Encountering an odd issue with MSCHAPv2/PEAP I have 2 Radiator instances – one based on Debian 5, one on Ubuntu 10.04LTS. They share a config file (barring secrets), and the Debian one works fine. There is a difference in patch level – If I remember correctly, the Debian install is a few patches out of date.
The Ubuntu one accepts PAP, TTLS/PAP and TTLS/MSCHAPv2, but PEAP/MSCHAPv2 fails. The system is authenticated against active directory - ntlm–auth --request-nt-key works. The only thing that stands out in the proxied trace is the MD5 failure - libdigest–md5-perl is installed (as far as I know) and seems to be used: root@orps3:/var/log/radiator# lsof -p 1488 | grep -i md5 radiusd 1488 root mem REG 251,3 18640 525298 /usr/lib/perl/5.10.1/auto/Digest/MD5/MD5.so The direct trace is just weird – NTLM_AUTH seems to give the OK, then… Nothing. Any suggestions anyone has are appreciated. Adam Bishop --- Config --- AcctPort 1813 AuthPort 1812 BindAddress 0.0.0.0 DbDir /etc/radiator/ DictionaryFile /etc/radiator/dictionary,/etc/radiator/dictionary.aerohive Foreground 0 Group radiator LicenseOwner UKERNA LivingstonHole 2 LivingstonMIB .iso.org.dod.internet.private.enterprises.307 LivingstonOffs 29 LogDir /var/log/radiator/ LogFile %L/logfile LogStdout 1 MaxChildren 0 PidFile %L/radiusd.pid PmwhoProg /usr/local/sbin/pmwho SnmpNASErrorTimeout 60 SnmpgetProg /usr/bin/snmpget SnmpsetProg /usr/bin/snmpset SnmpwalkProg /usr/bin/snmpwalk Trace 4 <Client 193.63.63.101> DupInterval 10 FramedGroupMaxPortsPerClassC 255 LivingstonHole 2 LivingstonOffs 29 NasType unknown SNMPCommunity public Secret </Client> <Client 193.63.63.102> DupInterval 10 FramedGroupMaxPortsPerClassC 255 LivingstonHole 2 LivingstonOffs 29 NasType unknown SNMPCommunity public Secret </Client> <Client 193.63.63.103> DupInterval 10 FramedGroupMaxPortsPerClassC 255 Identifier HiveAP1 LivingstonHole 2 LivingstonOffs 29 NasType unknown NoIgnoreDuplicates SNMPCommunity public Secret </Client> <Client 193.63.63.104> DupInterval 10 FramedGroupMaxPortsPerClassC 255 Identifier HiveAP1 LivingstonHole 2 LivingstonOffs 29 NasType unknown NoIgnoreDuplicates SNMPCommunity public Secret </Client> <Client roaming0.ja.net> DupInterval 10 FramedGroupMaxPortsPerClassC 255 LivingstonHole 2 LivingstonOffs 29 NasType unknown NoIgnoreDuplicates SNMPCommunity public Secret </Client> <Client roaming1.ja.net> DupInterval 10 FramedGroupMaxPortsPerClassC 255 LivingstonHole 2 LivingstonOffs 29 NasType unknown NoIgnoreDuplicates SNMPCommunity public Secret </Client> <Client roaming2.ja.net> DupInterval 10 FramedGroupMaxPortsPerClassC 255 LivingstonHole 2 LivingstonOffs 29 NasType unknown NoIgnoreDuplicates SNMPCommunity public Secret </Client> <Handler TunnelledByPEAP = 1> AuthByPolicy ContinueWhileIgnore RejectHasReason 1 <AuthBy NTLM> AutoMPPEKeys 1 CachePasswordExpiry 86400 DomainFormat %0 EAPAnonymous anonymous EAPContextTimeout 1000 EAPFAST_PAC_Lifetime 7776000 EAPFAST_PAC_Reprovision 2592000 EAPTLS_CAFile %D/certificates/demoCA/cacert.pem EAPTLS_CertificateFile %D/certificates/cert-srv.pem EAPTLS_CertificateType PEM EAPTLS_MaxFragmentSize 1000 EAPTLS_PEAPBrokenV1Label 1 EAPTLS_PEAPVersion 1 EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem EAPTLS_PrivateKeyPassword whatever EAPTLS_SessionResumption 1 EAPTLS_SessionResumptionLimit 43200 EAPTLS_VerifyDepth 1 EAPType PEAP EAPType TTLS EAPType MSCHAP-V2 EAPType MD5-Challenge NoDefault 1 NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 PasswordPrompt password SIPDigestRealm DefaultSipRealm UsernameFormat %0 UsernameMatchesWithoutRealm 1 </AuthBy> </Handler> <Handler Realm = dev.ja.net> AuthByPolicy ContinueWhileIgnore RejectHasReason 1 <AuthBy NTLM> AutoMPPEKeys 1 CachePasswordExpiry 86400 DomainFormat %0 EAPAnonymous anonymous EAPContextTimeout 1000 EAPFAST_PAC_Lifetime 7776000 EAPFAST_PAC_Reprovision 2592000 EAPTLS_CAFile %D/certificates/demoCA/cacert.pem EAPTLS_CertificateFile %D/certificates/cert-srv.pem EAPTLS_CertificateType PEM EAPTLS_MaxFragmentSize 1000 EAPTLS_PEAPBrokenV1Label 1 EAPTLS_PEAPVersion 1 EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem EAPTLS_PrivateKeyPassword whatever EAPTLS_SessionResumption 1 EAPTLS_SessionResumptionLimit 43200 EAPTLS_VerifyDepth 1 EAPType PEAP EAPType TTLS EAPType MSCHAP-V2 EAPType MD5-Challenge NoDefault 1 NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 PasswordPrompt password SIPDigestRealm DefaultSipRealm UsernameFormat %0 UsernameMatchesWithoutRealm 1 </AuthBy> </Handler> <ServerHTTP > AuditTrail %D/audit.txt AuthByPolicy ContinueWhileIgnore BindAddress 0.0.0.0 DefaultPrivilegeLevel 15 LogMaxLines 500 MaxBufferSize 100000 Port 9048 Protocol tcp SessionTimeout 3600 TLS_CAFile ./certificates/demoCA/cacert.pem TLS_CertificateFile ./certificates/cert-srv.pem TLS_CertificateType PEM TLS_ExpectedPeerName .+ TLS_PrivateKeyFile ./certificates/cert-srv.pem TLS_PrivateKeyPassword whatever Trace 4 <AuthBy NTLM> CachePasswordExpiry 86400 DomainFormat %0 EAPAnonymous anonymous EAPContextTimeout 1000 EAPFAST_PAC_Lifetime 7776000 EAPFAST_PAC_Reprovision 2592000 EAPTLS_MaxFragmentSize 2048 EAPTLS_PEAPVersion 1 EAPTLS_SessionResumption 1 EAPTLS_SessionResumptionLimit 43200 EAPTLS_VerifyDepth 1 NoDefault 1 NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 PasswordPrompt password SIPDigestRealm DefaultSipRealm UsernameFormat %0 </AuthBy> </ServerHTTP> <StatsLog FILE> Filename %L/statistics Interval 600 </StatsLog> --- Proxied Trace 4 --- *** Received from 194.82.174.185 port 63780 .... Code: Access-Request Identifier: 75 Authentic: @<225>`?+<22>e<130>K<18><10>e<<183><31>v Attributes: User-Name = "j...@dev.ja.net<mailto:j...@dev.ja.net>" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-IEEE-802-11 Connect-Info = "JANET Roaming test" EAP-Message = <2><0><0><19><1>j...@dev.ja.net<mailto:j...@dev.ja.net> Message-Authenticator = 9<193><130>N<26><173><23><234><183>9<221><239><164>?Yi Proxy-State = OSC-Extended-Id=75 Tue Feb 1 11:26:48 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier '' Tue Feb 1 11:26:48 2011: DEBUG: Deleting session for j...@dev.ja.net<mailto:j...@dev.ja.net>, 127.0.0.1, Tue Feb 1 11:26:48 2011: DEBUG: Handling with Radius::AuthNTLM: Tue Feb 1 11:26:48 2011: DEBUG: Handling with EAP: code 2, 0, 19, 1 Tue Feb 1 11:26:48 2011: DEBUG: Response type 1 Tue Feb 1 11:26:48 2011: DEBUG: EAP result: 3, EAP PEAP Challenge Tue Feb 1 11:26:48 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge Tue Feb 1 11:26:48 2011: DEBUG: Access challenged for j...@dev.ja.net<mailto:j...@dev.ja.net>: EAP PEAP Challenge Tue Feb 1 11:26:48 2011: DEBUG: Packet dump: *** Sending to 194.82.174.185 port 63780 .... Code: Access-Challenge Identifier: 75 Authentic: <138>!<13><159><140>A[+Z<210>U<30>A<130><212><199> Attributes: EAP-Message = <1><1><0><6><25>! Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Proxy-State = OSC-Extended-Id=75 Tue Feb 1 11:26:49 2011: DEBUG: Packet dump: *** Received from 194.82.174.185 port 63780 .... Code: Access-Request Identifier: 76 Authentic: VU'<198><158><253>P><213><221><29>[<153><9><203>: Attributes: User-Name = "j...@dev.ja.net<mailto:j...@dev.ja.net>" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-IEEE-802-11 Connect-Info = "JANET Roaming test" EAP-Message = <2><1><0>l<25><1><22><3><1><0>a<1><0><0>]<3><1>MG<237><148>~<1>v<4><164>p<154><199><175><19>$<31>E<243><hd<4><192><245><11><6>/<228>8E<173><0><0><0>6<0>9<0>8<0>5<0><22><0><19><0><10><0>3<0>2<0>/<0>f<0><5><0><4><0>c<0>b<0>a<0><21><0><18><0><9><0>e<0>d<0>`<0><20><0><17><0><8><0><6><0><3><0><255><1><0> Message-Authenticator = <23>G<208><23>Zrk<138>f<195><191>)<164>-<147>X Proxy-State = OSC-Extended-Id=76 Tue Feb 1 11:26:49 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier '' Tue Feb 1 11:26:49 2011: DEBUG: Deleting session for j...@dev.ja.net<mailto:j...@dev.ja.net>, 127.0.0.1, Tue Feb 1 11:26:49 2011: DEBUG: Handling with Radius::AuthNTLM: Tue Feb 1 11:26:49 2011: DEBUG: Handling with EAP: code 2, 1, 108, 25 Tue Feb 1 11:26:49 2011: DEBUG: Response type 25 Tue Feb 1 11:26:49 2011: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576 Tue Feb 1 11:26:49 2011: DEBUG: EAP result: 3, EAP PEAP Challenge Tue Feb 1 11:26:49 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge Tue Feb 1 11:26:49 2011: DEBUG: Access challenged for j...@dev.ja.net<mailto:j...@dev.ja.net>: EAP PEAP Challenge Tue Feb 1 11:26:49 2011: DEBUG: Packet dump: *** Sending to 194.82.174.185 port 63780 .... Code: Access-Challenge Identifier: 76 Authentic: <168><22><192>Y<0>9<161><178>k<179><186>c^<17><224>$ Attributes: EAP-Message = <1><2><3><242><25><193><0><0><7><185><22><3><1><0>Q<2><0><0>M<3><1>MG<237><249>1<17><150><209><227><23><154>R<143>O<173>h<28><141>C<193><154><138><177><151>#C<187><4><225><140><170>p QSs<184><194>-<31><254><145>Zd<9>+<156><185>J<225><17>\Ac<213><251><195>t0<21><183><134><254>E<154><0>5<0><0><5><255><1><0><1><0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certific EAP-Message = ate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mi...@open.com.au0<mailto:mi...@open.com.au0><30><23><13>100128213155Z<23><13>120128213155Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1%0#<6> EAP-Message = <3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><203>?(<193><229><128><183><136>q<166><202><21><168><224><157>M<139><204>{<209><131><10><156><164><254>Z<214><231><254>g<245>+y~<210><147><171><8><131><143><139><186>{<221><224>)<161>`<140>z<193><247><244><210><152><149><4><204><225><139><204><159><29><1><12><162><219><142><176>)/<189><163>vV<208><250><213><212><144><137><211><207><10><215><19><206><14><228>umT<7><239><198>_Y<231><197><202><14><166><211><145><181><226><226>|<201>E<128>F<165><189><<250><20><18><227>6t<243><177>ZNv<133><153><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><30><137>N<139><212>><249><25><151><161>N<31><183> EAP-Message = <246><141>'<233>V<198><203><206><146>9*<19><219>0<28><209><244>e<17><199>`<236>g<189>q<<200><185>{<219><252><31>+<245><10><208>M<181>!<248><20><1>K)E<2><158><128>#<169><162><179><224>W08<19><<16>ts<226>~<11>4<8><251>!d<201><223><230>~E<133><166>r<0>:<19>4<206>D<136>8<232>n<26><195>v<13><192>&ws<175>n@0D<175><29>E<162>:<239>d <17>?<153><184>C4?<0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><249><170>@<232><246>7<146>$0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Proxy-State = OSC-Extended-Id=76 Tue Feb 1 11:26:49 2011: DEBUG: Packet dump: *** Received from 194.82.174.185 port 63780 .... Code: Access-Request Identifier: 77 Authentic: <205>|<21><254>x<148>i'a<17><10><131><158>|<178>w Attributes: User-Name = "j...@dev.ja.net<mailto:j...@dev.ja.net>" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-IEEE-802-11 Connect-Info = "JANET Roaming test" EAP-Message = <2><2><0><6><25><1> Message-Authenticator = <179><128><9><149><215><203>r<154>I<136><239>_<219><247>HW Proxy-State = OSC-Extended-Id=77 Tue Feb 1 11:26:49 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier '' Tue Feb 1 11:26:49 2011: DEBUG: Deleting session for j...@dev.ja.net<mailto:j...@dev.ja.net>, 127.0.0.1, Tue Feb 1 11:26:49 2011: DEBUG: Handling with Radius::AuthNTLM: Tue Feb 1 11:26:49 2011: DEBUG: Handling with EAP: code 2, 2, 6, 25 Tue Feb 1 11:26:49 2011: DEBUG: Response type 25 Tue Feb 1 11:26:49 2011: DEBUG: EAP result: 3, EAP PEAP Challenge Tue Feb 1 11:26:49 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge Tue Feb 1 11:26:49 2011: DEBUG: Access challenged for j...@dev.ja.net<mailto:j...@dev.ja.net>: EAP PEAP Challenge Tue Feb 1 11:26:49 2011: DEBUG: Packet dump: *** Sending to 194.82.174.185 port 63780 .... Code: Access-Challenge Identifier: 77 Authentic: <241>|<17><233><129>ye<255>8y}zrY<14><185> Attributes: EAP-Message = <1><3><3><215><25><1><4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mi...@open.com.au0<mailto:mi...@open.com.au0><30><23><13>100128213155Z<23><13>120128213155Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test C EAP-Message = ertificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mi...@open.com.au0<mailto:mi...@open.com.au0><129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><221><135><194>,<1>U3|N'<174><232><18>VB6<20><197>'x<167><242><198>I<253>[<184>:<254><240><168><221>Se><13><130><251><23> <4><29> q#<228><181>#<236>9<182>0Q<253><0><227>eL<190>6K<4>8<240>L<178><255>^IS_T)n<206><147>%<251><255>o<229><128><30><140><14><149><22><21>+Yf<128><155><190><241><153>:<226>;<219><240><182>#<151><209>|<141><223><128>w<213>@<14><206><228> <203><132><0>w<134><255>Q EAP-Message = hd<12><190>9<2><3><1><0><1><163><130><1>30<130><1>/0<29><6><3>U<29><14><4><22><4><20><151>NFk<218><183>Rv/<18>-<225>P<190>E<209><205><183> p0<129><255><6><3>U<29>#<4><129><247>0<129><244><128><20><151>NFk<218><183>Rv/<18>-<225>P<190>E<209><205><183> p<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in pr EAP-Message = oduction)1 0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mi...@open.com.au<mailto:mi...@open.com.au><130><9><0><249><170>@<232><246>7<146>$0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>y<18>9X<176><<236><203><168><151><202><144><201>Q$<166><217><249><17>|<163>8<129><232>dr<236><211><240>WP<162>B<157><250>9<224><152>JA<213><127>><247>:<227><191><18><232>u,<172><237><188>?<8><239>E<239>m<203><152><10>`<18>V$<184><7><205><137><138>p<139><152><240><20><3>{<150>7<156><193><4><153><190><8><216><173><9><185>9<158><211>^ex<144><208><128><251>+<15><146>KQ<249><234><171><3><14>2<206><9>K<220><201>f<159>f<~<149><21>c<227>V<203><22><3><1><0><4><14><0><0><0> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Proxy-State = OSC-Extended-Id=77 Tue Feb 1 11:26:49 2011: DEBUG: Packet dump: *** Received from 194.82.174.185 port 63780 .... Code: Access-Request Identifier: 78 Authentic: <185>H<26>y<3><222><157>G<194><132>,w<2><19>3<246> Attributes: User-Name = "j...@dev.ja.net<mailto:j...@dev.ja.net>" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-IEEE-802-11 Connect-Info = "JANET Roaming test" EAP-Message = <2><3><0><204><25><1><22><3><1><0><134><16><0><0><130><0><128><195><200>Mk<158><208>h<132>6<227><169><186>if<135>3<142>v/<175><199><203><246><128><129><181>F"NN<159><140>|<184><238>3<18>v<131>=q<171><182><6><145><199><5><29>3sb<20><164>$<247>3<193>g<246>N<201><31><27><135><163>3t<213><29><203>KC<194><222>d|<131><131>P<182><236><21><178><245>i<186><207>Z<128><23><148><184><202><1><144><143><185><182><141><25>g<26><165><171><161>5o<21>({<188><176><190><241>C<174><226><24>:`<164>'\<23>s<232>@L<20><3><1><0><1><1><22><3><1><0>0<217><147><193>5<169>co<235><136>rc<234>>|<<31><134><162>z<20>54<12><21>YX7<132>C5<138><206><14><197>!<12>2<203><178><237><22><25><232><222>Au<215><163> Message-Authenticator = <191><166><210>0<230>m<245><192>+<210><132>.<255><171><31><250> Proxy-State = OSC-Extended-Id=78 Tue Feb 1 11:26:49 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier '' Tue Feb 1 11:26:49 2011: DEBUG: Deleting session for j...@dev.ja.net<mailto:j...@dev.ja.net>, 127.0.0.1, Tue Feb 1 11:26:49 2011: DEBUG: Handling with Radius::AuthNTLM: Tue Feb 1 11:26:49 2011: DEBUG: Handling with EAP: code 2, 3, 204, 25 Tue Feb 1 11:26:49 2011: DEBUG: Response type 25 Tue Feb 1 11:26:49 2011: DEBUG: EAP TLS SSL_accept result: 1, 0, 3 Tue Feb 1 11:26:49 2011: DEBUG: EAP result: 3, EAP PEAP Challenge Tue Feb 1 11:26:49 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge Tue Feb 1 11:26:49 2011: DEBUG: Access challenged for j...@dev.ja.net<mailto:j...@dev.ja.net>: EAP PEAP Challenge Tue Feb 1 11:26:49 2011: DEBUG: Packet dump: *** Sending to 194.82.174.185 port 63780 .... Code: Access-Challenge Identifier: 78 Authentic: <247>r<242>Er<177><136>rV<135><5><249>M_m` Attributes: EAP-Message = <1><4><0>E<25><129><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0$uLY]<21><134>\<249><243><253><148><135>^<165>6<28><6><229>F<168><252>U<152><183><181>.<219><174>?Qo<160>q<2><184><150><<237><198><14><0><155>U<153>,<240><24> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Proxy-State = OSC-Extended-Id=78 Tue Feb 1 11:26:50 2011: DEBUG: Packet dump: *** Received from 194.82.174.185 port 63780 .... Code: Access-Request Identifier: 79 Authentic: Pa_ua<7>N<184>8<192>~p?6<29>; Attributes: User-Name = "j...@dev.ja.net<mailto:j...@dev.ja.net>" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-IEEE-802-11 Connect-Info = "JANET Roaming test" EAP-Message = <2><4><0><6><25><1> Message-Authenticator = <151><11><9><208>f<168><228>]MC<15><128><250><144><223><241> Proxy-State = OSC-Extended-Id=79 Tue Feb 1 11:26:50 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier '' Tue Feb 1 11:26:50 2011: DEBUG: Deleting session for j...@dev.ja.net<mailto:j...@dev.ja.net>, 127.0.0.1, Tue Feb 1 11:26:50 2011: DEBUG: Handling with Radius::AuthNTLM: Tue Feb 1 11:26:50 2011: DEBUG: Handling with EAP: code 2, 4, 6, 25 Tue Feb 1 11:26:50 2011: DEBUG: Response type 25 Tue Feb 1 11:26:50 2011: DEBUG: EAP result: 3, EAP PEAP Challenge Tue Feb 1 11:26:50 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge Tue Feb 1 11:26:50 2011: DEBUG: Access challenged for j...@dev.ja.net<mailto:j...@dev.ja.net>: EAP PEAP Challenge Tue Feb 1 11:26:50 2011: DEBUG: Packet dump: *** Sending to 194.82.174.185 port 63780 .... Code: Access-Challenge Identifier: 79 Authentic: <202>W7t<241><214><201>lq<26><231><236><149><152><146><234> Attributes: EAP-Message = <1><5><0>+<25><1><23><3><1><0> <4><131><135><207><180>DK<168><212><230>'<183><134><178><202>:<146>K<26><178><194><177><12><203>50<185>F<31>0<201><238> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Proxy-State = OSC-Extended-Id=79 Tue Feb 1 11:26:50 2011: DEBUG: Packet dump: *** Received from 194.82.174.185 port 63780 .... Code: Access-Request Identifier: 80 Authentic: .<4><220><255><234>X<213>lEB<234><176>Y<228><164>A Attributes: User-Name = "j...@dev.ja.net<mailto:j...@dev.ja.net>" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-IEEE-802-11 Connect-Info = "JANET Roaming test" EAP-Message = <2><5><0>`<25><1><23><3><1><0> <154>ut<138>pwf<218>gf:4bm9P<191><128><24><144><240>U<153>I<199><201><224><220><137><185><6>S<23><3><1><0>0<6>Q<27><22>:*<176>@<185><26><143><209><185>_<8><212>|<14><172><138><173><242>q<161><31>QT;&<149>@"<149><3>S<147><244><139><235><133>1<157><211>o<26><220><170><233> Message-Authenticator = <221>\#A<169>J<142><192>F<145><164>S<137><154><199><13> Proxy-State = OSC-Extended-Id=80 Tue Feb 1 11:26:50 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier '' Tue Feb 1 11:26:50 2011: DEBUG: Deleting session for j...@dev.ja.net<mailto:j...@dev.ja.net>, 127.0.0.1, Tue Feb 1 11:26:50 2011: DEBUG: Handling with Radius::AuthNTLM: Tue Feb 1 11:26:50 2011: DEBUG: Handling with EAP: code 2, 5, 96, 25 Tue Feb 1 11:26:50 2011: DEBUG: Response type 25 Tue Feb 1 11:26:50 2011: DEBUG: EAP PEAP inner authentication request for anonymous Tue Feb 1 11:26:50 2011: DEBUG: PEAP Tunnelled request Packet dump: Code: Access-Request Identifier: UNDEF Authentic: <216><183><31><249><161><145>zv<195><31>bLY<139><23>o Attributes: EAP-Message = <2><0><0><19><1>j...@dev.ja.net<mailto:j...@dev.ja.net> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" User-Name = "anonymous" Tue Feb 1 11:26:50 2011: DEBUG: Handling request with Handler 'TunnelledByPEAP = 1', Identifier '' Tue Feb 1 11:26:50 2011: DEBUG: Deleting session for anonymous, 127.0.0.1, Tue Feb 1 11:26:50 2011: DEBUG: Handling with Radius::AuthNTLM: Tue Feb 1 11:26:50 2011: DEBUG: Handling with EAP: code 2, 0, 19, 1 Tue Feb 1 11:26:50 2011: DEBUG: Response type 1 Tue Feb 1 11:26:50 2011: DEBUG: EAP result: 3, EAP PEAP Challenge Tue Feb 1 11:26:50 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP Challenge Tue Feb 1 11:26:50 2011: DEBUG: Access challenged for anonymous: EAP PEAP Challenge Tue Feb 1 11:26:50 2011: DEBUG: Returned PEAP tunnelled packet dump: Code: Access-Challenge Identifier: UNDEF Authentic: <216><183><31><249><161><145>zv<195><31>bLY<139><23>o Attributes: EAP-Message = <1><1><0><6><25>! Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Tue Feb 1 11:26:50 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler Tue Feb 1 11:26:50 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler Tue Feb 1 11:26:50 2011: DEBUG: Access challenged for j...@dev.ja.net<mailto:j...@dev.ja.net>: EAP PEAP inner authentication redispatched to a Handler Tue Feb 1 11:26:50 2011: DEBUG: Packet dump: *** Sending to 194.82.174.185 port 63780 .... Code: Access-Challenge Identifier: 80 Authentic: (qU<214>X<229>4<192>G<161>e<242><21><179>5\ Attributes: EAP-Message = <1><6><0>+<25><1><23><3><1><0> <150><137><249><202><150><173><229><135>&i<182><169>X<198><15>><177>-`<202>NV/<138>hG|<14><204><207><241><128> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Proxy-State = OSC-Extended-Id=80 Tue Feb 1 11:26:50 2011: DEBUG: Packet dump: *** Received from 194.82.174.185 port 63780 .... Code: Access-Request Identifier: 81 Authentic: X;w<25><10><162><128>,<2>nJ<21><180><160><177><178> Attributes: User-Name = "j...@dev.ja.net<mailto:j...@dev.ja.net>" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-IEEE-802-11 Connect-Info = "JANET Roaming test" EAP-Message = <2><6><0>P<25><1><23><3><1><0> <231><201>o0\<145><8><216>)j<254>|<183><234>&<140><11>B$<174><8>p<221><204><163><239><180><128><191>`<208><245><23><3><1><0> <200><5><11><131><18>U:<232>%gZ<236><25><244><215>+<148><158><200>n<255><147><215><23><201>t2<211>.<149>5<171> Message-Authenticator = |<9>:<11><137>$i<221><137>"<135><171><22>$x<21> Proxy-State = OSC-Extended-Id=81 Tue Feb 1 11:26:50 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier '' Tue Feb 1 11:26:50 2011: DEBUG: Deleting session for j...@dev.ja.net<mailto:j...@dev.ja.net>, 127.0.0.1, Tue Feb 1 11:26:50 2011: DEBUG: Handling with Radius::AuthNTLM: Tue Feb 1 11:26:50 2011: DEBUG: Handling with EAP: code 2, 6, 80, 25 Tue Feb 1 11:26:50 2011: DEBUG: Response type 25 Tue Feb 1 11:26:50 2011: DEBUG: EAP PEAP inner authentication request for anonymous Tue Feb 1 11:26:50 2011: DEBUG: PEAP Tunnelled request Packet dump: Code: Access-Request Identifier: UNDEF Authentic: Q<187><20><21>I<198><218>+w<251><149><6><7>K<183>& Attributes: EAP-Message = <2><1><0><10><3><4><26><6><5><17> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" User-Name = "anonymous" Tue Feb 1 11:26:50 2011: DEBUG: Handling request with Handler 'TunnelledByPEAP = 1', Identifier '' Tue Feb 1 11:26:50 2011: DEBUG: Deleting session for anonymous, 127.0.0.1, Tue Feb 1 11:26:50 2011: DEBUG: Handling with Radius::AuthNTLM: Tue Feb 1 11:26:50 2011: DEBUG: Handling with EAP: code 2, 1, 10, 3 Tue Feb 1 11:26:50 2011: DEBUG: Response type 3 Tue Feb 1 11:26:50 2011: DEBUG: EAP Nak desires type 4 Tue Feb 1 11:26:50 2011: DEBUG: EAP result: 1, Desired EAP type MD5-Challenge (4) not permitted Tue Feb 1 11:26:50 2011: DEBUG: AuthBy NTLM result: REJECT, Desired EAP type MD5-Challenge (4) not permitted Tue Feb 1 11:26:50 2011: INFO: Access rejected for anonymous: Desired EAP type MD5-Challenge (4) not permitted Tue Feb 1 11:26:50 2011: DEBUG: Returned PEAP tunnelled packet dump: Code: Access-Reject Identifier: UNDEF Authentic: Q<187><20><21>I<198><218>+w<251><149><6><7>K<183>& Attributes: Reply-Message = "Desired EAP type MD5-Challenge (4) not permitted" Tue Feb 1 11:26:50 2011: DEBUG: EAP result: 3, EAP PEAP inner authentication redispatched to a Handler Tue Feb 1 11:26:50 2011: DEBUG: AuthBy NTLM result: CHALLENGE, EAP PEAP inner authentication redispatched to a Handler Tue Feb 1 11:26:50 2011: DEBUG: Access challenged for j...@dev.ja.net<mailto:j...@dev.ja.net>: EAP PEAP inner authentication redispatched to a Handler Tue Feb 1 11:26:50 2011: DEBUG: Packet dump: *** Sending to 194.82.174.185 port 63780 .... Code: Access-Challenge Identifier: 81 Authentic: '9<220><197>I<182><29>whiv"@<9>l<191> Attributes: EAP-Message = <1><7><0>+<25><1><23><3><1><0> <239>'%9t]<3><25><141><177><144><10>U@<195><27><160><227>2<217>'<166><237>J<131>z<134>.4<6><192><154> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Proxy-State = OSC-Extended-Id=81 Tue Feb 1 11:26:51 2011: DEBUG: Packet dump: *** Received from 194.82.174.185 port 63780 .... Code: Access-Request Identifier: 82 Authentic: <25>j<254>e<198>Ul<17><244><203><197><174><1><166><183><131> Attributes: User-Name = "j...@dev.ja.net<mailto:j...@dev.ja.net>" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-IEEE-802-11 Connect-Info = "JANET Roaming test" EAP-Message = <2><7><0>P<25><1><23><3><1><0> <224><2>t<159><193><252><178><244>&<247><217><194>Z<15><211><203><4><186><18><170><210>.}<207><160><255><250><20><2><147>n_<23><3><1><0> <138><132><130><191>`[P<237><154>:<<11><239>K<215><3><31><153>u<192><20><244>Z<19>}<8><4>8rA<134><173> Message-Authenticator = <169><180><28><188>3<230><153>"<241><220><141><138><19>N<20><144> Proxy-State = OSC-Extended-Id=82 Tue Feb 1 11:26:51 2011: DEBUG: Handling request with Handler 'Realm = dev.ja.net', Identifier '' Tue Feb 1 11:26:51 2011: DEBUG: Deleting session for j...@dev.ja.net<mailto:j...@dev.ja.net>, 127.0.0.1, Tue Feb 1 11:26:51 2011: DEBUG: Handling with Radius::AuthNTLM: Tue Feb 1 11:26:51 2011: DEBUG: Handling with EAP: code 2, 7, 80, 25 Tue Feb 1 11:26:51 2011: DEBUG: Response type 25 Tue Feb 1 11:26:51 2011: DEBUG: EAP result: 1, PEAP Authentication Failure Tue Feb 1 11:26:51 2011: DEBUG: AuthBy NTLM result: REJECT, PEAP Authentication Failure Tue Feb 1 11:26:51 2011: INFO: Access rejected for j...@dev.ja.net<mailto:j...@dev.ja.net>: PEAP Authentication Failure Tue Feb 1 11:26:51 2011: DEBUG: Packet dump: *** Sending to 194.82.174.185 port 63780 .... Code: Access-Reject Identifier: 82 Authentic: <24>4<157>i2<12>4s<200>7<1>YdZQ<162> Attributes: EAP-Message = <4><7><0><4> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Reply-Message = "PEAP Authentication Failure" Proxy-State = OSC-Extended-Id=82 JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
