Here is a couple of more log excerpts.
--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: [email protected]
On 9/17/12 11:13 AM, "Johnson, Neil M" <[email protected]> wrote:
>Here's another trace excerpt... (Attached).
>
>
>--
>Neil Johnson
>Network Engineer
>The University of Iowa
>Phone: 319 384-0938
>Fax: 319 335-2951
>Mobile: 319 540-2081
>E-Mail: [email protected]
>
>
>
>
>
>
>On 9/17/12 11:01 AM, "Johnson, Neil M" <[email protected]> wrote:
>
>>Attached is an extract from the RADIUS log, where the user failed SSL
>>authentication...
>>
>>We are running 4.9 with patches...
>>
>>
>>--
>>Neil Johnson
>>Network Engineer
>>The University of Iowa
>>Phone: 319 384-0938
>>Fax: 319 335-2951
>>Mobile: 319 540-2081
>>E-Mail: [email protected]
>>
>>
>>
>>
>>
>>
>>On 9/14/12 3:42 PM, "Heikki Vatiainen" <[email protected]> wrote:
>>
>>>On 09/14/2012 07:16 PM, Johnson, Neil M wrote:
>>>
>>>> I have a wireless user who a few times a day gets asked to re-enter
>>>>his
>>>> credentials on his windows 7 system. After he re-enters his
>>>>credentials
>>>> he reconnects fine. I look in the RADIUS logs and see:
>>>>
>>>> Mon Sep 10 17:06:58 2012 757006: ERR: EAP PEAP TLS Handshake
>>>> unsuccessful: 4076: 1 - error:14094417:SSL
>>>> routines:SSL3_READ_BYTES:sslv3 alert illegal parameter
>>>>
>>>> I don't have any more verbose logging at this time (The user is out of
>>>> the office this week), but I was wondering if anyone else had seen
>>>>this
>>>> error message before.
>>>
>>>I have seen that just a couple of times but certainly not very often.
>>>Trace 4 log would be useful to see what happens during the TLS tunnel
>>>setup.
>>>
>>>There's one PEAP related fix in 4.10 patches. What you see may be
>>>related to PEAP fast reconnect aka session resumption. The patch fixes
>>>problems with windows clients.
>>>
>>>The problem does not cause the error you are seeing so it may be related
>>>to some other client. However, if you can apply the patch, it might be
>>>worth trying.
>>>
>>>Thanks,
>>>Heikki
>>>
>>>--
>>>Heikki Vatiainen <[email protected]>
>>>
>>>Radiator: the most portable, flexible and configurable RADIUS server
>>>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>>DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
>>>NetWare etc.
>>>_______________________________________________
>>>radiator mailing list
>>>[email protected]
>>>http://www.open.com.au/mailman/listinfo/radiator
>>
>
Mon Sep 17 11:17:17 2012 474979: DEBUG: Packet dump:
*** Received from 128.255.11.10 port 40150 ....
Code: Access-Request
Identifier: 245
Authentic: <127><4>.<130>it<31><210>\<198><244><157><243><12><226>?
Attributes:
User-Name = "[email protected]"
NAS-IP-Address = 128.255.11.10
NAS-Port = 6170
Called-Station-Id = "00-90-0B-27-10-59:UI-eduroam"
Calling-Station-Id = "00-27-10-00-61-E0"
Framed-MTU = 1250
NAS-Port-Type = Wireless-IEEE-802-11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = <2><1><0><22><1>[email protected]
Message-Authenticator =
,#<228><232><191><236><162><24><21><198>#Qc/<196><171>
Mon Sep 17 11:17:17 2012 475638: DEBUG: Handling request with Handler
'Client-Identifier=fromUIOWA, Called-Station-Id=/eduroam$/i,
Realm=/(uiowa\.edu$)/i ', Identifier ''
Mon Sep 17 11:17:17 2012 475985: DEBUG: PreProcessing Hook: called.
Mon Sep 17 11:17:17 2012 476375: DEBUG: Deleting session for
[email protected], 128.255.11.10, 6170
Mon Sep 17 11:17:17 2012 476707: DEBUG: Handling with Radius::AuthLSA:
Mon Sep 17 11:17:17 2012 477123: DEBUG: Handling with EAP: code 2, 1, 22, 1
Mon Sep 17 11:17:17 2012 477444: DEBUG: Response type 1
Mon Sep 17 11:17:17 2012 477876: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Sep 17 11:17:17 2012 478199: DEBUG: AuthBy LSA result: CHALLENGE, EAP PEAP
Challenge
Mon Sep 17 11:17:17 2012 478534: DEBUG: Access challenged for
[email protected]: EAP PEAP Challenge
Mon Sep 17 11:17:17 2012 478896: DEBUG: PostProcessing Hook: called.
Mon Sep 17 11:17:17 2012 479500: DEBUG: Packet dump:
*** Sending to 128.255.11.10 port 40150 ....
Code: Access-Challenge
Identifier: 245
Authentic: <6>]64<23>"<187><177><31><219><151><162><16><144>)y
Attributes:
EAP-Message = <1><2><0><6><25>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Sep 17 11:17:17 2012 511502: DEBUG: Packet dump:
*** Received from 128.255.11.10 port 40150 ....
Code: Access-Request
Identifier: 247
Authentic: <152>o<192><157><149><237>3<7>c<11>j<181>)<7><132>O
Attributes:
User-Name = "[email protected]"
NAS-IP-Address = 128.255.11.10
NAS-Port = 6170
Called-Station-Id = "00-90-0B-27-10-59:UI-eduroam"
Calling-Station-Id = "00-27-10-00-61-E0"
Framed-MTU = 1250
NAS-Port-Type = Wireless-IEEE-802-11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message =
<2><2><0><137><25><128><0><0><0><127><22><3><1><0>z<1><0><0>v<3><1>PWM<13>UO<23><127><181>M<183>
c<2>6[<25><<131><216><146><17>H<179>t9<14>4A<195>M<131>
Q<231><162><139><168>C4<148>a<236><255><219>.:<13>f=U<217><10><244><133><254>I<242><5>F<229><182><255><178><202><0><24><0>/<0>5<0><5><0><10><192><19><192><20><192><9><192><10><0>2<0>8<0><19><0><4><1><0><0><21><255><1><0><1><0><0><10><0><6><0><4><0><23><0><24><0><11><0><2><1><0>
Message-Authenticator =
<140><241><2>q<19>#<222><130>)F<151><168><250><1><224><166>
Mon Sep 17 11:17:17 2012 512167: DEBUG: Handling request with Handler
'Client-Identifier=fromUIOWA, Called-Station-Id=/eduroam$/i,
Realm=/(uiowa\.edu$)/i ', Identifier ''
Mon Sep 17 11:17:17 2012 512514: DEBUG: PreProcessing Hook: called.
Mon Sep 17 11:17:17 2012 512901: DEBUG: Deleting session for
[email protected], 128.255.11.10, 6170
Mon Sep 17 11:17:17 2012 513232: DEBUG: Handling with Radius::AuthLSA:
Mon Sep 17 11:17:17 2012 513645: DEBUG: Handling with EAP: code 2, 2, 137, 25
Mon Sep 17 11:17:17 2012 513967: DEBUG: Response type 25
Mon Sep 17 11:17:17 2012 514544: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Mon Sep 17 11:17:17 2012 514995: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Sep 17 11:17:17 2012 515317: DEBUG: AuthBy LSA result: CHALLENGE, EAP PEAP
Challenge
Mon Sep 17 11:17:17 2012 515654: DEBUG: Access challenged for
[email protected]: EAP PEAP Challenge
Mon Sep 17 11:17:17 2012 516016: DEBUG: PostProcessing Hook: called.
Mon Sep 17 11:17:17 2012 518018: DEBUG: Packet dump:
*** Sending to 128.255.11.10 port 40150 ....
Code: Access-Challenge
Identifier: 247
Authentic: <5><230>V<27><162>d8sX<232>I<231><219><151>?{
Attributes:
EAP-Message =
<1><3><4><236><25><192><0><0><15>!<22><3><1><0>J<2><0><0>F<3><1>PWM<13><226><167>:9<186><9><28><231><251>n<135>e<29><186><172><221>}<167><225><196>W<230><4>[b<241>q<228>
<235><231>q<227><12><186><20><180><249>f<172><31>"<17><134>K!<217>8<226>v<216>+<171><131>B<186>:<205><196><140><150><0>/<0><22><3><1><14><196><11><0><14><192><0><14><189><0><5><179>0<130><5><175>0<130><4><151><160><3><2><1><2><2><17><0><192>1<252><202><166><225>N<140>vY<9>c<243><202>f<195>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0Q1<11>0<9><6><3>U<4><6><19><2>US1<18>0<16><6><3>U<4><10><19><9>Internet21<17>0<15><6><3>U<4><11><19><8>InCommon1<27>0<25><6><3>U<4><3><19><18>InCommon
Server CA0<30><23><13>110603000000Z<23><13>
EAP-Message =
140602235959Z0<130><1><26>1<11>0<9><6><3>U<4><6><19><2>US1<14>0<12><6><3>U<4><17><19><5>522421<11>0<9><6><3>U<4><8><19><2>IA1<18>0<16><6><3>U<4><7><19><9>Iowa
City1<25>0<23><6><3>U<4><9><19><16>416-3 North
Hall1<31>0<29><6><3>U<4><9><19><22>The University of
Iowa1301<6><3>U<4><9><19>*ITS Telecommunication and Network
Services1<27>0<25><6><3>U<4><10><19><18>University of
Iowa1<19>0<17><6><3>U<4><11><19><10>ITS-TNS-NS1<20>0<18><6><3>U<4><11><19><11>
EAP-Message =
PlatinumSSL1!0<31><6><3>U<4><3><19><24>net-auth-1.its.uiowa.edu0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><157>43z1<181>"<145><197>$<25><25><187>J<11><220><193><164><232>SD;<217><177>p<157>`#<201><223><219><179>6<150><216><26>B<13><217><188>B0<184>.<246><168><2><9><243>[d<138>4<21><155><222><1><235>=<232><138>R&<176><19>}<145><216><156><255>C<20><216>b<154><29>@<224>`<17>2z<220>\<165><168><4<2>$o<232><27><206><235><226>C<213>NmI@Q<138><233><218><22><234><241><23>9IQ<152>gM<132>81i<142><228><220><228><16><246><14>!<200>[q<160><239><130><178><254><8>T<177>tD<25><226>g<26><226>B<16><193><158>^}<217><211>5oA<8>7<132><161><15><153><14><232><28>]<133><179><130>n<194><129><16>
EAP-Message =
u<186>-<203><175><187>U?<244>-M<156><229>kK<186><209><197><162><169><247><178><220><31>7<191><162>7<131><142>f<203><161>t<132><203>S<202><176><133><186>m"JV<159>Y{l)<235><178><200><11>w<176><185>k<249>*B<10><239><193><183>|<255><24>'<236><166><151><20><246><191><146><128>~<240><198><252>=<2><3><1><0><1><163><130><1><181>0<130><1><177>0<31><6><3>U<29>#<4><24>0<22><128><20>HOZ<250>/J<154>^<224>P<243>k{U<165><222><245><190>4]0<29><6><3>U<29><14><4><22><4><20>\<16><243><136><230><129>q<30><128><0>*<210>M<211><245><127>=Q<10><222>0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><160>0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>+<6><1><5><5><7><3><2>0]<6><3>U<29>
<4>V0T0R<6><12>+<6><1><4><1><174>#<1><4><3><1><1>0B0@<6><8>
EAP-Message =
+<6><1><5><5><7><2><1><22>4https://www.incommon.org/cert/repository/cps_ssl.pdf0=<6><3>U<29><31><4>60402<160>0<160>.<134>,http://crl.incommon.org/InCommonServerCA.crl0o<6><8>+<6><1><5><5><7><1><1><4>c0a09<6><8>+<6><1><5><5><7>0<2><134>-http://cert.incommon.org/InCommonServerCA.crt0$<6><8>+<6><1><5><5><7>0<1><134><24>http://ocsp.incommon.org0#<6><3>U<29><17><4><28>0
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Sep 17 11:17:17 2012 569415: DEBUG: Packet dump:
*** Received from 128.255.11.10 port 40150 ....
Code: Access-Request
Identifier: 249
Authentic: <4>[<214>t<212><148><180><2>/g^<233><145>G/R
Attributes:
User-Name = "[email protected]"
NAS-IP-Address = 128.255.11.10
NAS-Port = 6170
Called-Station-Id = "00-90-0B-27-10-59:UI-eduroam"
Calling-Station-Id = "00-27-10-00-61-E0"
Framed-MTU = 1250
NAS-Port-Type = Wireless-IEEE-802-11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = <2><3><0><6><25><0>
Message-Authenticator =
j!<186><200><250>L<191>H<144><9><183><28>||[<206>
Mon Sep 17 11:17:17 2012 570099: DEBUG: Handling request with Handler
'Client-Identifier=fromUIOWA, Called-Station-Id=/eduroam$/i,
Realm=/(uiowa\.edu$)/i ', Identifier ''
Mon Sep 17 11:17:17 2012 570450: DEBUG: PreProcessing Hook: called.
Mon Sep 17 11:17:17 2012 570842: DEBUG: Deleting session for
[email protected], 128.255.11.10, 6170
Mon Sep 17 11:17:17 2012 571173: DEBUG: Handling with Radius::AuthLSA:
Mon Sep 17 11:17:17 2012 571589: DEBUG: Handling with EAP: code 2, 3, 6, 25
Mon Sep 17 11:17:17 2012 571912: DEBUG: Response type 25
Mon Sep 17 11:17:17 2012 572378: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Sep 17 11:17:17 2012 572702: DEBUG: AuthBy LSA result: CHALLENGE, EAP PEAP
Challenge
Mon Sep 17 11:17:17 2012 573039: DEBUG: Access challenged for
[email protected]: EAP PEAP Challenge
Mon Sep 17 11:17:17 2012 573403: DEBUG: PostProcessing Hook: called.
Mon Sep 17 11:17:17 2012 575575: DEBUG: Packet dump:
*** Sending to 128.255.11.10 port 40150 ....
Code: Access-Challenge
Identifier: 249
Authentic: Z+^<7><154><189><222>p*<158><226><216><134><135>3<15>
Attributes:
EAP-Message =
<1><4><4><232><25>@<26><130><24>net-auth-1.its.uiowa.edu0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><149><241>
d<246>"<25><130><26>M<0><136><140><3>%<174><163><167>6<207><20><167><13><175><176><226>%(<178><182><140>Xp<173>\J<141><240><162>2i<175><242>8<152><133><139>Oy;<244><225><<145><2><189><255><182><229><215><223>Q<24><18><139>l<225>#<167><162><225><237><177><202>1<166><199>X:,|<184><137>=<236>R<237><195>-L<139><180><200><184>7<139><201>(<149><239><240><195><189><21><181>v<213><207>V<135><197><184>%n<215><177>cR@PXi<180><226>&<5><31><161>[G<191><131>8<167><131>c<191><215><195>=<182>s<139><136>P<21><19><231>z<22>`<255><152>K1<19><25><190>$<139><7>P<168><155><210><189>j+<155><129>j0<225>
<25><202><11>"<155><203><225><236><128><141><217><205>;P<135><202><230><8>D<226><9><224><140><186><11><222>
EAP-Message =
<151><21>P<182>@<238><28><254>e,<219><195><208><24><239><156>y<232><16><193>P<249>)<154><203><11><139><133><156><190>(<235><172><164><26><240><251><128>2D<221><170><221>|<231><224>Nj<160>^<132>[<189>*5<143><0><4><199>0<130><4><195>0<130><3><171><160><3><2><1><2><2><16><127>q<193><211><162>&<176><210><177><19><243><230><129>gd>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0o1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6><3>U<4><10><19><11>AddTrust
AB1&0$<6><3>U<4><11><19><29>AddTrust External TTP Network1"0
<6><3>U<4><3><19><25>AddTrust External CA
Root0<30><23><13>101207000000Z<23><13>200530104838Z0Q1
EAP-Message =
<11>0<9><6><3>U<4><6><19><2>US1<18>0<16><6><3>U<4><10><19><9>Internet21<17>0<15><6><3>U<4><11><19><8>InCommon1<27>0<25><6><3>U<4><3><19><18>InCommon
Server
CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><151>|<199><200><254><179><233>
j<163><164>O<142><142>4V<6><179>zl<170><16><155>Ha+6<144>i<227>4<10>G<167><187>{<222><170>j<251><235><130><149><143><202><29><127><175>u<166><168>L<218>
ga<26><13><134><193><202><193><135><175><172>N<228><222>b<27>/<157><177><152><175><198><1><251><23>p<219><172><20>Y<236>o?3<127><166><152><11><228><226>8<175><245><127><133>m<14>t<4><157><246>'<134><199><155><143><231>q*<8><244><3><2>@c$}@W<143>T<224>T~<182><19>Ha<241><222><206><14><189><182><250>M
EAP-Message =
<152><178><217><13><141>y<166><224><170><205><12><145><154><165><223><171>s<187><202><20>x\G)<161><202><197><186><159><199><218>`<247><255><231><127><242><217><218><161>-<15>I<22><167><211><0><146><207><138>G<217>M<248><213><149>f<211>t<249><128>c<0>OL<132><22><31><179><245>$<31><161>N<222><232><149><214><178><11><9><139>,k<199>\/<140>c<201><153><203>R<177>b{s<1>b<127>cl<216>h<160><238>j<168><141><31>)<243><208><24><172><173><2><3><1><0><1><163><130><1>w0<130><1>s0<31><6><3>U<29>#<4><24>0<22><128><20><173><189><152>z4<180>&<247><250><196>&T<239><3><189><224>$<203>T<26>0<29><6><3>U<29><14><4><22><4><20>HOZ<250>/J<154>^<224>P<243>k{U<165><222><245><190>4]0<14><6><3>U<29><15><1><1><255><4><4><3><2><1><6>0<18><6><3>U<29><19><1><1><255><4><8>0<6><1><1><255><2><1><0>0<17><6><3>U<29>
<4><10>0<8>0<6><6><4>U<29> <0>0D<6><3>U
EAP-Message =
<29><31><4>=0;09<160>7<160>5<134>3http://crl.usertrust.com/AddTrustExternalCARoot.crl0<129><179><6><8>+<6><1><5><5><7><1><1><4><129><166>0<129><163>0?<6><8>+<6><1><5><5><7>0<2><134>3http://crt.usertrust.com/AddTrustExternalCARoot.p7c09<6><8>+<6><1><5><5><7>0<2><134>-http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%<6><8>+<6><1><5><5><7>0<1><134><25>http://ocsp.usertrust.
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Sep 17 11:17:17 2012 614084: DEBUG: Packet dump:
*** Received from 128.255.11.10 port 40150 ....
Code: Access-Request
Identifier: 252
Authentic: <232><182><195>s<224><206><148><3>^<202><190><186><193><208>r/
Attributes:
User-Name = "[email protected]"
NAS-IP-Address = 128.255.11.10
NAS-Port = 6170
Called-Station-Id = "00-90-0B-27-10-59:UI-eduroam"
Calling-Station-Id = "00-27-10-00-61-E0"
Framed-MTU = 1250
NAS-Port-Type = Wireless-IEEE-802-11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = <2><4><0><17><25><128><0><0><0><7><21><3><1><0><2><2>/
Message-Authenticator =
<198><26><171><138><9><227><139>b<22>>9<231>M<246><204><253>
Mon Sep 17 11:17:17 2012 614736: DEBUG: Handling request with Handler
'Client-Identifier=fromUIOWA, Called-Station-Id=/eduroam$/i,
Realm=/(uiowa\.edu$)/i ', Identifier ''
Mon Sep 17 11:17:17 2012 615086: DEBUG: PreProcessing Hook: called.
Mon Sep 17 11:17:17 2012 615474: DEBUG: Deleting session for
[email protected], 128.255.11.10, 6170
Mon Sep 17 11:17:17 2012 615803: DEBUG: Handling with Radius::AuthLSA:
Mon Sep 17 11:17:17 2012 616215: DEBUG: Handling with EAP: code 2, 4, 17, 25
Mon Sep 17 11:17:17 2012 616536: DEBUG: Response type 25
Mon Sep 17 11:17:17 2012 616905: DEBUG: EAP TLS SSL_accept result: 0, 1, 8576
Mon Sep 17 11:17:17 2012 617267: ERR: EAP PEAP TLS Handshake unsuccessful:
2196: 1 - error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal
parameter
Mon Sep 17 11:17:17 2012 617584: DEBUG: EAP result: 1, EAP PEAP TLS Handshake
unsuccessful
Mon Sep 17 11:17:17 2012 617903: DEBUG: AuthBy LSA result: REJECT, EAP PEAP TLS
Handshake unsuccessful
Mon Sep 17 11:17:17 2012 618240: INFO: Access rejected for [email protected]:
EAP PEAP TLS Handshake unsuccessful
Mon Sep 17 11:17:17 2012 619006: DEBUG: PostProcessing Hook: called.
Mon Sep 17 11:17:17 2012 619509: DEBUG: Packet dump:
*** Sending to 128.255.11.10 port 40150 ....
Code: Access-Reject
Identifier: 252
Authentic: <140>O}A{<179>p<222><215>\#<243>lx<211><251>
Attributes:
Reply-Message = "Request Denied"
Mon Sep 17 11:17:53 2012 428190: DEBUG: Packet dump:
*** Received from 128.255.11.10 port 40150 ....
Code: Access-Request
Identifier: 73
Authentic: &<230>AxC!<144>`<130><177><224><187>,<173><187>\
Attributes:
User-Name = "[email protected]"
NAS-IP-Address = 128.255.11.10
NAS-Port = 6192
Called-Station-Id = "00-90-0B-27-10-59:UI-eduroam"
Calling-Station-Id = "00-27-10-00-61-E0"
Framed-MTU = 1250
NAS-Port-Type = Wireless-IEEE-802-11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = <2><1><0><22><1>[email protected]
Message-Authenticator =
<31><15>7<205><15><183><237>%<170><127><187>G<224><252><171><173>
Mon Sep 17 11:17:53 2012 428934: DEBUG: Handling request with Handler
'Client-Identifier=fromUIOWA, Called-Station-Id=/eduroam$/i,
Realm=/(uiowa\.edu$)/i ', Identifier ''
Mon Sep 17 11:17:53 2012 429285: DEBUG: PreProcessing Hook: called.
Mon Sep 17 11:17:53 2012 429675: DEBUG: Deleting session for
[email protected], 128.255.11.10, 6192
Mon Sep 17 11:17:53 2012 430006: DEBUG: Handling with Radius::AuthLSA:
Mon Sep 17 11:17:53 2012 430420: DEBUG: Handling with EAP: code 2, 1, 22, 1
Mon Sep 17 11:17:53 2012 430742: DEBUG: Response type 1
Mon Sep 17 11:17:53 2012 431179: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Sep 17 11:17:53 2012 431502: DEBUG: AuthBy LSA result: CHALLENGE, EAP PEAP
Challenge
Mon Sep 17 11:17:53 2012 431947: DEBUG: Access challenged for
[email protected]: EAP PEAP Challenge
Mon Sep 17 11:17:53 2012 432307: DEBUG: PostProcessing Hook: called.
Mon Sep 17 11:17:53 2012 432914: DEBUG: Packet dump:
*** Sending to 128.255.11.10 port 40150 ....
Code: Access-Challenge
Identifier: 73
Authentic: )}<241><212><157><213><226>_<249><168><25><145>#^Ro
Attributes:
EAP-Message = <1><2><0><6><25>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Sep 17 11:17:53 2012 516100: DEBUG: Packet dump:
*** Received from 128.255.11.10 port 40150 ....
Code: Access-Request
Identifier: 77
Authentic: m<11>P/IU<133><203> <196><244><153><202>#<181><251>
Attributes:
User-Name = "[email protected]"
NAS-IP-Address = 128.255.11.10
NAS-Port = 6192
Called-Station-Id = "00-90-0B-27-10-59:UI-eduroam"
Calling-Station-Id = "00-27-10-00-61-E0"
Framed-MTU = 1250
NAS-Port-Type = Wireless-IEEE-802-11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message =
<2><2><0>i<25><128><0><0><0>_<22><3><1><0>Z<1><0><0>V<3><1>PWM1<154><237><155><10>z<16><10><6>M<190><190>IF<240>3<166><147><231>3><24><130><226><225><19>sj<252><0><0><24><0>/<0>5<0><5><0><10><192><19><192><20><192><9><192><10><0>2<0>8<0><19><0><4><1><0><0><21><255><1><0><1><0><0><10><0><6><0><4><0><23><0><24><0><11><0><2><1><0>
Message-Authenticator =
<135><240><184><3><5>^<218>9~<151><143><169><206><166>V<197>
Mon Sep 17 11:17:53 2012 516750: DEBUG: Handling request with Handler
'Client-Identifier=fromUIOWA, Called-Station-Id=/eduroam$/i,
Realm=/(uiowa\.edu$)/i ', Identifier ''
Mon Sep 17 11:17:53 2012 517098: DEBUG: PreProcessing Hook: called.
Mon Sep 17 11:17:53 2012 517487: DEBUG: Deleting session for
[email protected], 128.255.11.10, 6192
Mon Sep 17 11:17:53 2012 517819: DEBUG: Handling with Radius::AuthLSA:
Mon Sep 17 11:17:53 2012 518232: DEBUG: Handling with EAP: code 2, 2, 105, 25
Mon Sep 17 11:17:53 2012 518552: DEBUG: Response type 25
Mon Sep 17 11:17:53 2012 519139: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Mon Sep 17 11:17:53 2012 519592: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Sep 17 11:17:53 2012 519913: DEBUG: AuthBy LSA result: CHALLENGE, EAP PEAP
Challenge
Mon Sep 17 11:17:53 2012 520250: DEBUG: Access challenged for
[email protected]: EAP PEAP Challenge
Mon Sep 17 11:17:53 2012 520613: DEBUG: PostProcessing Hook: called.
Mon Sep 17 11:17:53 2012 522599: DEBUG: Packet dump:
*** Sending to 128.255.11.10 port 40150 ....
Code: Access-Challenge
Identifier: 77
Authentic: f<218><253>j<202><148><18><190> <3>Y<0><159><219><135><141>
Attributes:
EAP-Message =
<1><3><4><236><25><192><0><0><15>!<22><3><1><0>J<2><0><0>F<3><1>PWM1f<211>><149><167><30><148><218><232><185><127>kIx-B<14><178><174><<7>SEAn,<30>0
MV<245>P!QR<133><2>@<161>"<177><20><213>o<14><13>o<236><172><212>.<230><238>l<209><211><230>,5<174><0>/<0><22><3><1><14><196><11><0><14><192><0><14><189><0><5><179>0<130><5><175>0<130><4><151><160><3><2><1><2><2><17><0><192>1<252><202><166><225>N<140>vY<9>c<243><202>f<195>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0Q1<11>0<9><6><3>U<4><6><19><2>US1<18>0<16><6><3>U<4><10><19><9>Internet21<17>0<15><6><3>U<4><11><19><8>InCommon1<27>0<25><6><3>U<4><3><19><18>InCommon
Server CA0<30><23><13>110603000000Z<23><13>
EAP-Message =
140602235959Z0<130><1><26>1<11>0<9><6><3>U<4><6><19><2>US1<14>0<12><6><3>U<4><17><19><5>522421<11>0<9><6><3>U<4><8><19><2>IA1<18>0<16><6><3>U<4><7><19><9>Iowa
City1<25>0<23><6><3>U<4><9><19><16>416-3 North
Hall1<31>0<29><6><3>U<4><9><19><22>The University of
Iowa1301<6><3>U<4><9><19>*ITS Telecommunication and Network
Services1<27>0<25><6><3>U<4><10><19><18>University of
Iowa1<19>0<17><6><3>U<4><11><19><10>ITS-TNS-NS1<20>0<18><6><3>U<4><11><19><11>
EAP-Message =
PlatinumSSL1!0<31><6><3>U<4><3><19><24>net-auth-1.its.uiowa.edu0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><157>43z1<181>"<145><197>$<25><25><187>J<11><220><193><164><232>SD;<217><177>p<157>`#<201><223><219><179>6<150><216><26>B<13><217><188>B0<184>.<246><168><2><9><243>[d<138>4<21><155><222><1><235>=<232><138>R&<176><19>}<145><216><156><255>C<20><216>b<154><29>@<224>`<17>2z<220>\<165><168><4<2>$o<232><27><206><235><226>C<213>NmI@Q<138><233><218><22><234><241><23>9IQ<152>gM<132>81i<142><228><220><228><16><246><14>!<200>[q<160><239><130><178><254><8>T<177>tD<25><226>g<26><226>B<16><193><158>^}<217><211>5oA<8>7<132><161><15><153><14><232><28>]<133><179><130>n<194><129><16>
EAP-Message =
u<186>-<203><175><187>U?<244>-M<156><229>kK<186><209><197><162><169><247><178><220><31>7<191><162>7<131><142>f<203><161>t<132><203>S<202><176><133><186>m"JV<159>Y{l)<235><178><200><11>w<176><185>k<249>*B<10><239><193><183>|<255><24>'<236><166><151><20><246><191><146><128>~<240><198><252>=<2><3><1><0><1><163><130><1><181>0<130><1><177>0<31><6><3>U<29>#<4><24>0<22><128><20>HOZ<250>/J<154>^<224>P<243>k{U<165><222><245><190>4]0<29><6><3>U<29><14><4><22><4><20>\<16><243><136><230><129>q<30><128><0>*<210>M<211><245><127>=Q<10><222>0<14><6><3>U<29><15><1><1><255><4><4><3><2><5><160>0<12><6><3>U<29><19><1><1><255><4><2>0<0>0<29><6><3>U<29>%<4><22>0<20><6><8>+<6><1><5><5><7><3><1><6><8>+<6><1><5><5><7><3><2>0]<6><3>U<29>
<4>V0T0R<6><12>+<6><1><4><1><174>#<1><4><3><1><1>0B0@<6><8>
EAP-Message =
+<6><1><5><5><7><2><1><22>4https://www.incommon.org/cert/repository/cps_ssl.pdf0=<6><3>U<29><31><4>60402<160>0<160>.<134>,http://crl.incommon.org/InCommonServerCA.crl0o<6><8>+<6><1><5><5><7><1><1><4>c0a09<6><8>+<6><1><5><5><7>0<2><134>-http://cert.incommon.org/InCommonServerCA.crt0$<6><8>+<6><1><5><5><7>0<1><134><24>http://ocsp.incommon.org0#<6><3>U<29><17><4><28>0
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Sep 17 11:17:53 2012 606681: DEBUG: Packet dump:
*** Received from 128.255.11.10 port 40150 ....
Code: Access-Request
Identifier: 81
Authentic: <25><244><229><140><146><177><154><201>^S.<23>#Jw<239>
Attributes:
User-Name = "[email protected]"
NAS-IP-Address = 128.255.11.10
NAS-Port = 6192
Called-Station-Id = "00-90-0B-27-10-59:UI-eduroam"
Calling-Station-Id = "00-27-10-00-61-E0"
Framed-MTU = 1250
NAS-Port-Type = Wireless-IEEE-802-11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = <2><3><0><6><25><0>
Message-Authenticator =
<2><163><194><237>A#<143><225><173>65<185>S<148><204>[
Mon Sep 17 11:17:53 2012 607333: DEBUG: Handling request with Handler
'Client-Identifier=fromUIOWA, Called-Station-Id=/eduroam$/i,
Realm=/(uiowa\.edu$)/i ', Identifier ''
Mon Sep 17 11:17:53 2012 607681: DEBUG: PreProcessing Hook: called.
Mon Sep 17 11:17:53 2012 608070: DEBUG: Deleting session for
[email protected], 128.255.11.10, 6192
Mon Sep 17 11:17:53 2012 608399: DEBUG: Handling with Radius::AuthLSA:
Mon Sep 17 11:17:53 2012 608810: DEBUG: Handling with EAP: code 2, 3, 6, 25
Mon Sep 17 11:17:53 2012 609132: DEBUG: Response type 25
Mon Sep 17 11:17:53 2012 609595: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Sep 17 11:17:53 2012 609918: DEBUG: AuthBy LSA result: CHALLENGE, EAP PEAP
Challenge
Mon Sep 17 11:17:53 2012 610256: DEBUG: Access challenged for
[email protected]: EAP PEAP Challenge
Mon Sep 17 11:17:53 2012 610618: DEBUG: PostProcessing Hook: called.
Mon Sep 17 11:17:53 2012 612767: DEBUG: Packet dump:
*** Sending to 128.255.11.10 port 40150 ....
Code: Access-Challenge
Identifier: 81
Authentic: <136>1<172><207><24>UWw<163><237>Z$<190>5$k
Attributes:
EAP-Message =
<1><4><4><232><25>@<26><130><24>net-auth-1.its.uiowa.edu0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><130><1><1><0><149><241>
d<246>"<25><130><26>M<0><136><140><3>%<174><163><167>6<207><20><167><13><175><176><226>%(<178><182><140>Xp<173>\J<141><240><162>2i<175><242>8<152><133><139>Oy;<244><225><<145><2><189><255><182><229><215><223>Q<24><18><139>l<225>#<167><162><225><237><177><202>1<166><199>X:,|<184><137>=<236>R<237><195>-L<139><180><200><184>7<139><201>(<149><239><240><195><189><21><181>v<213><207>V<135><197><184>%n<215><177>cR@PXi<180><226>&<5><31><161>[G<191><131>8<167><131>c<191><215><195>=<182>s<139><136>P<21><19><231>z<22>`<255><152>K1<19><25><190>$<139><7>P<168><155><210><189>j+<155><129>j0<225>
<25><202><11>"<155><203><225><236><128><141><217><205>;P<135><202><230><8>D<226><9><224><140><186><11><222>
EAP-Message =
<151><21>P<182>@<238><28><254>e,<219><195><208><24><239><156>y<232><16><193>P<249>)<154><203><11><139><133><156><190>(<235><172><164><26><240><251><128>2D<221><170><221>|<231><224>Nj<160>^<132>[<189>*5<143><0><4><199>0<130><4><195>0<130><3><171><160><3><2><1><2><2><16><127>q<193><211><162>&<176><210><177><19><243><230><129>gd>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0o1<11>0<9><6><3>U<4><6><19><2>SE1<20>0<18><6><3>U<4><10><19><11>AddTrust
AB1&0$<6><3>U<4><11><19><29>AddTrust External TTP Network1"0
<6><3>U<4><3><19><25>AddTrust External CA
Root0<30><23><13>101207000000Z<23><13>200530104838Z0Q1
EAP-Message =
<11>0<9><6><3>U<4><6><19><2>US1<18>0<16><6><3>U<4><10><19><9>Internet21<17>0<15><6><3>U<4><11><19><8>InCommon1<27>0<25><6><3>U<4><3><19><18>InCommon
Server
CA0<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><151>|<199><200><254><179><233>
j<163><164>O<142><142>4V<6><179>zl<170><16><155>Ha+6<144>i<227>4<10>G<167><187>{<222><170>j<251><235><130><149><143><202><29><127><175>u<166><168>L<218>
ga<26><13><134><193><202><193><135><175><172>N<228><222>b<27>/<157><177><152><175><198><1><251><23>p<219><172><20>Y<236>o?3<127><166><152><11><228><226>8<175><245><127><133>m<14>t<4><157><246>'<134><199><155><143><231>q*<8><244><3><2>@c$}@W<143>T<224>T~<182><19>Ha<241><222><206><14><189><182><250>M
EAP-Message =
<152><178><217><13><141>y<166><224><170><205><12><145><154><165><223><171>s<187><202><20>x\G)<161><202><197><186><159><199><218>`<247><255><231><127><242><217><218><161>-<15>I<22><167><211><0><146><207><138>G<217>M<248><213><149>f<211>t<249><128>c<0>OL<132><22><31><179><245>$<31><161>N<222><232><149><214><178><11><9><139>,k<199>\/<140>c<201><153><203>R<177>b{s<1>b<127>cl<216>h<160><238>j<168><141><31>)<243><208><24><172><173><2><3><1><0><1><163><130><1>w0<130><1>s0<31><6><3>U<29>#<4><24>0<22><128><20><173><189><152>z4<180>&<247><250><196>&T<239><3><189><224>$<203>T<26>0<29><6><3>U<29><14><4><22><4><20>HOZ<250>/J<154>^<224>P<243>k{U<165><222><245><190>4]0<14><6><3>U<29><15><1><1><255><4><4><3><2><1><6>0<18><6><3>U<29><19><1><1><255><4><8>0<6><1><1><255><2><1><0>0<17><6><3>U<29>
<4><10>0<8>0<6><6><4>U<29> <0>0D<6><3>U
EAP-Message =
<29><31><4>=0;09<160>7<160>5<134>3http://crl.usertrust.com/AddTrustExternalCARoot.crl0<129><179><6><8>+<6><1><5><5><7><1><1><4><129><166>0<129><163>0?<6><8>+<6><1><5><5><7>0<2><134>3http://crt.usertrust.com/AddTrustExternalCARoot.p7c09<6><8>+<6><1><5><5><7>0<2><134>-http://crt.usertrust.com/AddTrustUTNSGCCA.crt0%<6><8>+<6><1><5><5><7>0<1><134><25>http://ocsp.usertrust.
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Sep 17 11:17:53 2012 689687: DEBUG: Packet dump:
*** Received from 128.255.11.10 port 40150 ....
Code: Access-Request
Identifier: 84
Authentic: <222><5><215><<203><202>:a2<199><254><3>{yR<163>
Attributes:
User-Name = "[email protected]"
NAS-IP-Address = 128.255.11.10
NAS-Port = 6192
Called-Station-Id = "00-90-0B-27-10-59:UI-eduroam"
Calling-Station-Id = "00-27-10-00-61-E0"
Framed-MTU = 1250
NAS-Port-Type = Wireless-IEEE-802-11
Framed-Compression = None
Connect-Info = "CONNECT 802.11a"
Chargeable-User-Identity = ""
EAP-Message = <2><4><0><17><25><128><0><0><0><7><21><3><1><0><2><2>/
Message-Authenticator =
<172><235><237><20><11><138><244>gy<16><186><208>&<29>O<255>
Mon Sep 17 11:17:53 2012 690436: DEBUG: Handling request with Handler
'Client-Identifier=fromUIOWA, Called-Station-Id=/eduroam$/i,
Realm=/(uiowa\.edu$)/i ', Identifier ''
Mon Sep 17 11:17:53 2012 690787: DEBUG: PreProcessing Hook: called.
Mon Sep 17 11:17:53 2012 691177: DEBUG: Deleting session for
[email protected], 128.255.11.10, 6192
Mon Sep 17 11:17:53 2012 691511: DEBUG: Handling with Radius::AuthLSA:
Mon Sep 17 11:17:53 2012 691925: DEBUG: Handling with EAP: code 2, 4, 17, 25
Mon Sep 17 11:17:53 2012 692244: DEBUG: Response type 25
Mon Sep 17 11:17:53 2012 692613: DEBUG: EAP TLS SSL_accept result: 0, 1, 8576
Mon Sep 17 11:17:53 2012 692976: ERR: EAP PEAP TLS Handshake unsuccessful:
2196: 1 - error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal
parameter
Mon Sep 17 11:17:53 2012 693291: DEBUG: EAP result: 1, EAP PEAP TLS Handshake
unsuccessful
Mon Sep 17 11:17:53 2012 693611: DEBUG: AuthBy LSA result: REJECT, EAP PEAP TLS
Handshake unsuccessful
Mon Sep 17 11:17:53 2012 693948: INFO: Access rejected for [email protected]:
EAP PEAP TLS Handshake unsuccessful
Mon Sep 17 11:17:53 2012 694729: DEBUG: PostProcessing Hook: called.
Mon Sep 17 11:17:53 2012 695240: DEBUG: Packet dump:
*** Sending to 128.255.11.10 port 40150 ....
Code: Access-Reject
Identifier: 84
Authentic: <22><158><241>e<144>K<5>Lv<22>5+<138><220><228><158>
Attributes:
Reply-Message = "Request Denied"
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
