Re: (RADIATOR) EAP-TTLS Problems

[Hugh Irvine]

Hello Russell -

Thanks for sending the configuration file and debug.

Part of the problem is due to your configuration file containing two  
Realm DEFAULT clauses. In this case, the second Realm DEFAULT will  
overwrite the first one, so that is why your AuthBy FILE does not work  
correctly (the second Realm DEFAULT has the AuthBy LSA).

And you are correct - it appears that the access request is being  
accepted and an Access-Accept is being returned to the AP. I suspect  
that you may require some additional reply attributes in the  
Access-Accept, such as Service-Type = Framed-User and Framed-Protocol =  
PPP.

For the hooks - they require an SQL database with the appropriate  
tables defined and the DBI/DBD modules installed.

regards

Hugh

On 12/01/2004, at 12:56 PM, Russell Owen wrote:

Hi All,
I've been racking my brain on this one for a few days now and would  
appreciate if anyone has some input on what I may be doing wrong!
�
Situation is, Radiator eval configured for TTLS with LSA module, cisco  
1100 series AP (also tried 1200), Funk Oddyssey client on PPC 2003 and  
also WinXP client using Alfa-Ariss SecureW2. The radiator logs show  
that the client is connecting and authenticating with out any�problems  
(that I can see). The Funk client also shows that the Authentication  
result is a success and the authentication type is EAP-TTLS [PAP]. The  
WinXP client also connects and authenticates without any problems.  
After the clients (both WinXp and PPC)�connect and authenticate, they  
are unable to transmit any data over the wireless link. If I diasble  
EAP, everything works fine. I have also disabled the LSA module and  
just tried to authenticate with the <AuthBy FILE> module but that  
dosen't seem to make any difference.
�
To me it seems that Radiator is not the problem, as that seems to be  
authenticating the user correctly, but I could be wrong!
�
Another thing i noticed was that after I eable the TTLS hooks as  
mentioned in EAP_TTLS.cfg, anonymous is still getting logged for both  
the Inner and Outer user in the Accounting. Could this be related to  
my problem?
�
Thanks in advance,
Russ.
�
Config files and Logs follow (I haven't botherd masking any details as  
this�setup is on a�test network and will be changed for production):
�
# Radiusd.cfg
Foreground
LogStdout
LogDir��c:/Program Files/Radiator
DbDir��c:/Program Files/Radiator
Trace ��4

<Client 192.168.22.100>
�Secret�password
</Client>
<Realm DEFAULT>
�<AuthBy FILE>
��Filename %D/users
��EAPType TTLS
��EAPTLS_CAFile c:/radiator/certificates/demoCA/cacert.pem
#��EAPTLS_CAPath
��EAPTLS_CertificateFile c:/radiator/certificates/cert-srv.pem
��EAPTLS_CertificateType PEM
��EAPTLS_PrivateKeyFile c:/radiator/certificates/cert-srv.pem
��EAPTLS_PrivateKeyPassword whatever
#��EAPTLS_RandomFile %D/certificates/random
��EAPTLS_MaxFragmentSize 1000
#��EAPTLS_DHFile %D/certificates/cert/dh
��AutoMPPEKeys
��SSLeayTrace 4
�</AuthBy>
</Realm>
<Realm DEFAULT>
�<AuthBy LSA>
��EAPType TTLS
��EAPTLS_CAFile c:/radiator/certificates/demoCA/cacert.pem
#��EAPTLS_CAPath
��EAPTLS_CertificateFile c:/radiator/certificates/cert-srv.pem
��EAPTLS_CertificateType PEM
��EAPTLS_PrivateKeyFile c:/radiator/certificates/cert-srv.pem
��EAPTLS_PrivateKeyPassword whatever
#��EAPTLS_RandomFile %D/certificates/random
��EAPTLS_MaxFragmentSize 1000
#��EAPTLS_DHFile %D/certificates/cert/dh
��AutoMPPEKeys
��SSLeayTrace 4
�</AuthBy>
�PreProcessingHook file:"c:/radiator/goodies/eap_anon_hook.pl"
�PostAuthHook file:"c:/radiator/goodies/eap_anon_hook.pl"
�AcctLogFileName�%D/detail
</Realm>
�
Radiator Debug:
�
Mon Jan 12 10:04:01 2004: DEBUG: Reading users file c:/Program  
Files/Radiator/users
Mon Jan 12 10:04:01 2004: DEBUG: Finished reading configuration file  
'C:\Program Files\Radiator\radius.cfg'
This Radiator license will expire on 2004-07-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your evaluation period, [EMAIL PROTECTED]
Mon Jan 12 10:04:01 2004: DEBUG: Reading dictionary file 'c:/Program  
Files/Radiator/dictionary'
Mon Jan 12 10:04:02 2004: DEBUG: Creating authentication port  
0.0.0.0:1645
Mon Jan 12 10:04:02 2004: DEBUG: Creating accounting port 0.0.0.0:1646
Mon Jan 12 10:04:02 2004: NOTICE: Server started: Radiator 3.8 on  
thebeast (EVALUATION)
Mon Jan 12 10:04:33 2004: DEBUG: Packet dump:
*** Received from 192.168.22.100 port 21645 ....
Code:������ Access-Request
Identifier: 133
Authentic:� |<28>E!<165><186><8><243>6t<178><188><191>e<6>w
Attributes:
�User-Name = "anonymous"
�Framed-MTU = 1400
�Called-Station-Id = "000e.8311.6b50"
�Calling-Station-Id = "0010.c620.88f7"
�Message-Authenticator =  
f<214>z<128><<254>(/<203>/<186><141>PH<229><221>
�EAP-Message = <2><1><0><14><1>anonymous
�NAS-Port-Type = Wireless-IEEE-802-11
�NAS-Port = 280
�Service-Type = Framed-User
�NAS-IP-Address = 192.168.22.100
�NAS-Identifier = "ap"
Mon Jan 12 10:04:33 2004: DEBUG: Handling request with Handler  
'Realm=DEFAULT'
Mon Jan 12 10:04:33 2004: DEBUG:� Deleting session for anonymous,  
192.168.22.100, 280
Mon Jan 12 10:04:33 2004: DEBUG: Handling with Radius::AuthLSA:
Mon Jan 12 10:04:33 2004: DEBUG: Handling with EAP: code 2, 1, 14
Mon Jan 12 10:04:33 2004: DEBUG: Response type 1
Mon Jan 12 10:04:33 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 12 10:04:33 2004: DEBUG: Access challenged for anonymous: EAP  
TTLS Challenge
Mon Jan 12 10:04:33 2004: DEBUG: Packet dump:
*** Sending to 192.168.22.100 port 21645 ....
Code:������ Access-Challenge
Identifier: 133
Authentic:� |<28>E!<165><186><8><243>6t<178><188><191>e<6>w
Attributes:
�EAP-Message = <1><2><0><6><21>
�Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 12 10:04:33 2004: DEBUG: Packet dump:
*** Received from 192.168.22.100 port 21645 ....
Code:������ Access-Request
Identifier: 134
Authentic:� j<G<4><188>;<139>r5*<239><15>I<179><232><14>
Attributes:
�User-Name = "anonymous"
�Framed-MTU = 1400
�Called-Station-Id = "000e.8311.6b50"
�Calling-Station-Id = "0010.c620.88f7"
�Message-Authenticator =  
<228>w<142><167>~<186><234><182><249><205>3<252><230><216><181><29>
�EAP-Message =  
<2><2><0><132><21><128><0><0><0>z<22><3><1><0>u<1><0><0>q<3><1>><205><1 
61>j<129><132>+<15>j<23><255>HU<178><143><235><200><150><162>A<13>/ 
<180>f<15>j-<26>(pA<196>  
KYB<245>o<14><221><135>G<220><185><200><4><247>r(=<249><212>E<147><227> 
w<4><145><220><183><234><1><254><161><21><0>*<0><22><0><19><0>f<0><21>< 
0><18><0><10><0><5><0><4><0><7><0><9><0>c<0>e<0>`<0>b<0>a<0>d<0><20><0> 
<17><0><3><0><6><0><8><1><0>
�NAS-Port-Type = Wireless-IEEE-802-11
�NAS-Port = 280
�Service-Type = Framed-User
�NAS-IP-Address = 192.168.22.100
�NAS-Identifier = "ap"
Mon Jan 12 10:04:33 2004: DEBUG: Handling request with Handler  
'Realm=DEFAULT'
Mon Jan 12 10:04:33 2004: DEBUG:� Deleting session for anonymous,  
192.168.22.100, 280
Mon Jan 12 10:04:33 2004: DEBUG: Handling with Radius::AuthLSA:
Mon Jan 12 10:04:33 2004: DEBUG: Handling with EAP: code 2, 2, 132
Mon Jan 12 10:04:33 2004: DEBUG: Response type 21
Mon Jan 12 10:04:33 2004: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Mon Jan 12 10:04:33 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 12 10:04:33 2004: DEBUG: Access challenged for anonymous: EAP  
TTLS Challenge
Mon Jan 12 10:04:34 2004: DEBUG: Packet dump:
*** Sending to 192.168.22.100 port 21645 ....
Code:������ Access-Challenge
Identifier: 134
Authentic:� j<G<4><188>;<139>r5*<239><15>I<179><232><14>
Attributes:
�EAP-Message =  
<1><3><3><242><21><192><0><0><8>P<22><3><1><0>J<2><0><0>F<3><1>@<2><0>< 
177><27><228><152><134><192><193><129><145><133><255><161><252><157><28 
>,<163><142><137><247>3fD<200>&<157>v<164><236>  
c<22>n<169><177>Y; 
<132><204>=<20><163><231><189><254><229><170><8><234><7><3><153><25>7<2 
1>=M<242>X<18><249>@<0><10><0><22><3><1><7><27><11><0><7><23><0><7><20> 
<0><2><209>0<130><2><205>0<130><2>6<160><3><2><1><2><2><1><2>0<13><6><9 
>*<134>H<134><247><13><1><1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6>< 
19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><1 
9><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo  
Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Sec
�EAP-Message = tion1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in  
production)1  
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL PROTECTED]<30> 
<23><13>030227061500Z<23><13>040227061500Z0u1<11>0<9><6><3>U<4><6><19>< 
2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9 
>Melbourne1<24>0<22><6><3>U<4><10><19><15>My Test  
Company1%0#<6><3>U<4><3><19><28>test.server.some.company.com0<129><159> 
0<13><6><9>*<134>H<134><247><13><1><1>
�EAP-Message =  
<1><5><0><3><129><141><0>0<129><137><2><129><129><0><196><186>)<217><24 
5><205><159>@<144><133><177><255>0<165><3><215>cGR<136><231><253>9<193> 
<13><255>m@<220>y^<160><244><236>Sa'<198>^<231><158>4<156>"<242>IS<151> 
<30><211>$<142><196>!}R<146><166><129>yh<17><162><207><196><0><171>5s<1 
87><229><139>2<250><146><1><187><207><226><203>5<251><178><1><212><178> 
<141><219>O<253><134><213>N|<172>: 
J<23><173><161><191><141><25>&<198>Fi<17><181><137>Fy<0><177><210><215> 
<186>x<141><197><212>s<145><235>\<164><8>! 
<2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1> 
<5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129>< 
129><0><20>m<159><141><185><184><252><248><201>FM<195>PB(^<127>3<24><13 
6><172><19><211><137><132>EF<170>9<236>^<187><146><253><171><200><183>< 
230><148><142><21>_<9>^<227><10>3<162><186><214><206><197>Tq<219><4>r<2 
39>?<1><16><203>
�EAP-Message =  
T<0><161>wm<173>S<4><0>)<141><209><<197>tT<228><150>P<156><22>^zes^<202 
>u<161><176>F3=<4><200><229><154>q<146><194>cy<23>z*o><219><28><206>t<1 
96><188><3><195>.%<19>mD<242><149><237>O<138><193><0><4>=0<130><4>90<13 
0><3><162><160><3><2><1><2><2><1><0>0<13><6><9>*<134>H<134><247><13><1> 
<1><4><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U 
<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28>< 
6><3>U<4><10><19><21>OSC Demo  
Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate  
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do no
�Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 12 10:04:34 2004: DEBUG: Packet dump:
*** Received from 192.168.22.100 port 21645 ....
Code:������ Access-Request
Identifier: 135
Authentic:� 1<9><236><246>S<8>*<129><205>n<189><252>qOl!
Attributes:
�User-Name = "anonymous"
�Framed-MTU = 1400
�Called-Station-Id = "000e.8311.6b50"
�Calling-Station-Id = "0010.c620.88f7"
�Message-Authenticator = ,<19>S6<255>9{<217><245>$z<146>0r)S
�EAP-Message = <2><3><0><6><21><0>
�NAS-Port-Type = Wireless-IEEE-802-11
�NAS-Port = 280
�Service-Type = Framed-User
�NAS-IP-Address = 192.168.22.100
�NAS-Identifier = "ap"
Mon Jan 12 10:04:34 2004: DEBUG: Handling request with Handler  
'Realm=DEFAULT'
Mon Jan 12 10:04:34 2004: DEBUG:� Deleting session for anonymous,  
192.168.22.100, 280
Mon Jan 12 10:04:34 2004: DEBUG: Handling with Radius::AuthLSA:
Mon Jan 12 10:04:34 2004: DEBUG: Handling with EAP: code 2, 3, 6
Mon Jan 12 10:04:34 2004: DEBUG: Response type 21
Mon Jan 12 10:04:34 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 12 10:04:34 2004: DEBUG: Access challenged for anonymous: EAP  
TTLS Challenge
Mon Jan 12 10:04:34 2004: DEBUG: Packet dump:
*** Sending to 192.168.22.100 port 21645 ....
Code:������ Access-Challenge
Identifier: 135
Authentic:� 1<9><236><246>S<8>*<129><205>n<189><252>qOl!
Attributes:
�EAP-Message = <1><4><3><238><21>@t use in production)1  
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL PROTECTED]<30> 
<23><13>030227061411Z<23><13>050226061411Z0<129><202>1<11>0<9><6><3>U<4 
><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4> 
<7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo  
Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate  
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in p
�EAP-Message = roduction)1  
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL PROTECTED]<129 
><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0< 
129><137><2><129><129><0><193>@h<28><185>'<7><254><247>{9<233><245>3S<2 
09>=<173>>c<144>Z<239>? 
b<150><224><171><219><170><170>i<226><251><234>\Jwi<210><141><249><141> 
<148><224>|<188>V<24><209><8><223>f? 
<149><172><6><226><18><232>1<249><227>$<176>G<164>'Y<193><160>$n<160>e< 
153>V<166>x<2><162><<244><4><225>T>n<18><<204><210><135><162>T<16><221> 
<6>Pn<9>7<141><197><160><197><245><155>6<3><172><154>p<230><210>Z<159>< 
149><192>C<255><154><220><149><3>*<156>q<2><3><1><0><1><163><130><1>+0< 
130><1>'0<29><6><3>U<29><14><4><22><4><20><180><27><24>R'<27><169>)<152 
><148>o<139>c<198><6>9\<249>s<196>0<129><247><6><3>U<29>#
�EAP-Message =  
<4><129><239>0<129><236><128><20><180><27><24>R'<27><169>)<152><148>o<1 
39>c<198><6>9\<249>s<196><161><129><208><164><129><205>0<129><202>1<11> 
0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0< 
16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC  
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate  
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1  
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL PROTECTED]<130> 
<1><0>0<12><6><3>U<29><19><4><5>0<3>
�EAP-Message =  
<1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129> 
<0>A<130>4<253><23>- 
<13><9><9><222>3<19><171>aj<23><187><195>gs<145><194>w<164>1m#<242>t<23 
3><144><146>&g<162><190><234><145>H<159><10>^6IQ<223><219><193>@><204>b 
<245><12><6><133><147><132><192>fU<165><197><180>k<136>: 
<8><198><152><165>*%<221><237><188><23><251><255><172>'n<142>H<25>q<173 
>t<215><212><221><239><20>FZyd<205><240>Wbd<143><139>q]h<236><127><16>< 
143>tA<163>4I<236><230><147><218>><175>B^<130><0>*9<22><3><1><0><220><1 
3><0><0><212><2><1><2><0><207><0><205>0<129><202>1<11>0<9><6><3>U<4><6> 
<19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7>< 
19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certif
�Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 12 10:04:34 2004: DEBUG: Packet dump:
*** Received from 192.168.22.100 port 21645 ....
Code:������ Access-Request
Identifier: 136
Authentic:� <238><28><227><224><27>;Cb<229><6><231>Y<3>Z<230><133>
Attributes:
�User-Name = "anonymous"
�Framed-MTU = 1400
�Called-Station-Id = "000e.8311.6b50"
�Calling-Station-Id = "0010.c620.88f7"
�Message-Authenticator = <199>ET<214><200>n6<0>gs<153>!8T<222><194>
�EAP-Message = <2><4><0><6><21><0>
�NAS-Port-Type = Wireless-IEEE-802-11
�NAS-Port = 280
�Service-Type = Framed-User
�NAS-IP-Address = 192.168.22.100
�NAS-Identifier = "ap"
Mon Jan 12 10:04:34 2004: DEBUG: Handling request with Handler  
'Realm=DEFAULT'
Mon Jan 12 10:04:34 2004: DEBUG:� Deleting session for anonymous,  
192.168.22.100, 280
Mon Jan 12 10:04:34 2004: DEBUG: Handling with Radius::AuthLSA:
Mon Jan 12 10:04:34 2004: DEBUG: Handling with EAP: code 2, 4, 6
Mon Jan 12 10:04:34 2004: DEBUG: Response type 21
Mon Jan 12 10:04:34 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 12 10:04:34 2004: DEBUG: Access challenged for anonymous: EAP  
TTLS Challenge
Mon Jan 12 10:04:34 2004: DEBUG: Packet dump:
*** Sending to 192.168.22.100 port 21645 ....
Code:������ Access-Challenge
Identifier: 136
Authentic:� <238><28><227><224><27>;Cb<229><6><231>Y<3>Z<230><133>
Attributes:
�EAP-Message =  
<1><5><0><134><21><0>icates1!0<31><6><3>U<4><11><19><24>Test  
Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in  
production)1  
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>[EMAIL PROTECTED]<14>< 
0><0><0>
�Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 12 10:04:34 2004: DEBUG: Packet dump:
*** Received from 192.168.22.100 port 21645 ....
Code:������ Access-Request
Identifier: 137
Authentic:� Sd<144>t<163><15>.&<222><156><239>k<16>8<136>Q
Attributes:
�User-Name = "anonymous"
�Framed-MTU = 1400
�Called-Station-Id = "000e.8311.6b50"
�Calling-Station-Id = "0010.c620.88f7"
�Message-Authenticator = xeJ'<214>K<218>0-<162>yI<170>q<176><135>
�EAP-Message =  
<2><5><0><212><21><128><0><0><0><202><22><3><1><0><7><11><0><0><3><0><0 
><0><22><3><1><0><134><16><0><0><130><0><128><149>c<209>A<200><237>m<16 
0>s4<165><231>\<255><241><4><158><170><148><158><166><26><169>~<214><13 
8><199>4^<223>)9<172><198><172>_<133><204>O$<184><<173><248>tI<238><166 
><151><183><157><1><182><207><218>d<184>t<18><185><127><172><216><235>< 
192><171><220>L<250><161>#<14><2><175><2>d<209><<128><2><153><213><140> 
<239>6<156>8@<152><249>}<25><158>&<18>- 
k<164><250><144><134>`<24><170><187><16><127>L<134>.<151><210><<231><23 
7><132><186>}<185>X<202><163><162>=q<173>C<4><20><3><1><0><1><1><22><3> 
<1><0>(|<190><207>^<18><171><211><15><192><27>W? 
<1><26><252><15><196>V<165>=<163><188>]<6><198>I<205>7s{*o<219><241>)<2 
39><214><152>5<152>
�NAS-Port-Type = Wireless-IEEE-802-11
�NAS-Port = 280
�Service-Type = Framed-User
�NAS-IP-Address = 192.168.22.100
�NAS-Identifier = "ap"
Mon Jan 12 10:04:34 2004: DEBUG: Handling request with Handler  
'Realm=DEFAULT'
Mon Jan 12 10:04:34 2004: DEBUG:� Deleting session for anonymous,  
192.168.22.100, 280
Mon Jan 12 10:04:34 2004: DEBUG: Handling with Radius::AuthLSA:
Mon Jan 12 10:04:34 2004: DEBUG: Handling with EAP: code 2, 5, 212
Mon Jan 12 10:04:34 2004: DEBUG: Response type 21
Mon Jan 12 10:04:34 2004: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Mon Jan 12 10:04:34 2004: DEBUG: EAP result: 3, EAP TTLS Challenge
Mon Jan 12 10:04:34 2004: DEBUG: Access challenged for anonymous: EAP  
TTLS Challenge
Mon Jan 12 10:04:34 2004: DEBUG: Packet dump:
*** Sending to 192.168.22.100 port 21645 ....
Code:������ Access-Challenge
Identifier: 137
Authentic:� Sd<144>t<163><15>.&<222><156><239>k<16>8<136>Q
Attributes:
�EAP-Message =  
<1><6><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(Ah<1>(<22 
7><179><222><156><G<137>Vadc<207><159>\<222><134>><167>(<227>m<229><197 
><151>-<174><229><1><170>G<134> C<202><237>u
�Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 12 10:04:34 2004: DEBUG: Packet dump:
*** Received from 192.168.22.100 port 21645 ....
Code:������ Access-Request
Identifier: 138
Authentic:� <187><203>fJw<164>wh<198>$<173>Z<25><136>L6
Attributes:
�User-Name = "anonymous"
�Framed-MTU = 1400
�Called-Station-Id = "000e.8311.6b50"
�Calling-Station-Id = "0010.c620.88f7"
�Message-Authenticator =  
<215><194>rXX<1>'<226><8><247>=<149><211><147><174><173>
�EAP-Message =  
<2><6><0>\<21><128><0><0><0>R<23><3><1><0><24><245><217><159><213>.<178 
><228><152>_<3>s<165><11>T<255><224>&<160><200><207><203><254>: 
<157><23><3><1><0>0<1>A<154><130>W2<141><11>k0[ff<6><13>S<212>- 
s<160><224><<156><252><239>[<160><164><187>Gskh<230><214><16><227><242> 
'<214><227><189>J<200><164><149><23><164>
�NAS-Port-Type = Wireless-IEEE-802-11
�NAS-Port = 280
�Service-Type = Framed-User
�NAS-IP-Address = 192.168.22.100
�NAS-Identifier = "ap"
Mon Jan 12 10:04:34 2004: DEBUG: Handling request with Handler  
'Realm=DEFAULT'
Mon Jan 12 10:04:34 2004: DEBUG:� Deleting session for anonymous,  
192.168.22.100, 280
Mon Jan 12 10:04:34 2004: DEBUG: Handling with Radius::AuthLSA:
Mon Jan 12 10:04:34 2004: DEBUG: Handling with EAP: code 2, 6, 92
Mon Jan 12 10:04:34 2004: DEBUG: Response type 21
Mon Jan 12 10:04:34 2004: DEBUG: EAP TTLS inner authentication request  
for test
Mon Jan 12 10:04:34 2004: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code:������ Access-Request
Identifier: UNDEF
Authentic:�  
<231><227><208><154>w<228><231>z<7><191>pn<233><153><24><145>
Attributes:
�User-Name = "test"
�User-Password = "test"
Mon Jan 12 10:04:34 2004: DEBUG: Handling request with Handler  
'Realm=DEFAULT'
Mon Jan 12 10:04:34 2004: DEBUG:� Deleting session for test,  
192.168.22.100,
Mon Jan 12 10:04:34 2004: DEBUG: Handling with Radius::AuthLSA:
Mon Jan 12 10:04:34 2004: DEBUG: Radius::AuthLSA looks for match with  
test
Mon Jan 12 10:04:34 2004: DEBUG: Radius::AuthLSA ACCEPT:
Mon Jan 12 10:04:34 2004: DEBUG: Access accepted for test
Mon Jan 12 10:04:34 2004: DEBUG: EAP result: 0, EAP TTLS inner  
authentication redespatched to a Handler
Mon Jan 12 10:04:34 2004: DEBUG: Access accepted for anonymous
Mon Jan 12 10:04:34 2004: DEBUG: Packet dump:
*** Sending to 192.168.22.100 port 21645 ....
Code:������ Access-Accept
Identifier: 138
Authentic:� <187><203>fJw<164>wh<198>$<173>Z<25><136>L6
Attributes:
�MS-MPPE-Send-Key =  
"<224>u<133><227><205><1><23>Ga)u<176><208><254><198>L<176>]<3><7><156> 
<164><28><10><253><200>/ 
_c<25><220><167>j<155><141><188><165>]<127><2>B<194>,<17><144><179><239 
><13><132>r"
�MS-MPPE-Recv-Key =  
"<130><199><4>t<28><17><5><222><148><204><207><216><4>; 
e<242><184><239>B<220>C<237><165>R<129><178>t<149><209><7>8Fy<254><222> 
!<240><144>R<237><179><230><252>1<27>z<254><15><218>r"
�EAP-Message = <3><6><0><4>
�Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Jan 12 10:04:34 2004: DEBUG: Packet dump:
*** Received from 192.168.22.100 port 21645 ....
Code:������ Accounting-Request
Identifier: 139
Authentic:�  
g<187><6><7><247>C<1>!<149><178><212><190><202><242><147><208>
Attributes:
�Acct-Session-Id = "0000002B"
�Called-Station-Id = "000e.8311.6b50"
�Calling-Station-Id = "0010.c620.88f7"
�cisco-avpair = "ssid=tsunami"
�cisco-avpair = "nas-location=unspecified"
�cisco-avpair = "connect-progress=Call Up"
�Acct-Authentic = RADIUS
�User-Name = "anonymous"
�Acct-Status-Type = Start
�NAS-Port-Type = Wireless-IEEE-802-11
�Cisco-NAS-Port = "280"
�NAS-Port = 280
�Service-Type = Framed-User
�NAS-IP-Address = 192.168.22.100
�Acct-Delay-Time = 0
Mon Jan 12 10:04:34 2004: DEBUG: Handling request with Handler  
'Realm=DEFAULT'
Mon Jan 12 10:04:34 2004: DEBUG:� Adding session for anonymous,  
192.168.22.100, 280
Mon Jan 12 10:04:34 2004: DEBUG: Handling with Radius::AuthLSA:
Mon Jan 12 10:04:34 2004: DEBUG: Accounting accepted
Mon Jan 12 10:04:34 2004: DEBUG: Packet dump:
*** Sending to 192.168.22.100 port 21645 ....
Code:������ Accounting-Response
Identifier: 139
Authentic:�  
g<187><6><7><247>C<1>!<149><178><212><190><202><242><147><208>
Attributes:
�
�

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.