Dear Heikki,
I upgraded the IOS in my catalyst, the results shows a little bit
different, seems that the certificate is doing okay, but somehow it keep
asking for anoymous user? is there configuration that i missed? here are
the log file and the config, thanks
/Regards,
Indrajaya Pitra Perdana/
On 12/17/2011 2:01 PM, [email protected] wrote:
I'm using Microsoft Windows XP Professional SP 2
Quoting Heikki Vatiainen<[email protected]>:
On 12/16/2011 04:13 AM, Indrajaya Pitra Perdana wrote:
Thanks, i give it a try, i already enable tls trace in my win xp, and i
don't see there's an exchange certificate :-)
What client are you using? I noticed the log shows it sends EAP TLS
(type 13) responses while also logging about detecting PEAP authentication.
[1448] 11:49:36:218: PeapReadConnectionData
[1448] 11:49:36:218: PeapReadUserData
[1448] 11:49:36:218: RasEapGetInfo
[2884] 11:49:52:515: EapPeapBegin
[2884] 11:49:52:515: PeapReadConnectionData
[2884] 11:49:52:515: PeapReadUserData
[2884] 11:49:52:515:
[2884] 11:49:52:515: EapTlsBegin(test)
[2884] 11:49:52:515: State change to Initial
[2884] 11:49:52:515: EapTlsBegin: Detected 8021X authentication
[2884] 11:49:52:515: EapTlsBegin: Detected PEAP authentication
[2884] 11:49:52:515: MaxTLSMessageLength is now 16384
[2884] 11:49:52:515: EapPeapBegin done
[2884] 11:49:52:515: EapPeapMakeMessage
[2884] 11:49:52:515: EapPeapCMakeMessage
[2884] 11:49:52:515: PEAP:PEAP_STATE_INITIAL
[2884] 11:49:52:515: EapTlsCMakeMessage
[2884] 11:49:52:515: EapTlsReset
[2884] 11:49:52:515: State change to Initial
[2884] 11:49:52:515: GetCredentials
[2884] 11:49:52:515: Flag is Client and Store is Current User
[2884] 11:49:52:515: GetCachedCredentials
[2884] 11:49:52:515: FreeCachedCredentials
[2884] 11:49:52:515: No Cert Store. Guest Access requested
[2884] 11:49:52:515: No Cert Name. Guest access requested
[2884] 11:49:52:515: Will validate server cert
[2884] 11:49:52:515: MakeReplyMessage
[2884] 11:49:52:515: SecurityContextFunction
[2884] 11:49:52:515: InitializeSecurityContext returned 0x90312
[2884] 11:49:52:515: State change to SentHello
[2884] 11:49:52:515: BuildPacket
[2884] 11:49:52:515:<< Sending Response (Code: 2) packet: Id: 2,
Length: 80, Type: 13, TLS blob length: 70. Flags: L
[2884] 11:49:52:515: EapPeapCMakeMessage done
[2884] 11:49:52:515: EapPeapMakeMessage done
[1352] 11:50:22:531: EapPeapEnd
[1352] 11:50:22:531: EapTlsEnd
[1352] 11:50:22:531: EapTlsEnd(test)
[1352] 11:50:22:531: EapPeapEnd done
[1352] 11:50:22:562: EapPeapBegin
[1352] 11:50:22:562: PeapReadConnectionData
[1352] 11:50:22:562: PeapReadUserData
[1352] 11:50:22:562:
[1352] 11:50:22:562: EapTlsBegin(test)
[1352] 11:50:22:562: State change to Initial
[1352] 11:50:22:562: EapTlsBegin: Detected 8021X authentication
[1352] 11:50:22:562: EapTlsBegin: Detected PEAP authentication
[1352] 11:50:22:562: MaxTLSMessageLength is now 16384
[1352] 11:50:22:562: EapPeapBegin done
[1352] 11:50:22:562: EapPeapMakeMessage
[1352] 11:50:22:562: EapPeapCMakeMessage
[1352] 11:50:22:562: PEAP:PEAP_STATE_INITIAL
[1352] 11:50:22:562: EapTlsCMakeMessage
[1352] 11:50:22:562: EapTlsReset
[1352] 11:50:22:562: State change to Initial
[1352] 11:50:22:562: GetCredentials
[1352] 11:50:22:562: Flag is Client and Store is Current User
[1352] 11:50:22:562: GetCachedCredentials
[1352] 11:50:22:562: FreeCachedCredentials
[1352] 11:50:22:562: No Cert Store. Guest Access requested
[1352] 11:50:22:562: No Cert Name. Guest access requested
[1352] 11:50:22:562: Will validate server cert
[1352] 11:50:22:562: MakeReplyMessage
[1352] 11:50:22:562: SecurityContextFunction
[1352] 11:50:22:562: InitializeSecurityContext returned 0x90312
[1352] 11:50:22:562: State change to SentHello
[1352] 11:50:22:562: BuildPacket
[1352] 11:50:22:562:<< Sending Response (Code: 2) packet: Id: 37,
Length: 80, Type: 13, TLS blob length: 70. Flags: L
[1352] 11:50:22:562: EapPeapCMakeMessage done
[1352] 11:50:22:562: EapPeapMakeMessage done
[1448] 11:50:52:578: EapPeapEnd
[1448] 11:50:52:578: EapTlsEnd
[1448] 11:50:52:578: EapTlsEnd(test)
[1448] 11:50:52:578: EapPeapEnd done
[1448] 11:51:52:593: PeapReadConnectionData
[1448] 11:51:52:593: PeapReadUserData
[1448] 11:51:52:593: RasEapGetInfo
[1352] 12:02:42:625: PeapReadConnectionData
[1352] 12:02:42:640: PeapReadUserData
[1352] 12:02:42:640: RasEapGetInfo
[1352] 12:02:42:640: PeapReDoUserData
[1352] 12:02:42:640: EapTlsInvokeIdentityUI
[1352] 12:02:42:640: GetCertInfo
[1352] 12:03:42:640: PeapReadConnectionData
[1352] 12:03:42:640: PeapReadUserData
[1352] 12:03:42:640: RasEapGetInfo
[1352] 12:03:42:671: EapPeapBegin
[1352] 12:03:42:671: PeapReadConnectionData
[1352] 12:03:42:671: PeapReadUserData
[1352] 12:03:42:671:
[1352] 12:03:42:671: EapTlsBegin(GHOST\indrajaya)
[1352] 12:03:42:671: State change to Initial
[1352] 12:03:42:671: EapTlsBegin: Detected 8021X authentication
[1352] 12:03:42:671: EapTlsBegin: Detected PEAP authentication
[1352] 12:03:42:671: MaxTLSMessageLength is now 16384
[1352] 12:03:42:671: EapPeapBegin done
[1352] 12:03:42:671: EapPeapMakeMessage
[1352] 12:03:42:671: EapPeapCMakeMessage
[1352] 12:03:42:671: PEAP:PEAP_STATE_INITIAL
[1352] 12:03:42:671: EapTlsCMakeMessage
[1352] 12:03:42:671: EapTlsReset
[1352] 12:03:42:671: State change to Initial
[1352] 12:03:42:671: GetCredentials
[1352] 12:03:42:671: Flag is Client and Store is Current User
[1352] 12:03:42:671: GetCachedCredentials
[1352] 12:03:42:671: FreeCachedCredentials
[1352] 12:03:42:671: No Cert Store. Guest Access requested
[1352] 12:03:42:671: No Cert Name. Guest access requested
[1352] 12:03:42:671: Will validate server cert
[1352] 12:03:42:671: MakeReplyMessage
[1352] 12:03:42:671: SecurityContextFunction
[1352] 12:03:42:671: InitializeSecurityContext returned 0x90312
[1352] 12:03:42:671: State change to SentHello
[1352] 12:03:42:671: BuildPacket
[1352] 12:03:42:671:<< Sending Response (Code: 2) packet: Id: 3,
Length: 80, Type: 13, TLS blob length: 70. Flags: L
[1352] 12:03:42:671: EapPeapCMakeMessage done
[1352] 12:03:42:671: EapPeapMakeMessage done
[2004] 12:04:12:687: EapPeapEnd
[2004] 12:04:12:687: EapTlsEnd
[2004] 12:04:12:687: EapTlsEnd(ghost\indrajaya)
[2004] 12:04:12:687: EapPeapEnd done
[2004] 12:04:42:734: EapPeapBegin
[2004] 12:04:42:734: PeapReadConnectionData
[2004] 12:04:42:734: PeapReadUserData
/Regards,
Indrajaya Pitra Perdana/
On 12/15/2011 6:04 PM, Heikki Vatiainen wrote:
On 12/15/2011 06:18 AM, Indrajaya Pitra Perdana wrote:
The problem still persist even i created my own certificate using the
steps in mkcertificate.sh goodies , my windows didn't respon to the eap
challenge sent by Radiator, do u have any clue on this? or perhaps the
problem is within my 2950 catalyst ? thanks :-)
You could try enabling debug for EAP authentication on the switch to see
how it reacts to EAP messages.
Meanwhile you could also try running wireshark on Windows to see if the
challenge with the certificate is sent by the switch to the XP box.
One thing you could try first is to use even lower value for
EAPTLS_MaxFragmentSize
The messages before certifcate are much smaller and so this challenge
would be the first that can reach the maximum size.
Thanks!
--
Heikki Vatiainen<[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
Tue Dec 20 10:54:08 2011: DEBUG: Packet dump:
*** Received from 202.53.249.28 port 1812 ....
Code: Access-Request
Identifier: 0
Authentic: <231><214><155><220>`<9><26>:<129><148>2<182>\.LY
Attributes:
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Called-Station-Id = "00-0A-8A-FC-DB-8B"
Calling-Station-Id = "00-1B-38-A5-45-A5"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = <2><0><0><14><1>indrajaya
Message-Authenticator =
<159><160>6P4q<231><11>X<3><181><27><215><24><9>=
Tue Dec 20 10:54:08 2011: DEBUG: Handling request with Handler '', Identifier ''
Tue Dec 20 10:54:08 2011: DEBUG: Deleting session for indrajaya,
202.53.249.28, 50011
Tue Dec 20 10:54:08 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:08 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:08 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:08 2011: DEBUG: Handling with EAP: code 2, 0, 14, 1
Tue Dec 20 10:54:08 2011: DEBUG: Response type 1
Tue Dec 20 10:54:08 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Dec 20 10:54:08 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Tue Dec 20 10:54:08 2011: DEBUG: Access challenged for indrajaya: EAP PEAP
Challenge
Tue Dec 20 10:54:08 2011: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ....
Code: Access-Challenge
Identifier: 0
Authentic: udFY<220>f<252>;f<136><175><189><216><186><10><173>
Attributes:
EAP-Message = <1><1><0><6><25>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Dec 20 10:54:08 2011: DEBUG: Packet dump:
*** Received from 202.53.249.28 port 1812 ....
Code: Access-Request
Identifier: 1
Authentic: <235><226>L<184><169><222><218><142>]<133><222>i<232><173><234><6>
Attributes:
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Called-Station-Id = "00-0A-8A-FC-DB-8B"
Calling-Station-Id = "00-1B-38-A5-45-A5"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message =
<2><1><0>p<25><128><0><0><0>f<22><3><1><0>a<1><0><0>]<3><1>N<240><7><28><1>i<23><233>c<138>=<3><196><150><179>_G<186><219><153><214><31><188><139><166>`<198>W(<215><162>:
|X<179>Nx9=<205><218><162><165>L1<5><214><175>*<14><165>Z<188>\<6>N<207><132><19>t<143><208>g<235><0><22><0><4><0><5><0><10><0><9><0>d<0>b<0><3><0><6><0><19><0><18><0>c<1><0>
Message-Authenticator =
<137>|<12><237><157><132>%<166><212><128>cR<226><196><206><222>
Tue Dec 20 10:54:08 2011: DEBUG: Handling request with Handler '', Identifier ''
Tue Dec 20 10:54:08 2011: DEBUG: Deleting session for indrajaya,
202.53.249.28, 50011
Tue Dec 20 10:54:08 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:08 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:08 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:08 2011: DEBUG: Handling with EAP: code 2, 1, 112, 25
Tue Dec 20 10:54:08 2011: DEBUG: Response type 25
Tue Dec 20 10:54:08 2011: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Tue Dec 20 10:54:08 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Dec 20 10:54:08 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Tue Dec 20 10:54:08 2011: DEBUG: Access challenged for indrajaya: EAP PEAP
Challenge
Tue Dec 20 10:54:08 2011: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ....
Code: Access-Challenge
Identifier: 1
Authentic: <234>JZ\@<19><4><234>O]w<242>a,!<253>
Attributes:
EAP-Message =
<1><2><3><242><25><192><0><0><8>7<22><3><1><0>J<2><0><0>F<3><1>N<240><6><224>m4%<145><237><25><13><247>=,u<31><5><243><144><161><240>A<254>u(d<166><3><205>nP)
h%<231>s<224><197>Dfy<226><181>s#<13><226><175><130>_<150><181>@<18><250>{<189><207>z<237><0>4J<240><0><4><0><22><3><1><7><218><11><0><7><214><0><7><211><0><3><200>0<130><3><196>0<130><2><172><160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><150>1<11>0<9><6><3>U<4><6><19><2>ID1<15>0<13><6><3>U<4><8><12><6>BANTEN1<16>0<14><6><3>U<4><7><12><7>CIPUTAT1<21>0<19><6><3>U<4><10><12><12>INDOINTERNET1<12>0<10><6><3>U<4><11><12><3>R&D1<26>0<24><6><3>U<4><3><12><17>namgw.indo.net.id1#
EAP-Message =
0!<6><9>*<134>H<134><247><13><1><9><1><22><20>[email protected]<30><23><13>111214084653Z<23><13>131213084653Z0<129><154>1<11>0<9><6><3>U<4><6><19><2>ID1<15>0<13><6><3>U<4><8><12><6>BANTEN1<16>0<14><6><3>U<4><7><12><7>CIPUTAT1<21>0<19><6><3>U<4><10><12><12>INDOINTERNET1<12>0<10><6><3>U<4><11><12><3>R&D1<30>0<28><6><3>U<4><3><12><21>namserver.indo.net.id1#0!<6><9>*<134>H<134><247><13><1><9><1><22><20>[email protected]<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2>
EAP-Message =
<130><1><1><0><167><144><10><20><200>k<175><157>oS<209>Z<16>k,<136><129><197><128><236><234><177><29>+<134><131>}8V<8><171><130>4n<193><184><203>`<203><250>'<204><195><190><226>Z<168><166><174><179><31><216>x<151><218>,<131>H<210>{<168>"<215>*<227>y<139>k<23>gWM<253><8><249><152>a<233>L<254><185>j-Fh<205>NvO<171><179><25>}<243><166><219>w<31><236>Oe<23><253>?["<136>j|<14><247>BI<253><255><13><135><153><198><234><156><231><244>-<190><251><128>&<185>,N\l<231>\<153><166><127><210>R<253>$<230>o<224><21><209>7[<159>c=sY8x<205>I;<9><149>r<234><160><137><238>.<182>a<10><142>U<132><28><248>J9<135><252><6><19><252><167><225><132><178>
[<136><226><163><19>a<132>.<228>K<3><147><170>R<8><173><160><158><9>#<196>}<207><3><174>><24><153>@7<241><134>Y7);4<230><15>i<206><223><24><211><1><241>R<201>D<140><189><145>ARm3<<160><127>\<3>c
EAP-Message =
<209>#<197><188><252><15><11><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><164><162><2>C<145><229><233>Jec<152><230><203><230>w<168>p<249><225><188>Z<188>+Xm<191><166>,<232>?<216><145><211>c<250><161><127><216><8><178><130>\)<151><136>)<186><19>:<185>0<210>i(<200><201><193><199><215><8><206>
<14>Z<9>!<228><180><131>4<140>uC<0><227>q<202>Q<13>M<173>(;<1><138><193><156><4>G3<146>yw&<248><134><221>>TV<142><166>'<7>h<183><26>m]<178><252>m<172><232>}<179><202><248><181><221>q<213>&M!v<201><239><193>J<242><239>Y<15><210><246>7<4><152>q<132><156><154>S<237>N<28><23><30>0<20><171><131>l<245>yo<21><156><174><206><209><16>H<181><128><196>M<187>D<17><165><166>CQ<0><216><225><214><252>+<21>5<240><161><156>W0<226>t'<17>2<242>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Dec 20 10:54:09 2011: DEBUG: Packet dump:
*** Received from 202.53.249.28 port 1812 ....
Code: Access-Request
Identifier: 2
Authentic:
<182><187><195>x<133><161><186><144><135><164><200><205><8><26><213><243>
Attributes:
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Called-Station-Id = "00-0A-8A-FC-DB-8B"
Calling-Station-Id = "00-1B-38-A5-45-A5"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = <2><2><0><6><25><0>
Message-Authenticator = <235>$2!<220><171><219>'a<255>S<2>hpu<253>
Tue Dec 20 10:54:09 2011: DEBUG: Handling request with Handler '', Identifier ''
Tue Dec 20 10:54:09 2011: DEBUG: Deleting session for indrajaya,
202.53.249.28, 50011
Tue Dec 20 10:54:09 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:09 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:09 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:09 2011: DEBUG: Handling with EAP: code 2, 2, 6, 25
Tue Dec 20 10:54:09 2011: DEBUG: Response type 25
Tue Dec 20 10:54:09 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Dec 20 10:54:09 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Tue Dec 20 10:54:09 2011: DEBUG: Access challenged for indrajaya: EAP PEAP
Challenge
Tue Dec 20 10:54:09 2011: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ....
Code: Access-Challenge
Identifier: 2
Authentic: <199>5<7><7><210><204>vo<140>I<184><165><149>u<200><186>
Attributes:
EAP-Message =
<1><3><3><238><25>@$<159>3M<218>u<144><192>%<215>><244><226>#<182><205><6><221><158><9><138>[><19><151><223>,<208><227><158>]<25><246><20>M<246><12>1<170>(<128>Q<15>O<149><189><20><17><150><193>rp<149>H<130><148><230><205><200><27><138><228><0><4><5>0<130><4><1>0<130><2><233><160><3><2><1><2><2><9><0><178><145><157><174>y<24><230><173>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><150>1<11>0<9><6><3>U<4><6><19><2>ID1<15>0<13><6><3>U<4><8><12><6>BANTEN1<16>0<14><6><3>U<4><7><12><7>CIPUTAT1<21>0<19><6><3>U<4><10><12><12>INDOINTERNET1<12>0<10><6><3>U<4><11><12><3>R&D1<26>0<24><6><3>U<4><3><12><17>namgw.indo.net.id1#0!<6><9>*<134>H<134><247><13><1><9><1><22><20>rnd-team@i
EAP-Message =
ndo.net.id0<30><23><13>111214082633Z<23><13>131213082633Z0<129><150>1<11>0<9><6><3>U<4><6><19><2>ID1<15>0<13><6><3>U<4><8><12><6>BANTEN1<16>0<14><6><3>U<4><7><12><7>CIPUTAT1<21>0<19><6><3>U<4><10><12><12>INDOINTERNET1<12>0<10><6><3>U<4><11><12><3>R&D1<26>0<24><6><3>U<4><3><12><17>namgw.indo.net.id1#0!<6><9>*<134>H<134><247><13><1><9><1><22><20>[email protected]<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><170><170><30>&Wc<5><183><231>jk<130>J<214><163><130>RE<236><20>^<153>@<133><179>
EAP-Message =
N3<128>H<195><136><235><192>L5-<145><127><230><183><186><218>L<251><188>.<245><4><218>e<144><17>~-W<2><247>7<199><31><203><216><185><244><27><197>88f.<15>G<176>F<181><160><242><188>&<160><138><238>4Ym<200><194><174>w2<12><155><7>y<15><0>g@<242><241><167><14>$<129><207><193><239><128><163><147><130><187><229>r<148><245><192><226>f<219>r8<191>Jz.0<226><15><179><18>x<233><5>v\<238><226>m><161>?<143><12><203><246><159>'<220><222>^<237><179><228><228><252><169><227>#?S<161>(<173><9>
<197><171><18>o7<140><225><179>^<156><174><16><131>jH<220><197><199>{$<209>9<130><16><211><6>n<151>]<176>T<4>h*<242><129>9<195><2><169><168><205><150><10>%u<250><197>l7kv<202>hf;<16>D/<161>`<139>h<219><224>"0T9=<209>6<211>P<208><233><234>>N<250>*<135>Vhe<222><234><134><135><225><2><3><1><0><1><163>P0N0<29><6><3>U<29><14><4><22><4><20><253>/
EAP-Message =
<199>d<250>4R5<202><9>^<128>c<165><194><19>LpH<10>0<31><6><3>U<29>#<4><24>0<22><128><20><253>/<199>d<250>4R5<202><9>^<128>c<165><194><19>LpH<10>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><165>xb<207>}<222><128><232><195><145><199>1'<254><150><175>b<185><175><172><133><142><220>HR<139>V7<219><232>c<174><248><237><144><3>B<191>p<221><19>FB<27>8N<175><149><231><197>X<154><170><135><241>%:<127>n<197><16><161><200><147>4<200><140>Npb<249><219>{n<163><221><196>Z<23>:<236><195><192><154><203><207><1><134>1<152><244>)|<255><183><238><15><131>g'H0<237><228><21><165><232>'<206><140>1<159><129>pj<6><167>x<244>}o<134>O<177><198><11><220><7>cj<155>Z<179>z<171>.<228><154>(<1>/<10><26><238>9<225>^<183>h<229><<21><163><244>\<206>e<140><151><239><8>Z
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Dec 20 10:54:09 2011: DEBUG: Packet dump:
*** Received from 202.53.249.28 port 1812 ....
Code: Access-Request
Identifier: 3
Authentic: #<240><177><160>=<169><22><155>a<172><200>B<187>#<3
Attributes:
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Called-Station-Id = "00-0A-8A-FC-DB-8B"
Calling-Station-Id = "00-1B-38-A5-45-A5"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = <2><3><0><6><25><0>
Message-Authenticator =
<19>-<168><210><160>})<5><186><141>4F<242><28>l<173>
Tue Dec 20 10:54:09 2011: DEBUG: Handling request with Handler '', Identifier ''
Tue Dec 20 10:54:09 2011: DEBUG: Deleting session for indrajaya,
202.53.249.28, 50011
Tue Dec 20 10:54:09 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:09 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:09 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:09 2011: DEBUG: Handling with EAP: code 2, 3, 6, 25
Tue Dec 20 10:54:09 2011: DEBUG: Response type 25
Tue Dec 20 10:54:09 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Dec 20 10:54:09 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Tue Dec 20 10:54:09 2011: DEBUG: Access challenged for indrajaya: EAP PEAP
Challenge
Tue Dec 20 10:54:09 2011: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ....
Code: Access-Challenge
Identifier: 3
Authentic: <236>2<132><238><0>W<12><218><241>5<160><185>n<153>P<233>
Attributes:
EAP-Message =
<1><4><0>m<25><0>K<199><160><185><8><177>a<221><249><158>aU<14><172><161><0><191><17><202><204>f<136><207>%<178><30><199>w&<149><31>d<152><243>f<2>f<129>WWH<149><28><137><128>vBH<250>r<253><169><17><7><183>Z<219>s<23><162>h<6><156>-<176><241>`,a^<206><13>9<159><31><174>n<207><13>t<185>G<215><138><148>$<196><17>k<236><216><162><171>)<22><3><1><0><4><14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Dec 20 10:54:11 2011: DEBUG: Packet dump:
*** Received from 202.53.249.28 port 1812 ....
Code: Access-Request
Identifier: 4
Authentic: <254><250><153><151><8><242><140><195>,<0><24>0<168>O<187>&
Attributes:
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Called-Station-Id = "00-0A-8A-FC-DB-8B"
Calling-Station-Id = "00-1B-38-A5-45-A5"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message =
<2><4><1>@<25><128><0><0><1>6<22><3><1><1><6><16><0><1><2><1><0>+<172>9<161><163><210><179>n<176>e0<164>p<140><160><200><13><244><129><180><146><237><134><5><130><246>)<16><7><192><207><245><230><139>-<146><252><223><243><16><227><222><4><11>U<138><210>B<218><252><163><247><19>RV<9>I
<230><194><188>K<252><169><152><189>:<3>19q<208>U<24>d<210><202><138>v<251><212><144>?<181><207><229>H<167><242><143><151>4.<251>1<140><199><249>~6!<157><134><225>|'<222><16><228>q<21><190><128><246><153><21><137><6><154><207>$<146><7><221><17><17>d<194><127>p[<155><18>g<210><167>;<248>&m<143>f<4>m<171>3<187>\<18><170><249>h<250><135>P<193><189><173>0<164><23><234>l<253><26><145><167><22><141><15>
<153><149>|<175>{\O<249><190>c<152>'<224><147><141><139><155>+I<199><127>B<248>"<223><15>#<250><214><154><18><175>X<204><220><239>
4<138>Xr<209><242><236>/<207>@<222><28><218><227>i<240>2rI<163><15><235>*8
EAP-Message =
<185><241><216><234><255><147><6><201><249><165><197><22>m,<253><1>&<152><217><226>W<154>h<218><20><3><1><0><1><1><22><3><1><0>
:6<153><132>{<222>'<192><26>epb<151><181>J<255>m<31><244>d<172>a`<208><195>4<145>?<23><26><209><195>
Message-Authenticator =
<156><194><150>/<213><7><234>4<251><31><254><235>*<30><148><239>
Tue Dec 20 10:54:11 2011: DEBUG: Handling request with Handler '', Identifier ''
Tue Dec 20 10:54:11 2011: DEBUG: Deleting session for indrajaya,
202.53.249.28, 50011
Tue Dec 20 10:54:11 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:11 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:11 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:11 2011: DEBUG: Handling with EAP: code 2, 4, 320, 25
Tue Dec 20 10:54:11 2011: DEBUG: Response type 25
Tue Dec 20 10:54:11 2011: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Tue Dec 20 10:54:11 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Dec 20 10:54:11 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Tue Dec 20 10:54:11 2011: DEBUG: Access challenged for indrajaya: EAP PEAP
Challenge
Tue Dec 20 10:54:11 2011: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ....
Code: Access-Challenge
Identifier: 4
Authentic: <197>*W<11><237><183><234><167>^<231><160><169>K<228><199><13>
Attributes:
EAP-Message =
<1><5><0>5<25><128><0><0><0>+<20><3><1><0><1><1><22><3><1><0>
<177>2<19><238>x<151>2<142><251>D{<20><187>><160><235><199><6><5><144>AvN-<18>bA<131><10>0<138>I
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Dec 20 10:54:13 2011: DEBUG: Packet dump:
*** Received from 202.53.249.28 port 1812 ....
Code: Access-Request
Identifier: 5
Authentic: <144><193><197><199><171><234><203><1><235>)&<150>a{<176><155>
Attributes:
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Called-Station-Id = "00-0A-8A-FC-DB-8B"
Calling-Station-Id = "00-1B-38-A5-45-A5"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = <2><5><0><6><25><0>
Message-Authenticator =
/<11>Y<222><222><154>6<10><191><215>5<190><207>+<1>7
Tue Dec 20 10:54:13 2011: DEBUG: Handling request with Handler '', Identifier ''
Tue Dec 20 10:54:13 2011: DEBUG: Deleting session for indrajaya,
202.53.249.28, 50011
Tue Dec 20 10:54:13 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:13 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:13 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:13 2011: DEBUG: Handling with EAP: code 2, 5, 6, 25
Tue Dec 20 10:54:13 2011: DEBUG: Response type 25
Tue Dec 20 10:54:13 2011: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Dec 20 10:54:13 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Tue Dec 20 10:54:13 2011: DEBUG: Access challenged for indrajaya: EAP PEAP
Challenge
Tue Dec 20 10:54:13 2011: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ....
Code: Access-Challenge
Identifier: 5
Authentic: ;<7>`<172><147><132><228><190>]<225>;<235><5>y-<204>
Attributes:
EAP-Message =
<1><6><0><28><25><0><23><3><1><0><17>'<197><242><11><137>^<191><168>}<10>w<236>,0[<232>N
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Dec 20 10:54:14 2011: DEBUG: Packet dump:
*** Received from 202.53.249.28 port 1812 ....
Code: Access-Request
Identifier: 6
Authentic: (AW<144><182><14><151><231><240>:<221>$<251>3&+
Attributes:
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Called-Station-Id = "00-0A-8A-FC-DB-8B"
Calling-Station-Id = "00-1B-38-A5-45-A5"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message =
<2><6><0>%<25><0><23><3><1><0><26>+<146><202>B<182><13>E<4>/R1G]<156>F<211><244><156>Y<240>A<155>S<229><190><254>
Message-Authenticator =
c<166><21><16>=i<200><227>5cV<186>u<31><224><134>
Tue Dec 20 10:54:14 2011: DEBUG: Handling request with Handler '', Identifier ''
Tue Dec 20 10:54:14 2011: DEBUG: Deleting session for indrajaya,
202.53.249.28, 50011
Tue Dec 20 10:54:14 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:14 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:14 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:14 2011: DEBUG: Handling with EAP: code 2, 6, 37, 25
Tue Dec 20 10:54:14 2011: DEBUG: Response type 25
Tue Dec 20 10:54:14 2011: DEBUG: EAP PEAP inner authentication request for
anonymous
Tue Dec 20 10:54:14 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <246><242>#h<150><25><203>}Mb<247><244>_<216><195><209>
Attributes:
EAP-Message = <2><6><0><10><1>indrajaya
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
Calling-Station-Id = "00-1B-38-A5-45-A5"
User-Name = "anonymous"
Tue Dec 20 10:54:14 2011: DEBUG: Handling request with Handler
'TunnelledByPEAP=1', Identifier ''
Tue Dec 20 10:54:14 2011: DEBUG: Deleting session for anonymous,
202.53.249.28, 50011
Tue Dec 20 10:54:14 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:14 2011: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME like '%@'':
Tue Dec 20 10:54:14 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:14 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:14 2011: DEBUG: Handling with EAP: code 2, 6, 10, 1
Tue Dec 20 10:54:14 2011: DEBUG: Response type 1
Tue Dec 20 10:54:14 2011: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Tue Dec 20 10:54:14 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP MSCHAP-V2
Challenge
Tue Dec 20 10:54:14 2011: DEBUG: Access challenged for anonymous: EAP MSCHAP-V2
Challenge
Tue Dec 20 10:54:14 2011: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: <246><242>#h<150><25><203>}Mb<247><244>_<216><195><209>
Attributes:
EAP-Message =
<1><7><0>$<26><1><7><0><31><16><180>~M<28><127>ua#<22>&X<220><133>+<28>_radius-nam
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Dec 20 10:54:14 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication
redispatched to a Handler
Tue Dec 20 10:54:14 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP inner
authentication redispatched to a Handler
Tue Dec 20 10:54:14 2011: DEBUG: Access challenged for indrajaya: EAP PEAP
inner authentication redispatched to a Handler
Tue Dec 20 10:54:14 2011: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ....
Code: Access-Challenge
Identifier: 6
Authentic: kB;GXw<241><147><216><4><171><141><213><151><206><241>
Attributes:
EAP-Message =
<1><7><0>;<25><0><23><3><1><0>0<178>h<204><29><27><8><150>1t<149><176>><197>q<234><18>$|N<168>/<187><206>o<163><219>J<205><14>4<187><22><179><132>e<186><17>,<196><19><16><162>.<249>DYd<18>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Dec 20 10:54:16 2011: DEBUG: Packet dump:
*** Received from 202.53.249.28 port 1812 ....
Code: Access-Request
Identifier: 7
Authentic: <236><229>3<151><187>2<138><0>+<254><222><204><13><139><186><16>
Attributes:
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Called-Station-Id = "00-0A-8A-FC-DB-8B"
Calling-Station-Id = "00-1B-38-A5-45-A5"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message =
<2><7><0>[<25><0><23><3><1><0>P<12><137><197><237><215>O<216><23>u1<189><137>s<160>5<163><216><253><197>*g0<129><152><13>7"<14><9><23>C<143>k-<218><20><8>@<0>;<179><168>`<193><20><162><220><136><9>8x-<182>b<185>S<184>8<19>K<11><21>v<<140>6t<248>|<24>M1<128><171><160>
<137>A<18><11>
Message-Authenticator =
<169><13><135>z<136>N<245>6<172><194>-<131><193><218><158><158>
Tue Dec 20 10:54:16 2011: DEBUG: Handling request with Handler '', Identifier ''
Tue Dec 20 10:54:16 2011: DEBUG: Deleting session for indrajaya,
202.53.249.28, 50011
Tue Dec 20 10:54:16 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:16 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:16 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:16 2011: DEBUG: Handling with EAP: code 2, 7, 91, 25
Tue Dec 20 10:54:16 2011: DEBUG: Response type 25
Tue Dec 20 10:54:16 2011: DEBUG: EAP PEAP inner authentication request for
anonymous
Tue Dec 20 10:54:16 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: A<132><247>9<23><197>+<192><228><143><159><30>!B<253><196>
Attributes:
EAP-Message =
<2><7><0>@<26><2><7><0>?1lQj1%<178>C<135><226><212><143>O<194><229>6<219><0><0><0><0><0><0><0><0><140>KT]vIo<7><222><147><222><192>=<238><211><11><136>5<212>x<215><192>b><0>indrajaya
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
Calling-Station-Id = "00-1B-38-A5-45-A5"
User-Name = "anonymous"
Tue Dec 20 10:54:16 2011: DEBUG: Handling request with Handler
'TunnelledByPEAP=1', Identifier ''
Tue Dec 20 10:54:16 2011: DEBUG: Deleting session for anonymous,
202.53.249.28, 50011
Tue Dec 20 10:54:16 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:16 2011: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME like '%@'':
Tue Dec 20 10:54:16 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:16 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:16 2011: DEBUG: Handling with EAP: code 2, 7, 64, 26
Tue Dec 20 10:54:16 2011: DEBUG: Response type 26
Tue Dec 20 10:54:16 2011: DEBUG: Query is: 'select PASSWORD FROM SUBSCRIBERS
WHERE USERNAME='indrajaya'':
Tue Dec 20 10:54:16 2011: DEBUG: Radius::AuthSQL looks for match with indrajaya
[anonymous]
Tue Dec 20 10:54:16 2011: DEBUG: Radius::AuthSQL ACCEPT: : indrajaya [anonymous]
Tue Dec 20 10:54:16 2011: DEBUG: EAP result: 3, EAP MSCHAP V2 Challenge: Success
Tue Dec 20 10:54:16 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP MSCHAP V2
Challenge: Success
Tue Dec 20 10:54:16 2011: DEBUG: Access challenged for anonymous: EAP MSCHAP V2
Challenge: Success
Tue Dec 20 10:54:16 2011: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: A<132><247>9<23><197>+<192><228><143><159><30>!B<253><196>
Attributes:
EAP-Message =
<1><8><0>=<26><3><7><0>8S=F1C82F40DDB237BBEE505EFFB6A24A80B9630274 M=success
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Dec 20 10:54:16 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication
redispatched to a Handler
Tue Dec 20 10:54:16 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP inner
authentication redispatched to a Handler
Tue Dec 20 10:54:16 2011: DEBUG: Access challenged for indrajaya: EAP PEAP
inner authentication redispatched to a Handler
Tue Dec 20 10:54:16 2011: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ....
Code: Access-Challenge
Identifier: 7
Authentic: <178><130><178><241>:<228>@<24><167><242>v<151><172><248>+<249>
Attributes:
EAP-Message =
<1><8><0>T<25><0><23><3><1><0>I<19><199>-<9>f>e<140>U<133>_<183><184><177><228>yR<156><250><11><140><6><4>G|#<8><221><244><184>V<216><255><31><163><135><210><246><12><28><175><7><212><14><157><130><227>-<225><135><191>u<166><163>8<17>d<201>B<170><228><215><229><180><229><27>x<157>;<5>'E<142>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tue Dec 20 10:54:17 2011: DEBUG: Packet dump:
*** Received from 202.53.249.28 port 1812 ....
Code: Access-Request
Identifier: 8
Authentic: (<204>C<175><166>c<145><128><255><14><253><200>.<136>]P
Attributes:
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
NAS-Port-Type = Ethernet
User-Name = "indrajaya"
Called-Station-Id = "00-0A-8A-FC-DB-8B"
Calling-Station-Id = "00-1B-38-A5-45-A5"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message =
<2><8><0><29><25><0><23><3><1><0><18>F<141>@%8<191><185><229><148><13><200><11><223><252><152>N<154><202>
Message-Authenticator =
<235><23><252><173><254>H<137><4><195>^<134><251>f<178><184><13>
Tue Dec 20 10:54:17 2011: DEBUG: Handling request with Handler '', Identifier ''
Tue Dec 20 10:54:17 2011: DEBUG: Deleting session for indrajaya,
202.53.249.28, 50011
Tue Dec 20 10:54:17 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:17 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:17 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:17 2011: DEBUG: Handling with EAP: code 2, 8, 29, 25
Tue Dec 20 10:54:17 2011: DEBUG: Response type 25
Tue Dec 20 10:54:17 2011: DEBUG: EAP PEAP inner authentication request for
anonymous
Tue Dec 20 10:54:17 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <239><252><217><240><28>8<131><239>kY<150><137>!SH<144>
Attributes:
EAP-Message = <2><8><0><2><26><3>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = 202.53.249.28
NAS-Port = 50011
Calling-Station-Id = "00-1B-38-A5-45-A5"
User-Name = "anonymous"
Tue Dec 20 10:54:17 2011: DEBUG: Handling request with Handler
'TunnelledByPEAP=1', Identifier ''
Tue Dec 20 10:54:17 2011: DEBUG: Deleting session for anonymous,
202.53.249.28, 50011
Tue Dec 20 10:54:17 2011: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '202.53.249.28' and NASPORT = 050011':
Tue Dec 20 10:54:17 2011: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME like '%@'':
Tue Dec 20 10:54:17 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:17 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:17 2011: DEBUG: Handling with EAP: code 2, 8, 2, 26
Tue Dec 20 10:54:17 2011: DEBUG: Response type 26
Tue Dec 20 10:54:17 2011: DEBUG: EAP result: 0,
Tue Dec 20 10:54:17 2011: DEBUG: AuthBy SQL result: ACCEPT,
Tue Dec 20 10:54:17 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:17 2011: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 20 10:54:17 2011: DEBUG: Handling with EAP: code 2, 8, 2, 26
Tue Dec 20 10:54:17 2011: DEBUG: Response type 26
Tue Dec 20 10:54:17 2011: DEBUG: EAP result: 1, Not authenticated by this AuthBy
Tue Dec 20 10:54:17 2011: DEBUG: AuthBy SQL result: REJECT, Not authenticated
by this AuthBy
Tue Dec 20 10:54:17 2011: INFO: Access rejected for anonymous: Not
authenticated by this AuthBy
Tue Dec 20 10:54:17 2011: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Reject
Identifier: UNDEF
Authentic: <239><252><217><240><28>8<131><239>kY<150><137>!SH<144>
Attributes:
EAP-Message = <3><8><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Tue Dec 20 10:54:17 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication
redispatched to a Handler
Tue Dec 20 10:54:17 2011: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP inner
authentication redispatched to a Handler
Tue Dec 20 10:54:17 2011: DEBUG: Access challenged for indrajaya: EAP PEAP
inner authentication redispatched to a Handler
Tue Dec 20 10:54:17 2011: DEBUG: Packet dump:
*** Sending to 202.53.249.28 port 1812 ....
Code: Access-Challenge
Identifier: 8
Authentic: <219><26>2<182><172><212>?F{o<12>P<17><166>}$
Attributes:
EAP-Message =
<1><9><0>&<25><0><23><3><1><0><27><211><186><210><186>N<150><21><13><219><30>:<<243><22><227>%<128>b9<7>I}<140><146>2<204>+
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
# radius.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with
# a simple system. You can then add and change features.
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration as required.
#
# This example will authenticate from a standard users file in
# DbDir/users and log accounting to LogDir/detail.
#
# It will accept requests from any client and try to handle request
# for any realm.
#
# You should consider this file to be a starting point only
# $Id: linux-radius.cfg,v 1.3 2002/03/24 23:07:49 mikem Exp $
#Foreground
#LogStdout
LogDir /var/log/radius
DbDir /etc/radiator
AuthPort 1812
AcctPort 1813
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 3
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
#Indrajaya
#
<ClientListSQL>
DBSource dbi:mysql:radius:localhost
DBUsername radius
DBAuth blablabla
GetClientQuery select
NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL, \
DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \
LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \
FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \
NOIGNOREDUPLICATES,PREHANDLERHOOK from RADCLIENTLIST
</ClientListSQL>
<SessionDatabase SQL>
DBSource dbi:mysql:radius:localhost
DBUsername radius
DBAuth blablabla
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, \
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, \
SERVICETYPE) values ('%u', '%1', %2, %3, %{Timestamp}, \
'%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
DeleteQuery delete from RADONLINE \
where NASIDENTIFIER = '%1' and NASPORT = 0%2
ClearNasQuery delete from RADONLINE \
where NASIDENTIFIER = '%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
FRAMEDIPADDRESS \
from RADONLINE where USERNAME like '%%@%R'
</SessionDatabase>
<Handler TunnelledByPEAP=1>
MaxSessions 1
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
DBSource dbi:mysql:radius:localhost
DBUsername radius
DBAuth blablabla
AuthSelect select PASSWORD FROM SUBSCRIBERS WHERE USERNAME=%0
AcctColumnDef User-Password, check
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
EAPType MSCHAP-V2
# EAPType PEAP
</AuthBy>
<AuthBy SQL>
DBSource dbi:mysql:radius:localhost
DBUsername radius
DBAuth blablabla
AccountingStopsOnly
AcctSQLStatement insert delayed into ACCOUNTING (USERNAME,
TIME_STAMP, \
ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTSESSIONID, ACCTSESSIONTIME, \
ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, NASIDENTIFIER, NASPORT, \
FRAMEDIPADDRESS, CALLERID, DOMAIN) \
values ('%U', '%{Timestamp}', '%{Acct-Status-Type}',
'%{Acct-Delay-Time}', \
'%{Acct-Session-Id}', "%{Acct-Session-Time}" * FLOOR( \
"%{Acct-Session-Time}" / (2 + "%{Acct-Session-Time}") + 0.49), \
'%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%N',
'%{NAS-Port}', \
'%{Framed-IP-Address}', '%{Calling-Station-Id}', '%R')
</AuthBy>
</Handler>
<Handler>
<AuthBy SQL>
DBSource dbi:mysql:radius:localhost
DBUsername radius
DBAuth blablabla
AuthSelect select PASSWORD FROM SUBSCRIBERS WHERE USERNAME=%0
AcctColumnDef User-Password, check
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
EAPType PEAP
# EAPType MSCHAP-V2
EAPTLS_CAFile /etc/ssl/cacert.pem
EAPTLS_CertificateFile /etc/ssl/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/ssl/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
</AuthBy>
<AuthBy SQL>
DBSource dbi:mysql:radius:localhost
DBUsername radius
DBAuth blablabla
AccountingStopsOnly
AcctSQLStatement insert delayed into ACCOUNTING (USERNAME,
TIME_STAMP, \
ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTSESSIONID, ACCTSESSIONTIME, \
ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, NASIDENTIFIER, NASPORT, \
FRAMEDIPADDRESS, CALLERID, DOMAIN) \
values ('%U', '%{Timestamp}', '%{Acct-Status-Type}',
'%{Acct-Delay-Time}', \
'%{Acct-Session-Id}', "%{Acct-Session-Time}" * FLOOR( \
"%{Acct-Session-Time}" / (2 + "%{Acct-Session-Time}") + 0.49), \
'%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%N',
'%{NAS-Port}', \
'%{Framed-IP-Address}', '%{Calling-Station-Id}', '%R')
</AuthBy>
</Handler>
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
