Hello Berndt -
Thanks for sending the configuration and debug.
As far as I can see Radiator is operating correctly, with as you say an Access-Accept being sent back to the Client. It even seems that the session starts as there is an Accounting-Start received immediately following.
It may be that you will need to send some additionaly reply attributes in the Access-Accept to start the session? It is fairly usual to have to specify a Service-Type and a Framed-Protocol with something like this:
<AuthBy ...>
.....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
......
.....
</AuthBy>You sould check with the vendor to find out what reply attributes are required.
regards
Hugh
On 05/01/2004, at 11:03 PM, Sevcik Berndt wrote:
I use Windows XP SP1 with the Alfa and Aris TTLS Client Version 1.0.8. I
tried to authenticate my Laptop with TTLS and it is not working. But the
Debug Output shows me an Access-Accept Message. Bevor I started using
TTLS I used PEAP with the Supplicant from Windows XP and had no problems
with the authentication process.
Her is my configuration: Foreground LogStdout LogDir . DbDir .
Trace 4
AuthPort 1645 AcctPort 1646
<Client DEFAULT> Secret mysecret DupInterval 0 </Client>
<ClientListSQL> DBSource dbi:mysql:radius DBUsername root DBAuth letmein </ClientListSQL>
<AuthBy SQL> Identifier SQLAccounting AuthSelect DBSource dbi:mysql:radius DBUsername root DBAuth letmein AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
#AcctFailedLogFileName %D/missedaccounting </AuthBy>
<AuthBy FILE> Identifier OUTERAuthentication Filename %D/users EAPType PEAP,TTLS EAPTLS_CAFile %D/certificates/demoCA/cacert.pem EAPTLS_CertificateFile %D/certificates/cert-srv.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem EAPTLS_PrivateKeyPassword whatever EAPTLS_MaxFragmentSize 1000 #EAPTLS_DHFile %D/certificates/cert/dh #EAPTLS_CRLCheck #EAPTLS_CRLFile %D/certificates/crl.pem #EAPTLS_CRLFile %D/certificates/revocations.pem AutoMPPEKeys SSLeayTrace 4 </AuthBy>
<Handler TunnelledByPEAP=1> RewriteUsername s/(.*)\\(.*)/$2/ <AuthBy LDAP2> Identifier LDAPPEAPAuthentication RcryptKey whatever Host 10.2.4.21 AuthDN cn=admin, dc=tgm, dc=ac, dc=at AuthPassword sUpp.rT BaseDN ou=People,ou=admin,dc=tgm,dc=ac,dc=at UsernameAttr uid PasswordAttr profilePath AuthAttrDef radiusAuthType,GENERIC,check
# You can enable debugging of the Net::LDAP # module with this: # Debug 255
EAPType MSCHAP-V2 </AuthBy> </Handler>
<Handler TunnelledByTTLS=1> RewriteUsername s/(.*)\\(.*)/$2/ <AuthBy LDAP2> Identifier LDAPTTLSAuthentication RcryptKey whatever Host 10.2.4.21 AuthDN cn=admin, dc=tgm, dc=ac, dc=at AuthPassword sUpp.rT BaseDN ou=People,ou=admin,dc=tgm,dc=ac,dc=at UsernameAttr uid PasswordAttr scriptPath # AuthAttrDef radiusAuthType,GENERIC,check
# You can enable debugging of the Net::LDAP # module with this: # Debug 255
# EAPType MSCHAP-V2 </AuthBy> </Handler>
<Handler Request-Type = Accounting-Request> AuthBy SQLAccounting </Handler>
<Handler> # AuthByPolicy ContinueWhileReject AuthBy OUTERAuthentication # AuthBy PEAPAuthentication </Handler>
And the Debug output: Mon Jan 5 12:53:12 2004: DEBUG: Adding Clients from SQL database Mon Jan 5 12:53:12 2004: DEBUG: Query is: 'select NASIDENTIFIER, SECRET, IGNOREACCTSIGNATURE, DUPINTERVAL, DEFAULTREALM, NASTYPE, SNMPCOMMUNITY, LIVINGSTONOFFS, LIVINGSTONHOLE, FRAMEDGROUPBASEADDRESS, FRAMEDGROUPMAXPORTSPERCLASSC, REWRITEUSERNAME, NOIGNOREDUPLICATES, PREHANDLERHOOK from RADCLIENTLIST':
Mon Jan 5 12:53:12 2004: DEBUG: Reading users file ./users Mon Jan 5 12:53:16 2004: DEBUG: Finished reading configuration file 'custom.cfg' This Radiator license will expire on 2004-02-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/ordering.html To extend your evaluation period, contact [EMAIL PROTECTED]
Mon Jan 5 12:53:16 2004: DEBUG: Reading dictionary file './dictionary' Mon Jan 5 12:53:18 2004: DEBUG: Creating authentication port 0.0.0.0:1645 Mon Jan 5 12:53:18 2004: DEBUG: Creating accounting port 0.0.0.0:1646 Mon Jan 5 12:53:18 2004: NOTICE: Server started: Radiator 3.7.1 on ITS-Test1 (EVALUATION) Mon Jan 5 12:53:32 2004: DEBUG: Packet dump: *** Received from 10.2.12.101 port 1112 .... Code: Accounting-Request Identifier: 53 Authentic: A<7><9>yG<135><9><220><239><14>lcn<20>zc Attributes: Acct-Status-Type = Stop Acct-Session-Id = "26000019" User-Name = "anonymous" Calling-Station-Id = "00-04-23-77-4b-a3" NAS-IP-Address = 10.2.12.101 NAS-Port = 2 Acct-Delay-Time = 0 Acct-Session-Time = 106 Acct-Authentic = RADIUS Acct-Terminate-Cause = Lost-Carrier
Mon Jan 5 12:53:32 2004: DEBUG: Handling request with Handler
'Request-Type = Accounting-Request'
Mon Jan 5 12:53:32 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:32 2004: DEBUG: Handling with Radius::AuthSQL
Mon Jan 5 12:53:32 2004: DEBUG: Handling accounting with
Radius::AuthSQL
Mon Jan 5 12:53:32 2004: DEBUG: do query is: 'insert into ACCOUNTING
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE,ACCTTERMINA TECAUSE,NASPORT,TIME_STAMP,USERNAME) values (0,'26000019',106,'Stop','Lost-Carrier',2,1073303612,'anonymous')':
Mon Jan 5 12:53:32 2004: DEBUG: Accounting accepted Mon Jan 5 12:53:32 2004: DEBUG: Packet dump: *** Sending to 10.2.12.101 port 1112 .... Code: Accounting-Response Identifier: 53 Authentic: A<7><9>yG<135><9><220><239><14>lcn<20>zc Attributes:
Mon Jan 5 12:53:38 2004: DEBUG: Packet dump: *** Received from 10.2.12.101 port 1113 .... Code: Access-Request Identifier: 201 Authentic: <245>k<0><0><155><15><0><0>9'<0><0><195>^<0><0> Attributes: Message-Authenticator = $<199><24><220><148><149><128>><195><182><172><195>|A<2>h User-Name = "anonymous" NAS-IP-Address = 10.2.12.101 NAS-Port = 2 NAS-Port-Type = Wireless-IEEE-802-11 Calling-Station-Id = "00-04-23-77-4b-a3" EAP-Message = <2><1><0><14><1>anonymous Framed-MTU = 1000
Mon Jan 5 12:53:38 2004: DEBUG: Handling request with Handler '' Mon Jan 5 12:53:39 2004: DEBUG: Deleting session for anonymous, 10.2.12.101, 2 Mon Jan 5 12:53:39 2004: DEBUG: Handling with Radius::AuthFILE: OUTERAuthentication Mon Jan 5 12:53:39 2004: DEBUG: Handling with EAP: code 2, 1, 14 Mon Jan 5 12:53:39 2004: DEBUG: Response type 1 Mon Jan 5 12:53:39 2004: DEBUG: EAP result: 3, EAP PEAP Challenge Mon Jan 5 12:53:39 2004: DEBUG: Access challenged for anonymous: EAP PEAP Challenge Mon Jan 5 12:53:39 2004: DEBUG: Packet dump: *** Sending to 10.2.12.101 port 1113 .... Code: Access-Challenge Identifier: 201 Authentic: <245>k<0><0><155><15><0><0>9'<0><0><195>^<0><0> Attributes: EAP-Message = <1><2><0><6><25>! Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump: *** Received from 10.2.12.101 port 1113 .... Code: Access-Request Identifier: 202 Authentic: `p<0><0>TG<0><0><2>A<0><0><156><13><0><0> Attributes: Message-Authenticator = <23><214><211>3<242>"<10>h<242><145>4{<30>r2<214> User-Name = "anonymous" State = "" NAS-IP-Address = 10.2.12.101 NAS-Port = 2 NAS-Port-Type = Wireless-IEEE-802-11 Calling-Station-Id = "00-04-23-77-4b-a3" Framed-MTU = 1000 EAP-Message = <2><2><0><6><3><21>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler '' Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous, 10.2.12.101, 2 Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE: OUTERAuthentication Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 2, 6 Mon Jan 5 12:53:40 2004: DEBUG: Response type 3 Mon Jan 5 12:53:40 2004: INFO: EAP Nak desires type 21 Mon Jan 5 12:53:40 2004: DEBUG: Resuming session for Radius::Context=HASH(0x89e2e4c)
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP TTLS Challenge Mon Jan 5 12:53:40 2004: DEBUG: Packet dump: *** Sending to 10.2.12.101 port 1113 .... Code: Access-Challenge Identifier: 202 Authentic: `p<0><0>TG<0><0><2>A<0><0><156><13><0><0> Attributes: EAP-Message = <1><3><0><6><21> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1113 ....
Code: Access-Request
Identifier: 203
Authentic: <214>q<0><0><30>M<0><0>c<28><0><0>$Z<0><0>
Attributes:
Message-Authenticator =
<25><23><241><194><23><233><30>e<171><210>1<132><221>KR?
User-Name = "anonymous"
State = ""
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00-04-23-77-4b-a3"
Framed-MTU = 1000
EAP-Message =
<2><3><0><<21><128><0><0><0>2<22><3><1><0>- <1><0><0>)<3><1><207><3><21><0><162>}m<240><179><127>,<193><18><22><240 ><155><212><128><160><31><229><226>tv<28>z.3<237><157><223><23><0><0><2 ><0><10><1><0>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 3, 60
Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
Mon Jan 5 12:53:40 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Challenge
Identifier: 203
Authentic: <214>q<0><0><30>M<0><0>c<28><0><0>$Z<0><0>
Attributes:
EAP-Message =
<1><4><3><242><21><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>? <249>PD<232>e<255>C<145><235>: <143>*>d<246>Uv<175><215><127>@K<4(<253><255><136>R<136><201> c<2><172><136><162>y<218><168>v[d<136><173><155><203><182><138><215>"<1 56><3>M<154><4><131>=<8><210><163>a<174>J<0><10><0><22><3><1><7><27><11 ><0><7><23><0><7><20><0><2><209>0<130><2><205>0<130><2>6<160><3><2><1>< 2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1< 11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18 >0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in
production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL PROTECTED]<30> <23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6><19>< 2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9 >Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159> 0<13><6><9>*<134>H<134><247><13><1><1>
EAP-Message =
<1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><24 5><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9<193> <13><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS<151> <30><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171>5s<1 87><229><139>2<250><146><1><187><207><226><203>5<251><178><1><212><178> <141><219>O<253><134><213>N|<172>: J<23><173><161><191><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215> <186>x<141><197><212>s<145><235>\<164><8>! <2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1> <5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129>< 129><0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<24><13 6><172><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><183>< 230><148><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><4>r<2 39>?<1><16><203>
EAP-Message =
T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202 >u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t<1 96><188><3><195>.%<19>mD<242><149><237>O<138><193><0><4>=0<130><4>90<13 0><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1> <1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U <4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28>< 6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do no
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1113 ....
Code: Access-Request
Identifier: 204
Authentic: 6<12><0><0>9A<0><0>,4<0><0><254>&<0><0>
Attributes:
Message-Authenticator = <139>%F<20>7<187><138>W<152><208><206>2<139>bbH
User-Name = "anonymous"
State = ""
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00-04-23-77-4b-a3"
Framed-MTU = 1000
EAP-Message = <2><4><0><5><21>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 4, 5
Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Challenge
Identifier: 204
Authentic: 6<12><0><0>9A<0><0>,4<0><0><254>&<0><0>
Attributes:
EAP-Message = <1><5><3><238><21>@t use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL PROTECTED]<30> <23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0<9><6><3>U<4 ><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4> <7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
EAP-Message = roduction)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL PROTECTED]<129 ><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0< 129><137><2><129><129><0><193>@h<28><185>'<7><254><247>{9<233><245>3S<2 09>=<173>>c<144>Z<239>? b<150><224><171><219><170><170>i<226><251><234>\Jwi<210><141><249><141> <148><224>|<188>V<24><209><8><223>f? <149><172><6><226><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<160>e< 153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<16><221> <6>Pn<9>7<141><197><160><197><245><155>6<3><172><154>p<230><210>Z<159>< 149><192>C<255><154><220><149><3>*<156>q<2><3><1><0><1><163><130><1>+0< 130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><169>)<152 ><148>o<139>c<198><6>9\<249>s<196>0<129><247><6><3>U<29>#
EAP-Message =
<4><129><239>0<129><236><128><20><180><27><24>R'<27><169>)<152><148>o<1 39>c<198><6>9\<249>s<196><161><129><208><164><129><205>0<129><202>1<11> 0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0< 16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL PROTECTED]<130> <1><0>0<12><6><3>U<29><19><4><5>0<3>
EAP-Message =
<1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129> <0>A<130>4<253><23>- <13><9><9><222>3<19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<23 3><144><146>&g<162><190><234><145>H<159><10>^6IQ<223><219><193>@><204>b <245><12><6><133><147><132><192>fU<165><197><180>k<136>: <8><198><152><165>*%<221><237><188><23><251><255><172>'n<142>H<25>q<173 >t<215><212><221><239><20>FZyd<205><240>Wbd<143><139>q]h<236><127><16>< 143>tA<163>4I<236><230><147><218>><175>B^<130><0>*9<22><3><1><0><220><1 3><0><0><212><2><1><2><0><207><0><205>0<129><202>1<11>0<9><6><3>U<4><6> <19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7>< 19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certif
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump: *** Received from 10.2.12.101 port 1113 .... Code: Access-Request Identifier: 205 Authentic: s7<0><0>`.<0><0>\<14><0><0><13>u<0><0> Attributes: Message-Authenticator = <206>P<231>&<160><178><233><185><136><149>">-X%<243> User-Name = "anonymous" State = "" NAS-IP-Address = 10.2.12.101 NAS-Port = 2 NAS-Port-Type = Wireless-IEEE-802-11 Calling-Station-Id = "00-04-23-77-4b-a3" Framed-MTU = 1000 EAP-Message = <2><5><0><5><21>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 5, 5
Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Challenge
Identifier: 205
Authentic: s7<0><0>`.<0><0>\<14><0><0><13>u<0><0>
Attributes:
EAP-Message =
<1><6><0><134><21><0>icates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL PROTECTED]<14>< 0><0><0>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1113 ....
Code: Access-Request
Identifier: 206
Authentic: <255>U<0><0><198><21><0><0>q<30><0><0><211>e<0><0>
Attributes:
Message-Authenticator =
e<172><247>F<29><172>&<235>j<20><15><163>a<147>a<7>
User-Name = "anonymous"
State = ""
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00-04-23-77-4b-a3"
Framed-MTU = 1000
EAP-Message =
<2><6><0><212><21><128><0><0><0><202><22><3><1><0><7><11><0><0><3><0><0 ><0><22><3><1><0><134><16><0><0><130><0><128>: <145><15><149>J<23>|<160>2<147>JK<26><241><169><136><206>+u N<183><128><13>u<188>8<213><162><190><188><0>=<229>[? <9><209><215>\&2<187><26>:b<252><134><5><201><140>_: <135><130>X<130><239><10>! <195><239><205>&<18><247>.<172><127><134>j<130><150><16><176><160><165> a<211><199><136>3YD<136><209><156><247><155> <226>[<218><200><169><235><254><10><135>zyS<194><155><247>? <249><250><155><133>k46<24><194><177><187><218><234><184><239><133>f<13 5><197><211><211>y<20><3><1><0><1><1><22><3><1><0>(<149><216>gg<3><219> <150><200><190><130><246><179>L<137><163><195>5C=<183>YG4<2>l<154><247> <157><171><131><248><204><128><138>SX<227><231><157><210>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 6, 212
Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
Mon Jan 5 12:53:40 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Access challenged for anonymous: EAP
TTLS Challenge
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Challenge
Identifier: 206
Authentic: <255>U<0><0><198><21><0><0>q<30><0><0><211>e<0><0>
Attributes:
EAP-Message =
<1><7><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(<148>$Y<2 04><212>(<190>k<1><165><231>|<209>'<2><171><20><247>N<164><177><168><21 7><189>|<156><18><14>Ocb<185>3<174><22>_<213><238><254><238>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1113 ....
Code: Access-Request
Identifier: 207
Authentic: <246>=<0><0><209>><0><0>r<0><0><0><139><7><0><0>
Attributes:
Message-Authenticator =
<172>_<8><30><190><225><156><191><159><142><253>]S<229><253>G
User-Name = "anonymous"
State = ""
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00-04-23-77-4b-a3"
Framed-MTU = 1000
EAP-Message =
<2><7><0>W<21><128><0><0><0>M<23><3><1><0>H<228><249>@)<209>i<243><10>< 244><154><134>4<172>i}bB<29><127>&<27><162><217><26><215>PI<136><200>(< 220>c<242>f]<137>><186><28><218>b<149><140><129>o<29><248><182><15>>\<2 38><186><127>N<155><6><241>t<136>I9<148><218>? <236>1<130><147>,<175><226>
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler ''
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for anonymous,
10.2.12.101, 2
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthFILE:
OUTERAuthentication
Mon Jan 5 12:53:40 2004: DEBUG: Handling with EAP: code 2, 7, 87
Mon Jan 5 12:53:40 2004: DEBUG: Response type 21
Mon Jan 5 12:53:40 2004: DEBUG: EAP TTLS inner authentication request
for berndt.sevcik
Mon Jan 5 12:53:40 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic:
<29><144><239><199><196><246><215><200><139><156><2><185><189><18><224> <243>
Attributes:
User-Name = "berndt.sevcik"
User-Password = "Yalla1980"
Mon Jan 5 12:53:40 2004: DEBUG: Handling request with Handler
'TunnelledByTTLS=1'
Mon Jan 5 12:53:40 2004: DEBUG: Rewrote user name to berndt.sevcik
Mon Jan 5 12:53:40 2004: DEBUG: Deleting session for berndt.sevcik,
10.2.12.101,
Mon Jan 5 12:53:40 2004: DEBUG: Handling with Radius::AuthLDAP2:
LDAPTTLSAuthentication
Mon Jan 5 12:53:40 2004: INFO: Connecting to 10.2.4.21, port 389
Mon Jan 5 12:53:40 2004: INFO: Attempting to bind to LDAP server
10.2.4.21:389)
Mon Jan 5 12:53:40 2004: DEBUG: LDAP got result for
uid=berndt.sevcik,ou=People,ou=admin,dc=tgm,dc=ac,dc=at
Mon Jan 5 12:53:40 2004: DEBUG: LDAP got scriptPath: Yalla1980
Mon Jan 5 12:53:40 2004: DEBUG: Radius::AuthLDAP2 looks for match with
berndt.sevcik
Mon Jan 5 12:53:40 2004: DEBUG: Radius::AuthLDAP2 ACCEPT:
Mon Jan 5 12:53:40 2004: DEBUG: Access accepted for berndt.sevcik
Mon Jan 5 12:53:40 2004: DEBUG: EAP result: 0, EAP TTLS inner
authentication redespatched to a Handler
Mon Jan 5 12:53:40 2004: DEBUG: Access accepted for anonymous
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Sending to 10.2.12.101 port 1113 ....
Code: Access-Accept
Identifier: 207
Authentic: <246>=<0><0><209>><0><0>r<0><0><0><139><7><0><0>
Attributes:
MS-MPPE-Send-Key =
"<180>u|9<155><7>CA<5>,<252><224>Wzf<172><132><241><236>/ kU<6><170><159><199><128><232>PX<20><241><166><149>s<247>\<10><235><162 ><154><228><3>&<208>+'<157>a<151>"
MS-MPPE-Recv-Key = "<146><195><216><184>s<225><184>
<229>(e<239><200>+<133><176><130><243>lloh<234><148><9>PZ<206><235><242 >G<148>5<213>O<236><2>z<24><219><134>H<195><171>jB<139><25>~P"
EAP-Message = <3><7><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 5 12:53:40 2004: DEBUG: Packet dump:
*** Received from 10.2.12.101 port 1114 ....
Code: Accounting-Request
Identifier: 54
Authentic: <231><186><207><255><130><29><8><189><22>8<231><183>b<144>A5
Attributes:
Acct-Status-Type = Start
User-Name = "anonymous"
Calling-Station-Id = "00-04-23-77-4b-a3"
NAS-IP-Address = 10.2.12.101
NAS-Port = 2
Acct-Delay-Time = 0
Acct-Session-Id = "2600001a"
Acct-Authentic = RADIUS
Mon Jan 5 12:53:40 2004: DEBUG: Handlin
Thanks for help
Berndt
-- Diese Message wurde erstellt mit freundlicher Unterstuetzung eines freilaufenden Pinguins aus artgerechter Freilandhaltung. Sie ist garantiert frei von Microsoftschen Viren.
----------------------------------------- TGM - Die Schule der Technik IT-Service A-1200 Wien, Wexstr. 19-23 Tel. +43(1)33126/316 Fax: +43(1)33126/154 E-Mail: [EMAIL PROTECTED] -----------------------------------------
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
