Hi Hugh,
I have tried using "AuthByPolicy ContinueUntilAccept" but it does not seem
to work as expected. I attatched the following.
1) config file without secrets
2) trace 4 file called ttls_hangs.txt that shows that instead of executing
"AuthBy CheckFILEthenPAM" Radiator moves on to "AuthBy ForwardToIAS" and
results in hanging, when received eap-ttls authentication request.
3) trace 4 file called ttls_pam_success.txt that shows eap-ttls successful
authentication when "AuthByPolicy ContinueUntilAccept" and "AuthBy
ForwardToIAS" are commented out.
Also, the strange thing is that when I use "AuthByPolicy
ContinueUntilAccept" peap-mschapv2 authentication also fails. It just keep
on sending proxy packets without any authentication. Again, if I comment out
"AuthByPolicy ContinueUntilAccept" and "AuthBy CheckFILEthenPAM" then it
succeeds.
I am wondering if the failure of "AuthByPolicy" may have something to do
with the hander "Handler TunnelledByTTLS=1" using the actual pam
authentication "AuthBy CheckPAM-EAP-TTLS" which is not part of
"AuthByPolicy".
Regards,
Ken Kawakubo
-----Original Message-----
From: Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 19, 2003 6:12 PM
To: Kawakubo, Ken
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) How to differentiate PEAP-EAP-CHAPV2 and
EAP-TTLS radius packets
Hello Ken -
On thinking about this a bit more, you should be able to do what you
need like this (note the AuthBy RADIUS must be last):
# define AuthBy clauses
<AuthBy PAM>
Identifier CheckPAM
.....
</AuthBy>
<AuthBy RADIUS>
Identifier ForwardToIAS
.....
</AuthBy>
.....
# define Realms or Handlers
<Handler ...>
AuthByPolicy ContinueUntilAccept
AuthBy CheckPAM
AuthBy ForwardToIAS
....
</Handler>
Note that the AuthBy RADIUS clause operates asynchronously, so it must
be last in any list of AuthBy clauses.
regards
Hugh
On Thursday, Mar 20, 2003, at 11:11 Australia/Melbourne, Kawakubo, Ken
wrote:
> All,
>
> I would like Radiator to do the following.
>
> When Radiator gets PEAP-EAP-CHAPv2 radius packets, Radiator proxies to
> IAS
> on Windows 2003 server. When Radiator gets EAP-TTLS-PAP packets,
> Radiator
> authenticate via Authby PAM using pam_smb. I have to do this setup
> because
> we need to authenticate against NTLM. I can do NTLM authentication with
> EAP-TTLS since I can use plaintext PAP, but I cannot do NTLM
> authentication
> with PEAP-EAP-CHAPv2 since it uses encrypted passwords.
>
> I got working both Radius proxy with PEAP-EAP-CHAPv2 and AuthBy PAM
> with
> EAP-TTLS-PAP separately. But when I try to combine both packets
> together, I
> am not getting it to work. Either one or the other fails
> authentication. I
> have tried using AuthByPolicy and list both AuthBy clauses but it does
> not
> seem to work.
>
> I am wondering if there is a way to check radius packets beforehand
> and send
> them to the appropriate AuthBy clause. The first request packet uses
> code 1
> instead of 25 (PEAP) or 21 (EAP-TTLS) and it seems to make it
> difficult to
> differenticate.
>
> I appreciate any help. Thank you.
>
> Ken Kawakubo
>
>
>
>
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
<AuthBy FILE>
Filename /etc/radiator/users
Identifier CheckFILEthenPAM
EAPType TTLS
EAPTLS_CAFile /usr/share/ssl/misc/demoCA/cacert.pem
EAPTLS_CertificateFile /usr/share/ssl/misc/rad-lu.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /usr/share/ssl/misc/rad-lu.pem
EAPTLS_PrivateKeyPassword everwhat
EAPTLS_MaxFragmentSize 1024
AutoMPPEKeys
SSLeayTrace 4
</AuthBy>
<AuthBy RADIUS>
Identifier ForwardToIAS
Host 140.107.50.89
Secret xxxxxx
EAPType PEAP
EAPTLS_CAFile /usr/share/ssl/misc/demoCA/cacert.pem
EAPTLS_CertificateFile /usr/share/ssl/misc/rad-lu.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /usr/share/ssl/misc/rad-lu.pem
EAPTLS_PrivateKeyPassword everwhat
EAPTLS_MaxFragmentSize 1024
AutoMPPEKeys
SSLeayTrace 4
</AuthBy>
<AuthBy PAM>
Identifier CheckPAM-EAP-TTLS
Service radiator
EAPType MSCHAP-V2,TTLS,MD5,TLS
EAPTLS_CAFile /usr/share/ssl/misc/demoCA/cacert.pem
EAPTLS_CertificateFile /usr/share/ssl/misc/rad-lu.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /usr/share/ssl/misc/rad-lu.pem
EAPTLS_PrivateKeyPassword everwhat
EAPTLS_MaxFragmentSize 500
</AuthBy>
<Handler TunnelledByTTLS=1>
AuthBy CheckPAM-EAP-TTLS
</Handler>
<Handler>
AuthByPolicy ContinueUntilAccept
AuthBy CheckFILEthenPAM
AuthBy ForwardToIAS
</Realm>
Thu Mar 20 10:58:08 2003: DEBUG: Packet dump:
*** Received from 140.107.50.90 port 1645 ....
Code: Access-Request
Identifier: 33
Authentic: <12>7|<221><167><181>=<190><251>L<249><234><180><164><143><137>
Attributes:
User-Name = "kkawakub"
Framed-MTU = 1400
Called-Station-Id = "0002.8a21.8f18"
Calling-Station-Id = "0002.2d65.c9e3"
NAS-Port-Type = 19
Message-Authenticator = <245>iEf<11><239><17><245>b<183><199><<177>I<26><250>
EAP-Message = <2><3><0><13><1>kkawakub
NAS-Port-Type = Virtual
NAS-Port = 81
Service-Type = Login-User
NAS-IP-Address = 140.107.50.90
NAS-Identifier = "test-eap "
Thu Mar 20 10:58:08 2003: DEBUG: Handling request with Handler ''
Thu Mar 20 10:58:08 2003: DEBUG: Deleting session for kkawakub, 140.107.50.90, 81
Thu Mar 20 10:58:08 2003: DEBUG: Handling with Radius::AuthFILE: CheckFILEthenPAM
Thu Mar 20 10:58:08 2003: DEBUG: Handling with EAP: code 2, 3, 13
Thu Mar 20 10:58:08 2003: DEBUG: Response type 1
Thu Mar 20 10:58:09 2003: DEBUG: Handling with Radius::AuthRADIUS
Thu Mar 20 10:58:09 2003: DEBUG: Packet dump:
*** Sending to 140.107.50.89 port 1645 ....
Code: Access-Request
Identifier: 1
Authentic: <12>7|<221><167><181>=<190><251>L<249><234><180><164><143><137>
Attributes:
User-Name = "kkawakub"
Framed-MTU = 1400
Called-Station-Id = "0002.8a21.8f18"
Calling-Station-Id = "0002.2d65.c9e3"
NAS-Port-Type = 19
Message-Authenticator = <245>iEf<11><239><17><245>b<183><199><<177>I<26><250>
EAP-Message = <2><3><0><13><1>kkawakub
NAS-Port-Type = Virtual
NAS-Port = 81
Service-Type = Login-User
NAS-IP-Address = 140.107.50.90
NAS-Identifier = "test-eap "
Thu Mar 20 10:58:09 2003: DEBUG: Packet dump:
*** Received from 140.107.50.89 port 1645 ....
Code: Access-Challenge
Identifier: 1
Authentic: <209><144><218><247>R<147>K<252><2><137><19><243><156><176><142>B
Attributes:
Session-Timeout = 30
EAP-Message = <1><4><0><6><25>
State = "<23><241><3><128><0><0><1>7<0><1><140>k2Y<0><0><0><3>L<131><145>a"
Message-Authenticator =
<133>I&<5><182><185><164><183><240><250>1Qq<177><184><228>
Thu Mar 20 10:58:09 2003: DEBUG: Received reply in AuthRADIUS for req 1 from
140.107.50.89:1645
Thu Mar 20 10:58:09 2003: DEBUG: Access challenged for kkawakub: Proxied
Thu Mar 20 10:58:09 2003: DEBUG: Packet dump:
*** Sending to 140.107.50.90 port 1645 ....
Code: Access-Challenge
Identifier: 33
Authentic: <12>7|<221><167><181>=<190><251>L<249><234><180><164><143><137>
Attributes:
EAP-Message = <1><4><0><6><21>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Session-Timeout = 30
EAP-Message = <1><4><0><6><25>
State = "<23><241><3><128><0><0><1>7<0><1><140>k2Y<0><0><0><3>L<131><145>a"
Message-Authenticator =
<133>I&<5><182><185><164><183><240><250>1Qq<177><184><228>
Thu Mar 20 10:58:13 2003: DEBUG: Packet dump:
*** Received from 140.107.50.90 port 1645 ....
Code: Access-Request
Identifier: 33
Authentic: -<157><185><22><137><221>3<242><243>E<252>$n.<25><28>
Attributes:
User-Name = "kkawakub"
Framed-MTU = 1400
Called-Station-Id = "0002.8a21.8f18"
Calling-Station-Id = "0002.2d65.c9e3"
NAS-Port-Type = 19
Message-Authenticator = <184><185><244><2><233>I<174><182><25>n<7>xF<3><142>u
EAP-Message = <2><3><0><13><1>kkawakub
NAS-Port-Type = Virtual
NAS-Port = 81
Service-Type = Login-User
NAS-IP-Address = 140.107.50.90
NAS-Identifier = "test-eap "
Thu Mar 20 10:58:14 2003: DEBUG: Handling request with Handler ''
Thu Mar 20 10:58:14 2003: DEBUG: Deleting session for kkawakub, 140.107.50.90, 81
Thu Mar 20 10:58:14 2003: DEBUG: Handling with Radius::AuthFILE: CheckFILEthenPAM
Thu Mar 20 10:58:14 2003: DEBUG: Handling with EAP: code 2, 3, 13
Thu Mar 20 10:58:14 2003: DEBUG: Response type 1
Thu Mar 20 10:58:14 2003: DEBUG: Handling with Radius::AuthRADIUS
Thu Mar 20 10:58:14 2003: DEBUG: Packet dump:
*** Sending to 140.107.50.89 port 1645 ....
Code: Access-Request
Identifier: 2
Authentic: -<157><185><22><137><221>3<242><243>E<252>$n.<25><28>
Attributes:
User-Name = "kkawakub"
Framed-MTU = 1400
Called-Station-Id = "0002.8a21.8f18"
Calling-Station-Id = "0002.2d65.c9e3"
NAS-Port-Type = 19
Message-Authenticator = <184><185><244><2><233>I<174><182><25>n<7>xF<3><142>u
EAP-Message = <2><3><0><13><1>kkawakub
NAS-Port-Type = Virtual
NAS-Port = 81
Service-Type = Login-User
NAS-IP-Address = 140.107.50.90
NAS-Identifier = "test-eap "
Thu Mar 20 10:58:14 2003: DEBUG: Packet dump:
*** Received from 140.107.50.89 port 1645 ....
Code: Access-Challenge
Identifier: 2
Authentic: <196>F<2>{<252><228><129><139><140><208><133><185><27>[<253><194>
Attributes:
Session-Timeout = 30
EAP-Message = <1><4><0><6><25>
State = "<23><242><3><129><0><0><1>7<0><1><140>k2Y<0><0><0><3>L<131><145>b"
Message-Authenticator =
<236><14><3><163><130><181><15>^7<217><127>2<247><135>HU
Thu Mar 20 10:58:14 2003: DEBUG: Received reply in AuthRADIUS for req 2 from
140.107.50.89:1645
Thu Mar 20 10:58:14 2003: DEBUG: Access challenged for kkawakub: Proxied
Thu Mar 20 10:58:14 2003: DEBUG: Packet dump:
*** Sending to 140.107.50.90 port 1645 ....
Code: Access-Challenge
Identifier: 33
Authentic: -<157><185><22><137><221>3<242><243>E<252>$n.<25><28>
Attributes:
EAP-Message = <1><4><0><6><21>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Session-Timeout = 30
EAP-Message = <1><4><0><6><25>
State = "<23><242><3><129><0><0><1>7<0><1><140>k2Y<0><0><0><3>L<131><145>b"
Message-Authenticator =
<236><14><3><163><130><181><15>^7<217><127>2<247><135>HU
Thu Mar 20 09:24:44 2003: DEBUG: Packet dump:
*** Received from 140.107.50.90 port 1645 ....
Code: Access-Request
Identifier: 197
Authentic: f<201><193>=<211>^<216>W<167>>$<206>Y<227>\<173>
Attributes:
User-Name = "kkawakub"
Framed-MTU = 1400
Called-Station-Id = "0002.8a21.8f18"
Calling-Station-Id = "0030.6506.d287"
NAS-Port-Type = 19
Message-Authenticator = n<20><237>><173><206><170>tK<206><226>g<239>UH<203>
EAP-Message = <2><2><0><13><1>kkawakub
NAS-Port-Type = Virtual
NAS-Port = 51
Service-Type = Login-User
NAS-IP-Address = 140.107.50.90
NAS-Identifier = "test-eap "
Thu Mar 20 09:24:44 2003: DEBUG: Handling request with Handler ''
Thu Mar 20 09:24:44 2003: DEBUG: Deleting session for kkawakub, 140.107.50.90, 51
Thu Mar 20 09:24:44 2003: DEBUG: Handling with Radius::AuthFILE: CheckFILEthenPAM
Thu Mar 20 09:24:44 2003: DEBUG: Handling with EAP: code 2, 2, 13
Thu Mar 20 09:24:44 2003: DEBUG: Response type 1
Thu Mar 20 09:24:45 2003: DEBUG: Access challenged for kkawakub: EAP TTLS Challenge
Thu Mar 20 09:24:45 2003: DEBUG: Packet dump:
*** Sending to 140.107.50.90 port 1645 ....
Code: Access-Challenge
Identifier: 197
Authentic: f<201><193>=<211>^<216>W<167>>$<206>Y<227>\<173>
Attributes:
EAP-Message = <1><3><0><6><21>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 20 09:24:45 2003: DEBUG: Packet dump:
*** Received from 140.107.50.90 port 1645 ....
Code: Access-Request
Identifier: 198
Authentic: g<208>D<133><173><131>l<13><174><206><186><233><238><194><154>C
Attributes:
User-Name = "kkawakub"
Framed-MTU = 1400
Called-Station-Id = "0002.8a21.8f18"
Calling-Station-Id = "0030.6506.d287"
NAS-Port-Type = 19
Message-Authenticator =
<29>=r"<8><200><205><208><214>q<165><195><250><198><140><145>
EAP-Message =
<2><3><0>d<21><128><0><0><0>Z<22><3><1><0>U<1><0><0>Q<3><1>>y<249><240>q<203>s92H<134><195><241>Z<168><15>8<19
1>o{J<17><208><153>z<160><214><197><28>~Rm<0><0>*<0><22><0><19><0><10><0>f<0><7><0><5><0><4><0>e<0>d<0>c<0>b<0>a<0>`<0><21><0><18><0
><9><0><20><0><17><0><8><0><6><0><3><1><0>
NAS-Port-Type = Virtual
NAS-Port = 51
Service-Type = Login-User
NAS-IP-Address = 140.107.50.90
NAS-Identifier = "test-eap "
Thu Mar 20 09:24:45 2003: DEBUG: Handling request with Handler ''
Thu Mar 20 09:24:45 2003: DEBUG: Deleting session for kkawakub, 140.107.50.90, 51
Thu Mar 20 09:24:45 2003: DEBUG: Handling with Radius::AuthFILE: CheckFILEthenPAM
Thu Mar 20 09:24:45 2003: DEBUG: Handling with EAP: code 2, 3, 100
Thu Mar 20 09:24:45 2003: DEBUG: Response type 21
Thu Mar 20 09:24:45 2003: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Thu Mar 20 09:24:45 2003: DEBUG: Access challenged for kkawakub: EAP TTLS Challenge
Thu Mar 20 09:24:45 2003: DEBUG: Packet dump:
*** Sending to 140.107.50.90 port 1645 ....
Code: Access-Challenge
Identifier: 198
Authentic: g<208>D<133><173><131>l<13><174><206><186><233><238><194><154>C
Attributes:
EAP-Message =
<1><4><4><10><21><192><0><0><7><21><22><3><1><0>J<2><0><0>F<3><1>>y<249>].b
<174><234><172><198><198>2<235>z<1
80><0><8><135>-<205>s(<216>LFmI<244>
n2<135><215><154><245>;o*r<232>2<168><152>g<131><197><209>[EMAIL
PROTECTED]<229><198><30><254>Q<15>zE<211>
<177><4><0><10><0><22><3><1><6>"<11><0><6><30><0><6><27><0><2><160>0<130><2><156>0<130><2><5><160><3><2><1><2><2><1><1>0<13><6><9>*<
134>H<134><247><13><1><1><4><5><0>0<129><136>1<11>0<9><6><3>U<4><6><19><2>US1<19>0<17><6><3>U<4><8><19><10>Washington1<16>0<14><6><3
>U<4><7><19><7>Seattle1<16>0<14><6><3>U<4><10><19><7>FHCRCIT1<11>0<9><6><3>U<4><11><19><2>IT1<16>0<14><6><3>U<4><3><19><7>FHCRCIT1!0
<31><6><9>*<134>H<134><247><13><1><9>
EAP-Message = <1><22><18>[EMAIL
PROTECTED]<30><23><13>030318185101Z<23><13>040317185101Z0<129><133>1<11>0<9><6><3>U<4><6><
19><2>US1<19>0<17><6><3>U<4><8><19><10>Washington1<16>0<14><6><3>U<4><7><19><7>Seattle1<14>0<12><6><3>U<4><10><19><5>FHCRC1<11>0<9><
6><3>U<4><11><19><2>IT1<15>0<13><6><3>U<4><3><19><6>rad-lu1!0<31><6><9>*<134>H<134><247><13><1><9><1><22><18>[EMAIL
PROTECTED]<129
><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><210>)<16><241><156>q/U<17>D5R<175><
200><219>eP)m*Z<29><152>K7<150><201>"I<159><192>g<6><146><241>
EAP-Message =
<208><161>wu<242><137>y"l=<194><0><242><159><214><18>l<251><216>-<136>=;v<232>
<204>j<158>9<160><29><142><181>
<186><146>b<165><132><210><232>]<140><139><197>T<214><195><241>Jov<2><201>Q<174><237>P<191><240>]<186><243><178><201><203><133><19><
134><134>X<227>L<208><253>4<127>M<156><190>KhG<19><238>i<234><249><249><203><172>L<223><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>
%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129><129><0>V,<185><133>c<156>K*<5><235>
<184><133><9>f<160><252><137><202>~2<232><22><221><146><208><180><135>x<214>
<3><173>xI<13><0><150>nsr%<29><254>;<202><166><185><149
><192><143>^<208><237><236><<220><143><30><173><24><187><172>L<194><161>x<221>o<16><167><174><226>4<183><171><226><180><4><161><185>
'<228><155><145><16><222><219><150><149><12><151><203><149><142>@<175>`<141><0>k<247><18>a<235>w<221><152><134><188>j
EAP-Message =
y:<208><234><149><167><129><30>5<21><180><228><239><216><1><232>R<0><3>u0<130><3>q0<130><2><218><160><3><2><1>
<2><2><1><0>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0>0<129><136>1<11>0<9><6><3>U<4><6><19><2>US1<19>0<17><6><3>U<4><8><19><10>
Washington1<16>0<14><6><3>U<4><7><19><7>Seattle1<16>0<14><6><3>U<4><10><19><7>FHCRCIT1<11>0<9><6><3>U<4><11><19><2>IT1<16>0<14><6><3
>U<4><3><19><7>FHCRCIT1!0<31><6><9>*<134>H<134><247><13><1><9><1><22><18>[EMAIL
>PROTECTED]<30><23><13>030318185024Z<23><13>0503171
85024Z0<129><136>1<11>0<9><6><3>U<4><6><19><2>US1<19>0<17><6><3>U<4><8><19><10>Wash
EAP-Message = ington1<16>0<14><6><3>U<4><7><19><7>Seatt
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 20 09:24:45 2003: DEBUG: Packet dump:
*** Received from 140.107.50.90 port 1645 ....
Code: Access-Request
Identifier: 199
Authentic: \I<174><249><2><226>5:s<192><143><254>{<245><203><142>
Attributes:
User-Name = "kkawakub"
Framed-MTU = 1400
Called-Station-Id = "0002.8a21.8f18"
Calling-Station-Id = "0030.6506.d287"
NAS-Port-Type = 19
Message-Authenticator = HD<1>l<214>\F<251>JMK(2U<1><240>
EAP-Message = <2><4><0><6><21><0>
NAS-Port-Type = Virtual
NAS-Port = 51
Service-Type = Login-User
NAS-IP-Address = 140.107.50.90
NAS-Identifier = "test-eap "
Thu Mar 20 09:24:45 2003: DEBUG: Handling request with Handler ''
Thu Mar 20 09:24:45 2003: DEBUG: Deleting session for kkawakub, 140.107.50.90, 51
Thu Mar 20 09:24:45 2003: DEBUG: Handling with Radius::AuthFILE: CheckFILEthenPAM
Thu Mar 20 09:24:45 2003: DEBUG: Handling with EAP: code 2, 4, 6
Thu Mar 20 09:24:45 2003: DEBUG: Response type 21
Thu Mar 20 09:24:45 2003: DEBUG: Access challenged for kkawakub: EAP TTLS Challenge
Thu Mar 20 09:24:45 2003: DEBUG: Packet dump:
*** Sending to 140.107.50.90 port 1645 ....
Code: Access-Challenge
Identifier: 199
Authentic: \I<174><249><2><226>5:s<192><143><254>{<245><203><142>
Attributes:
EAP-Message =
<1><5><3><27><21><0>le1<16>0<14><6><3>U<4><10><19><7>FHCRCIT1<11>0<9><6><3>U<4><11><19><2>IT1<16>0<14><6><3>U<
4><3><19><7>FHCRCIT1!0<31><6><9>*<134>H<134><247><13><1><9><1><22><18>[EMAIL
PROTECTED]<129><159>0<13><6><9>*<134>H<134><247><13><
1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><170>d<198>(i<251>$<229><1><2>EH<6>T<134><128><203><168>a|0<210><154><150>
]n<6>6<206><11><184><186>`s<213><22><211><217><255><30><188><229><6><141><253><131><4><22><8>id<227>F<156><166>~<167>3<232><149><206
>b<140>P<207><254><196>%<228><226><163><4><150><183><255><137><191><5>7M<135><201><216><16><242>'<190><178><30><135><26><253><5><191
>+<252><132><246><205><199><225>x<247><142><127>&W?<178><148>9<179>?]A<157>/g<169><225><222><219><28><146>V<211><5><2><3><1><0>
EAP-Message =
<1><163><129><232>0<129><229>0<29><6><3>U<29><14><4><22><4><20><141><200>\<231>W<246><236><157><131>=r<243><13
><181><9><210><144><245><226><231>0<129><181><6><3>U<29>#<4><129><173>0<129><170><128><20><141><200>\<231>W<246><236><157><131>=r<24
3><13><181><9><210><144><245><226><231><161><129><142><164><129><139>0<129><136>1<11>0<9><6><3>U<4><6><19><2>US1<19>0<17><6><3>U<4><
8><19><10>Washington1<16>0<14><6><3>U<4><7><19><7>Seattle1<16>0<14><6><3>U<4><10><19><7>FHCRCIT1<11>0<9><6><3>U<4><11><19><2>IT1<16>
0<14><6><3>U<4><3><19><7>FHCRCIT1!0<31><6><9>*<134>H<134><247><13><1><9><1><22><18>[EMAIL
PROTECTED]<130><1><0>0<12><6><3>U<29><19>
<4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><4><5><0><3><129>
EAP-Message =
<129><0>A<4><155><194><211><166>`<230><203><254>"<252><136><21><133><228><168>N(<159><199><220>o<144><175>
<15
7><255>8;<4>b<1>,<224><8>:t<227><172><136>Tp<203><253><152>?<137><24><148>X<218>z<254><10>j<215>9<21><225>:S<230><4>%0|iV<145>;<218>
k7<212><219><238><2><243>F<11>CS<127><199><180><136><246><5>^
<170>9Um<230><227><26><4>{<236><171><207><210><201>s<194><174><236><20
><152>3<234>q<181><200><146><129>)h1<154><248><131>P.<130><252><22><3><1><0><154><13><0><0><146><2><1><2><0><141><0><139>0<129><136>
1<11>0<9><6><3>U<4><6><19><2>US1<19>0<17><6><3>U<4><8><19><10>Washington1<16>0<14><6><3>U<4><7><19><7>Seattle1<16>0<14><6><3>U<4><10
><19><7>FHCRCIT1<11>0<9><6><3>U<4><11><19><2>IT1<16>0<14><6><3>U<4><3><19><7>FHCRCIT1!0
EAP-Message = <31><6><9>*<134>H<134><247><13><1><9><1><22><18>[EMAIL
PROTECTED]<14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 20 09:24:45 2003: DEBUG: Packet dump:
*** Received from 140.107.50.90 port 1645 ....
Code: Access-Request
Identifier: 200
Authentic: <176><177>Mt0v<9><246><174>2a6<215><161><158><204>
Attributes:
User-Name = "kkawakub"
Framed-MTU = 1400
Called-Station-Id = "0002.8a21.8f18"
Calling-Station-Id = "0030.6506.d287"
NAS-Port-Type = 19
Message-Authenticator = P<7><154><6><177>L<14><18><141><193><185>b<171>{<178>P
EAP-Message =
<2><5><0><212><21><128><0><0><0><202><22><3><1><0><7><11><0><0><3><0><0><0><22><3><1><0><134><16><0><0><130><0
><128>be-<129><139>N<128><170>Z<135><150><218>]<173>C<149><175><242>?<147>f<214><30><156><237>5<243><15>.Ii<212><207><152><204>T<225
><217><208><221><179>&<175><14>|&<252><200><127><184><133><248>]<200><198><187><253>#<248><240><191>|S<190><161><4><241><232><201>b}
-<167><175><241><133><174><217>q7<164><134><29><172><242>9U<250>R<232><127><205><236><131><194><242><8><238><158><250><238><217>wP<2
0>[FU<162><235><195><174>pU<14>#<13>v<147><129>.<157><159><20>k<210><25><165><20><3><1><0><1><1><22><3><1><0>(d<136><244><231><228><
130><156><236><213>p<227>pz<145><144>_+<204><220><211><227><156><24><12><134>;l\)Gr)<187>g<176><180><136>L<237>5
NAS-Port-Type = Virtual
NAS-Port = 51
Service-Type = Login-User
NAS-IP-Address = 140.107.50.90
NAS-Identifier = "test-eap "
Thu Mar 20 09:24:45 2003: DEBUG: Handling request with Handler ''
Thu Mar 20 09:24:45 2003: DEBUG: Deleting session for kkawakub, 140.107.50.90, 51
Thu Mar 20 09:24:45 2003: DEBUG: Handling with Radius::AuthFILE: CheckFILEthenPAM
Thu Mar 20 09:24:45 2003: DEBUG: Handling with EAP: code 2, 5, 212
Thu Mar 20 09:24:45 2003: DEBUG: Response type 21
Thu Mar 20 09:24:45 2003: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Thu Mar 20 09:24:45 2003: DEBUG: Access challenged for kkawakub: EAP TTLS Challenge
Thu Mar 20 09:24:45 2003: DEBUG: Packet dump:
*** Sending to 140.107.50.90 port 1645 ....
Code: Access-Challenge
Identifier: 200
Authentic: <176><177>Mt0v<9><246><174>2a6<215><161><158><204>
Attributes:
EAP-Message =
<1><6><0>=<21><128><0><0><0>3<20><3><1><0><1><1><22><3><1><0>(2z<169><27><19><237><193>^<137>4_<131>;<208><149
><31>k<191>8<187><131>_r<136><202>2<253><210>G'53)q<141>K<187><9><214><165>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Thu Mar 20 09:24:45 2003: DEBUG: Packet dump:
*** Received from 140.107.50.90 port 1645 ....
Code: Access-Request
Identifier: 201
Authentic: <230>T<128><154>v<161><18><233><199>{T<177>uQ8C
Attributes:
User-Name = "kkawakub"
Framed-MTU = 1400
Called-Station-Id = "0002.8a21.8f18"
Calling-Station-Id = "0030.6506.d287"
NAS-Port-Type = 19
Message-Authenticator = +<211><213><9><132><252><215><248>3<245>M |<197><180>c
EAP-Message =
<2><6><0>h<21><0><23><3><1><0><24><137>3-3K<234>;W<216>83<180>-<17><197><174>G<241><248><23><230><230>HD<23><3
><1><0>@<173>O*#<23><234><200><157>N5<175><135>
>!-<9>N1<146>}<191><199><178><145><148>{<3><221><216>D<207><156>2<1>R,R<10>d<177><130
><186>[<157><160><26><165>H<218><223><145><2><236><236><251><165>#<236><238><195>D><128><211>
NAS-Port-Type = Virtual
NAS-Port = 51
Service-Type = Login-User
NAS-IP-Address = 140.107.50.90
NAS-Identifier = "test-eap "
Thu Mar 20 09:24:45 2003: DEBUG: Handling request with Handler ''
Thu Mar 20 09:24:45 2003: DEBUG: Deleting session for kkawakub, 140.107.50.90, 51
Thu Mar 20 09:24:45 2003: DEBUG: Handling with Radius::AuthFILE: CheckFILEthenPAM
Thu Mar 20 09:24:45 2003: DEBUG: Handling with EAP: code 2, 6, 104
Thu Mar 20 09:24:45 2003: DEBUG: Response type 21
Thu Mar 20 09:24:45 2003: DEBUG: EAP TTLS inner authentication request for kkawakub
Thu Mar 20 09:24:45 2003: DEBUG: TTLS Tunnelled Diameter Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <220><248>Z7<179>hT-<145><22>0<229><140><9><0><241>
Attributes:
User-Name = "kkawakub"
User-Password = "xxxxxx"
Thu Mar 20 09:24:45 2003: DEBUG: Handling request with Handler 'TunnelledByTTLS=1'
Thu Mar 20 09:24:45 2003: DEBUG: Deleting session for , 140.107.50.90,
Thu Mar 20 09:24:45 2003: DEBUG: Handling with PAM service radiator
Thu Mar 20 09:24:45 2003: DEBUG: PAM is asking for 1: 'Password'
Thu Mar 20 09:24:45 2003: DEBUG: Access accepted for kkawakub
Thu Mar 20 09:24:45 2003: DEBUG: Access accepted for kkawakub
Thu Mar 20 09:24:45 2003: DEBUG: Packet dump:
*** Sending to 140.107.50.90 port 1645 ....
Code: Access-Accept
Identifier: 201
Authentic: <230>T<128><154>v<161><18><233><199>{T<177>uQ8C
Attributes:
MS-MPPE-Send-Key =
"<177><155><247><213><15>^<172>/"4_<237><15><234>8k<211><243>Mwa<235><28><138><251><186>e<18><181>iy<198>
#<150><184><22>2n<17>uA<240>_<255>_k<208>7O<233>"
MS-MPPE-Recv-Key =
"<202><20><233><160><<180><16><212>O,<200><127><249>w<137>I<209><175>3u<11>0<145><211><235><255>k<193>_@<
27><11><164><1>.<145><240>B(<253><137>N<22><153>!<21><231>+<160>s"
EAP-Message = <3><6><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
