFromEAPMSCHAPV2=1>
> 
>         <AuthBy RADIUS>
> 
>                 Fork
> 
>                 Synchronous
> 
>                 Host 132.68.7.4
> 
>                 Secret test
> 
>                 AuthPort 1812
> 
>                 AcctPort 1813
> 
>                 Retries 0
> 
>                 RetryTimeout 2
> 
>                 StripFromRequest ConvertedFromEAPMSCHAPV2
> 
>         </AuthBy>
> 
> </Handler>
> 
> <Handler TunnelledByPEAP=1>
> 
>         <AuthBy FILE>
> 
>                 EAPType MSCHAP-V2
> 
>                 EAP_PEAP_MSCHAP_Convert 1
> 
>         </AuthBy>
> 
> </Handler>
> 
> <Handler>
> 
>         <AuthBy FILE>
> 
>                 # file containing the word "anonymous" w/o quotes on its
> own line
> 
>                 Filename %D/outer_auth
> 
>                 AutoMPPEKeys
> 
>                 EAPType PEAP,MSCHAP-V2
> 
>                 EAPTLS_CAFile %D/romansca/ca/ca-crt.pem
> 
>                 EAPTLS_CertificateFile %D/romansca/server-crt.pem
> 
>                 EAPTLS_PrivateKeyFile %D/romansca/server-key.pem
> 
>                 EAPTLS_CertificateType PEM
> 
>                 EAPTLS_PrivateKeyPassword whatever
> 
>                 EAPTLS_MaxFragmentSize 1024
> 
>                 EAPTLS_PEAPVersion 0
> 
>                 EAPTTLS_NoAckRequired
> 
>         </AuthBy>
> 
> </Handler>
> 
>  
> 
> And log. It’s very long – sorry. From log I see that main Radiator
> (132.68.7.4) answers Access-Accept but in the end I receive Reject in
> any case and can’t connect. What’s wrong?
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 174
> 
> Authentic:  H<244><164><221><1><222>!]<4><227><127><17>"<244><7>b
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         EAP-Message = <2><1><0><14><1>romans at cc
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> !&De<228>}<147><151><200><24><232><146><192><199><149>J
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 1, 14, 1
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 1
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 174
> 
> Authentic:  <15>ga<222>'`<4><143><232><196>S.<236><128>9<154>
> 
> Attributes:
> 
>         EAP-Message = <1><2><0><6><25>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 175
> 
> Authentic: 
> <158>U<171>Y<210><25><192><199><224><165><215><219><208><138><142><217>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message =
>
<2><2><0>j<25><0><22><3><1><0>_<1><0><0>[<3><1>O<249>{<247>g&<191><161><27><
203><<176><198><7><237><239><249><202>:<181>e+<189><211><190>i(<227><160><21
>}<157><0><0>4<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/<0>f<0><5><0><4><
0>e<0>d<0>c<0>b<0>a<0>`<0><21><0><18><0><9><0><20><0><17><0><8><0><6><0><3><
1><0>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <144><10><231><149>V<212><135><206><154><209>1G]<156>x#
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 2, 106, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 175
> 
> Authentic:  N<208>;l<236>!<129><240><239><219>o<141>]<234>:<237>
> 
> Attributes:
> 
>         EAP-Message =
>
<1><3><4><10><25><192><0><0><12><143><22><3><1><0>J<2><0><0>F<3><1>O<249>{<2
42>e<231><6><24><183><21><198>h<29><202>.<193><187><250><8><14><170>)n1<156>
<229><240>E<215>?E<220>
>
<211><207><213>/v8U<246><242>f<31><245><148>P<254>}<217>4<133><168>5.<229>p<
241>O<7><167><220>?
>
#<0>5<0><22><3><1><12>2<11><0><12>.<0><12>+<0><5><152>0<130><5><148>0<130><3
>|<2><1><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><137>1<11>0<
9><6><3>U<4><6><19><2>IL1<14>0<12><6><3>U<4><8><19><5>Haifa1<14>0<12><6><3>U
<4><7><19><5>Haifa1<17>0<15><6><3>U<4><10><19><8>Technion1<12>0<10><6><3>U<4
><11><19><3>TCC1<16>0<14><6><3>U<4><3><19><7>trs9-ca1'0%<6><9>*<134>H<134><2
47><13><1><9><1><22><24>romans@
> 
>         EAP-Message =
>
cc.technion.ac.il0<30><23><13>120708073907Z<23><13>130708073907Z0<129><149>1
<11>0<9><6><3>U<4><6><19><2>IL1<14>0<12><6><3>U<4><8><19><5>Haifa1<14>0<12><
6><3>U<4><7><19><5>Haifa1<17>0<15><6><3>U<4><10><19><8>Technion1<12>0<10><6>
<3>U<4><11><19><3>TCC1<28>0<26><6><3>U<4><3><19><19>trs9.technion.ac.il1'0%<
6><9>*<134>H<134><247><13><1><9><1><22><24>romans at cc.technion.ac.il0<130><2>
"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><2><15><0>0<130><2><
10><2><130><2><1><0><177><209>
> <13><252><205>k<10>&&<147><19><2><14>}<188><155>r<237>
> 
>         EAP-Message =
>
C<170><172><203>p<254>c/<142><237><232><140><225>aG<184><143><185><233>2w<19
0>x<132><166><214>V(<2>G<187>R3<157><235><154><250>J<188>,<254><185>?s<144><
172>rV<128><175><228><149><146><144><233>U&<237><236><22><140><189>Tn<232><2
14><199><211><197>p<201><232><231><237><1><11>~<155>p<7><137>hc5<209><13><24
4><177><245><28><10>G?<129>=<219><239>dH<134><228><155><24><143>'<253><218>f
F<133>RZ<198><213><167><131><254>c<2><7>x[#<218><202>(<9>Z<234>3<151><201><2
47><209><4><20><11><209>2<145>?|<253><189>,<169><177><145><240><16>C<254><20
8>G<176><9>j<9>D<175><254><242><192><180><29><150><18><160>4q><236><155>|<25
5><222>"<234><193>m<209><7><5><23><251>u<142><160><133>{<3><219><142>8<2><7>
:C<216><255><229><149><245>7<213>R!<208><171>
>
<22><161><22><29>e><175>4E<i<187>H<164><11><137><239>U4d<255>q5<203>8o<231><
13><31>4<224><136>S<134>`!<223><150>z<224><201><144><160>
> 
>         EAP-Message =
>
,<217>#]Kj<130><3>el<186>q<194><232><186><158><9><252><8><234>-<254><165><23
3><183><200>,<10><146><21><220>x9<208><0>}<250>0<193><21>[<195><189>-W<168><
244>@<180>5<228><188><147><157>F<217><132><221><202><237><148><225>]<0><200>
v<140>?<201><229>0d:<240>w<230>P<13><160>5<223><147><13><31>%6<178><243>><15
5>W<223>)j]\$<157><181><173><250><197><163>PYA<203>xI&<133>i<190><255><240><
168><141><145><144><30>j.6F}t<11>18]<181>c<176><6>I<149><166><6><15><206><23
9><162><182><246><228>3<234>_<15>klx<200>0Krl<171><198><31><163><152><183><1
83><184><138><214>/<132><209>:<138>U"<130>r<16><188><230>x<21>=AM<138>M<N<19
0><235>G<29>`<128><23><210><236><222><5><197>s#<235><16><251><0>V<230><227><
196>'^<219><161><137>X<203><223>Q<146>2<28>
>
<141><168><27><12><243><207>h<158><181>sa<247>c<14>/<169><13><2><3><1><0><1>
0<13><6><9>*<134>H<134>
> 
>         EAP-Message =
>
<247><13><1><1><5><5><0><3><130><2><1><0>?<228><182>/<13><156><210><31><167>
>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 176
> 
> Authentic:  D<247>d<172>'|<151><214><147><207>Jvk9<186><207>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><3><0><6><25><0>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> U<28>t3<248><190><21>]<17><226>A<183><222><201><174><231>
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 3, 6, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 176
> 
> Authentic:  X<156><183>2A'<138> <20><214><211>!5<207><242><204>
> 
> Attributes:
> 
>         EAP-Message =
>
<1><4><4><6><25>@<213><13><196><171><220><252><150><(<26><214><30>{)<200><16
8>9<210><142><198><206><5><198><180>"<247>n<233><2>V<243><29><247><138><178>
>
<246><22><167><133>V<167><18><217>K<150><216><227><166><193><202><130><28><2
30><224><168><207>C<23><14>'o<154>X;1<211><249>8<169>-[<8>O<220><9><8>1;<3><
18><136><230>OAso<7><132><203><19><223><185><220><136>O<250><232>T3<15><147>
TC<19><244>:<204><197><235>l<179>F[<148>m<*<128><24>LoZIb<191><240><31><161>
<156><206>N<29><223><200><216>c<146><152>:<238>W<174><4><254>bqBI<154>)<138>
<150>EZ<129><158>Q<189><198><164>-A<189>97<29>+"<10><28>vj<225><200><30><247
>oNM<215>
>
<192><255>5<201><229><20><215><237>a<236><184>N<202><175><207><143><168>P<21
0>A<180><223><6>p<210><176><209><15><202><<216><23><157><8><141><217>v<169><
175><186><168>erh.<18><198>iZ(<243><154><184><251>pa<226><233><184>t<128><4>
r<132>h
> 
>         EAP-Message = <5>M6<195>B<186>HO<17>u<162><12><166>V
>
<1>eC<182><19><228>g<249><246><1><200><2>6i<165><129>}<23>6FP<240><180><202>
<178>V<172>Q<139><31><159>C$l<252>Z<203>W<202><231><196>&;=8Q<187>^<252>Y<23
><19>8`<212>w
>
4<250>s]d<249><199><243><176><203>W<159><244><245><175><147><177><2>+<252>T<
222><195><188>f1<208><236><171><9>}H<160><189><8><246><2><146>y<145><232><13
>q<12><130>Z<14><155><186><12><157>L
> 3<182>xj4Y<15> <140><145><3><193><224>d<16><4><15><27>o<171>ijr
>
<235><10><213><20><152><246><152>CE<190><166><158><219>;<196><216><237>t<225
>(<210><255><5><164>r<236><206><173><130><177>d<21>j<131>G<218><209>!?<6>`^<
195><<245><12>><190><182><240><140><207><143>kM<158>1=%<208>r<219><170>?
>
!<24><140><250><197>Qx<248><18><181><201>CL{<248><127><28>C-<158>cz<192><213
>r<134><251>-}y*<177>E<25><233><240><215>_<21>
> 
>         EAP-Message =
>
2<25><0><6><141>0<130><6><137>0<130><4>q<160><3><2><1><2><2><9><0><144><16><
147>3S<236><29><133>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><13
7>1<11>0<9><6><3>U<4><6><19><2>IL1<14>0<12><6><3>U<4><8><19><5>Haifa1<14>0<1
2><6><3>U<4><7><19><5>Haifa1<17>0<15><6><3>U<4><10><19><8>Technion1<12>0<10>
<6><3>U<4><11><19><3>TCC1<16>0<14><6><3>U<4><3><19><7>trs9-ca1'0%<6><9>*<134
>H<134><247><13><1><9><1><22><24>romans at cc.technion.ac.il0<30><23><13>120708
073527Z<23><13>130708073527Z0<129><137>1<11>0<9><6><3>U<4><6><19><2>IL1<14>0
<12><6><3>U<4><8><19><5>Haifa1<14>0<12><6>
> 
>         EAP-Message =
>
<3>U<4><7><19><5>Haifa1<17>0<15><6><3>U<4><10><19><8>Technion1<12>0<10><6><3
>U<4><11><19><3>TCC1<16>0<14><6><3>U<4><3><19><7>trs9-ca1'0%<6><9>*<134>H<13
4><247><13><1><9><1><22><24>romans at cc.technion.ac.il0<130><2>"0<13><6><9>*<1
34>H<134><247><13><1><1><1><5><0><3><130><2><15><0>0<130><2><10><2><130><2><
1><0><163><232><203>C[<11>u<7>ioj<170>Ob<24><200><26><242><160><196>\<250><3
>l<235><10><255>l6+<163><252><184><24><3><202><23><151><179>bW<157><186>y<18
><190><185><175>+<138><149><163><154><19><191><146>,<171>F<134><153>^<156><2
46>E<243><132>5<<228>d.Bi<135>B<13><185>X<22><161><202>$[<135><172>t<199><22
4>0<174><188><204><197><218><159><200>f<150><229><173><141><25><240>1<250><1
84><219><179>6D9<248><170><2>y<4>
> 
>         EAP-Message =
> <252><182><219><164><150>w~<179><127><254><235>?g<171><232><179><155>K
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 177
> 
> Authentic:  <230><241><182><12>k<222><173><192><168><148>rq<160>+Y<209>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><4><0><6><25><0>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <139><176><229>I<200>v<179>1O<210><150><249><234><156>T<187>
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 4, 6, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 177
> 
> Authentic: 
> }p<193><230><170><163><185><240><241><252><7><172>5<153><12><227>
> 
> Attributes:
> 
>         EAP-Message =
>
<1><5><4><6><25>@V<215>X<229><134><134>R<199>V<202><236><23><15>><242><187>4
!F<204><151><30><233><173><171><227>&r<<8>?b<143><163>qGJ5<9>F<195><143><255
>q<147>;<169><210><171><157>%<11>\<11>lQd<219>J<179>(;Y<21><205><22><254>~<1
87><231><140><134><6><184><241><U<234><133><195>XZE*<31><218><23><222>j<15><
199><191>V<16><170><222><163><221><161><237><23><184><166><207><164>y<232>F<
191><163>k<219><183><134><6><222>a<173><192><172><143><134>b<140><15><240><2
6>Y<161>C<219>|<203>D<165><216><230><244><8><141><12><217>4&<249>j<15><1>aK;
<212><180>P_M7<172><206><217><138><23><27><188><231>[R<178><196><215>t<194><
216><6>Q<204>f{iJ)<7>1<152><12><137>m<27>v<<233>V<175><168><195><235><244><1
30><254>>U<14>z<135><140><22><177><2><130>dd<178>4#<138><202><189><206><128>
<167>0]<221><165><250><13><173><158><205><205>'T<235><155><132><202><156><24
1><249><230>#<185><16><247>3;<165>
> 
>         EAP-Message =
>
<157><191><194><207><207>|<235>uV<206>M<12>x<178><243>h<234>sG<31>SA1<219>.<
207><233>nr<152><151>m<157><3>N1<184><229><132><221>W<163><131><233>c<208><1
41>+=WB<230><146><185><18><215>L"<181><185><176>45<24><228><184><241>jZ<213>
<31><227>4<227><138>|<252>j<231><143><162><167><155>gFV-<172>FZ<246>E<21><18
5><236><3><22>+<226><<205><219><172>7<171><133>W\<17><2>K<211>\<157><161><24
0>g<193><190>QT<210><142><254><239><208><190><180><22><141><2><3><1><0><1><1
63><129><241>0<129><238>0<29><6><3>U<29><14><4><22><4><20>y<225>G,<238><238>
<192>x<181>.<155><240><177><208><129>G<141><6><7>)0<129><190><6><3>U<29>#<4>
<129><182>0<129><179><128><20>y<225>G,<238><238><192>x<181>.<155><240><177><
208><129>G<141><6><7>)<161><129><143><164><129><140>0<129><137>1<11>0<9><6><
3>U<4><6><19><2>IL1<14>0<12><6><3>U<4><8><19><5>Haifa1<14>0<12><6><3>U
> 
>         EAP-Message =
>
<4><7><19><5>Haifa1<17>0<15><6><3>U<4><10><19><8>Technion1<12>0<10><6><3>U<4
><11><19><3>TCC1<16>0<14><6><3>U<4><3><19><7>trs9-ca1'0%<6><9>*<134>H<134><2
47><13><1><9><1><22><24>romans at cc.technion.ac.il<130><9><0><144><16><147>3S<
236><29><133>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134
><247><13><1><1><5><5><0><3><130><2><1><0><129><21><212>:<133><132>.]<132><2
44><153><152><170>;<187><169><140>L1<189><171><15><147><154><190><174><155>M
<134><147><235><200><229><148><135><168><176>
>
q!<174>19<17>-<195><164>d<22><146><181>U<228><232>=<213><198>:<195><149><23>
<223>58R<154><227><255><252><1><8><147><8><30><227><181>o<239><223><232><2><
18><131>+<195><250><138><8><164><170><182>0<238><130>*<214>5<185><175><228><
<208>B<15><189>\<1>
> 
>         EAP-Message = <5><205>O<204><207><149><21><177><4><17><201><198>
>
<172><162><197><208><165><139><145>e<228><11><188>G%J.<211><152><8>_\;y<6><2
6><156>W<142><<229>^<180>r<139>,@<209>f<199><222>\<217><24><187><23>|<210>j<
172><24><228><186>4<137>0<232><9>%V**z<155><173><31>P<212><139><154><247><13
6><172>p<12>T<141><206><172><27><149><152><14>5j<198><219><167>;<198>i<224>L
<198>s<2><251>I<158>c<172><241><157><140>}<249><226><167>s$<147><227>x<159>S
<169><202><150>$<218>+~H<7><184><7><139><184>9<204><241><167><221><236><251>
v<233>u<232>&3v5PH<179>]<225><203><177><203><127>-Q!<255><131>?w<161><238><2
07>J<235>m|<230>?O%x<5><5>"f<2>qP<249>a<168>'<252><239><177><198>@k<204>w<18
1><131><199><28><11>&<244>?$<4><217><219><237><186><228><183>r<30>I<153><20>
<179>g<20>4<9><196><174><252><196>4<26><230>P<146><228>e<20><224><247><188><
198>6',
> <173><228><179>4<188><226>
> 
>         EAP-Message =
> l<169><187><254><184>+<247><203><254><144>s<181><25><231>U<194><158><194>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 178
> 
> Authentic:  <153>@<17><218><243><187>:s<162><158><<185><12><196><236><228>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><5><0><6><25><0>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <183><166>X<192>z<196><172><160><2><167><14><222>I<177><21>b
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 5, 6, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 178
> 
> Authentic:
<223><149><197><167>$<214>W<245><251>u<195><223><28><160>}<246>
> 
> Attributes:
> 
>         EAP-Message =
>
<1><6><0><149><25><0><154><129><185>'P<181><241><134>z<163><25>F<19><2>%G<12
>M`<221>#<14><127><130><195><253><134><249><136><148><146>g<137><223>v14<207
><208><148><127>!0@<18>]<139><165><160><210>+<169><190><170><136><23><146><2
39><128><127><198><252><16>!<<10><175><179>/z<242><202><27>L<161><229><31><1
47>L:<216>gS<25><127>2AVah<152>;<237><147>q<169><202>=6<170>@SN<3>U<208><205
><195><220>R<190><31><174>J<196>=<14><150><234>3hA<235>Y<162><166><157><7><2
14><169>V<230>_<235><22><3><1><0><4><14><0><0><0>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 179
> 
> Authentic:  <12><192><160><201><242><233>7d<251><178>H<224>QV\<172>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message =
>
<2><6><2>L<25><0><22><3><1><2><6><16><0><2><2><2><0><141><234><244>|r\w<220>
<#<167><203><24>0<208><181>><217><243><144>-<15><7>A<144><208><210><234><17>
<247>Qm<187><16><227>N<170><198>$<179><7><190><187><194>@QYA<127><6>U<166>4<
229><133>p<137><164><153><179>k`g56<228>c2<223><167><16><226><231><252><29><
157>fs<3><251>!<197>E<247><23>`<133><171><250>a<222><211>*I<225><203><243><1
72><249><231><13><252><164><13><211><148><150><0><239><198><164>dS<182><242>
<221><179>=<152>GGw<~o<185><191>m<19><207><171>NQ<212><156><2>i<194><244><17
3>7<9>?<0><234>Y<252><239>(<160><29><167><181><30><131>)<196>:<191><140><155
>c<220><225><193><251><12><1><211>|<189><27><156><145><6><187><192><198><207
><245>!
>
ExN<228><154>nb<232>6<225><201>I<139><224><188><139><180><227><175>~*<248><2
15><218><156><12><234><215><1><10>T<202><210><186><194><30><203>hN<157><15><
182><154><1>9<18>E<176><16>}<238>m<205>
> 
>         EAP-Message =
>
j<237>2V^F<17><168><127><178>/z<206><136>+<157><167>k<143><141><145><242><18
8>p<142><152>r<193><135><30>\F<211><138><226><250>2<155><159><127><178>~:k!<
179><135>57Q<143>+~<229><213>\<204><18>[/<131><213><136>g<153><225>n<191><16
8><140><25><170><6><196>t<189>$<246><167>(<188><221><188>b6p!O<129><152><219
><180><166><166>k<N<198><16>~<192><1><<146><187>]<187>B<160><226><242><161><
172><129>0<139><226>r"<27>l<240><160>U^<169><164><194><235><239>*=<161>h<171
><237><147><192>{<146><220>|<156>s<30><30><31><2><200><9>6<200><129>O<161><1
4>0<129><164><20><211><6><194><142><216><226><187><221><194>Jl$<20><27><181>
<245><134><31>z<233><245>FM<134><156><234><132>n<251><1>QS<206><127><245><21
1>I<132>Z<202><8><151><201>_<198><10><4>;tnX<11><130><163>I<227><221><12><22
6><199><14>M<175>!<128><176>>"<140><194><129><174><6>8\;d<22>A=<237><16><147
>lG<29>]M5q<251>M
> 
>         EAP-Message =
>
P<187><201>G<22><138>N<219>Q<0>xe<187>s+<154><27><22><218>AN<141><220>*<197>
<20><3><1><0><1><1><22><3><1><0>0<194><186><4><243><21><248><28>T<234><163>^
WDb"<132>|<202><182><238>lU<145>`3=wYt2<231><253><215>px_",<6><4><239><202>k
<28>(<155><215><127>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <231>0D<250><192>\I<194><166>q@<147>l<4><230><153>
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 6, 588, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 179
> 
> Authentic:  <202><6><1><245><148><184><202><171>ILW<248><157><<255>z
> 
> Attributes:
> 
>         EAP-Message =
>
<1><7><0>E<25><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0<238><136><161
><204>f<238><187>O<246><193>)<217>4<31>X#<143><252><31><180><144><192><27>A#
<212>U7]<135><246>M<153>I<232>7<149><211>$x<166><252><254><138><155>X<<17>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 180
> 
> Authentic:  a<172><184>B.QJ<139><203><161><10><135><169><189><183><22>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><7><0><6><25><0>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <157>T<7><253><209>=<17><249><9><2>&<237><155><225><202>\
> 
>  
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:18 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Handling with EAP: code 2, 7, 6, 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:18 2012: DEBUG: EAP result: 3, EAP PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Challenge
> 
> Sun Jul  8 15:24:18 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 180
> 
> Authentic:  <155>HdS<247><183>J<133><146>?8;<185>^<176><146>
> 
> Attributes:
> 
>         EAP-Message = <1><8><0>+<25><0><23><3><1><0>
>
<147><250>5<203><211><141><248><18><173><164><216><29>-<2><192>*)<136><30><2
30><232>:|<2><228><7><252><138>)A<158><170>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 181
> 
> Authentic:  F<159><177><238><3><212>iv<240><128><243>BO<188><234><174>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><8><0>P<25><0><23><3><1><0>
>
e<159><188><211>><154><154><3><183>Lf<27><212><163><9><16><170>N<159><6>+<20
5>:|<240><214><213><229><11>4<139><156><23><3><1><0>
>
w<208><24>N<233><<171><199>Y<209><251><139>=*<167><27><142><239><171>9'<167>
n<136><151>wl<226><199><232><129><6>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <243><188>y<236><134><159><26>2<211>V<177>3<195><199>1<225>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 8, 80, 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP PEAP inner authentication request
> for romans at cc
> 
> Sun Jul  8 15:24:19 2012: DEBUG: PEAP Tunnelled request Packet dump:
> 
> Code:       Access-Request
> 
> Identifier: UNDEF
> 
> Authentic:  <200><19><22><212><203><232><183><217><240>Y<20>_l'<211><137>
> 
> Attributes:
> 
>         EAP-Message = <2><8><0><10><1>romans at cc
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         NAS-Port = 12112
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         User-Name = "romans at cc"
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 8, 10, 1
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 1
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> MSCHAP-V2 Challenge
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc: EAP
> MSCHAP-V2 Challenge
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Returned PEAP tunnelled packet dump:
> 
> Code:       Access-Challenge
> 
> Identifier: UNDEF
> 
> Authentic:  <200><19><22><212><203><232><183><217><240>Y<20>_l'<211><137>
> 
> Attributes:
> 
>         EAP-Message =
>
<1><9><0>&<26><1><9><0>!<16>/!<142><189>I2<165><18><11>;ve<24>\<144><127>trs
9-eduroam
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 181
> 
> Authentic:  <233><236><238>k2<220>T}I<233><24>a<218><194>E<149>
> 
> Attributes:
> 
>         EAP-Message = <1><9><0>K<25><0><23><3><1><0>@f+<159>0
>
Q<137><210>Sp<1>S<138><134><151><245><12>nYG<18><239><221><143><152>Z<143><3
><14><197><228>Qo<160><139><170><176><162><154>Kl<143><212>D<216><129>T<226>
<150>^"{JP<143><230><166><5>o<168><227>R<199>m
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 182
> 
> Authentic: 
> <14><246><20><234><224><246>r<170><147><182><246><172><14>M<197><29>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><9><0><144><25><0><23><3><1><0>
>
\<219><222><217>H<12>y<235><141><214><2><224><26><29><13><128><15>A1<201>c<2
15>(<192><143>u%[<25><<183><16><23><3><1><0>`<173>^<250>$7<17><171>xi<210><2
29><200>*s<167><166>M<154><254><1><190>C{<195><176><172>-<22>7;<202><239><20
><8>f:<9>A<31><198>5<144><131>=<173>!<1>tM<11><151><177><141>o<201>Q<213>MG<
135>_<233><216>rg<214>k'<146><217><253>0<29>Q<187>"FZ<238><1><5><175>x<129>9
;C<21><26>c<30><183>t<177><244>k
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> <148><147><181><157><7>@9<23>Z<244><142>t<144><213>~V
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 9, 144, 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP PEAP inner authentication request
> for romans at cc
> 
> Sun Jul  8 15:24:19 2012: DEBUG: PEAP Tunnelled request Packet dump:
> 
> Code:       Access-Request
> 
> Identifier: UNDEF
> 
> Authentic:  6c<134><16><147>-s<152><8><192><186><239><246>"<22>d
> 
> Attributes:
> 
>         EAP-Message =
>
<2><9><0>@<26><2><9><0>?1Bv<242><234><143><128><251><158><218>r<149><223>X<1
45>b<244><0><0><0><0><0><0><0><0><7><5><129><180><200><175>W<216>LS<175><132
><215>}<243><202><142>-}.<23><0>l<174><0>romans at cc
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         NAS-Port = 12112
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         User-Name = "romans at cc"
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 9, 64, 26
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 26
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Converted EAP-MSCHAPV2 Packet dump:
> 
> Code:       Access-Request
> 
> Identifier: UNDEF
> 
> Authentic:  u3<18><1><136>k<12>_<9><165><232>)<176><150><184><206>
> 
> Attributes:
> 
>         User-Name = "romans at cc"
> 
>         ConvertedFromEAPMSCHAPV2 = 1
> 
>         MS-CHAP2-Response =
>
<1><0>Bv<242><234><143><128><251><158><218>r<149><223>X<145>b<244><0><0><0><
0><0><0><0><0><7><5><129><180><200><175>W<216>LS<175><132><215>}<243><202><1
42>-}.<23><0>l<174>
> 
>         MS-CHAP-Challenge = /!<142><189>I2<165><18><11>;ve<24>\<144><127>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler
> 'ConvertedFromEAPMSCHAPV2=1', Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249,
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthRADIUS
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy RADIUS creates new local socket
> '0.0.0.0:0' for sending requests
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.68.7.4 port 1812 ....
> 
> Code:       Access-Request
> 
> Identifier: 1
> 
> Authentic:  u3<18><1><136>k<12>_<9><165><232>)<176><150><184><206>
> 
> Attributes:
> 
>         User-Name = "romans at cc"
> 
>         MS-CHAP2-Response =
>
<1><0>Bv<242><234><143><128><251><158><218>r<149><223>X<145>b<244><0><0><0><
0><0><0><0><0><7><5><129><180><200><175>W<216>LS<175><132><215>}<243><202><1
42>-}.<23><0>l<174>
> 
>         MS-CHAP-Challenge = /!<142><189>I2<165><18><11>;ve<24>\<144><127>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy RADIUS result: IGNORE, forked
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 2, EAP-MSCHAPV2 converted
> to Radius MSCHAPV2 and redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: IGNORE,
> EAP-MSCHAPV2 converted to Radius MSCHAPV2 and redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 2, EAP PEAP inner
> authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: IGNORE, EAP PEAP
> inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Received reply in AuthRADIUS for req 1
> from 132.68.7.4:1812
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Received from 132.68.7.4 port 1812 ....
> 
> Code:       Access-Accept
> 
> Identifier: 1
> 
> Authentic:  <206><27><162>1}MC<226><206>N<216><156>4U<210>-
> 
> Attributes:
> 
>         Framed-Protocol = PPP
> 
>         Service-Type = Framed-User
> 
>         Class =
>
"q<246><7><201><0><0><1>7<0><1><2><0><132>D<3><6><3><6><0><0><0><0><0><0><13
2>D<3><6><1><205>\<244><208><237><245>Q<0><0><0><0><0><0><2><191>"
> 
>         MS-MPPE-Recv-Key =
> <220><218>jKAv<13><191><131><198><19><164><213>j<228><245>
> 
>         MS-MPPE-Send-Key = AjX<144><198><184><130>R"<211><230>d#<153>-9
> 
>         MS-CHAP2-Success = "<1>S=DA49CBF8FAB40EF2174AFAB6E6B068875C240284"
> 
>         MS-CHAP-Domain = "<1>CC-ROOT"
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy RADIUS result: ACCEPT,
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access accepted for romans at cc
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Converted EAP-MSCHAPV2 response Packet
> dump:
> 
> Code:       Access-Accept
> 
> Identifier: UNDEF
> 
> Authentic:  u3<18><1><136>k<12>_<9><165><232>)<176><150><184><206>
> 
> Attributes:
> 
>         Framed-Protocol = PPP
> 
>         Service-Type = Framed-User
> 
>         Class =
>
"q<246><7><201><0><0><1>7<0><1><2><0><132>D<3><6><3><6><0><0><0><0><0><0><13
2>D<3><6><1><205>\<244><208><237><245>Q<0><0><0><0><0><0><2><191>"
> 
>         MS-MPPE-Recv-Key =
> <220><218>jKAv<13><191><131><198><19><164><213>j<228><245>
> 
>         MS-MPPE-Send-Key = AjX<144><198><184><130>R"<211><230>d#<153>-9
> 
>         MS-CHAP2-Success = "<1>S=DA49CBF8FAB40EF2174AFAB6E6B068875C240284"
> 
>         MS-CHAP-Domain = "<1>CC-ROOT"
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc:
> Converted MSCHAPV2 authentication success
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Returned PEAP tunnelled packet dump:
> 
> Code:       Access-Challenge
> 
> Identifier: UNDEF
> 
> Authentic:  6c<134><16><147>-s<152><8><192><186><239><246>"<22>d
> 
> Attributes:
> 
>         EAP-Message =
> <1><10><0>=<26><3><9><0>8S=DA49CBF8FAB40EF2174AFAB6E6B068875C240284
> M=success
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Inner authentication challenged
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 182
> 
> Authentic:  <241><15><241><12><249>L<130><4><150>n8$<160><142><18><194>
> 
> Attributes:
> 
>         EAP-Message =
>
<1><10><0>[<25><0><23><3><1><0>PoDAr<170><9><201><205><149><131><211><254><1
57><12><184>T^%h<17>v<214>I<239>j<1><148>*v<167>k_<22><239>8<249>8<246><186>
$<193>h<177><226>U<226>NRB<9><221>5<228>r<254><163><204>ri<186>E<135><<13><2
50>Z<202>5<138><9><199>W<3><27>h<131>}#<135>A
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 3, EAP-MSCHAPV2 converted
> to Radius MSCHAPV2 and redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: CHALLENGE,
> EAP-MSCHAPV2 converted to Radius MSCHAPV2 and redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc:
> EAP-MSCHAPV2 converted to Radius MSCHAPV2 and redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Returned PEAP tunnelled packet dump:
> 
> Code:       Access-Challenge
> 
> Identifier: UNDEF
> 
> Authentic:  6c<134><16><147>-s<152><8><192><186><239><246>"<22>d
> 
> Attributes:
> 
>         EAP-Message =
> <1><10><0>=<26><3><9><0>8S=DA49CBF8FAB40EF2174AFAB6E6B068875C240284
> M=success
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP Inner authentication challenged
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 182
> 
> Authentic:  8h<180>`D<140>C8<18>!<156><153>R<129><169><212>
> 
> Attributes:
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>         EAP-Message =
>
<1><10><0>[<25><0><23><3><1><0>P<193><13><180>M<17><223><219><146>v<3><22>@<
1><3><232>HP<28><14>i<29>,<203><239><242><180><6><24><231><189><145><191><17
9>+<168>b<165><21>lS<17>kJ<4>qp<29><212>x<28>P:@<176><28><245><154><168><24>
<247>w<217>v<6>_L<174><236><195><251><217><224>w<253><203><239><217><1><195>
<16>
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 3, EAP PEAP inner
> authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
> inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Access challenged for romans at cc: EAP
> PEAP inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Challenge
> 
> Identifier: 182
> 
> Authentic:  <235>D<21><9><16><234><31><245>P\Xgu<134><182>U
> 
> Attributes:
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>         EAP-Message =
>
<1><10><0>[<25><0><23><3><1><0>P<193><13><180>M<17><223><219><146>v<3><22>@<
1><3><232>HP<28><14>i<29>,<203><239><242><180><6><24><231><189><145><191><17
9>+<168>b<165><21>lS<17>kJ<4>qp<29><212>x<28>P:@<176><28><245><154><168><24>
<247>w<217>v<6>_L<174><236><195><251><217><224>w<253><203><239><217><1><195>
<16>
> 
>  
> 
>                                
> 
>                                
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 183
> 
> Authentic:  =}<151><27><163><247><250>a<237><173>p<255><198>f<219><202>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><10><0>P<25><0><23><3><1><0>
> <181><200><128><170><248><127><16><209><5>h'8<0>
>
<172><189>k<228>BH<177><4><199><18><191><212><132>~<156><178>N<25><23><3><1>
<0>
>
<249><228><236>o0<20><150><174><251><248><13><245><210><31><19>7&<138>K^n<22
3><143>x$H<163><237><229>^/<4>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> 9~<16><180>-<220><246><177><244><173><7><199>!<219><233>*
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 10, 80, 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP PEAP inner authentication request
> for romans at cc
> 
> Sun Jul  8 15:24:19 2012: DEBUG: PEAP Tunnelled request Packet dump:
> 
> Code:       Access-Request
> 
> Identifier: UNDEF
> 
> Authentic:  +l)n<22>5<200><198>*Y<193><24>5<239><138>F
> 
> Attributes:
> 
>         EAP-Message = <2><10><0><2><26><3>
> 
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         NAS-Port = 12112
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         User-Name = "romans at cc"
> 
>  
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> 
> Sun Jul  8 15:24:19 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Handling with EAP: code 2, 10, 2, 26
> 
> Sun Jul  8 15:24:19 2012: DEBUG: Response type 26
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 2, EAP MSCHAP-V2 unknown
> mschaptype 3
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: IGNORE, EAP
> MSCHAP-V2 unknown mschaptype 3
> 
> Sun Jul  8 15:24:19 2012: DEBUG: EAP result: 2, EAP PEAP inner
> authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:19 2012: DEBUG: AuthBy FILE result: IGNORE, EAP PEAP
> inner authentication redispatched to a Handler
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Packet dump:
> 
> *** Received from 132.69.191.249 port 20005 ....
> 
> Code:       Access-Request
> 
> Identifier: 183
> 
> Authentic:  =}<151><27><163><247><250>a<237><173>p<255><198>f<219><202>
> 
> Attributes:
> 
>         NAS-Port-Id = "AP183/1"
> 
>         Calling-Station-Id = "00-18-DE-94-3E-36"
> 
>         Called-Station-Id = "00-0B-0E-2A-16-82:eduroam"
> 
>         Service-Type = Framed-User
> 
>         User-Name = "romans at cc"
> 
>         NAS-Port = 12112
> 
>         EAP-Message = <2><10><0>P<25><0><23><3><1><0>
> <181><200><128><170><248><127><16><209><5>h'8<0>
>
<172><189>k<228>BH<177><4><199><18><191><212><132>~<156><178>N<25><23><3><1>
<0>
>
<249><228><236>o0<20><150><174><251><248><13><245><210><31><19>7&<138>K^n<22
3><143>x$H<163><237><229>^/<4>
> 
>         NAS-Port-Type = Wireless-IEEE-802-11
> 
>         NAS-IP-Address = 132.69.191.249
> 
>         NAS-Identifier = "Trapeze"
> 
>         Message-Authenticator =
> 9~<16><180>-<220><246><177><244><173><7><199>!<219><233>*
> 
>  
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Handling request with Handler '',
> Identifier ''
> 
> Sun Jul  8 15:24:24 2012: DEBUG:  Deleting session for romans at cc,
> 132.69.191.249, 12112
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Handling with Radius::AuthFILE:
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Handling with EAP: code 2, 10, 80, 25
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Response type 25
> 
> Sun Jul  8 15:24:24 2012: ERR: EAP PEAP TLS read failed:  10926: 1 -
> error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad
> record mac
> 
>  
> 
> Sun Jul  8 15:24:24 2012: DEBUG: EAP result: 1, EAP PEAP TLS read failed
> 
> Sun Jul  8 15:24:24 2012: DEBUG: AuthBy FILE result: REJECT, EAP PEAP
> TLS read failed
> 
> Sun Jul  8 15:24:24 2012: INFO: Access rejected for romans at cc: EAP PEAP
> TLS read failed
> 
> Sun Jul  8 15:24:24 2012: DEBUG: Packet dump:
> 
> *** Sending to 132.69.191.249 port 20005 ....
> 
> Code:       Access-Reject
> 
> Identifier: 183
> 
> Authentic:  "0J<171><232>QM<239><12><15><24><196><179>p<5><26>
> 
> Attributes:
> 
>         Reply-Message = "Request Denied"
> 
>  
> 
>  
> 
> Thanks in advance.
> 
>  
> 
> Regards,
> 
> Roman Safonov
> 
> Networking Engineer
> 
> Taub Computer Center
> 
> Technion, Haifa
> 
> Tel. 04-829-4992
> 
> Fax 04-8236-212
> 
> Email: romans at cc.technion.ac.il <mailto:romans at cc.technion.ac.il>
> 
>  
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5695 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20120711/5558a2ac/attachment-0001.bin 


More information about the radiator mailing list