Re: [RADIATOR] radiator never gets to the 2nd authentication phase in PEAP - MSCHAPv2

Hugo Veiga Tue, 26 Jan 2016 07:55:56 -0800

In my original message I have by mistake a AuthBy INTERNAL in the outter
authentication it's actually a AuthBy SQL clause.



This is trace from radiator 4.9.

Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: IGNORE, Ignored due to
IgnoreAuthentication
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 1, 19, 1
Tue Jan 26 15:01:15 2016: DEBUG: Response type 1
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Tue Jan 26 15:01:15 2016: DEBUG: Access challenged for 1745@convidado: EAP
PEAP Challenge
Tue Jan 26 15:01:15 2016: DEBUG: Packet dump:
*** Sending to 10.240.1.1 port 20009 ....

Packet length = 46
0b 4f 00 2e 37 11 be 25 0c e7 2b ed b6 7b b5 31
79 0b 0d d8 4f 08 01 02 00 06 19 20 50 12 dc 0c
ea 9e 18 75 49 84 2c e3 ba 1b 6c f8 56 79
Code:       Access-Challenge
Identifier: 79
Authentic:  7<17><190>%<12><231>+<237><182>{<181>1y<11><13><216>
Attributes:
        EAP-Message = <1><2><0><6><25>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: IGNORE, Ignored due to
IgnoreAuthentication
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 2, 122, 25
Tue Jan 26 15:01:15 2016: DEBUG: Response type 25
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Tue Jan 26 15:01:15 2016: DEBUG: Access challenged for 1745@convidado: EAP
PEAP Challenge
Tue Jan 26 15:01:15 2016: DEBUG: Packet dump:
*** Sending to 10.240.1.1 port 20009 ....

Packet length = 1056
0b 50 04 20 18 ae a2 7c d0 65 11 99 e3 db 6e 7c
d3 f3 ac 8d 4f ff 01 03 03 f2 19 c0 00 00 04 4b
16 03 01 00 51 02 00 00 4d 03 01 56 a7 8a 3b ca
c1 23 0c 67 0c d2 a8 e7 16 7a 42 2a 6a b1 b4 2b
f4 f0 1e fb 17 5a d0 2a 9b 99 17 20 bd c3 ec 85
7e 4f e0 28 47 40 6a 12 39 64 da bb 0a b0 78 04
6f b6 68 cd 51 4e 1d d2 6b bf 03 60 00 35 00 00
05 ff 01 00 01 00 16 03 01 03 e7 0b 00 03 e3 00
03 e0 00 03 dd 30 82 03 d9 30 82 02 c1 a0 03 02
01 02 02 09 00 a3 e4 3d af a8 38 8b 21 30 0d 06
09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 81 31
0b 30 09 06 03 55 04 06 13 02 50 54 31 14 30 12
06 03 55 04 08 0c 0b 42 65 69 72 61 20 42 61 69
78 61 31 10 30 0e 06 03 55 04 07 0c 07 43 6f 76
69 6c 68 61 31 0c 30 0a 06 03 55 04 0a 0c 03 55
42 49 31 0b 30 09 06 03 55 04 0b 0c 02 53 49 31
11 30 0f 06 03 55 04 03 0c 08 72 61 64 69 75 73
30 31 31 4f ff 1c 30 1a 06 09 2a 86 48 86 f7 0d
01 09 01 16 0d 68 76 65 69 67 61 40 75 62 69 2e
70 74 30 20 17 0d 31 35 31 31 32 37 31 35 30 34
31 34 5a 18 0f 32 30 39 38 30 31 31 35 31 35 30
34 31 34 5a 30 81 81 31 0b 30 09 06 03 55 04 06
13 02 50 54 31 14 30 12 06 03 55 04 08 0c 0b 42
65 69 72 61 20 42 61 69 78 61 31 10 30 0e 06 03
55 04 07 0c 07 43 6f 76 69 6c 68 61 31 0c 30 0a
06 03 55 04 0a 0c 03 55 42 49 31 0b 30 09 06 03
55 04 0b 0c 02 53 49 31 11 30 0f 06 03 55 04 03
0c 08 72 61 64 69 75 73 30 31 31 1c 30 1a 06 09
2a 86 48 86 f7 0d 01 09 01 16 0d 68 76 65 69 67
61 40 75 62 69 2e 70 74 30 82 01 22 30 0d 06 09
2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00
30 82 01 0a 02 82 01 01 00 ea e6 b1 7f 27 3e 9c
e2 bf 32 b7 ab cb e4 cc f4 58 49 10 84 90 ca 6f
04 e1 4f ff 11 7e 17 ea 54 ee d8 9e 1f 65 ae 14
c3 38 a6 9a 3f d9 c7 08 a5 4d 96 79 d6 5a 21 3b
11 f2 11 fa 5a d6 17 36 6e 0b 97 52 6d 17 68 64
be 53 3a af a3 a6 44 7f 28 ec 13 9a e6 83 4f 58
cf d2 e4 f1 df c7 66 3c dc 95 b8 30 e9 f0 5c 4b
9f e2 cc 0b a3 bb da aa cc 83 0a 5d ba a7 3c d6
d6 ab 60 23 f0 cd 10 6b 31 8f 9b 71 e5 0e 6a ca
6f 4d 0c 06 fd 26 ee c4 08 0f 50 b4 ef 08 2e 98
93 68 fa a2 cb 16 fe a8 e8 a0 2a 2e 95 b5 e7 04
66 da 8b c1 ef 1a 78 51 6c af db 7a b4 7b 49 49
5d 16 ed e7 a4 7a a7 4b 7b 29 be aa 21 26 f7 9f
3e 7a b1 f0 22 63 36 b3 d7 63 7e 4c a2 2c bc 25
4e 49 2c e5 e5 d1 40 6c 0f ee 9c d0 1d 01 af 49
94 29 4d 61 62 0f b9 55 8e 65 7d a1 ad 82 88 33
a0 92 01 7a 24 91 67 5b 7e 99 59 02 03 01 00 01
a3 50 30 4e 30 1d 06 03 55 1d 0e 04 16 04 14 eb
bb 4f fd f0 27 e9 39 88 fc 26 d0 e8 33 23 73 0f
2d 73 f7 8e 5b 30 1f 06 03 55 1d 23 04 18 30 16
80 14 eb bb f0 27 e9 39 88 fc 26 d0 e8 33 23 73
0f 2d 73 f7 8e 5b 30 0c 06 03 55 1d 13 04 05 30
03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01
0b 05 00 03 82 01 01 00 c6 00 af 11 c9 98 73 49
a6 8a d5 0c 8f 17 5e 59 90 89 92 0c 8f d9 73 b3
3c 3d 67 ec 72 d1 6b d0 be 8e df e3 f3 fc 16 4a
ee 4f 7e 8f 74 25 ba d9 06 20 5f 21 b6 3d 5b 3f
b8 18 2c 71 01 fd 37 e1 66 2f 46 cb 8c 55 cf 2f
32 b5 04 8f 82 1b f0 17 85 d7 a5 f3 8d 7e f6 86
b3 e2 b3 ee b5 bd 56 35 03 77 ba be 19 61 0a ef
25 d0 bf 50 24 fd 6e 36 d1 d4 2e d5 d5 10 ff ff
c2 0e 59 b6 cd a1 0e 86 86 d5 7c d7 8e 7d bf 90
be 65 7d 28 5d 6c 7d e5 49 35 0a 36 41 32 07 d4
7b f6 e5 a5 b3 8d 5d 7f 5e c8 12 d9 28 f2 50 12
62 1d ff 18 d7 b7 6d ca c5 a6 9f 35 f1 a0 c3 d8
Code:       Access-Challenge
Identifier: 80
Authentic:  <24><174><162>|<208>e<17><153><227><219>n|<211><243><172><141>
Attributes:
        EAP-Message =
<1><3><3><242><25><192><0><0><4>K<22><3><1><0>Q<2><0><0>M<3><1>V<167><138>;<202><193>#<12>g<12><210><168><231><22>zB*j<177><180>+<244><240><30><251><23>Z<208>*<155><153><23>
<189><195><236><133>~O<224>(G@j<18>9d<218><187><10><176>x<4>o<182>h<205>QN<29><210>k<191><3>`<0>5<0><0><5><255><1><0><1><0><22><3><1><3><231><11><0><3><227><0><3><224><0><3><221>0<130><3><217>0<130><2><193><160><3><2><1><2><2><9><0><163><228>=<175><168>8<139>!0<13><6><9>*<134>H<134><247><13><1><1><11><5><0>0<129><129>1<11>0<9><6><3>U<4><6><19><2>PT1<20>0<18><6><3>U<4><8><12><11>Beira
Baixa1<16>0<14><6><3>U<4><7><12><7>Covilha1<12>0<10><6><3>U<4><10><12><3>UBI1<11>0<9><6><3>U<4><11><12><2>SI1<17>0<15><6><3>U<4><3><12><8>radius011
        EAP-Message =
<28>0<26><6><9>*<134>H<134><247><13><1><9><1><22><13>hveiga@ubi.pt0
<23><13>151127150414Z<24><15>20980115150414Z0<129><129>1<11>0<9><6><3>U<4><6><19><2>PT1<20>0<18><6><3>U<4><8><12><11>Beira
Baixa1<16>0<14><6><3>U<4><7><12><7>Covilha1<12>0<10><6><3>U<4><10><12><3>UBI1<11>0<9><6><3>U<4><11><12><2>SI1<17>0<15><6><3>U<4><3><12><8>radius011<28>0<26><6><9>*<134>H<134><247><13><1><9><1><22><13>hveiga@ubi.pt0
<130><1>"0<13><6><9>*<134>H<134><247><13><1><1><1><5><0><3><130><1><15><0>0<130><1><10><2><130><1><1><0><234><230><177><127>'><156><226><191>2<183><171><203><228><204><244>XI<16><132><144><202>o<4><225>
        EAP-Message =
<17>~<23><234>T<238><216><158><31>e<174><20><195>8<166><154>?<217><199><8><165>M<150>y<214>Z!;<17><242><17><250>Z<214><23>6n<11><151>Rm<23>hd<190>S:<175><163><166>D<127>(<236><19><154><230><131>OX<207><210><228><241><223><199>f<<220><149><184>0<233><240>\K<159><226><204><11><163><187><218><170><204><131><10>]<186><167><<214><214><171>`#<240><205><16>k1<143><155>q<229><14>j<202>oM<12><6><253>&<238><196><8><15>P<180><239><8>.<152><147>h<250><162><203><22><254><168><232><160>*.<149><181><231><4>f<218><139><193><239><26>xQl<175><219>z<180>{II]<22><237><231><164>z<167>K{)<190><170>!&<247><159>>z<177><240>"c6<179><215>c~L<162>,<188>%NI,<229><229><209>@l<15><238><156><208><29><1><175>I<148>)Mab<15><185>U<142>e}<161><173><130><136>3<160><146><1>z$<145>g[~<153>Y<2><3><1><0><1><163>P0N0<29><6><3>U<29><14><4><22><4><20><235><187>
        EAP-Message =
<240>'<233>9<136><252>&<208><232>3#s<15>-s<247><142>[0<31><6><3>U<29>#<4><24>0<22><128><20><235><187><240>'<233>9<136><252>&<208><232>3#s<15>-s<247><142>[0<12><6><3>U<29><19><4><5>0<3><1><1><255>0<13><6><9>*<134>H<134><247><13><1><1><11><5><0><3><130><1><1><0><198><0><175><17><201><152>sI<166><138><213><12><143><23>^Y<144><137><146><12><143><217>s<179><=g<236>r<209>k<208><190><142><223><227><243><252><22>J<238>O~<143>t%<186><217><6>
_!<182>=[?<184><24>,q<1><253>7<225>f/F<203><140>U<207>/2<181><4><143><130><27><240><23><133><215><165><243><141>~<246><134><179><226><179><238><181><189>V5<3>w<186><190><25>a<10><239>%<208><191>P$<253>n6<209><212>.<213><213><16><255><255><194><14>Y<182><205><161><14><134><134><213>|<215><142>}<191><144><190>e}(]l}<229>I5<10>6A2<7><212>{<246><229><165><179><141>]<127>^<200><18><217>(<242>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: IGNORE, Ignored due to
IgnoreAuthentication
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 3, 6, 25
Tue Jan 26 15:01:15 2016: DEBUG: Response type 25
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Tue Jan 26 15:01:15 2016: DEBUG: Access challenged for 1745@convidado: EAP
PEAP Challenge
Tue Jan 26 15:01:15 2016: DEBUG: Packet dump:
*** Sending to 10.240.1.1 port 20009 ....

Packet length = 145
0b 51 00 91 a4 43 c9 80 d4 87 d9 cb b1 f7 03 ef
57 c3 d2 dc 4f 6b 01 04 00 69 19 00 33 1c 96 94
1a 14 44 b5 28 92 53 81 d2 78 9c c0 19 b5 91 7a
cc 5d e5 b0 74 7c d8 6b a8 d0 64 3e 2f 58 fe 97
56 df 04 e4 d6 18 29 12 da 95 7c 18 e3 73 67 ec
c1 dc ed ea 53 fe 72 4f 2c 44 5e 58 13 96 ad a3
b1 80 ad c7 2a ec e6 a6 41 91 f3 e0 5c 49 18 6f
5d 29 b0 62 38 39 16 03 01 00 04 0e 00 00 00 50
12 6a 12 90 db 98 dd ae 70 6e 62 94 04 ce 04 76
7e
Code:       Access-Challenge
Identifier: 81
Authentic:
 <164>C<201><128><212><135><217><203><177><247><3><239>W<195><210><220>
Attributes:
        EAP-Message =
<1><4><0>i<25><0>3<28><150><148><26><20>D<181>(<146>S<129><210>x<156><192><25><181><145>z<204>]<229><176>t|<216>k<168><208>d>/X<254><151>V<223><4><228><214><24>)<18><218><149>|<24><227>sg<236><193><220><237><234>S<254>rO,D^X<19><150><173><163><177><128><173><199>*<236><230><166>A<145><243><224>\I<24>o])<176>b89<22><3><1><0><4><14><0><0><0>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: IGNORE, Ignored due to
IgnoreAuthentication
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 4, 336, 25
Tue Jan 26 15:01:15 2016: DEBUG: Response type 25
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Tue Jan 26 15:01:15 2016: DEBUG: Access challenged for 1745@convidado: EAP
PEAP Challenge
Tue Jan 26 15:01:15 2016: DEBUG: Packet dump:
*** Sending to 10.240.1.1 port 20009 ....

Packet length = 109
0b 52 00 6d 7d 13 ba 50 b3 12 c4 f9 5b 0e 79 ee
e6 b6 cb 12 4f 47 01 05 00 45 19 80 00 00 00 3b
14 03 01 00 01 01 16 03 01 00 30 20 b4 00 8f e0
02 41 8d bc a7 ad cb 43 fc 3b 27 05 8e 37 c5 54
47 53 60 cd b8 5a 8e 78 fa 34 9a 4a 53 cb 14 db
88 df f8 64 7f e8 d5 ab f7 10 b4 50 12 b5 59 46
04 67 42 d3 c5 ae 02 c9 0a 05 58 7c ec
Code:       Access-Challenge
Identifier: 82
Authentic:  }<19><186>P<179><18><196><249>[<14>y<238><230><182><203><18>
Attributes:
        EAP-Message =
<1><5><0>E<25><128><0><0><0>;<20><3><1><0><1><1><22><3><1><0>0
<180><0><143><224><2>A<141><188><167><173><203>C<252>;'<5><142>7<197>TGS`<205><184>Z<142>x<250>4<154>JS<203><20><219><136><223><248>d<127><232><213><171><247><16><180>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: IGNORE, Ignored due to
IgnoreAuthentication
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 5, 6, 25
Tue Jan 26 15:01:15 2016: DEBUG: Response type 25
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 3, EAP PEAP Challenge
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
Challenge
Tue Jan 26 15:01:15 2016: DEBUG: Access challenged for 1745@convidado: EAP
PEAP Challenge
Tue Jan 26 15:01:15 2016: DEBUG: Packet dump:
*** Sending to 10.240.1.1 port 20009 ....

Packet length = 83
0b 53 00 53 a0 d8 8c ad 86 14 be c9 01 40 36 0c
f1 7c a0 55 4f 2d 01 06 00 2b 19 00 17 03 01 00
20 9c 3a d5 a7 e3 41 92 8e a7 84 1a 7e 8c 57 37
a6 7f c5 3d d1 69 c9 3b ef 5f a8 9a 0d dc 0c 51
eb 50 12 10 40 f3 be df f4 65 8b 80 e7 cc 06 2a
73 dc a4
Code:       Access-Challenge
Identifier: 83
Authentic:  <160><216><140><173><134><20><190><201><1>@6<12><241>|<160>U
Attributes:
        EAP-Message = <1><6><0>+<25><0><23><3><1><0>
<156>:<213><167><227>A<146><142><167><132><26>~<140>W7<166><127><197>=<209>i<201>;<239>_<168><154><13><220><12>Q<235>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: IGNORE, Ignored due to
IgnoreAuthentication
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 6, 59, 25
Tue Jan 26 15:01:15 2016: DEBUG: Response type 25
Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i, TunnelledByPEAP=1', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO_INNER
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO_INNER
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 6, 15, 1
Tue Jan 26 15:01:15 2016: DEBUG: Response type 1
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 3, EAP MSCHAP-V2 Challenge
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: CHALLENGE, EAP
MSCHAP-V2 Challenge
Tue Jan 26 15:01:15 2016: DEBUG: Access challenged for 1745@convidado: EAP
MSCHAP-V2 Challenge
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 3, EAP PEAP inner
authentication redispatched to a Handler
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
inner authentication redispatched to a Handler
Tue Jan 26 15:01:15 2016: DEBUG: Access challenged for 1745@convidado: EAP
PEAP inner authentication redispatched to a Handler
Tue Jan 26 15:01:15 2016: DEBUG: Packet dump:
*** Sending to 10.240.1.1 port 20009 ....

Packet length = 115
0b 54 00 73 5a 03 c2 19 ad 90 24 23 45 60 33 0d
57 fe 31 79 4f 4d 01 07 00 4b 19 00 17 03 01 00
40 db 54 61 a5 7e bc f6 40 a0 29 d3 4a 26 ee b9
d3 fb e0 74 ac 55 a9 a3 85 03 a6 8e 91 87 36 5c
4c f0 4e 16 49 53 e9 7b 04 ef ea 9f 83 30 aa 26
5c 85 80 dc 61 e5 bd 6d a3 ed 62 7b a8 7d ee 6f
23 50 12 af 64 2e 89 4e 5e 51 dd 67 29 c8 e0 29
fc c6 06
Code:       Access-Challenge
Identifier: 84
Authentic:  Z<3><194><25><173><144>$#E`3<13>W<254>1y
Attributes:
        EAP-Message =
<1><7><0>K<25><0><23><3><1><0>@<219>Ta<165>~<188><246>@<160>)<211>J&<238><185><211><251><224>t<172>U<169><163><133><3><166><142><145><135>6\L<240>N<22>IS<233>{<4><239><234><159><131>0<170>&\<133><128><220>a<229><189>m<163><237>b{<168>}<238>o#
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: IGNORE, Ignored due to
IgnoreAuthentication
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 7, 107, 25
Tue Jan 26 15:01:15 2016: DEBUG: Response type 25
Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i, TunnelledByPEAP=1', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO_INNER
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO_INNER
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 7, 69, 26
Tue Jan 26 15:01:15 2016: DEBUG: Response type 26
Tue Jan 26 15:01:15 2016: DEBUG: Radius::AuthSQL looks for match with
1745@convidado [1745@convidado]
Tue Jan 26 15:01:15 2016: DEBUG: Radius::AuthSQL ACCEPT: : 1745@convidado
[1745@convidado]
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 3, EAP MSCHAP V2 Challenge:
Success
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: CHALLENGE, EAP MSCHAP
V2 Challenge: Success
Tue Jan 26 15:01:15 2016: DEBUG: Access challenged for 1745@convidado: EAP
MSCHAP V2 Challenge: Success
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 3, EAP PEAP inner
authentication redispatched to a Handler
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
inner authentication redispatched to a Handler
Tue Jan 26 15:01:15 2016: DEBUG: Access challenged for 1745@convidado: EAP
PEAP inner authentication redispatched to a Handler
Tue Jan 26 15:01:15 2016: DEBUG: Packet dump:
*** Sending to 10.240.1.1 port 20009 ....

Packet length = 131
0b 55 00 83 7e f2 3b 35 e4 1f c7 97 70 25 65 bb
79 5f 98 62 4f 5d 01 08 00 5b 19 00 17 03 01 00
50 bb 32 41 53 22 23 e4 1c ec 91 51 fb 1a 95 83
2a 6a 27 4c ce 62 5f 5a 30 99 d4 8c 46 ce a6 a8
ff 84 e2 64 b5 7d 3f e3 c0 11 e3 76 49 9e 10 c5
dd 82 69 75 f6 24 36 56 87 cb e7 08 70 1f 0a ab
6f d5 e2 8d b7 14 f5 17 1e 88 56 6b 93 c5 8b 11
3c 50 12 92 cb 9a 3b 40 ee aa ad e4 cb df 7a bb
25 6f d6
Code:       Access-Challenge
Identifier: 85
Authentic:  ~<242>;5<228><31><199><151>p%e<187>y_<152>b
Attributes:
        EAP-Message =
<1><8><0>[<25><0><23><3><1><0>P<187>2AS"#<228><28><236><145>Q<251><26><149><131>*j'L<206>b_Z0<153><212><140>F<206><166><168><255><132><226>d<181>}?<227><192><17><227>vI<158><16><197><221><130>iu<246>$6V<135><203><231><8>p<31><10><171>o<213><226><141><183><20><245><23><30><136>Vk<147><197><139><17><
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: IGNORE, Ignored due to
IgnoreAuthentication
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 8, 43, 25
Tue Jan 26 15:01:15 2016: DEBUG: Response type 25
Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i, TunnelledByPEAP=1', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO_INNER
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO_INNER
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 8, 2, 26
Tue Jan 26 15:01:15 2016: DEBUG: Response type 26
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 0,
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: ACCEPT,
Tue Jan 26 15:01:15 2016: DEBUG: Access accepted for 1745@convidado
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 3, EAP PEAP inner
authentication redispatched to a Handler
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: CHALLENGE, EAP PEAP
inner authentication redispatched to a Handler
Tue Jan 26 15:01:15 2016: DEBUG: Access challenged for 1745@convidado: EAP
PEAP inner authentication redispatched to a Handler
Tue Jan 26 15:01:15 2016: DEBUG: Packet dump:
*** Sending to 10.240.1.1 port 20009 ....

Packet length = 83
0b 56 00 53 20 55 c4 02 60 16 31 f2 47 31 3c 6e
8e bc 79 ca 4f 2d 01 09 00 2b 19 00 17 03 01 00
20 ba 39 99 53 4b fe c4 c3 0d 7a 82 0d ab 4b f2
0d a6 8a ed 14 90 18 3b 4c fc 1a e3 c4 f1 f5 99
46 50 12 d5 cd f7 be ce 24 19 a5 b7 f0 c7 ab 88
df 6c 3f
Code:       Access-Challenge
Identifier: 86
Authentic:   U<196><2>`<22>1<242>G1<n<142><188>y<202>
Attributes:
        EAP-Message = <1><9><0>+<25><0><23><3><1><0>
<186>9<153>SK<254><196><195><13>z<130><13><171>K<242><13><166><138><237><20><144><24>;L<252><26><227><196><241><245><153>F
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Deleting session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: IGNORE, Ignored due to
IgnoreAuthentication
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling with EAP: code 2, 9, 43, 25
Tue Jan 26 15:01:15 2016: DEBUG: Response type 25
Tue Jan 26 15:01:15 2016: DEBUG: EAP result: 0,
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: ACCEPT,
Tue Jan 26 15:01:15 2016: DEBUG: Access accepted for 1745@convidado
Tue Jan 26 15:01:15 2016: DEBUG: Packet dump:
*** Sending to 10.240.1.1 port 20009 ....

Packet length = 160
02 57 00 a0 3b a0 1b bb ac b6 77 2a 38 ed c5 52
99 e5 4f 36 4f 06 03 09 00 04 50 12 eb 0d c5 07
bc ea cf 46 3f 5e df 81 d3 ff 23 84 1a 3a 00 00
01 37 10 34 a4 bf ec f5 94 3e 60 fd bc fe 20 cb
9c 79 f5 78 59 df e4 bb e0 05 ac 6a 87 2d df 5c
56 d5 ba 6d 02 0d 80 54 28 1e 04 61 08 29 08 1a
ef bf 41 65 fe 03 1a 3a 00 00 01 37 11 34 da 80
09 ca 00 29 4b a2 4a da 0c 65 e9 f9 bc 43 cf d7
9f 5c 04 36 fa 03 37 03 ec 35 dd 55 bb bc 89 5f
97 49 20 fd 37 28 b1 e2 25 f6 f4 a1 93 83 9d 51
Code:       Access-Accept
Identifier: 87
Authentic:  ;<160><27><187><172><182>w*8<237><197>R<153><229>O6
Attributes:
        EAP-Message = <3><9><0><4>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
        MS-MPPE-Send-Key =
+<29>8<28><211><200><184><12><236><207><195><153><206><227><249><244><198><232><255><226><225>;Z<23><242><146>XT<201><212>*<171>
        MS-MPPE-Recv-Key = <210>M<169><160><149>
<226><236><171><217>t<139><13><209><255><246><131>i<130><211><179><249>V<135>D<178>n<243><136>a<148>@

Tue Jan 26 15:01:15 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:15 2016: DEBUG:  Adding session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Tue Jan 26 15:01:15 2016: DEBUG: Handling accounting with Radius::AuthSQL
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: ACCEPT,
Tue Jan 26 15:01:15 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:15 2016: DEBUG: Handling accounting with Radius::AuthSQL
Tue Jan 26 15:01:15 2016: DEBUG: AuthBy SQL result: ACCEPT,
Tue Jan 26 15:01:15 2016: DEBUG: Accounting accepted
Tue Jan 26 15:01:15 2016: DEBUG: Packet dump:
*** Sending to 10.240.1.1 port 20009 ....

Packet length = 20
05 58 00 14 aa 34 2c d5 d9 cf c0 17 dd 20 b1 ef
76 a8 88 e4
Code:       Accounting-Response
Identifier: 88
Authentic:  <170>4,<213><217><207><192><23><221> <177><239>v<168><136><228>
Attributes:

Tue Jan 26 15:01:16 2016: DEBUG: Handling request with Handler
'Realm=/^convidado$/i', Identifier ''
Tue Jan 26 15:01:16 2016: DEBUG:  Adding session for 1745@convidado,
10.240.1.1, 54482
Tue Jan 26 15:01:16 2016: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Tue Jan 26 15:01:16 2016: DEBUG: Handling accounting with Radius::AuthSQL
Tue Jan 26 15:01:16 2016: DEBUG: AuthBy SQL result: ACCEPT,
Tue Jan 26 15:01:16 2016: DEBUG: Handling with Radius::AuthSQL:
PEAP_CONVIDADO
Tue Jan 26 15:01:16 2016: DEBUG: Handling accounting with Radius::AuthSQL
Tue Jan 26 15:01:16 2016: DEBUG: AuthBy SQL result: ACCEPT,
Tue Jan 26 15:01:16 2016: DEBUG: Accounting accepted
Tue Jan 26 15:01:16 2016: DEBUG: Packet dump:
*** Sending to 10.240.1.1 port 20009 ....

Packet length = 20
05 63 00 14 21 f7 25 87 55 57 dc 1d b2 ef 4d 48
3a aa 46 e2
Code:       Accounting-Response
Identifier: 99
Authentic:  !<247>%<135>UW<220><29><178><239>MH:<170>F<226>
Attributes:



2016-01-26 9:35 GMT+00:00 Christian Kratzer <ck-li...@cksoft.de>:

> Hi,
>
> On Tue, 26 Jan 2016, Hugo Veiga wrote:
>
>> Hi Alan,
>>
>> I have the same config on radiator 4.9 and it works perfectly.
>>
>> About the stuff order ;) , I use the Authby as "functions" and usually I
>> put them before the handlers, this is very practical to reuse code.
>>
>> As you suggested I tried to put them after the handlers and I have the
>> same
>> exact result.
>>
>
> try getting a trace 4 log from the authentication on your 4.9 radiator
> so we can see the difference.
>
> Greetings
> Christian
>
>
>
>> Best regards,
>> Hugo Veiga
>>
>>
>> 2016-01-25 19:09 GMT+00:00 Alan Buxey <a.l.m.bu...@lboro.ac.uk>:
>>
>> Try putting your stuff into order - your inner stuff , handlers et al ,
>>> AFTER the realm check (where you are then asking for a particular
>>> handler).
>>>
>>> The goodies directory provides ready to go starting recipes for this
>>> stuff
>>> (so you can see how handlers/inner work)
>>>
>>> alan
>>>
>>
>>
> --
> Christian Kratzer                   CK Software GmbH
> Email:   c...@cksoft.de               Wildberger Weg 24/2
> Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
> Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
> Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
> Web:     http://www.cksoft.de/
>

_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] radiator never gets to the 2nd authentication phase in PEAP - MSCHAPv2

Reply via email to