Hello support, I am trying to authenticate against windows active directory with the AuthBy LSA. This goes well without using the group item. That means that the communication with the window domain is OK . When I use the group item I cannot get a good authentication. I am sure the user is a member of that specific group. I have also tried to authenticate against a local group on the machine where Radiator is running on. The result was the same. Ok without the group item and wrong with the group item. I hope you can help me to find what I am doing wrong? Or can I better use LDAP2 instead of LSA ? I have the radius.cfg and the log file attached with this message. This handler starts at line 40in the config file. In the log file the results of that handler starts at line 332.
Technical specs : Radiator is running on a VM ware server with windows server 2003 this is our test server. The windows domain controller is running under window 2008 R2 server. I use activestate perl and installed the Win32-Lsa.ppd Also the security policy (SE_TCB_PRIVILEGE) is enabled for the user Radiator is running. We are using EAP PEAP with MSCHAPv2 My regards, R.D.Runia ICT expert datacommunicatie Directoraat ICT LUMC tel +31 71-5262616
Mon Mar 3 16:19:21 2014: DEBUG: Finished reading configuration file
'C:\Program Files\Radiator\radius.cfg'
Mon Mar 3 16:19:21 2014: DEBUG: Reading dictionary file 'c:/Program
Files/Radiator/dictionary'
Mon Mar 3 16:19:21 2014: INFO: This Perl installation can handle IPv6
attributes in binary format only. IPv6 sockets are not supported. Consider
installing Socket6.pm for full IPv6 support.
Mon Mar 3 16:19:21 2014: DEBUG: Creating authentication port 0.0.0.0:1645
Mon Mar 3 16:19:21 2014: DEBUG: Creating authentication port 0.0.0.0:1812
Mon Mar 3 16:19:21 2014: DEBUG: Creating accounting port 0.0.0.0:1646
Mon Mar 3 16:19:21 2014: DEBUG: Creating accounting port 0.0.0.0:1813
Mon Mar 3 16:19:21 2014: NOTICE: Server started: Radiator 4.12.1 on
delphizwaluw
Mon Mar 3 16:19:42 2014: DEBUG: Packet dump:
*** Received from 10.250.25.240 port 20009 ....
Code: Access-Request
Identifier: 11
Authentic: <191><26><19>9<190><173><210>!Ea<208>cb<167><244>U
Attributes:
NAS-Port-Id = "AP1/1"
Calling-Station-Id = "00-24-D7-C0-4F-F8"
Called-Station-Id = "00-0B-0E-84-68-80:Riemer_test"
Service-Type = Framed-User
EAP-Message = <2><1><0><20><1>rdru...@lumc.nl
User-Name = "rdru...@lumc.nl"
NAS-Port = 1216
NAS-Port-Type = Wireless-IEEE-802-11
NAS-IP-Address = 10.250.25.240
NAS-Identifier = "Trapeze"
Message-Authenticator =
B<137><200><247>w<168><175><224><0><11><230><179><227>L<150><12>
Mon Mar 3 16:19:42 2014: DEBUG: Handling request with Handler
'Realm=/^lumc\.nl$/i, EAP-Message=/.+/', Identifier ''
Mon Mar 3 16:19:43 2014: DEBUG: Deleting session for rdru...@lumc.nl,
10.250.25.240, 1216
Mon Mar 3 16:19:43 2014: DEBUG: Handling with Radius::AuthFILE: OuterAuth
Mon Mar 3 16:19:43 2014: DEBUG: Handling with EAP: code 2, 1, 20, 1
Mon Mar 3 16:19:43 2014: DEBUG: Response type 1
Mon Mar 3 16:19:45 2014: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Mar 3 16:19:45 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
Challenge
Mon Mar 3 16:19:45 2014: DEBUG: Access challenged for rdru...@lumc.nl: EAP
PEAP Challenge
Mon Mar 3 16:19:45 2014: DEBUG: Packet dump:
*** Sending to 10.250.25.240 port 20009 ....
Code: Access-Challenge
Identifier: 11
Authentic: <201>$<10><189>J<11><195><19>G<2>+/8<132><28><175>
Attributes:
EAP-Message = <1><2><0><6><25>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Mar 3 16:19:45 2014: DEBUG: Packet dump:
*** Received from 10.250.25.240 port 20009 ....
Code: Access-Request
Identifier: 12
Authentic: @[<<246>1<229><239>1<208><179>2k<23><149><231>z
Attributes:
NAS-Port-Id = "AP1/1"
Calling-Station-Id = "00-24-D7-C0-4F-F8"
Called-Station-Id = "00-0B-0E-84-68-80:Riemer_test"
Service-Type = Framed-User
EAP-Message = <2><2><0><20><1>rdru...@lumc.nl
User-Name = "rdru...@lumc.nl"
NAS-Port = 1216
NAS-Port-Type = Wireless-IEEE-802-11
NAS-IP-Address = 10.250.25.240
NAS-Identifier = "Trapeze"
Message-Authenticator =
<231><130><2>P<132><179><240><30><171><8>p<140><237>lw<233>
Mon Mar 3 16:19:45 2014: DEBUG: Handling request with Handler
'Realm=/^lumc\.nl$/i, EAP-Message=/.+/', Identifier ''
Mon Mar 3 16:19:45 2014: DEBUG: Deleting session for rdru...@lumc.nl,
10.250.25.240, 1216
Mon Mar 3 16:19:45 2014: DEBUG: Handling with Radius::AuthFILE: OuterAuth
Mon Mar 3 16:19:45 2014: DEBUG: Handling with EAP: code 2, 2, 20, 1
Mon Mar 3 16:19:45 2014: DEBUG: Response type 1
Mon Mar 3 16:19:45 2014: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Mar 3 16:19:45 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
Challenge
Mon Mar 3 16:19:45 2014: DEBUG: Access challenged for rdru...@lumc.nl: EAP
PEAP Challenge
Mon Mar 3 16:19:45 2014: DEBUG: Packet dump:
*** Sending to 10.250.25.240 port 20009 ....
Code: Access-Challenge
Identifier: 12
Authentic: .<161><209><195>m]<1><187>\<13>&Ym<202>{<178>
Attributes:
EAP-Message = <1><3><0><6><25>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Mar 3 16:19:45 2014: DEBUG: Packet dump:
*** Received from 10.250.25.240 port 20009 ....
Code: Access-Request
Identifier: 13
Authentic: Mw<3><135>G<226>M$<229><239><129><217>9h<241><13>
Attributes:
NAS-Port-Id = "AP1/1"
Calling-Station-Id = "00-24-D7-C0-4F-F8"
Called-Station-Id = "00-0B-0E-84-68-80:Riemer_test"
Service-Type = Framed-User
User-Name = "rdru...@lumc.nl"
NAS-Port = 1216
EAP-Message =
<2><3><0>R<25><128><0><0><0>H<22><3><1><0>C<1><0><0>?<3><1>S<20><157><145><208><233><15>S<11><230><255>A<192>~<241><220><24><<254><226><12><215>I<21>daF<157><195><30>:<136><0><0><24><0>9<0>8<0>3<0>2<0><22><0><19><0>5<0>/<0><10><0><5><0><4><0><255><1><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-IP-Address = 10.250.25.240
NAS-Identifier = "Trapeze"
Message-Authenticator =
M<244>ZB<11><26>F<238><130><181><232><136>Kr<221>V
Mon Mar 3 16:19:45 2014: DEBUG: Handling request with Handler
'Realm=/^lumc\.nl$/i, EAP-Message=/.+/', Identifier ''
Mon Mar 3 16:19:45 2014: DEBUG: Deleting session for rdru...@lumc.nl,
10.250.25.240, 1216
Mon Mar 3 16:19:45 2014: DEBUG: Handling with Radius::AuthFILE: OuterAuth
Mon Mar 3 16:19:45 2014: DEBUG: Handling with EAP: code 2, 3, 82, 25
Mon Mar 3 16:19:45 2014: DEBUG: Response type 25
Mon Mar 3 16:19:45 2014: DEBUG: EAP TLS SSL_accept result: -1, 2, 8576
Mon Mar 3 16:19:45 2014: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Mar 3 16:19:45 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
Challenge
Mon Mar 3 16:19:45 2014: DEBUG: Access challenged for rdru...@lumc.nl: EAP
PEAP Challenge
Mon Mar 3 16:19:45 2014: DEBUG: Packet dump:
*** Sending to 10.250.25.240 port 20009 ....
Code: Access-Challenge
Identifier: 13
Authentic: <16>(<198><210>|^<182>/<250><136><136><169><234><168>C<219>
Attributes:
EAP-Message =
<1><4><4><10><25><192><0><0><7><185><22><3><1><0>Q<2><0><0>M<3><1>S<20><157><145><17><182>.<200><9><156><214>kg;<17><250>%<167><13><162><157>i<127><196><166><207><227><214><12><143><162><193>
<P/<176><201><8><248><224><21>d4<224>|<214>z<127><3>j@<129>#?<16><184><159>/UY<137><185><132><160><0>5<0><0><5><255><1><0><1><0><22><3><1><7>U<11><0><7>Q<0><7>N<0><2><251>0<130><2><247>0<130><2>`<160><3><2><1><2><2><1><2>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certific
EAP-Message = ate Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use
in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mi...@open.com.au0<30><23><13>130814113720Z<23><13>150814113720Z0<129><158>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate Section1%0#<6>
EAP-Message =
<3>U<4><3><19><28>test.server.some.company.com0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><169><149><166><1><157><225><10><237><198><15><194><129>3<182><27><233>av<237><243><224><132><135>@<243>}<255><164>+<181><232><130><10><23><151><23><220>"/<4><127><147>"<226><192><132><149><190><255><168><141><221><233>`<149><141><198><196>b<160>"4<233><13><0><215><254>@<183><135><212><7><253>}<241><191><149><163><181><185>><249><20><192>39<150>IW<166><235><196><29>29Tk<194>v+U<195>%<11><230>hx>t_<172><141>.Zl<29>r<247>
<229><28>T<181><163><223>{<169><157><2><3><1><0><1><163><23>0<21>0<19><6><3>U<29>%<4><12>0<10><6><8>+<6><1><5><5><7><3><1>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0>M<177><199><6><242><30><25>L@<242><151>T7
EAP-Message =
^#<27><161>?;<176>Rt<159><184><0><169>[<4><22>:<19>v&=<15><130>^<235><242><254><242><242>5<164><177>;<191>(?<243><149>D<152>&<219><202>
F<193><14><185><141><6><170>w<s<188><254>u<162>?<201><8><5><149>x<14><238><131><18><150><162>$H<227>Y<220><211><148><159><250><177><131><154>\\I<136><197><143>&WJ<237>X<153><168><169><24>!<243><19><176>#d#<1><176>B<241>}<223><247>0<247><225>"<0><4>M0<130><4>I0<130><3><178><160><3><2><1><2><2><9><0><252>W<246><223>Z<178>#<146>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11>
EAP-Message = <19><24>Test Certificate Sec
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Mar 3 16:19:45 2014: DEBUG: Packet dump:
*** Received from 10.250.25.240 port 20009 ....
Code: Access-Request
Identifier: 14
Authentic: Z<7>'F<210><18><139>><186>(<21><231>1<137>*<127>
Attributes:
NAS-Port-Id = "AP1/1"
Calling-Station-Id = "00-24-D7-C0-4F-F8"
Called-Station-Id = "00-0B-0E-84-68-80:Riemer_test"
Service-Type = Framed-User
User-Name = "rdru...@lumc.nl"
NAS-Port = 1216
EAP-Message = <2><4><0><6><25><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-IP-Address = 10.250.25.240
NAS-Identifier = "Trapeze"
Message-Authenticator =
G<147><132><170>X<247><139><229><17><203>Z<28>2<11>Z:
Mon Mar 3 16:19:46 2014: DEBUG: Handling request with Handler
'Realm=/^lumc\.nl$/i, EAP-Message=/.+/', Identifier ''
Mon Mar 3 16:19:46 2014: DEBUG: Deleting session for rdru...@lumc.nl,
10.250.25.240, 1216
Mon Mar 3 16:19:46 2014: DEBUG: Handling with Radius::AuthFILE: OuterAuth
Mon Mar 3 16:19:46 2014: DEBUG: Handling with EAP: code 2, 4, 6, 25
Mon Mar 3 16:19:46 2014: DEBUG: Response type 25
Mon Mar 3 16:19:46 2014: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Mar 3 16:19:46 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
Challenge
Mon Mar 3 16:19:46 2014: DEBUG: Access challenged for rdru...@lumc.nl: EAP
PEAP Challenge
Mon Mar 3 16:19:46 2014: DEBUG: Packet dump:
*** Sending to 10.250.25.240 port 20009 ....
Code: Access-Challenge
Identifier: 14
Authentic: |Z<138><143><223><27><223><221><238><19><219><234><132>l<185>l
Attributes:
EAP-Message = <1><5><3><191><25><0>tion1/0-<6><3>U<4><3><19>&OSC Test
CA (do not use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mi...@open.com.au0<30><23><13>130814113720Z<23><13>150814113720Z0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>
EAP-Message = U<4><3><19>&OSC Test CA (do not use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1><22><17>mi...@open.com.au0<129><159>0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><129><141><0>0<129><137><2><129><129><0><191><145>Kj"<188><242><244>19<229><177>f7(<148><7><17><128><3>u<4><248><135>b<195>;:5<178><163><186><230><12><222>X<176><184><255><128><169><145><20>o*(#<205><213>R<212><11><19><212><13>CD<139><252><7>pg<245><31><232><17>i{<28><30>p_<162>><222>4<242><208>XX<132><9><16><31><151><242>*<227>u5<163>^<215><20><237><242><24>JW]I<217><158><247><23><12><170>.<249>O<218><214><202><167>b<19>v4<234><4>j<131><213>!<180><187><221><171><2><3><1><0><1><163><130><1>30<130><1>/0<29><6><3>U<29>
EAP-Message =
<14><4><22><4><20>?<211><175>w<20><244>6<18><1>Pf/<28>^4<184><229><229>fk0<129><255><6><3>U<29>#<4><129><247>0<129><244><128><20>?<211><175>w<20><244>6<18><1>Pf/<28>^4<184><229><229>fk<161><129><208><164><129><205>0<129><202>1<11>0<9><6><3>U<4><6><19><2>AU1<17>0<15><6><3>U<4><8><19><8>Victoria1<18>0<16><6><3>U<4><7><19><9>Melbourne1<30>0<28><6><3>U<4><10><19><21>OSC
Demo Certificates1!0<31><6><3>U<4><11><19><24>Test Certificate
Section1/0-<6><3>U<4><3><19>&OSC Test CA (do not use in production)1
0<30><6><9>*<134>H<134><247><13><1><9><1>
EAP-Message =
<22><17>mi...@open.com.au<130><9><0><252>W<246><223>Z<178>#<146>0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><5><5><0><3><129><129><0><147>H<241><147><8>:1<188><181><206><3>[8e<142>{<142>#<178>4<252><3>P<206><18>W<254>o^<240>:.<202><221>e<174><148>h<212>kHP4<7>@i<184>U<241><204><17><196>"<185><14><223><246><131>;<182>p4<184><207><0><197><206>.3P<169>$<184><198><174>d;<16><219><22>@<1>Q<199>(<7>\<188><185>'<204><167><223><253><220>H<180><144><182><243><249><207><194>O<147><161><198>"<7><193><4><24><206><234><243><0>y<237><225><143><210><231><197>a<15><180><191><171><22><3><1><0><4><14><0><0><0>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Mar 3 16:19:46 2014: DEBUG: Packet dump:
*** Received from 10.250.25.240 port 20009 ....
Code: Access-Request
Identifier: 15
Authentic: <220>X<198><149><163><240><197>^Y<10><152>@<138><138><155><211>
Attributes:
NAS-Port-Id = "AP1/1"
Calling-Station-Id = "00-24-D7-C0-4F-F8"
Called-Station-Id = "00-0B-0E-84-68-80:Riemer_test"
Service-Type = Framed-User
User-Name = "rdru...@lumc.nl"
NAS-Port = 1216
EAP-Message =
<2><5><0><208><25><128><0><0><0><198><22><3><1><0><134><16><0><0><130><0><128>=<180><206><141><253><142><11><219><182><233><175><228>><246><225><180><201>?<12><224>r<189><148>3<25><150><18><216>/l~$<253>ce1_<230>rO2<6><19>k\<247>Z<160><238><137><184><21>>&8<192>]<138><225>m<13><212>U<13><198><17>5<214><192><128><143>*<29>!'<140><212><151><153>f<185>h<206><8><191><221>l<224><252>Y<223><210>`<226><214><215><10>"<176><214><<133>_<145>2<9><205><194><20>k<21>f<158>\\[<127>}<130><191><2><140><3>f/<193>cg<20><3><1><0><1><1><22><3><1><0>0<167>e<243><187>J<139><143>`z<29><178><154><165><179>=<17>L<186>z<8><146><230><196><179><158>Q<153>j<158><206><5><249><211><3><17><29><208><201><192>q]<210>G#.I<227><172>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-IP-Address = 10.250.25.240
NAS-Identifier = "Trapeze"
Message-Authenticator = ;,\MV<247>j<163>*<30>9<203><185>R<132><127>
Mon Mar 3 16:19:46 2014: DEBUG: Handling request with Handler
'Realm=/^lumc\.nl$/i, EAP-Message=/.+/', Identifier ''
Mon Mar 3 16:19:46 2014: DEBUG: Deleting session for rdru...@lumc.nl,
10.250.25.240, 1216
Mon Mar 3 16:19:46 2014: DEBUG: Handling with Radius::AuthFILE: OuterAuth
Mon Mar 3 16:19:46 2014: DEBUG: Handling with EAP: code 2, 5, 208, 25
Mon Mar 3 16:19:46 2014: DEBUG: Response type 25
Mon Mar 3 16:19:46 2014: DEBUG: EAP TLS SSL_accept result: 1, 0, 3
Mon Mar 3 16:19:46 2014: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Mar 3 16:19:46 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
Challenge
Mon Mar 3 16:19:46 2014: DEBUG: Access challenged for rdru...@lumc.nl: EAP
PEAP Challenge
Mon Mar 3 16:19:46 2014: DEBUG: Packet dump:
*** Sending to 10.250.25.240 port 20009 ....
Code: Access-Challenge
Identifier: 15
Authentic: vo<193><164><133>z"<18><195>f<183>$<161><249><14><130>
Attributes:
EAP-Message =
<1><6><0>E<25><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0&<193><196><187><164>n<193><213>{<184><241><5>#g<130>+<204>"<2><29><161><211><238>tG<14>S<223><145>_]<3><234>Hc<14><14>K<186><141>D<168>5R<227><30><194><223>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Mar 3 16:19:46 2014: DEBUG: Packet dump:
*** Received from 10.250.25.240 port 20009 ....
Code: Access-Request
Identifier: 16
Authentic: <0>H<198><242>><185><202><203><203><199>m|@X<193><151>
Attributes:
NAS-Port-Id = "AP1/1"
Calling-Station-Id = "00-24-D7-C0-4F-F8"
Called-Station-Id = "00-0B-0E-84-68-80:Riemer_test"
Service-Type = Framed-User
User-Name = "rdru...@lumc.nl"
NAS-Port = 1216
EAP-Message = <2><6><0><6><25><0>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-IP-Address = 10.250.25.240
NAS-Identifier = "Trapeze"
Message-Authenticator =
<127><236>#<232>3<241><215><213><186><29>,<0><172><176>)q
Mon Mar 3 16:19:46 2014: DEBUG: Handling request with Handler
'Realm=/^lumc\.nl$/i, EAP-Message=/.+/', Identifier ''
Mon Mar 3 16:19:46 2014: DEBUG: Deleting session for rdru...@lumc.nl,
10.250.25.240, 1216
Mon Mar 3 16:19:46 2014: DEBUG: Handling with Radius::AuthFILE: OuterAuth
Mon Mar 3 16:19:46 2014: DEBUG: Handling with EAP: code 2, 6, 6, 25
Mon Mar 3 16:19:46 2014: DEBUG: Response type 25
Mon Mar 3 16:19:46 2014: DEBUG: EAP result: 3, EAP PEAP Challenge
Mon Mar 3 16:19:46 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP
Challenge
Mon Mar 3 16:19:46 2014: DEBUG: Access challenged for rdru...@lumc.nl: EAP
PEAP Challenge
Mon Mar 3 16:19:46 2014: DEBUG: Packet dump:
*** Sending to 10.250.25.240 port 20009 ....
Code: Access-Challenge
Identifier: 16
Authentic: YD~<193><135><193><158>Bt<14><221><203>v-0<173>
Attributes:
EAP-Message = <1><7><0>+<25><0><23><3><1><0>
7<128>3l<215><244><141>k<18><200>GG<202><238>D<237>u<0><1><158><23>,?<192><24>]<2>G<192>r<199><243>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Mar 3 16:19:46 2014: DEBUG: Packet dump:
*** Received from 10.250.25.240 port 20009 ....
Code: Access-Request
Identifier: 17
Authentic: "<228><22>j<154><203><251><209>0<128><150>{<210><147><19><23>
Attributes:
NAS-Port-Id = "AP1/1"
Calling-Station-Id = "00-24-D7-C0-4F-F8"
Called-Station-Id = "00-0B-0E-84-68-80:Riemer_test"
Service-Type = Framed-User
User-Name = "rdru...@lumc.nl"
NAS-Port = 1216
EAP-Message =
<2><7><0>;<25><0><23><3><1><0>0g<214>]A?<183><249><222>bL<169><2><230><12>x<241><138><10>2<195><30>}<149><138><149><26><146><244><165>/<182><194><210>.<215>(2<167>j<254><197><252>OS<247><205><152>+
NAS-Port-Type = Wireless-IEEE-802-11
NAS-IP-Address = 10.250.25.240
NAS-Identifier = "Trapeze"
Message-Authenticator =
8VN<194>F<30><241><209>r<169><138><140>R<237><228><200>
Mon Mar 3 16:19:46 2014: DEBUG: Handling request with Handler
'Realm=/^lumc\.nl$/i, EAP-Message=/.+/', Identifier ''
Mon Mar 3 16:19:46 2014: DEBUG: Deleting session for rdru...@lumc.nl,
10.250.25.240, 1216
Mon Mar 3 16:19:46 2014: DEBUG: Handling with Radius::AuthFILE: OuterAuth
Mon Mar 3 16:19:46 2014: DEBUG: Handling with EAP: code 2, 7, 59, 25
Mon Mar 3 16:19:46 2014: DEBUG: Response type 25
Mon Mar 3 16:19:46 2014: DEBUG: EAP PEAP inner authentication request for
anonym...@lumc.nl
Mon Mar 3 16:19:46 2014: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: D6%<242>xwLG<141><162><145><20><146><161>z<127>
Attributes:
EAP-Message = <2><7><0><16><1>rdru...@lumc.nl
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = 10.250.25.240
NAS-Identifier = "Trapeze"
NAS-Port = 1216
Calling-Station-Id = "00-24-D7-C0-4F-F8"
User-Name = "anonym...@lumc.nl"
Mon Mar 3 16:19:46 2014: DEBUG: Handling request with Handler
'Realm=/^lumc\.nl$/i,TunnelledByPEAP=1', Identifier ''
Mon Mar 3 16:19:46 2014: DEBUG: Deleting session for anonym...@lumc.nl,
10.250.25.240, 1216
Mon Mar 3 16:19:46 2014: DEBUG: Handling with Radius::AuthGROUP:
Mon Mar 3 16:19:46 2014: DEBUG: Handling with Radius::AuthLSA:
Mon Mar 3 16:19:46 2014: DEBUG: Handling with EAP: code 2, 7, 16, 1
Mon Mar 3 16:19:46 2014: DEBUG: Response type 1
Mon Mar 3 16:19:47 2014: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Mon Mar 3 16:19:47 2014: DEBUG: Radius::AuthGROUP: result: CHALLENGE, EAP
MSCHAP-V2 Challenge
Mon Mar 3 16:19:47 2014: DEBUG: AuthBy GROUP result: CHALLENGE, EAP MSCHAP-V2
Challenge
Mon Mar 3 16:19:47 2014: DEBUG: Access challenged for anonym...@lumc.nl: EAP
MSCHAP-V2 Challenge
Mon Mar 3 16:19:47 2014: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Challenge
Identifier: UNDEF
Authentic: D6%<242>xwLG<141><162><145><20><146><161>z<127>
Attributes:
EAP-Message =
<1><8><0>&<26><1><8><0>!<16>iUPe<195>@A<159><127><18><223><19><142><149>wbdelphizwaluw
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Mar 3 16:19:47 2014: DEBUG: EAP result: 3, EAP PEAP inner authentication
redispatched to a Handler
Mon Mar 3 16:19:47 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner
authentication redispatched to a Handler
Mon Mar 3 16:19:47 2014: DEBUG: Access challenged for rdru...@lumc.nl: EAP
PEAP inner authentication redispatched to a Handler
Mon Mar 3 16:19:47 2014: DEBUG: Packet dump:
*** Sending to 10.250.25.240 port 20009 ....
Code: Access-Challenge
Identifier: 17
Authentic: <150><21><159>@t<193><160>F<153><190><248>S<239>0<230><139>
Attributes:
EAP-Message =
<1><8><0>K<25><0><23><3><1><0>@z2<190><175><169>e<13><250><249><240><241><214><7><202><213><183>
<206>F<187>z;<240>}<23><26><193><137>/7<201>;(<253>h<181>)<31>&<133><248>Z<222>E<20>%<206><8>u<21><153><234><179><255><246><154><6>i<190><254><189><30><151>D
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Mar 3 16:19:47 2014: DEBUG: Packet dump:
*** Received from 10.250.25.240 port 20009 ....
Code: Access-Request
Identifier: 18
Authentic: <135><254><202><215>e<168><245><135><209>:D<232><254><6><11>M
Attributes:
NAS-Port-Id = "AP1/1"
Calling-Station-Id = "00-24-D7-C0-4F-F8"
Called-Station-Id = "00-0B-0E-84-68-80:Riemer_test"
Service-Type = Framed-User
User-Name = "rdru...@lumc.nl"
NAS-Port = 1216
EAP-Message =
<2><8><0>k<25><0><23><3><1><0>`<191><174><196><246><207><172><185><136><130><161><158>4j<200><131><191><19><199><234>C|<175><142><234>O';<201><139><136>=
<191><172><226><220><212><213><127><199><181><175><24><1>V<28>D<25>vs<5><165><195>w<132><248><158>M<3>"<134>X+<139>Q<8><144><246>j<237><167><182><185>d1<249><255><137><157><255>8<171><137><233>(UI<165>h<170><3>(m\<200>R
NAS-Port-Type = Wireless-IEEE-802-11
NAS-IP-Address = 10.250.25.240
NAS-Identifier = "Trapeze"
Message-Authenticator =
<225>W<165><179><208>5B<144><25><229><250><129><18>H<204><17>
Mon Mar 3 16:19:47 2014: DEBUG: Handling request with Handler
'Realm=/^lumc\.nl$/i, EAP-Message=/.+/', Identifier ''
Mon Mar 3 16:19:47 2014: DEBUG: Deleting session for rdru...@lumc.nl,
10.250.25.240, 1216
Mon Mar 3 16:19:47 2014: DEBUG: Handling with Radius::AuthFILE: OuterAuth
Mon Mar 3 16:19:47 2014: DEBUG: Handling with EAP: code 2, 8, 107, 25
Mon Mar 3 16:19:47 2014: DEBUG: Response type 25
Mon Mar 3 16:19:47 2014: DEBUG: EAP PEAP inner authentication request for
anonym...@lumc.nl
Mon Mar 3 16:19:47 2014: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <8><13><14>w<157><141><140><199><2>I<220>y<137>r}R
Attributes:
EAP-Message =
<2><8><0>><26><2><8><0>=1<212><199>F<191><252>!<146>Lw<145><168><175><10>)I
<0><0><0><0><0><0><0><0><148>JJ{<17>W<181><6>TGm7<135><23><2><148><221>o<211><143><12><161>^*<0>rdrunia
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = 10.250.25.240
NAS-Identifier = "Trapeze"
NAS-Port = 1216
Calling-Station-Id = "00-24-D7-C0-4F-F8"
User-Name = "anonym...@lumc.nl"
Mon Mar 3 16:19:47 2014: DEBUG: Handling request with Handler
'Realm=/^lumc\.nl$/i,TunnelledByPEAP=1', Identifier ''
Mon Mar 3 16:19:47 2014: DEBUG: Deleting session for anonym...@lumc.nl,
10.250.25.240, 1216
Mon Mar 3 16:19:47 2014: DEBUG: Handling with Radius::AuthGROUP:
Mon Mar 3 16:19:47 2014: DEBUG: Handling with Radius::AuthLSA:
Mon Mar 3 16:19:47 2014: DEBUG: Handling with EAP: code 2, 8, 62, 26
Mon Mar 3 16:19:47 2014: DEBUG: Response type 26
Mon Mar 3 16:19:47 2014: DEBUG: Radius::AuthLSA looks for match with rdrunia
[anonym...@lumc.nl]
Mon Mar 3 16:19:47 2014: DEBUG: Checking LSA Group membership for
\\DC-LUMCNET03, lumc-wireless-0, anonymous
Mon Mar 3 16:19:47 2014: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA User is not
a member of any Group: rdrunia [anonym...@lumc.nl]
Mon Mar 3 16:19:47 2014: DEBUG: EAP Failure, elapsed time 0.755697
Mon Mar 3 16:19:47 2014: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no such
user rdrunia
Mon Mar 3 16:19:47 2014: DEBUG: Radius::AuthGROUP: result: REJECT, EAP MSCHAP
V2 failed: no such user rdrunia
Mon Mar 3 16:19:47 2014: DEBUG: AuthBy GROUP result: REJECT, EAP MSCHAP V2
failed: no such user rdrunia
Mon Mar 3 16:19:47 2014: INFO: Access rejected for anonym...@lumc.nl: EAP
MSCHAP V2 failed: no such user rdrunia
Mon Mar 3 16:19:47 2014: DEBUG: Returned PEAP tunnelled packet dump:
Code: Access-Reject
Identifier: UNDEF
Authentic: <8><13><14>w<157><141><140><199><2>I<220>y<137>r}R
Attributes:
EAP-Message = <4><8><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
Mon Mar 3 16:19:47 2014: DEBUG: EAP result: 3, EAP PEAP inner authentication
redispatched to a Handler
Mon Mar 3 16:19:47 2014: DEBUG: AuthBy FILE result: CHALLENGE, EAP PEAP inner
authentication redispatched to a Handler
Mon Mar 3 16:19:47 2014: DEBUG: Access challenged for rdru...@lumc.nl: EAP
PEAP inner authentication redispatched to a Handler
Mon Mar 3 16:19:47 2014: DEBUG: Packet dump:
*** Sending to 10.250.25.240 port 20009 ....
Code: Access-Challenge
Identifier: 18
Authentic: <194><224>!<218><21><253>}<184><231><194>Z<157><145><229><7><5>
Attributes:
EAP-Message = <1><9><0>+<25><0><23><3><1><0>
<215><153><198>}<132><170><176>7<147>k<231><129>Y|`<210><247><154>]<155><16>Ly<2>6<140>b<227>4<163>c<4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Mon Mar 3 16:19:47 2014: DEBUG: Packet dump:
*** Received from 10.250.25.240 port 20009 ....
Code: Access-Request
Identifier: 19
Authentic: Wi<130><173><224><166>_<208><171><178><197><255>X>G)
Attributes:
NAS-Port-Id = "AP1/1"
Calling-Station-Id = "00-24-D7-C0-4F-F8"
Called-Station-Id = "00-0B-0E-84-68-80:Riemer_test"
Service-Type = Framed-User
User-Name = "rdru...@lumc.nl"
NAS-Port = 1216
EAP-Message = <2><9><0>+<25><0><23><3><1><0>
'G<168><185><135>F<189><194>~<19>qQ|Ug<128><139><8><17><210><193>{n<227><175>0<159>$<131><188><168>`
NAS-Port-Type = Wireless-IEEE-802-11
NAS-IP-Address = 10.250.25.240
NAS-Identifier = "Trapeze"
Message-Authenticator = a<196><26>l<148><167><150><12>OT<24><244>nQ9B
Mon Mar 3 16:19:48 2014: DEBUG: Handling request with Handler
'Realm=/^lumc\.nl$/i, EAP-Message=/.+/', Identifier ''
Mon Mar 3 16:19:48 2014: DEBUG: Deleting session for rdru...@lumc.nl,
10.250.25.240, 1216
Mon Mar 3 16:19:48 2014: DEBUG: Handling with Radius::AuthFILE: OuterAuth
Mon Mar 3 16:19:48 2014: DEBUG: Handling with EAP: code 2, 9, 43, 25
Mon Mar 3 16:19:48 2014: DEBUG: Response type 25
Mon Mar 3 16:19:48 2014: DEBUG: EAP Failure, elapsed time 2.572051
Mon Mar 3 16:19:48 2014: DEBUG: EAP result: 1, PEAP Authentication Failure
Mon Mar 3 16:19:48 2014: DEBUG: AuthBy FILE result: REJECT, PEAP
Authentication Failure
Mon Mar 3 16:19:48 2014: INFO: Access rejected for rdru...@lumc.nl: PEAP
Authentication Failure
Mon Mar 3 16:19:48 2014: DEBUG: Packet dump:
*** Sending to 10.250.25.240 port 20009 ....
Code: Access-Reject
Identifier: 19
Authentic: <238><186><13>=<176><157><1><211>|=<149>K<135>x<145>(
Attributes:
EAP-Message = <4><9><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
radius.cfg
Description: radius.cfg
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
