nic) and the Odyssey Client. It appears that when the user authenticates, Radiator initially issues an access-accept and then follows it up with an access-reject.
I am only having this issue with the above device....all other clients authenticate sucessfully. Any ideas would be appreciated.
Attached are debugs and the config. Radiator version 3.7.1 on RH7.3.
Thanks, -- Steve Caporossi Network Systems Engineer Center for Computing and Information Technology Medical University of South Carolina 843.876.5083
# radius.cfg # # Radiator configuration file. #
#Foreground
#LogStdout
LogFile /var/log/radius/%m%d%y.log
LogDir /var/log/radius
DbDir /etc/radiator
PidFile /var/run/radius.pid
DictionaryFile /etc/radiator/dictionary
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 4
AuthPort 1645,1812
AcctPort 1646,1813
# Add Clients below...
<Client xxx.xxx.xxx.1>
Identifier ppp
Secret <secret>
DupInterval 2
</Client>
<Client xxx.xxx.xxx.2>
Identifier ppp
Secret <secret>
DupInterval 2
</Client>
<Client xxx.xxx.xxx.100>
Identifier video
Secret <secret>
DupInterval 2
</Client>
<Client xxx.xxx.xxx.1>
Identifier vpn
Secret <secret>
DupInterval 2
</Client>
<Client DEFAULT>
Identifier wlan
Secret <secret>
DupInterval 2
IgnoreAcctSignature
</Client>
#
#
################ PPP Config ##########################
<Handler Client-Identifier=ppp>
AuthByPolicy ContinueAlways
#AuthByPolicy ContinueWhileIgnore # Default
<AuthBy SQL>
DBSource dbi:mysql:radius
DBUsername < >
DBAuth < >
AuthSelect
# Only insert Start and Stop requests, ack everything else
HandleAcctStatusTypes Start,Stop
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef CONNTYPE,%{Client:Identifier},formatted
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef TEXT_TIME_STAMP,Timestamp,integer-date,%Y-%m-%d
%H:%M:%S
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIPADDRESS,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
AcctFailedLogFileName
%L/%{Client:Identifier}/%m%d%y.missedaccountin.log
</AuthBy>
<AuthBy UNIX>
#DefaultSimultaneousUse 1
Filename /etc/passwd.ras
</AuthBy>
# Log accounting to a detail file
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>
################ VPN Config ##########################
<Handler Client-Identifier=vpn>
AuthByPolicy ContinueAlways
#AuthByPolicy ContinueWhileIgnore # Default
<AuthBy SQL>
DBSource dbi:mysql:radius
DBUsername < >
DBAuth < >
AuthSelect
# Only insert Start and Stop requests, ack everything else
HandleAcctStatusTypes Start,Stop
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef CONNTYPE,%{Client:Identifier},formatted
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef TEXT_TIME_STAMP,Timestamp,integer-date,%Y-%m-%d
%H:%M:%S
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIPADDRESS,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
AcctColumnDef CLASS,Class
AcctColumnDef TUNNELCLIENTENDPOINT,Tunnel-Client-Endpoint
AcctFailedLogFileName
%L/%{Client:Identifier}/%m%d%y.missedaccountin.log
</AuthBy>
<AuthBy UNIX>
#DefaultSimultaneousUse 1
Filename /etc/passwd.ras
</AuthBy>
# Log accounting to a detail file
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>
################ Video Conferencing from the Gatekeeper ########################
<Handler Client-Identifier=video>
AuthByPolicy ContinueAlways
#AuthByPolicy ContinueWhileIgnore # Default
<AuthBy SQL>
DBSource dbi:mysql:radius
DBUsername < >
DBAuth < >
AuthSelect
# Only insert Start and Stop requests, ack everything else
# HandleAcctStatusTypes Start,Stop
AccountingTable ACCOUNTING_video
AcctColumnDef CONNTYPE,%{Client:Identifier},formatted
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef NASIPADDRESS,NAS-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORTTYPE,NAS-Port-Type
AcctColumnDef SERVICETYPE,Service-Type
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef USERNAME,User-Name
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AcctColumnDef H323GWID, cisco-h323-gw-id
AcctColumnDef H323CONFID, cisco-h323-conf-id
AcctColumnDef H323CALLORIGIN, cisco-h323-call-origin
AcctColumnDef H323CALLTYPE, cisco-h323-call-type
AcctColumnDef H323SETUPTIME, cisco-h323-setup-time
AcctColumnDef H323CONNECTTIME, cisco-h323-connect-time
AcctColumnDef H323DISCONNECTTIME, cisco-h323-disconnect-time
AcctColumnDef H323DISCONNECTCAUSE, cisco-h323-disconnect-cause
AcctColumnDef H323REMOTEADDRESS, cisco-h323-remote-address
AcctColumnDef ACCTDELAYTIME, Acct-Delay-Time
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef TEXT_TIME_STAMP,Timestamp,integer-date,%Y-%m-%d
%H:%M:%S
AcctFailedLogFileName
%L/%{Client:Identifier}/%m%d%y.missedaccountin.log
</AuthBy>
<AuthBy UNIX>
Filename /etc/passwd.ras
</AuthBy>
# Log accounting to a detail file
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>
################ WIRELESS Config ########################
#
#<Handler TunnelledByPEAP=1>
# # Windows XP when configured for a workgroup might send tunnelled user names
# # in the format COMPUTERNAME\username (eg BAKER\mikem). This
# # will strip the computer name leaving just the user name
# RewriteUsername s/(.*)\\(.*)/$2/
#
# <AuthBy FILE>
#
# # anonymous-PEAP must be in here:
# Filename %D/users
#
# # This tells the PEAP client what types of inner EAP requests
# # we will honour
# EAPType MSCHAP-V2,TTLS,TLS,MD5-Challenge
# # Need these for TTLS:
# EAPTLS_CAFile /usr/local/certs/radiator.pem
# EAPTLS_CertificateFile /usr/local/certs/radiator.pem
# EAPTLS_CertificateType PEM
# EAPTLS_PrivateKeyFile /usr/local/certs/radiator.pem
# EAPTLS_PrivateKeyPassword <password>
# EAPTLS_MaxFragmentSize 500
# </AuthBy>
#</Handler>
# <Handler TunnelledByTTLS=1>
# <AuthBy FILE>
# # anonymous-PEAP must be in here:
# Filename %D/users
#
# # This tells the PEAP client what types of inner EAP requests
# # we will honour
# EAPType TTLS,MSCHAP-V2,MD5,TLS
# # Need these for TLS
# EAPTLS_CAFile /usr/local/certs/radiator.pem
# EAPTLS_CertificateFile /usr/local/certs/radiator.pem
# EAPTLS_CertificateType PEM
# EAPTLS_PrivateKeyFile /usr/local/certs/radiator.pem
# EAPTLS_PrivateKeyPassword <password>
# </AuthBy>
# </Handler>
<Handler Client-Identifier=wlan>
AuthByPolicy ContinueAlways
#AuthByPolicy ContinueWhileIgnore # Default
<AuthBy SQL>
DBSource dbi:mysql:radius
DBUsername < >
DBAuth < >
AuthSelect
# Only insert Start and Stop requests, ack everything else
HandleAcctStatusTypes Start,Stop
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef CONNTYPE,%{Client:Identifier},formatted
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef TEXT_TIME_STAMP,Timestamp,integer-date,%Y-%m-%d
%H:%M:%S
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIPADDRESS,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
AcctFailedLogFileName
%L/%{Client:Identifier}/%m%d%y.missedaccountin.log
</AuthBy>
<AuthBy UNIX>
Filename /etc/passwd.ras
EAPType TTLS
EAPTLS_CAFile /usr/local/certs/radiator.pem
# EAPTLS_CAPath /usr/local/certs/
EAPTLS_CertificateFile /usr/local/certs/radiator.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /usr/local/certs/radiator.pem
EAPTLS_PrivateKeyPassword <password>
# EAPTLS_RandomFile %D/certificates/random
EAPTLS_MaxFragmentSize 1024
# EAPTLS_DHFile %D/certificates/dh
# Use of these flags requires Net_SSLeay-1.21 or later
#EAPTLS_CRLCheck
#EAPTLS_CRLFile %D/certificates/crl.pem
#EAPTLS_CRLFile %D/certificates/revocations.pem
AutoMPPEKeys
SSLeayTrace 4
# EAPAnonymous anonymous
# Default is enabled
#EAPTLS_SessionResumption 0
#EAPTLS_SessionResumptionLimit 10
</AuthBy>
PreProcessingHook file:"/etc/radiator/eap_anon_hook.pl"
PostAuthHook file:"/etc/radiator/eap_anon_hook.pl"
# Log accounting to a detail file
AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
</Handler>Mon Oct 6 09:56:55 2003: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.38 port 2217 ....
Code: Access-Request
Identifier: 184
Authentic: <167><232><230><219><195><236><166>-<201><143><14><8>M<181><195>P
Attributes:
cisco-avpair = "ssid=muscwep"
NAS-IP-Address = xxx.xxx.xxx.38
Called-Station-Id = "004096585a95"
Calling-Station-Id = "00028a49cc14"
NAS-Identifier = "testwap1"
NAS-Port = 45
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Service-Type = Login-User
EAP-Message = <2>&<0><5><1>
Message-Authenticator =
1<211>'<239><201><15><237><211>L<135><132><238><28>3<186><19>
Mon Oct 6 09:56:55 2003: DEBUG: Handling request with Handler 'Client-Identifier=wlan'
Mon Oct 6 09:56:55 2003: DEBUG: Deleting session for , xxx.xxx.xxx.38, 45
Mon Oct 6 09:56:55 2003: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='xxx.xxx.xxx.38' and ACCTSESSIONID=''':
Mon Oct 6 09:56:55 2003: DEBUG: Handling with Radius::AuthSQL
Mon Oct 6 09:56:55 2003: DEBUG: Handling with Radius::AuthUNIX:
Mon Oct 6 09:56:55 2003: DEBUG: Handling with EAP: code 2, 38, 5
Mon Oct 6 09:56:55 2003: DEBUG: Response type 1
Mon Oct 6 09:56:55 2003: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Oct 6 09:56:55 2003: DEBUG: Access challenged for : EAP TTLS Challenge
Mon Oct 6 09:56:55 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.38 port 2217 ....
Code: Access-Challenge
Identifier: 184
Authentic: <167><232><230><219><195><236><166>-<201><143><14><8>M<181><195>P
Attributes:
EAP-Message = <1>'<0><6><21>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Oct 6 09:56:55 2003: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.38 port 2218 ....
Code: Access-Request
Identifier: 185
Authentic: <203>k<171><132>$M<16><182>.q<254>;<24><136><249>%
Attributes:
cisco-avpair = "ssid=muscwep"
NAS-IP-Address = xxx.xxx.xxx.38
Called-Station-Id = "004096585a95"
Calling-Station-Id = "00028a49cc14"
NAS-Identifier = "testwap1"
NAS-Port = 45
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Service-Type = Login-User
EAP-Message =
<2>'<0>d<21><128><0><0><0>Z<22><3><1><0>U<1><0><0>Q<3><1>?<129>f<164>*,6<184><201>V<215><151><247><171><180><146>x<230><10><152>M<239><213>{<183>x<2>'<20><171><217><209><0><0>*<0><22><0><19><0>f<0><21><0><18><0><10><0><5><0><4><0><7><0><9><0>c<0>e<0>`<0>b<0>a<0>d<0><20><0><17><0><3><0><6><0><8><1><0>
Message-Authenticator =
x<155><218><215><4><207><132>N<8><135><224><170><197><251><202><219>
Mon Oct 6 09:56:55 2003: DEBUG: Handling request with Handler 'Client-Identifier=wlan'
Mon Oct 6 09:56:55 2003: DEBUG: Deleting session for , xxx.xxx.xxx.38, 45
Mon Oct 6 09:56:55 2003: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='xxx.xxx.xxx.38' and ACCTSESSIONID=''':
Mon Oct 6 09:56:55 2003: DEBUG: Handling with Radius::AuthSQL
Mon Oct 6 09:56:55 2003: DEBUG: Handling with Radius::AuthUNIX:
Mon Oct 6 09:56:55 2003: DEBUG: Handling with EAP: code 2, 39, 100
Mon Oct 6 09:56:55 2003: DEBUG: Response type 21
Mon Oct 6 09:56:55 2003: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Mon Oct 6 09:56:55 2003: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Oct 6 09:56:55 2003: DEBUG: Access challenged for : EAP TTLS Challenge
Mon Oct 6 09:56:55 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.38 port 2218 ....
Code: Access-Challenge
Identifier: 185
Authentic: <203>k<171><132>$M<16><182>.q<254>;<24><136><249>%
Attributes:
EAP-Message =
<1>(<4><10><21><192><0><0><5><0><22><3><1><0>J<2><0><0>F<3><1>?<129>t<167><148><149>%v<193><233><253>gqV<30>o<171><172><134>*:m<248>"<185>Y<241><238>S<215><202><28>
<180>j[[S3<210><227><237><141>=(<243><199><137><233><162><19><28><229><29><138><227><255><29>w<133>a<145>@<182>.<0><10><0><22><3><1><3><234><11><0><3><230><0><3><227><0><3><224>0<130><3><220>0<130><3>E<160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><171>1<11>0<9><6><3>U<4><6><19><2>US1<23>0<21><6><3>U<4><8><19><14>South
Carolina1<19>0<17><6><3>U<4><7><19><10>Charleston1!0<31><6><3>U<4><10><19><24>Medical
University of SC1<13>0<11><6><3>U<4><11><19><4>CCIT1<26>0<24><6><3>
EAP-Message = U<4><3><19><17>radiator.musc.edu1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL
PROTECTED]<30><23><13>030303203707Z<23><13>040302203707Z0<129><171>1<11>0<9><6><3>U<4><6><19><2>US1<23>0<21><6><3>U<4><8><19><14>South
Carolina1<19>0<17><6><3>U<4><7><19><10>Charleston1!0<31><6><3>U<4><10><19><24>Medical
University of
SC1<13>0<11><6><3>U<4><11><19><4>CCIT1<26>0<24><6><3>U<4><3><19><17>radiator.musc.edu1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>capoross
EAP-Message =
@musc.edu0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><171>8<134><175><148>p<9>K<181><221><14><170><246><4><208>xLl<182><195>=<163><153><165>@<202><4><20><133><19>9<178><<179><134><12><229><249><10><127><176><165><149><187>t<237><237><244><238><184><249><184><9>jO2<160><250>'<1><245><219>v<239>3K~<5>
&<154><223><235><248>Y<167><249><210><200><174><198><15><145><146><238><190><143><5>.x6<159>`<189>L<20>\<247>j<142>/<238><184><14><142><6>u<194><147><130><26><165><23>\<151>%<185><28>Z<167><185><165><205><176><202><18>|<135><2><3><1><0><1><163><130><1><12>0<130><1><8>0<29><6><3>U<29><14><4><22><4><20><227>ks|N<178><252><22><5>tZ<212><175>l<198><2>1;6w0<129><216><6><3>U<29>#<4><129><208>0<129><205><128><20><227>ks|N<178><252><22><5>tZ<212><175>l<198><2>1;6w<161><129><177><164><129><174>0
EAP-Message =
<129><171>1<11>0<9><6><3>U<4><6><19><2>US1<23>0<21><6><3>U<4><8><19><14>South
Carolina1<19>0<17><6><3>U<4><7><19><10>Charleston1!0<31><6><3>U<4><10><19><24>Medical
University of
SC1<13>0<11><6><3>U<4><11><19><4>CCIT1<26>0<24><6><3>U<4><3><19><17>radiator.musc.edu1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL
PROTECTED]<130><1><0>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>1\<206><157><219><233>w<206>]<<14><227>\}<221>go<181>O<250><232><174><21><252>'<162>Jg<166><152><247><16><242><222>><248><211><204><213><2>PF<30><234>
EAP-Message =
<16><161><156>#I<169><217>%<128><25><151><241>F<21>f<25><128><252>iqb/
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Oct 6 09:56:55 2003: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.38 port 2219 ....
Code: Access-Request
Identifier: 186
Authentic: <195>#<23><190><208><12><240><131><249>p<150><7>|x<139>>
Attributes:
cisco-avpair = "ssid=muscwep"
NAS-IP-Address = xxx.xxx.xxx.38
Called-Station-Id = "004096585a95"
Calling-Station-Id = "00028a49cc14"
NAS-Identifier = "testwap1"
NAS-Port = 45
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Service-Type = Login-User
EAP-Message = <2>(<0><6><21><0>
Message-Authenticator =
<233><206><176>e<137><159>2<176>X<133>[X<140><134><136><249>
Mon Oct 6 09:56:55 2003: DEBUG: Handling request with Handler 'Client-Identifier=wlan'
Mon Oct 6 09:56:55 2003: DEBUG: Deleting session for , xxx.xxx.xxx.38, 45
Mon Oct 6 09:56:55 2003: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='xxx.xxx.xxx.38' and ACCTSESSIONID=''':
Mon Oct 6 09:56:55 2003: DEBUG: Handling with Radius::AuthSQL
Mon Oct 6 09:56:55 2003: DEBUG: Handling with Radius::AuthUNIX:
Mon Oct 6 09:56:55 2003: DEBUG: Handling with EAP: code 2, 40, 6
Mon Oct 6 09:56:55 2003: DEBUG: Response type 21
Mon Oct 6 09:56:55 2003: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Oct 6 09:56:55 2003: DEBUG: Access challenged for : EAP TTLS Challenge
Mon Oct 6 09:56:55 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.38 port 2219 ....
Code: Access-Challenge
Identifier: 186
Authentic: <195>#<23><190><208><12><240><131><249>p<150><7>|x<139>>
Attributes:
EAP-Message =
<1>)<1><6><21><0><132><255>&6(<137>3<247>V<169>k<187><158>C<167><207><190><193><147><153><19><250><17><168><213><233>g<172><30><178><169>(<140><153><25><177><11><183><147><226>r<7>f<5><203>F<199><203>r<5><237>k\s-<224><211>J<253><138><208><227><22><3><1><0><189><13><0><0><181><2><1><2><0><176><0><174>0<129><171>1<11>0<9><6><3>U<4><6><19><2>US1<23>0<21><6><3>U<4><8><19><14>South
Carolina1<19>0<17><6><3>U<4><7><19><10>Charleston1!0<31><6><3>U<4><10><19><24>Medical
University of
SC1<13>0<11><6><3>U<4><11><19><4>CCIT1<26>0<24><6><3>U<4><3><19><17>radiator.musc.edu1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL PROTECTED]
EAP-Message = c.edu<14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Oct 6 09:56:56 2003: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.38 port 2220 ....
Code: Access-Request
Identifier: 187
Authentic: <156><7><247><25><162><24><219><165><166><253>f<212><195>_<168><157>
Attributes:
cisco-avpair = "ssid=muscwep"
NAS-IP-Address = xxx.xxx.xxx.38
Called-Station-Id = "004096585a95"
Calling-Station-Id = "00028a49cc14"
NAS-Identifier = "testwap1"
NAS-Port = 45
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Service-Type = Login-User
EAP-Message =
<2>)<0><212><21><128><0><0><0><202><22><3><1><0><7><11><0><0><3><0><0><0><22><3><1><0><134><16><0><0><130><0><128>h<177>j<226>@<228><217><150><145><229>w<200><165>7<179><180>wq<163><193><11><243><12><133>-!<31><141><168>f<202>mne<238>#!<230>y\c-<2><9><191><20><217>{<23><255><228><244><246>`c<140><157><132><241><0>sp<15><191>#c<157>zb<202><169><128><222><128><220>:)<177><179><29><148>J<5>F<245><16><156><129><222><145>z<172>|r<255><197>Wd<212>9s<185><140>"@<141>0<5><226>j<210><31>!n<157><210><140>Y<203><188><134><176><175><2><204>2<194>=<20><3><1><0><1><1><22><3><1><0>(<166><209><241><13><Y<206>g<176>\<183><143>><174>]^<13>dQw<195><215>|<207>y"<232><132>B<146><201><250>A$2<19><128>+Z<134>
Message-Authenticator =
<223>F<197>C<141>E_<201><188><236>z<197>K<179><225><242>
Mon Oct 6 09:56:56 2003: DEBUG: Handling request with Handler 'Client-Identifier=wlan'
Mon Oct 6 09:56:56 2003: DEBUG: Deleting session for , xxx.xxx.xxx.38, 45
Mon Oct 6 09:56:56 2003: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='xxx.xxx.xxx.38' and ACCTSESSIONID=''':
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthSQL
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthUNIX:
Mon Oct 6 09:56:56 2003: DEBUG: Handling with EAP: code 2, 41, 212
Mon Oct 6 09:56:56 2003: DEBUG: Response type 21
Mon Oct 6 09:56:56 2003: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Mon Oct 6 09:56:56 2003: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Oct 6 09:56:56 2003: DEBUG: Access challenged for : EAP TTLS Challenge
Mon Oct 6 09:56:56 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.38 port 2220 ....
Code: Access-Challenge
Identifier: 187
Authentic: <156><7><247><25><162><24><219><165><166><253>f<212><195>_<168><157>
Attributes:
EAP-Message =
<1>*<0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<137><188>|~<7>2<142>0|<186><161><195><183><216><180><190><241><165>-<145><253><199>`<202><2><254><145><238>6X<138><220><150><31><8><219><200><200>[<229>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Oct 6 09:56:56 2003: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.38 port 2221 ....
Code: Access-Request
Identifier: 188
Authentic: <148><191>cTM<216><187>rp<252><254><161>'P;<181>
Attributes:
cisco-avpair = "ssid=muscwep"
NAS-IP-Address = xxx.xxx.xxx.38
Called-Station-Id = "004096585a95"
Calling-Station-Id = "00028a49cc14"
NAS-Identifier = "testwap1"
NAS-Port = 45
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Service-Type = Login-User
EAP-Message =
<2>*<0>l<21><128><0><0><0>b<23><3><1><0><24><163><184><233>z9D<131><195>T5<166>XgQ<179><204><3><150>;3<24>M<17>j<23><3><1><0>@><159><213><226><161><159>p<152><9><16><8><157>k<221>CZ=<12><143>y<127>f<4>&<140>fB<234><189><181><203><232><219><167><186><247><167><131><203><25>y}ue]1<142><241><12>5~<175>bX<16><179><206><252><129><207><219><6><224>{
Message-Authenticator = <30>%<140>G<181><204>ZVb<21><28>0_<180>R<213>
Mon Oct 6 09:56:56 2003: DEBUG: Handling request with Handler 'Client-Identifier=wlan'
Mon Oct 6 09:56:56 2003: DEBUG: Deleting session for , xxx.xxx.xxx.38, 45
Mon Oct 6 09:56:56 2003: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='xxx.xxx.xxx.38' and ACCTSESSIONID=''':
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthSQL
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthUNIX:
Mon Oct 6 09:56:56 2003: DEBUG: Handling with EAP: code 2, 42, 108
Mon Oct 6 09:56:56 2003: DEBUG: Response type 21
Mon Oct 6 09:56:56 2003: DEBUG: EAP TTLS inner authentication request for <username>
Mon Oct 6 09:56:56 2003: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <12>c7P<163><227>W<204>?<+<9><158>D~<127>
Attributes:
User-Name = "<username>"
User-Password = "<password>"
Mon Oct 6 09:56:56 2003: DEBUG: Handling request with Handler 'Client-Identifier=wlan'
Mon Oct 6 09:56:56 2003: DEBUG: Deleting session for <username>, xxx.xxx.xxx.38,
Mon Oct 6 09:56:56 2003: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='xxx.xxx.xxx.38' and ACCTSESSIONID=''':
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthSQL
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthUNIX:
Mon Oct 6 09:56:56 2003: DEBUG: Radius::AuthUNIX looks for match with <username>
Mon Oct 6 09:56:56 2003: DEBUG: Radius::AuthUNIX ACCEPT:
Mon Oct 6 09:56:56 2003: DEBUG: Access accepted for <username>
Mon Oct 6 09:56:56 2003: DEBUG: EAP result: 0, EAP TTLS inner authentication
redespatched to a Handler
Mon Oct 6 09:56:56 2003: DEBUG: Access accepted for
Mon Oct 6 09:56:56 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.38 port 2221 ....
Code: Access-Accept
Identifier: 188
Authentic: <148><191>cTM<216><187>rp<252><254><161>'P;<181>
Attributes:
MS-MPPE-Send-Key =
"<228><229><232>g<210><0><10><202><239>T]B<174><184>IS<137>x<176>UB<238>zy<161><237><166><227><209><253><250><16><171><251><131>z<145><226><182><230><19><218><161><207><210>"<11><213><131><205>"
MS-MPPE-Recv-Key =
"<141><207><205><221><0>H<137><148><132><224><6>Xk1<251>d<174>O<142><181>S<196>d<130><191>'<247><206>S<216><167><29><188><1>qd<250>d<180><16><244>f<0><17><208><134><204><188><138><219>"
EAP-Message = <3>*<0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Oct 6 09:56:56 2003: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.38 port 2222 ....
Code: Accounting-Request
Identifier: 189
Authentic: <165><254>A<247>7z<183><216>-<19>]4<215>6<170><218>
Attributes:
Acct-Status-Type = Start
Acct-Session-Id = " 1b00005"
Acct-Authentic = RADIUS
NAS-Port = 45
Calling-Station-Id = "00028a49cc14"
NAS-Identifier = "testwap1"
NAS-IP-Address = xxx.xxx.xxx.38
cisco-avpair = "vlan-id=68"
cisco-avpair = "nas-location="
cisco-avpair = "auth-algo-type=type=21"
cisco-avpair = "ssid=muscwep"
Acct-Delay-Time = 0
Mon Oct 6 09:56:56 2003: DEBUG: Handling request with Handler 'Client-Identifier=wlan'
Mon Oct 6 09:56:56 2003: DEBUG: Adding session for , xxx.xxx.xxx.38, 45
Mon Oct 6 09:56:56 2003: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='xxx.xxx.xxx.38' and ACCTSESSIONID=' 1b00005'':
Mon Oct 6 09:56:56 2003: DEBUG: do query is: 'insert into RADONLINE (<username>,
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
SERVICETYPE, CONNTYPE, TUNNELCLIENTENDPOINT ) values
('<username>','xxx.xxx.xxx.38',045,' 1b00005', 1065448616,'','', '','wlan','')':
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthSQL
Mon Oct 6 09:56:56 2003: DEBUG: Handling accounting with Radius::AuthSQL
Mon Oct 6 09:56:56 2003: DEBUG: do query is: 'insert into ACCOUNTING
(ACCTAUTHENTIC,ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,CONNTYPE,NASIDENTIFIER,NASIPADDRESS,NASPORT,TEXT_TIME_STAMP,TIME_STAMP,<username>)
values ('RADIUS',0,'
1b00005','Start','wlan','testwap1','xxx.xxx.xxx.38',45,'2003-10-06
09:56:56',1065448616,'<username>')':
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthUNIX:
Mon Oct 6 09:56:56 2003: DEBUG: Accounting accepted
Mon Oct 6 09:56:56 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.38 port 2222 ....
Code: Accounting-Response
Identifier: 189
Authentic: <165><254>A<247>7z<183><216>-<19>]4<215>6<170><218>
Attributes:
Mon Oct 6 09:56:56 2003: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.38 port 2223 ....
Code: Access-Request
Identifier: 190
Authentic: <231><166><220>g1mZ<11>^R<134>:HJ<193><19>
Attributes:
cisco-avpair = "ssid=muscwep"
NAS-IP-Address = xxx.xxx.xxx.38
Called-Station-Id = "004096585a95"
Calling-Station-Id = "00028a49cc14"
NAS-Identifier = "testwap1"
NAS-Port = 45
Framed-MTU = 1400
NAS-Port-Type = Wireless-IEEE-802-11
Service-Type = Login-User
EAP-Message = <1>*<0><16><17><1><0><8><176>nd-<250>x<189><218>
Message-Authenticator =
:<152>j<187><152><159><135>D<182><235><17>R-<24><170><132>
Mon Oct 6 09:56:56 2003: DEBUG: Handling request with Handler 'Client-Identifier=wlan'
Mon Oct 6 09:56:56 2003: DEBUG: Deleting session for , xxx.xxx.xxx.38, 45
Mon Oct 6 09:56:56 2003: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='xxx.xxx.xxx.38' and ACCTSESSIONID=''':
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthSQL
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthUNIX:
Mon Oct 6 09:56:56 2003: DEBUG: Handling with EAP: code 1, 42, 16
Mon Oct 6 09:56:56 2003: DEBUG: EAP Request 17
Mon Oct 6 09:56:56 2003: DEBUG: Radius::AuthUNIX looks for match with
Mon Oct 6 09:56:56 2003: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such user
Mon Oct 6 09:56:56 2003: INFO: Access rejected for : EAP MSCHAP V2 failed: no such
user
Mon Oct 6 09:56:56 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.38 port 2223 ....
Code: Access-Reject
Identifier: 190
Authentic: <231><166><220>g1mZ<11>^R<134>:HJ<193><19>
Attributes:
EAP-Message = <4>*<0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Mon Oct 6 09:56:56 2003: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.38 port 2224 ....
Code: Accounting-Request
Identifier: 191
Authentic: <138>/5L<197><7><31><196><201><249><156>7<27><174>uI
Attributes:
Acct-Status-Type = Stop
Acct-Session-Id = " 1b00005"
Acct-Authentic = RADIUS
Acct-Input-Octets = 120865
Acct-Output-Octets = 7743
Acct-Input-Packets = 1242
Acct-Output-Packets = 80
Acct-Session-Time = 326268
NAS-Port = 45
Calling-Station-Id = "00028a49cc14"
NAS-Identifier = "testwap1"
NAS-IP-Address = xxx.xxx.xxx.38
Acct-Terminate-Cause = Session-Timeout
Acct-Delay-Time = 0
Mon Oct 6 09:56:56 2003: DEBUG: Handling request with Handler 'Client-Identifier=wlan'
Mon Oct 6 09:56:56 2003: DEBUG: Deleting session for , xxx.xxx.xxx.38, 45
Mon Oct 6 09:56:56 2003: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='xxx.xxx.xxx.38' and ACCTSESSIONID=' 1b00005'':
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthSQL
Mon Oct 6 09:56:56 2003: DEBUG: Handling accounting with Radius::AuthSQL
Mon Oct 6 09:56:56 2003: DEBUG: do query is: 'insert into ACCOUNTING
(ACCTAUTHENTIC,ACCTDELAYTIME,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINATECAUSE,CONNTYPE,NASIDENTIFIER,NASIPADDRESS,NASPORT,TEXT_TIME_STAMP,TIME_STAMP,USERNAME)
values ('RADIUS',0,'
1b00005',326268,'Stop','Session-Timeout','wlan','testwap1','xxx.xxx.xxx.38',45,'2003-10-06
09:56:56',1065448616,'<username>')':
Mon Oct 6 09:56:56 2003: DEBUG: Handling with Radius::AuthUNIX:
Mon Oct 6 09:56:56 2003: DEBUG: Accounting accepted
Mon Oct 6 09:56:56 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.38 port 2224 ....
Code: Accounting-Response
Identifier: 191
Authentic: <138>/5L<197><7><31><196><201><249><156>7<27><174>uI
Attributes:
