[RADIATOR] EAP-TTLS missing reply attributes from inner-accept
Christopher Chance
cchance at newtechgrp.com
Fri Jun 6 16:14:53 CDT 2014
For some reason the final reply to the device is not getting the full attributes, we send 2 custom attributes for speed
Cambium-Canopy-DLMB=10480,
Cambium-Canopy-ULMB=2048
As part of our EngageIP SQL attributes... I tested and it is getting sent back from the table correctly, but it's not showing up in the actual authentication it's like the outer-auth is dropping it the reply attributes from the inner authentication. How can I make it send the attributes from the db
I confirmed the EngageIP is returning the Attributes, and if I use a non TTLS/EAP test (<HANDLER> and NTRadPing I can see its returning the attributes from EngageIP)
The Config I'm trying to use is, it sends accepts, but doesn't send the variables that EIP is giving the inner-accept to send to client.
<Handler TunnelledByTTLS=1>
# Check EngageIP DB
<AuthBy EngageIP>
DBAuth xxxxxxxxxxxxxxxxxxxxxxxxxx
DBSource dbi:ODBC:Database1111
DBUsername sa
DateFormat %Y-%m-%d %H:%M:%S
Timeout 60
</AuthBy>
</Handler>
<Handler Realm=epmp.caribserve.net>
<AuthBy FILE>
Filename %D/users_anon
EAPType TTLS
EAPTLS_PrivateKeyPassword xxxxxxxxxxxxxxxx
EAPTLS_CAFile /etc/radiator/certs/ca.pem
EAPTLS_CertificateFile /etc/radiator/certs/server.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/radiator/certs/server.pem
EAPTLS_PEAPVersion 0
EAPTTLS_NoAckRequired
AutoMPPEKeys
</AuthBy>
</Handler>
Debug log is....
Fri Jun 6 16:34:25 2014: DEBUG: Packet dump:
*** Received from 192.168.125.233 port 47890 ....
Code: Access-Request
Identifier: 103
Authentic: R<163>4<227>}<129><198>(<15>%<127><156>X8<7>X
Attributes:
User-Name = "anonymous at epmp.caribserve.net"
NAS-Port = 0
Called-Station-Id = "00-04-56-C2-36-C6:CambiumAP"
Calling-Station-Id = "00-04-56-C2-31-E3"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = <2><11><0>"<1>anonymous at epmp.caribserve.net
Message-Authenticator = -<220>e<142><19>) t<228><217><166><139><1>l<166><168>
Fri Jun 6 16:34:25 2014: DEBUG: Handling request with Handler 'Realm=epmp.caribserve.net', Identifier ''
Fri Jun 6 16:34:25 2014: DEBUG: Deleting session for anonymous at epmp.caribserve.net, 192.168.125.233, 0
Fri Jun 6 16:34:25 2014: DEBUG: Handling with Radius::AuthFILE:
Fri Jun 6 16:34:25 2014: DEBUG: Handling with EAP: code 2, 11, 34, 1
Fri Jun 6 16:34:25 2014: DEBUG: Response type 1
Fri Jun 6 16:34:25 2014: DEBUG: EAP result: 3, EAP TTLS Challenge
Fri Jun 6 16:34:25 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Fri Jun 6 16:34:25 2014: DEBUG: Access challenged for anonymous at epmp.caribserve.net: EAP TTLS Challenge
Fri Jun 6 16:34:25 2014: DEBUG: Packet dump:
*** Sending to 192.168.125.233 port 47890 ....
Code: Access-Challenge
Identifier: 103
Authentic: J<193>@6<142><188>J=<243><208><191>#<17><173><242><239>
Attributes:
EAP-Message = <1><12><0><6><21>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jun 6 16:34:25 2014: DEBUG: Packet dump:
*** Received from 192.168.125.233 port 47890 ....
Code: Access-Request
Identifier: 104
Authentic: <150><153><172>o<201><157>v<134>")<129>x<13><231>x<31>
Attributes:
User-Name = "anonymous at epmp.caribserve.net"
NAS-Port = 0
Called-Station-Id = "00-04-56-C2-36-C6:CambiumAP"
Calling-Station-Id = "00-04-56-C2-31-E3"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = <2><12><0>><21><0><22><3><1><0>3<1><0><0>/<3><1><0><0><0><29><4><178>t<169>B<1><146><217>yri<133><127>o<166><206><143><154>#<2>Q<149><244>~b<200>T<132><0><0><8><0>/<0><10><0><5><0><4><1><0>
Message-Authenticator = <224><240>=<254><150><197>y<255>I<138>:<171><236>D<22><28>
Fri Jun 6 16:34:25 2014: DEBUG: Handling request with Handler 'Realm=epmp.caribserve.net', Identifier ''
Fri Jun 6 16:34:25 2014: DEBUG: Deleting session for anonymous at epmp.caribserve.net, 192.168.125.233, 0
Fri Jun 6 16:34:25 2014: DEBUG: Handling with Radius::AuthFILE:
Fri Jun 6 16:34:25 2014: DEBUG: Handling with EAP: code 2, 12, 62, 21
Fri Jun 6 16:34:25 2014: DEBUG: Response type 21
Fri Jun 6 16:34:25 2014: DEBUG: EAP TTLS data, 24576, 12, -1
Fri Jun 6 16:34:25 2014: DEBUG: EAP TTLS SSL_accept result: -1, 2, 8576
Fri Jun 6 16:34:25 2014: DEBUG: EAP result: 3, EAP TTLS Challenge
Fri Jun 6 16:34:25 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Fri Jun 6 16:34:25 2014: DEBUG: Access challenged for anonymous at epmp.caribserve.net: EAP TTLS Challenge
Fri Jun 6 16:34:25 2014: DEBUG: Packet dump:
*** Sending to 192.168.125.233 port 47890 ....
Code: Access-Challenge
Identifier: 104
Authentic: u<226>2<163><243><246>J<221><163><31><158>W[<194><161><146>
Attributes:
EAP-Message = <1><13><5><130><21><192><0><0><8><187><22><3><1><0>J<2><0><0>F<3><1>S<146>%<209><236><170>4<139><247>d<255><7>X<W4<208>o<1>FY<242><14><163>l<196>j<255><229><199><229><26> 9<230><184><251>tC<181><235><196><212><219><145><204><170><248><196><208><172><145><206>m<236><153><187><239><190>=T<158><157>7<224><0>/<0><22><3><1><8>^<11><0><8>Z<0><8>W<0><3><166>0<130><3><162>0<130><2><138><160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><147>1<11>0<9><6><3>U<4><6><19><2>FR1<15>0<13><6><3>U<4><8><19><6>Radius1<18>0<16><6><3>U<4><7><19><9>Somewhere1<21>0<19><6><3>U<4><10><19><12>Example Inc.1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>admin at example.com1&0$<6><3>U<4>
EAP-Message = <3><19><29>Example Certificate Authority0<30><23><13>140603195141Z<23><13>340529195141Z0|1<11>0<9><6><3>U<4><6><19><2>FR1<15>0<13><6><3>U<4><8><19><6>Radius1<21>0<19><6><3>U<4><10><19><12>Example Inc.1#0!<6><3>U<4><3><19><26>Example Server Certificate1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>admin at example.com0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><196><179>$x<248><150><254><18>7<246><151><162><254>C<150>RjQ<253>8<141><190>'<156>" <186><233><22><8>
EAP-Message = <6><195><153>\<195>f,l<156><165>l<183><225><130><201><250><1><224>0b<6><230><152>m<27>+k7<205><235>F<132><147><187>T<215><182><31>"<138><222>p<210>Sg<25><159><235><152><1><176><207><180><238>1<153><27>2mK<155>X<245><152><226><8>\3<191>j<3><23><208><133>f<230><252><223><171><192><216><235>X<8>'<186><205><25>i<156><130><208><223>~<130><19><13>#<214><244><134><226>?<219>Ji<173><130><241><204><177><230>J<247><188><137><28>4<3><245><160>Z4<243><246>S<145><27><173><168>;<251>wh<236><8>s2'<133><20><26>K<27><199><147><143><204>tLN<226>T<22><170>xF\<247>q<254><135><171><130><222><138>;<140><14><235>DL<6><242><10><137><198><21><150><5><196><26>.'Fp<135><200><222>b<183>Y<249><144><136><239><136><136><226>Ah<240><147><16>"<31><142><238>9Q<157><15>d<145>-<28><164>f<235>+5p<232>k<22>U<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5>
EAP-Message = <7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>J<228><179><168><214><234><173><0><0>ic<240>@<241><204>}<227>>5<12>2s<202><8><214><204>6<19><169><143><169><13>@<10><10>i<200><149><223>t<194><25>g<233>p<250>Px<146>\=Rx<2>z<12><157><161><136>e<145>y<202><182><247>U;<139>K<248><7><240>&1<235><219><164><<188><185><161><191>:<250><246><165><162><247>nH<160><225><23>3K}<211>H*<12>*qU<239>l<216>F<29>C<137>@<170>q<252><244><5>^Jh<235>J<155><207>m<140><138><23><9><162>"fc<24>-C<199><166>QB<202><174><225><170>g<223><171><127>nH<135><235><133><131><224><141><10><245><235><127><130><232><1><140><159>]<148><140><236><141><213><142>}'<181><165>XG<231><241>q<174>@<12>l`L?<225><225><167>lc<188>n7*<5>K<21><176>Q<11><153><200><18>>bp{<132><21>$<171><21>^<235><244>(<173><138>:.<209><249><136><240>9<209><130><240>
EAP-Message = <255>/y9D{w<152>4<160><199>f<185>o<167><146><212>L<213>0<186><13><16>b<173>U<0><4><171>0<130><4><167>0<130><3><143><160><3><2><1><2><2><9><0><136><200><30>&_@<9><177>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><147>1<11>0<9><6><3>U<4><6><19><2>FR1<15>0<13><6><3>U<4><8><19><6>Radius1<18>0<16><6><3>U<4><7><19><9>Somewhere1<21>0<19><6><3>U<4><10><19><12>Example Inc.1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>admin at example.com1&0$<6><3>U<4><3><19><29>Example Certificate Authority0<30><23><13>140603195141Z<23><13>340529195141Z0<129><147>
EAP-Message = 1<11>0<9><6><3>U<4><6><19><2>FR1<15>0<13><6><3>U<4><8><19><6>Radius1<18>0<16><6><3>U<4><7><19><9>Somewhere1<21>0<19><6><3>U<4><10><19><12>Example Inc.1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>admin at example.com1&0$<6><3>U<4><3><19><29>Example Certificate Authori
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jun 6 16:34:25 2014: DEBUG: Packet dump:
*** Received from 192.168.125.233 port 47890 ....
Code: Access-Request
Identifier: 105
Authentic: <206><168><235><15><240><249><195><217>~!<8><139><244>H3<198>
Attributes:
User-Name = "anonymous at epmp.caribserve.net"
NAS-Port = 0
Called-Station-Id = "00-04-56-C2-36-C6:CambiumAP"
Calling-Station-Id = "00-04-56-C2-31-E3"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = <2><13><0><6><21><0>
Message-Authenticator = <145><132><193><6><218><149>|^=Z<29>'<132><164>n<168>
Fri Jun 6 16:34:25 2014: DEBUG: Handling request with Handler 'Realm=epmp.caribserve.net', Identifier ''
Fri Jun 6 16:34:25 2014: DEBUG: Deleting session for anonymous at epmp.caribserve.net, 192.168.125.233, 0
Fri Jun 6 16:34:25 2014: DEBUG: Handling with Radius::AuthFILE:
Fri Jun 6 16:34:25 2014: DEBUG: Handling with EAP: code 2, 13, 6, 21
Fri Jun 6 16:34:25 2014: DEBUG: Response type 21
Fri Jun 6 16:34:25 2014: DEBUG: EAP result: 3, EAP TTLS Challenge
Fri Jun 6 16:34:25 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Fri Jun 6 16:34:25 2014: DEBUG: Access challenged for anonymous at epmp.caribserve.net: EAP TTLS Challenge
Fri Jun 6 16:34:25 2014: DEBUG: Packet dump:
*** Sending to 192.168.125.233 port 47890 ....
Code: Access-Challenge
Identifier: 105
Authentic: <0>8<150><195><205><241><163><169>e<169>t<187><132>(G<244>
Attributes:
EAP-Message = <1><14><3>I<21><0>ty0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><174>h<1><203><184>-)&<168>7<230><133>4Eo<223>y<242><2>.<132><175><186>O<149>n<135>=<167>w<196><231><152>a<201><155><240><188><141>5<159>*{2<15><161>c7<170><161><185><222>m<248><244><20><145><225><2>{i<201>2<254><27><203>75<148><128>i<7><133><208>Z<31>T&W(<13>-N<173><167><133>U4<201><200><8>,k<241>I<236>U<204><242><18><172>|<180><190><152><19><178><186><158><151>h<195><173>a<140><210><141><154>K<228>IC<158><23>DV<186><240><131>'<130>d<182><160><5><145><20>^<13><158><213><4>*<218>!<203><235><164><248><232>6:i<6><207>`<192><23><0>+<184><204><255><155>2<4>6<255>%<11>O<236>Z<157><145><247><15><2><193><148><15>I<178>v<243>n<7><160>o<24><167><135><11><2><166>?<191><28><253>iz<133>m<228><218><235><11><192><235>)<?
EAP-Message = <227><237>^<171><9><211><165>1x<30>\<229><190><4><31>1Z<181>K<132><152>b<247>{<222><0>0<226>}<190><167>V<215>\<139><143>Y<156><209><148><130><186><5><251><2><3><1><0><1><163><129><251>0<129><248>0<29><6><3>U<29><14><4><22><4><20>8<182>g<198>E<<178>P[<131>s<213>@<243><164>j<133><227><143>I0<129><200><6><3>U<29>#<4><129><192>0<129><189><128><20>8<182>g<198>E<<178>P[<131>s<213>@<243><164>j<133><227><143>I<161><129><153><164><129><150>0<129><147>1<11>0<9><6><3>U<4><6><19><2>FR1<15>0<13><6><3>U<4><8><19><6>Radius1<18>0<16><6><3>U<4><7><19><9>Somewhere1<21>0<19><6><3>U<4><10><19><12>Example Inc.1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>admin at example.com1&0$<6><3>U<4><3><19><29>Exam
EAP-Message = ple Certificate Authority<130><9><0><136><200><30>&_@<9><177>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0>D<250><21><218><137>-x}<193><179><16>d<205>'<206><204>"d<168>FtM<135>o<171><13><209><153><206><218><253><192><248>F<15>q<176>*l'<204><214><192>n<<195>%<179>O<14><229><197>4e<227>#NF<212><23><182>P<129><132><144><8><144>V<238><0>]<3><203><164>KGJm'_<205>i<229><183>><217>%<21><251><195><203><154><7><201>W<149><193><136>g6<22><24><166><193>G<250>i<129><11>%7o{<4><229><179><190><24><11>A<17><151><238>GbEH"x<14><138><178><20> <142><219><235><204><181><225>f<224>5<134><232><219><250><13><220><201>f<6><171><154><153><12><176><202><164><198>(<19>2<197>8<250>LQK<26><193><26><205>i<151><229><244>"O<195>o<223>]
EAP-Message = <250>D<1>"<154><196><27>}<143>1b<209><211><148><152>(<161><165>4M<146>RU<137>d7U<194><173><166><30>N<1>^<188>O<136><137><168><204><248>%<31>8[<148><140><154><8><9><5><202> <173><131>V<181>N<141><202><252><167><242>IB<251>=u|%<13><235><247><22><3><1><0><4><14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jun 6 16:34:26 2014: DEBUG: Packet dump:
*** Received from 192.168.125.233 port 47890 ....
Code: Access-Request
Identifier: 106
Authentic: <4><150><164>)<242>`<12><153><12><157>C<173><127><248>"k
Attributes:
User-Name = "anonymous at epmp.caribserve.net"
NAS-Port = 0
Called-Station-Id = "00-04-56-C2-36-C6:CambiumAP"
Calling-Station-Id = "00-04-56-C2-31-E3"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = <2><14><1>L<21><0><22><3><1><1><6><16><0><1><2><1><0><189>I<157>6<13>\<15><168><156><170><1><18><17><127>DB<199><238><130><131>H0<23><133><158><241>M<178><232><16>k<152><249>P<145><236><128><181><201><169>:h<233><179>D<28><241>KL<14><142>]<150><10>z<13><207>c<192>g/<142><186><167>^#<225>3<5><135><139><199><185>nE<23><225><198><23><18><195><151>l<239>=<225><142><179>;<16>e<13><241><16><248><213><199><184><162>H<128><216><174><151>7<233><236><208><223>W<23>eI<193><232><233>Z-<163><230><134><187><224><191><191><214><31><133>n<185>l<147>~*<22><137>$<147><16><168><229>o<7>r-<154><136><194><162><186>Z<15>5<183><15><238><147><159><220>l<171><224>>8<196>N<139><209>X<156><179><189>q<176><135>|<11><22><202><235>F<133><26>+Vi<17><230>h#S<214><189>8<19><246>qH<216>.[<27><12>9<235><251>3<13>=<140>=2K F<137><202><8><22><192><234>i]<156>S<132><158><233><148><12>V<21><164><255><185>v
EAP-Message = <191>]<234>]<182><181><212><28><241><162>M<13><18><190><160><140><140>4<189><225><20><3><1><0><1><1><22><3><1><0>0<147><214><252>/tP"<244>c7z>f`X<235>T<146>h<11><231><246><4><232><213><4p\v|<165>i<147><221><177><144><155><131><12>C'<233><180>t<180><163><8>
Message-Authenticator = [;Z<<220><162>Uj<9><199><244>~l<201><18>n
Fri Jun 6 16:34:26 2014: DEBUG: Handling request with Handler 'Realm=epmp.caribserve.net', Identifier ''
Fri Jun 6 16:34:26 2014: DEBUG: Deleting session for anonymous at epmp.caribserve.net, 192.168.125.233, 0
Fri Jun 6 16:34:26 2014: DEBUG: Handling with Radius::AuthFILE:
Fri Jun 6 16:34:26 2014: DEBUG: Handling with EAP: code 2, 14, 332, 21
Fri Jun 6 16:34:26 2014: DEBUG: Response type 21
Fri Jun 6 16:34:26 2014: DEBUG: EAP TTLS data, 8576, 14, 12
Fri Jun 6 16:34:26 2014: DEBUG: EAP TTLS SSL_accept result: 1, 0, 3
Fri Jun 6 16:34:26 2014: DEBUG: EAP result: 3, EAP TTLS Challenge
Fri Jun 6 16:34:26 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS Challenge
Fri Jun 6 16:34:26 2014: DEBUG: Access challenged for anonymous at epmp.caribserve.net: EAP TTLS Challenge
Fri Jun 6 16:34:26 2014: DEBUG: Packet dump:
*** Sending to 192.168.125.233 port 47890 ....
Code: Access-Challenge
Identifier: 106
Authentic: rah<205>J%<215><31><158><215>V5s<244>S<240>
Attributes:
EAP-Message = <1><15><0>E<21><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0;<4> M<214>Y<141><228><178>l<19>p<160><247><181>+<190><177>5<7><9><166><2><242><149><17>s<251>?L"<238><170>#<183><168><230><229><140><149><132><235><19><236><244><203><253><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jun 6 16:34:26 2014: DEBUG: Packet dump:
*** Received from 192.168.125.233 port 47890 ....
Code: Access-Request
Identifier: 107
Authentic: <9><221><179><208><202><227>'<148><201>[<148><238>J<196><15>q
Attributes:
User-Name = "anonymous at epmp.caribserve.net"
NAS-Port = 0
Called-Station-Id = "00-04-56-C2-36-C6:CambiumAP"
Calling-Station-Id = "00-04-56-C2-31-E3"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = <2><15><0><155><21><0><23><3><1><0><144><245>L<224>A<21><127><235><191>@<238><175><11>q<189>B<153>b<154><25><150><30>J<128><10>HXI<<183><144>N<169><184>b<225><150>,y"#<209><8><145><227><129><232><238><168><184>@<220>-3{P<13><234>+b<211>Y<9><224>z!<157><243><133>I<194><170>b#<234>8<142><29>'<206>g <184>H<235><212><238><153>W<194><130><253><220>T<145><236><182>V<222><184>j<184><254><187><19>B<11>\0<178><186><170>Q<198>)<131><244><201>-M<142><255>ZX<9>M<211><159><242><11><15><130><175><182><176><197><175><152><237>VmN<145><12><253>
Message-Authenticator = V<247><185><179><216>Y<211>.N<26>Y#<11>/7V
Fri Jun 6 16:34:26 2014: DEBUG: Handling request with Handler 'Realm=epmp.caribserve.net', Identifier ''
Fri Jun 6 16:34:26 2014: DEBUG: Deleting session for anonymous at epmp.caribserve.net, 192.168.125.233, 0
Fri Jun 6 16:34:26 2014: DEBUG: Handling with Radius::AuthFILE:
Fri Jun 6 16:34:26 2014: DEBUG: Handling with EAP: code 2, 15, 155, 21
Fri Jun 6 16:34:26 2014: DEBUG: Response type 21
Fri Jun 6 16:34:26 2014: DEBUG: EAP TTLS data, 3, 15, 14
Fri Jun 6 16:34:26 2014: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: UNDEF
Identifier: UNDEF
Authentic: UNDEF
Attributes:
User-Name = "5mbtest"
MS-CHAP-Challenge = W<137><177><209>)|J<148><174>u<200><177><183><214><145><212>
MS-CHAP2-Response = r<0><0><0><24><0><0><7>Q<0><0><0><0><0><0><0><2><0><0><0><0><0><0><0><0><0><135>p=<179><253><157><240><251><29>V<31>7<3><234><220>x<17>2<14>$<174><138><156><161>
Fri Jun 6 16:34:26 2014: DEBUG: EAP TTLS inner authentication request for 5mbtest
Fri Jun 6 16:34:26 2014: DEBUG: Handling request with Handler 'TunnelledByTTLS=1', Identifier ''
Fri Jun 6 16:34:26 2014: DEBUG: Deleting session for 5mbtest, 192.168.125.233,
Fri Jun 6 16:34:26 2014: DEBUG: Handling with Radius::AuthEngageIP:
Fri Jun 6 16:34:26 2014: DEBUG: Handling with Radius::AuthEngageIP:
Fri Jun 6 16:34:26 2014: DEBUG: Query is: 'SET ANSI_NULL_DFLT_ON ON; exec Interface_VircomUsers_Custom_newtech '5mbtest', NULL, NULL, NULL, NULL':
Fri Jun 6 16:34:26 2014: DEBUG: Radius::AuthEngageIP looks for match with 5mbtest [5mbtest]
Fri Jun 6 16:34:26 2014: DEBUG: Radius::AuthEngageIP ACCEPT: : 5mbtest [5mbtest]
Fri Jun 6 16:34:26 2014: DEBUG: AuthBy EngageIP result: ACCEPT,
Fri Jun 6 16:34:26 2014: DEBUG: Access accepted for 5mbtest
Fri Jun 6 16:34:26 2014: DEBUG: Returned TTLS tunnelled Diameter Packet dump:
Code: Access-Accept
Identifier: UNDEF
Authentic: <188>^<137>H<194><230><195>$]<225><219>X<165> L\
Attributes:
MS-CHAP2-Success = "rS=A176D373C06AF576BC8316879C999568462B6862"
Fri Jun 6 16:34:26 2014: DEBUG: EAP result: 3, EAP TTLS inner authentication redispatched to a Handler
Fri Jun 6 16:34:26 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP TTLS inner authentication redispatched to a Handler
Fri Jun 6 16:34:26 2014: DEBUG: Access challenged for anonymous at epmp.caribserve.net: EAP TTLS inner authentication redispatched to a Handler
Fri Jun 6 16:34:26 2014: DEBUG: Packet dump:
*** Sending to 192.168.125.233 port 47890 ....
Code: Access-Challenge
Identifier: 107
Authentic: `<165><25><30>Z<181>(<153>;<234><172><147>~<173>Z<201>
Attributes:
EAP-Message = <1><16><0>_<21><128><0><0><0>U<23><3><1><0>P<21><248><201><163><26>y~<2><237>Kmzd&<179>b<16><154><163><254><212>.<129>U<31>"<194><18><188><145><203>&<255><233>MHpQ<222>{t<246><136>Rw.<146><217><7><242>n<183>3<236>gb;<31>l=<204><193>g=dI<237>W]WT<166><140>@<175><143><208><253><248>f
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Fri Jun 6 16:34:26 2014: DEBUG: Packet dump:
*** Received from 192.168.125.233 port 47890 ....
Code: Access-Request
Identifier: 108
Authentic: !<166><200><6>\<152><234>s<135>1<207><27>eA5l
Attributes:
User-Name = "anonymous at epmp.caribserve.net"
NAS-Port = 0
Called-Station-Id = "00-04-56-C2-36-C6:CambiumAP"
Calling-Station-Id = "00-04-56-C2-31-E3"
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = <2><16><0><6><21><0>
Message-Authenticator = <166><251>a<197><227><25>BW?<211><185>;<212><181>*)
Fri Jun 6 16:34:26 2014: DEBUG: Handling request with Handler 'Realm=epmp.caribserve.net', Identifier ''
Fri Jun 6 16:34:26 2014: DEBUG: Deleting session for anonymous at epmp.caribserve.net, 192.168.125.233, 0
Fri Jun 6 16:34:26 2014: DEBUG: Handling with Radius::AuthFILE:
Fri Jun 6 16:34:26 2014: DEBUG: Handling with EAP: code 2, 16, 6, 21
Fri Jun 6 16:34:26 2014: DEBUG: Response type 21
Fri Jun 6 16:34:26 2014: DEBUG: EAP result: 0,
Fri Jun 6 16:34:26 2014: DEBUG: AuthBy FILE result: ACCEPT,
Fri Jun 6 16:34:26 2014: DEBUG: Access accepted for anonymous at epmp.caribserve.net
Fri Jun 6 16:34:26 2014: DEBUG: Packet dump:
*** Sending to 192.168.125.233 port 47890 ....
Code: Access-Accept
Identifier: 108
Authentic: <240><136><219>Y`<7><27><167><18><133>!<228><149><160><169><30>
Attributes:
MS-MPPE-Send-Key = <153><219>|d<252><184>1<171><11><204><20><240>%<130><10>p<228><208><209>n<223><198><128>i<165><197><204>Q<223>`o1
MS-MPPE-Recv-Key = C<233>s<159><183><249>3<24><7>1<135>3<168><231>_<166><251><208><201>&$<220>t<158>x<24>'<218>_<209>BP
EAP-Message = <3><16><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
More information about the radiator
mailing list