8950 AAA policies that use EAP for authentication can be tested with
either the RADIUS Client Tool, aaa-rt, or the Diameter Client
Tool, aaa-dt. To enable the processing of EAP requests from
the 8950 AAA server, both test clients need special code specific to the
EAP type being used. Code specific to an EAP type ins implemeneted in a
callback class which is specified in the -callback argument to both
aaa-rt and aaa-dt. The value of the callback
is a simple name which maps to classes provided with the 8950 AAA
installation.
The following EAP callbacks are provided:
The EapMd5Challenge callback provides a simple MD5 digest response to a challenge sent by the server.
C:\va\run>..\bin\aaa-rt -callback EapMd5Challenge -id md5 -pw md5 -loglevel verbos
e
Xmit: Access-Request
User-Name = "md5"
EAP-Message = "Response/Identity(1): data=md5"
Message-Authenticator = "00000000000000000000000000000000"
Type=1, Ident=0, Len=53, Auth=60 B4 20 BB 38 51 D9 D4 7A CB 93 3D BE 70 39 9B
Off=20, Attr=1, Len=5 01 05 6D 64 35 [..md5 ]
Off=25, Attr=79, Len=10 4F 0A 02 01 00 08 01 6D [O......m]
64 35 [d5 ]
Off=35, Attr=80, Len=18 50 12 11 E0 FD F2 15 48 [P......H]
3A F2 A0 72 E9 0C 6D 7F [:..r..m.]
37 FF [7. ]
0: 01 00 00 35 60 B4 20 BB 38 51 D9 D4 7A CB 93 3D [...5`. .8Q..z..=]
16: BE 70 39 9B 01 05 6D 64 35 4F 0A 02 01 00 08 01 [.p9...md5O......]
32: 6D 64 35 50 12 11 E0 FD F2 15 48 3A F2 A0 72 E9 [md5P......H:..r.]
48: 0C 6D 7F 37 FF [.m.7. ]
Recv: Access-Challenge after 47 ms.
Message-Authenticator = "B2697460541904BCF4606A9955FCB1D3"
State = "2"
Session-Timeout = 180
EAP-Message = "Request/MD5-Challenge(2): challenge=E12C2AA786B73CE9632F3
EB1933E9AC7 name=MAPLE"
Type=11, Ident=0, Len=76, Auth=7A 90 C2 67 52 E1 DD 41 FE 9D F2 69 9E CB D4 92
Off=20, Attr=80, Len=18 50 12 B2 69 74 60 54 19 [P..it`T.]
04 BC F4 60 6A 99 55 FC [...`j.U.]
B1 D3 [.. ]
Off=38, Attr=79, Len=29 4F 1D 01 02 00 1B 04 10 [O.......]
E1 2C 2A A7 86 B7 3C E9 [.,*...<.]
63 2F 3E B1 93 3E 9A C7 [c/>..>..]
4D 41 50 4C 45 [MAPLE ]
Off=67, Attr=24, Len=3 18 03 32 [..2 ]
Off=70, Attr=27, Len=6 1B 06 00 00 00 B4 [...... ]
0: 0B 00 00 4C 7A 90 C2 67 52 E1 DD 41 FE 9D F2 69 [...Lz..gR..A...i]
16: 9E CB D4 92 50 12 B2 69 74 60 54 19 04 BC F4 60 [....P..it`T....`]
32: 6A 99 55 FC B1 D3 4F 1D 01 02 00 1B 04 10 E1 2C [j.U...O........,]
48: 2A A7 86 B7 3C E9 63 2F 3E B1 93 3E 9A C7 4D 41 [*...<.c/>..>..MA]
64: 50 4C 45 18 03 32 1B 06 00 00 00 B4 [PLE..2...... ]
Added response for state "2" to queue...
Xmit: Access-Request
User-Name = "md5"
EAP-Message = "Response/MD5-Challenge(2): response=4AEAB9E680037BC1C5922
101610C013D name=peer"
Message-Authenticator = "00000000000000000000000000000000"
State = "2"
Type=1, Ident=1, Len=74, Auth=F6 C9 2D A3 3A F0 1D 4F B7 70 E9 8C 03 25 F4 1D
Off=20, Attr=1, Len=5 01 05 6D 64 35 [..md5 ]
Off=25, Attr=79, Len=28 4F 1C 02 02 00 1A 04 10 [O.......]
4A EA B9 E6 80 03 7B C1 [J.....{.]
C5 92 21 01 61 0C 01 3D [..!.a..=]
70 65 65 72 [peer ]
Off=53, Attr=80, Len=18 50 12 33 1B 82 2D B8 94 [P.3..-..]
CB 13 C8 B5 7A B9 98 C6 [....z...]
7D EC [}. ]
Off=71, Attr=24, Len=3 18 03 32 [..2 ]
0: 01 01 00 4A F6 C9 2D A3 3A F0 1D 4F B7 70 E9 8C [...J..-.:..O.p..]
16: 03 25 F4 1D 01 05 6D 64 35 4F 1C 02 02 00 1A 04 [.%....md5O......]
32: 10 4A EA B9 E6 80 03 7B C1 C5 92 21 01 61 0C 01 [.J.....{...!.a..]
48: 3D 70 65 65 72 50 12 33 1B 82 2D B8 94 CB 13 C8 [=peerP.3..-.....]
64: B5 7A B9 98 C6 7D EC 18 03 32 [.z...}...2 ]
Recv: Access-Accept after 0 ms.
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Session-Timeout = 30
Termination-Action = Radius-Request
Message-Authenticator = "7B207A817F69A645B5B1A10D9EF28876"
EAP-Message = "Success(2)"
Type=2, Ident=1, Len=68, Auth=59 F1 67 9F EB 5B 71 3B 7D 82 76 C7 80 0A 64 EA
Off=20, Attr=6, Len=6 06 06 00 00 00 02 [...... ]
Off=26, Attr=8, Len=6 08 06 FF FF FF FF [...... ]
Off=32, Attr=27, Len=6 1B 06 00 00 00 1E [...... ]
Off=38, Attr=29, Len=6 1D 06 00 00 00 01 [...... ]
Off=44, Attr=80, Len=18 50 12 7B 20 7A 81 7F 69 [P.{ z..i]
A6 45 B5 B1 A1 0D 9E F2 [.E......]
88 76 [.v ]
Off=62, Attr=79, Len=6 4F 06 03 02 00 04 [O..... ]
0: 02 01 00 44 59 F1 67 9F EB 5B 71 3B 7D 82 76 C7 [...DY.g..[q;}.v.]
16: 80 0A 64 EA 06 06 00 00 00 02 08 06 FF FF FF FF [..d.............]
32: 1B 06 00 00 00 1E 1D 06 00 00 00 01 50 12 7B 20 [............P.{ ]
48: 7A 81 7F 69 A6 45 B5 B1 A1 0D 9E F2 88 76 4F 06 [z..i.E.......vO.]
64: 03 02 00 04 [.... ]
----- statistics -----
requests: 2
answers: 2
timeouts: 0
errors: 0
----- result codes -----
Access-Accept = 1
Access-Challenge = 1
----- performance -----
transaction count: 1
elapsed time(ms): 94
trans per second: 10.638297872340425
seconds per tran: 0.094
Reply count is: 1
|
The EapCiscoWireless callback provides a client implementation of Cisco's Lightweight Extensible Authentication Protocol (LEAP). LEAP provides an MS-CHAP style mutual authentication of the client and server. One interesting behavior of this callback class it sends an additional RADIUS Access-Request packet after the server successfully authenticates the client. This additional request is a client challenge for the server. Keying information is provided to the client in the Access-Accept to the client challenge. This callback only work with the RADIUS protocol.
C:\va\run>..\bin\aaa-rt -callback EapCiscoWireless -id leap -pw leap -loglevel ver
bose
Xmit: Access-Request
User-Name = "leap"
EAP-Message = "Response/Identity(1): data=leap"
Message-Authenticator = "00000000000000000000000000000000"
Type=1, Ident=0, Len=55, Auth=60 B4 20 BB 38 51 D9 D4 7A CB 93 3D BE 70 39 9B
Off=20, Attr=1, Len=6 01 06 6C 65 61 70 [..leap ]
Off=26, Attr=79, Len=11 4F 0B 02 01 00 09 01 6C [O......l]
65 61 70 [eap ]
Off=37, Attr=80, Len=18 50 12 B2 64 00 22 F8 1C [P..d."..]
BD D9 D2 CC 05 B5 B6 A2 [........]
7E 70 [~p ]
0: 01 00 00 37 60 B4 20 BB 38 51 D9 D4 7A CB 93 3D [...7`. .8Q..z..=]
16: BE 70 39 9B 01 06 6C 65 61 70 4F 0B 02 01 00 09 [.p9...leapO.....]
32: 01 6C 65 61 70 50 12 B2 64 00 22 F8 1C BD D9 D2 [.leapP..d.".....]
48: CC 05 B5 B6 A2 7E 70 [.....~p ]
Recv: Access-Challenge after 47 ms.
Message-Authenticator = "9FDEE0C55484B7F8FEB39C90A5A98AD3"
State = "3"
Session-Timeout = 180
EAP-Message = "Request/EAP-Cisco Wireless(2): version=1 challenge=9BB730
4E49A583BE name=leap"
Type=11, Ident=0, Len=69, Auth=60 B0 BB B6 13 3C 72 D5 DE AB B9 CF 25 66 70 7E
Off=20, Attr=80, Len=18 50 12 9F DE E0 C5 54 84 [P.....T.]
B7 F8 FE B3 9C 90 A5 A9 [........]
8A D3 [.. ]
Off=38, Attr=79, Len=22 4F 16 01 02 00 14 11 01 [O.......]
00 08 9B B7 30 4E 49 A5 [....0NI.]
83 BE 6C 65 61 70 [..leap ]
Off=60, Attr=24, Len=3 18 03 33 [..3 ]
Off=63, Attr=27, Len=6 1B 06 00 00 00 B4 [...... ]
0: 0B 00 00 45 60 B0 BB B6 13 3C 72 D5 DE AB B9 CF [...E`....<r.....]
16: 25 66 70 7E 50 12 9F DE E0 C5 54 84 B7 F8 FE B3 [%fp~P.....T.....]
32: 9C 90 A5 A9 8A D3 4F 16 01 02 00 14 11 01 00 08 [......O.........]
48: 9B B7 30 4E 49 A5 83 BE 6C 65 61 70 18 03 33 1B [..0NI...leap..3.]
64: 06 00 00 00 B4 [..... ]
Added response for state "3" to queue...
Xmit: Access-Request
User-Name = "leap"
Message-Authenticator = "00000000000000000000000000000000"
EAP-Message = "Response/EAP-Cisco Wireless(2): version=1 response=A27B87
B32ABDA8BECA05B27D9F98A522EC5AD123D08F15DA name=leap"
State = "3"
Type=1, Ident=1, Len=85, Auth=F6 C9 2D A3 3A F0 1D 4F B7 70 E9 8C 03 25 F4 1D
Off=20, Attr=1, Len=6 01 06 6C 65 61 70 [..leap ]
Off=26, Attr=80, Len=18 50 12 C7 34 0B BC 05 B5 [P..4....]
AD 0A 03 25 54 0D 1A 45 [...%T..E]
D9 7F [.. ]
Off=44, Attr=79, Len=38 4F 26 02 02 00 24 11 01 [O&...$..]
00 18 A2 7B 87 B3 2A BD [...{..*.]
A8 BE CA 05 B2 7D 9F 98 [.....}..]
A5 22 EC 5A D1 23 D0 8F [.".Z.#..]
15 DA 6C 65 61 70 [..leap ]
Off=82, Attr=24, Len=3 18 03 33 [..3 ]
0: 01 01 00 55 F6 C9 2D A3 3A F0 1D 4F B7 70 E9 8C [...U..-.:..O.p..]
16: 03 25 F4 1D 01 06 6C 65 61 70 50 12 C7 34 0B BC [.%....leapP..4..]
32: 05 B5 AD 0A 03 25 54 0D 1A 45 D9 7F 4F 26 02 02 [.....%T..E..O&..]
48: 00 24 11 01 00 18 A2 7B 87 B3 2A BD A8 BE CA 05 [.$.....{..*.....]
64: B2 7D 9F 98 A5 22 EC 5A D1 23 D0 8F 15 DA 6C 65 [.}...".Z.#....le]
80: 61 70 18 03 33 [ap..3 ]
Recv: Access-Accept after 63 ms.
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Message-Authenticator = "09262CD4C803A7AD435739037E0AD9C1"
Session-Timeout = 30
State = "4"
Termination-Action = Radius-Request
EAP-Message = "Success(2)"
Type=2, Ident=1, Len=71, Auth=4D 6C F2 07 40 72 73 EE 06 2E C7 DF 1D 06 90 B0
Off=20, Attr=6, Len=6 06 06 00 00 00 02 [...... ]
Off=26, Attr=8, Len=6 08 06 FF FF FF FF [...... ]
Off=32, Attr=80, Len=18 50 12 09 26 2C D4 C8 03 [P..&,...]
A7 AD 43 57 39 03 7E 0A [..CW9.~.]
D9 C1 [.. ]
Off=50, Attr=79, Len=6 4F 06 03 02 00 04 [O..... ]
Off=56, Attr=27, Len=6 1B 06 00 00 00 1E [...... ]
Off=62, Attr=24, Len=3 18 03 34 [..4 ]
Off=65, Attr=29, Len=6 1D 06 00 00 00 01 [...... ]
0: 02 01 00 47 4D 6C F2 07 40 72 73 EE 06 2E C7 DF [...GMl..@rs.....]
16: 1D 06 90 B0 06 06 00 00 00 02 08 06 FF FF FF FF [................]
32: 50 12 09 26 2C D4 C8 03 A7 AD 43 57 39 03 7E 0A [P..&,.....CW9.~.]
48: D9 C1 4F 06 03 02 00 04 1B 06 00 00 00 1E 18 03 [..O.............]
64: 34 1D 06 00 00 00 01 [4...... ]
Added response for state "4" to queue...
Xmit: Access-Request
User-Name = "leap"
Message-Authenticator = "00000000000000000000000000000000"
EAP-Message = "Request/EAP-Cisco Wireless(1): version=1 challenge=838ED0
E775706B46 name=leap"
State = "4"
Type=1, Ident=2, Len=69, Auth=3E BA F8 98 6D A7 12 C8 2B CD 4D 55 4B F0 B5 40
Off=20, Attr=1, Len=6 01 06 6C 65 61 70 [..leap ]
Off=26, Attr=80, Len=18 50 12 96 F0 AD 32 34 94 [P....24.]
B9 F4 4E DC 30 FB 82 2B [..N.0..+]
BF F8 [.. ]
Off=44, Attr=79, Len=22 4F 16 01 01 00 14 11 01 [O.......]
00 08 83 8E D0 E7 75 70 [......up]
6B 46 6C 65 61 70 [kFleap ]
Off=66, Attr=24, Len=3 18 03 34 [..4 ]
0: 01 02 00 45 3E BA F8 98 6D A7 12 C8 2B CD 4D 55 [...E>...m...+.MU]
16: 4B F0 B5 40 01 06 6C 65 61 70 50 12 96 F0 AD 32 [K..@..leapP....2]
32: 34 94 B9 F4 4E DC 30 FB 82 2B BF F8 4F 16 01 01 [4...N.0..+..O...]
48: 00 14 11 01 00 08 83 8E D0 E7 75 70 6B 46 6C 65 [..........upkFle]
64: 61 70 18 03 34 [ap..4 ]
Recv: Access-Accept after 0 ms.
Session-Timeout = 30
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Termination-Action = Radius-Request
Cisco-AVPair = "leap:session-key=2089F9F20CF1AC59F9A450700DD0DC85"
Message-Authenticator = "FD53418C6D8303451CFA3A983A78BD6C"
EAP-Message = "Response/EAP-Cisco Wireless(1): version=1 response=C4C0F6
1D0511AF7A7296AD09F40446C9A5629ACADCA26BE7 name=leap"
Type=2, Ident=2, Len=159, Auth=91 3F 3D F5 A1 AC 5E F4 68 D5 3B 82 DB D9 88 DE
Off=20, Attr=27, Len=6 1B 06 00 00 00 1E [...... ]
Off=26, Attr=6, Len=6 06 06 00 00 00 02 [...... ]
Off=32, Attr=8, Len=6 08 06 FF FF FF FF [...... ]
Off=38, Attr=29, Len=6 1D 06 00 00 00 01 [...... ]
Off=44, Attr=26, Len=59 1A 3B 00 00 00 09 01 35 [.;.....5]
6C 65 61 70 3A 73 65 73 [leap:ses]
73 69 6F 6E 2D 6B 65 79 [sion-key]
3D 80 01 F2 45 3C AC FA [=...E<..]
1B 6C 55 A9 A9 8A 74 4F [.lU...tO]
0B 6B 5F A5 32 09 C6 0E [.k_.2...]
49 4C 52 04 34 42 78 CF [ILR.4Bx.]
43 12 51 [C.Q ]
Off=103, Attr=80, Len=18 50 12 FD 53 41 8C 6D 83 [P..SA.m.]
03 45 1C FA 3A 98 3A 78 [.E..:.:x]
BD 6C [.l ]
Off=121, Attr=79, Len=38 4F 26 02 01 00 24 11 01 [O&...$..]
00 18 C4 C0 F6 1D 05 11 [........]
AF 7A 72 96 AD 09 F4 04 [.zr.....]
46 C9 A5 62 9A CA DC A2 [F..b....]
6B E7 6C 65 61 70 [k.leap ]
0: 02 02 00 9F 91 3F 3D F5 A1 AC 5E F4 68 D5 3B 82 [.....?=...^.h.;.]
16: DB D9 88 DE 1B 06 00 00 00 1E 06 06 00 00 00 02 [................]
32: 08 06 FF FF FF FF 1D 06 00 00 00 01 1A 3B 00 00 [.............;..]
48: 00 09 01 35 6C 65 61 70 3A 73 65 73 73 69 6F 6E [...5leap:session]
64: 2D 6B 65 79 3D 80 01 F2 45 3C AC FA 1B 6C 55 A9 [-key=...E<...lU.]
80: A9 8A 74 4F 0B 6B 5F A5 32 09 C6 0E 49 4C 52 04 [..tO.k_.2...ILR.]
96: 34 42 78 CF 43 12 51 50 12 FD 53 41 8C 6D 83 03 [4Bx.C.QP..SA.m..]
112: 45 1C FA 3A 98 3A 78 BD 6C 4F 26 02 01 00 24 11 [E..:.:x.lO&...$.]
128: 01 00 18 C4 C0 F6 1D 05 11 AF 7A 72 96 AD 09 F4 [..........zr....]
144: 04 46 C9 A5 62 9A CA DC A2 6B E7 6C 65 61 70 [.F..b....k.leap ]
AP Challenge = 83 8E D0 E7 75 70 6B 46
MPPE Hash = 8A 99 F2 2E C0 06 F4 18 22 83 02 40 36 82 71 9B
Response = C4C0F61D0511AF7A7296AD09F40446C9A5629ACADCA26BE7
Calculated = C4C0F61D0511AF7A7296AD09F40446C9A5629ACADCA26BE7
----- statistics -----
requests: 3
answers: 3
timeouts: 0
errors: 0
----- result codes -----
Access-Accept = 2
Access-Challenge = 1
----- performance -----
transaction count: 1
elapsed time(ms): 235
trans per second: 4.25531914893617
seconds per tran: 0.235
Reply count is: 1
|
The EapTls callback provides a client implementation of EAP TLS as described in IETF RFC 2716. EAP TLS uses the mutual authentication of the TLS handshake phase to authenticate a client and a server. The identity of the client and server are authenticated using public and private keys associated with X.509 certificates.
C:\va\run>..\bin\aaa-rt -callback EapTls -id tls -cf client.pem -loglevel debug
Creating new client
Xmit: Access-Request
User-Name = "tls"
EAP-Message = "Response/Identity(1): data=tls"
Message-Authenticator = "00000000000000000000000000000000"
Recv: Access-Challenge after 47 ms.
Message-Authenticator = "557C4187A07B14ACC4071D6FFE810047"
State = "18"
Session-Timeout = 180
EAP-Message = "Request/EAP-TLS(2): flags=20(S) "
Sending a 0 byte message to the EAP TLS client:
Received a 120 byte message from the EAP TLS client:
Handshake,v3.1
ClientHello
version 3.1
random = 43F254FDA6FA4211C23CB01FC5B86745C021AB4B2B5BA5C1A4DA7F7EF75
36CD2
session_id =
cipher_suites
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DH_DSS_WITH_AES_256_CBC_SHA
TLS_DH_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_DHE_DSS_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DH_DSS_WITH_AES_128_CBC_SHA
TLS_DH_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DH_DSS_WITH_DES_CBC_SHA
TLS_DH_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
compression_methods
NULL
Xmit: Access-Request
User-Name = "tls"
EAP-Message = "Response/EAP-TLS(2): flags=80(L) msg.length=120 frag.leng
th=120"
Message-Authenticator = "00000000000000000000000000000000"
State = "18"
Recv: Access-Challenge after 15 ms.
Message-Authenticator = "3360081FCD9CD20750ECF61D3D8A8DCA"
State = "19"
Session-Timeout = 180
EAP-Message = "Request/EAP-TLS(3): flags=C0(LM) msg.length=1129 frag.le
ngth=749"
Acking TLS fragment
Xmit: Access-Request
User-Name = "tls"
EAP-Message = "Response/EAP-TLS(3): flags=00()"
Message-Authenticator = "00000000000000000000000000000000"
State = "19"
Recv: Access-Challenge after 16 ms.
Message-Authenticator = "C8D7E68AD807D305555691412EC69431"
State = "20"
Session-Timeout = 180
EAP-Message = "Request/EAP-TLS(4): flags=00() frag.length=380"
Sending a 1129 byte message to the EAP TLS client:
Handshake,v3.1
ServerHello
version 3.1
random = 43F254FD3678E7D3C33E6311CFB60151DD2413F0917C08D1105C2E8BCB3
C389E
session_id = 437F28F53A48952E7C901F6B1E94FEAB
cipher_suite = TLS_RSA_WITH_AES_256_CBC_SHA
compression_method = NULL
Certificate
CertificateRequest
ServerHelloDone
Received a 1337 byte message from the EAP TLS client:
Handshake,v3.1
Certificate
ClientKeyExchange
Handshake,v3.1
CertificateVerify
ChangeCipherSpec,v3.1
Handshake,v3.1
Finished
Xmit: Access-Request
User-Name = "tls"
EAP-Message = "Response/EAP-TLS(4): flags=C0(LM) msg.length=1337 frag.le
ngth=1002"
Message-Authenticator = "00000000000000000000000000000000"
State = "20"
Recv: Access-Challenge after 16 ms.
Message-Authenticator = "309C57F802B5D44196FFB37A7A07F468"
State = "21"
Session-Timeout = 180
EAP-Message = "Request/EAP-TLS(5): flags=00() "
Xmit: Access-Request
User-Name = "tls"
EAP-Message = "Response/EAP-TLS(5): flags=00() frag.length=335"
Message-Authenticator = "00000000000000000000000000000000"
State = "21"
Recv: Access-Challenge after 31 ms.
Message-Authenticator = "E8FF696936D7230648A957DD679AA9F8"
State = "22"
Session-Timeout = 180
EAP-Message = "Request/EAP-TLS(6): flags=80(L) msg.length=59 frag.lengt
h=59"
Sending a 59 byte message to the EAP TLS client:
ChangeCipherSpec,v3.1
Handshake,v3.1
Finished
Handshake Complete:
Cipher suite = SSL_RSA_WITH_AES_256_CBC_SHA
Session ID = id: 43:7F:28:F5:3A:48:95:2E:7C:90:1F:6B:1E:94:FE:AB
Acking TLS fragment
Xmit: Access-Request
User-Name = "tls"
EAP-Message = "Response/EAP-TLS(6): flags=00()"
Message-Authenticator = "00000000000000000000000000000000"
State = "22"
Recv: Access-Accept after 16 ms.
Service-Type = Framed-User
Session-Timeout = 300
Termination-Action = Radius-Request
MS-MPPE-Recv-Key = 36D25676E02F5DD9ACBF8DE38A272FACE920BAD579D293BB9CDD9
82FDF44F3D3
MS-MPPE-Send-Key = 1CD6349191602E82A1FC59C768AA77BE80162F564826DCBC438CC
A5368129A1E
Message-Authenticator = "3B9854BCC00E5D6B8870E26166DF90AC"
EAP-Message = "Success(6)"
Closed runner
clientRecvKey=36D25676E02F5DD9ACBF8DE38A272FACE920BAD579D293BB9CDD982FDF44F3D3
clientSendKey=1CD6349191602E82A1FC59C768AA77BE80162F564826DCBC438CCA5368129A1E
----- statistics -----
requests: 6
answers: 6
timeouts: 0
errors: 0
----- result codes -----
Access-Accept = 1
Access-Challenge = 5
----- performance -----
transaction count: 1
elapsed time(ms): 250
trans per second: 4.0
seconds per tran: 0.25
Closing client
|
The EapTtls callback provides a client implementation of EAP TTLS as described in IETF draft-ietf-pppext-eap-ttls-02.txt. EAP TTLS creates an encrypted tunnel to pass attributes between the client and server.
C:\va\run>..\bin\aaa-rt -callback EapTtls -id ttls -ti local -tp local -loglevel d
ebug
Xmit: Access-Request
User-Name = "ttls"
EAP-Message = "Response/Identity(1): data=ttls"
Message-Authenticator = "00000000000000000000000000000000"
Recv: Access-Challenge after 78 ms.
Message-Authenticator = "20824CF8155F32475D5861C32E8F914D"
State = "23"
Session-Timeout = 180
EAP-Message = "Request/EAP-TTLS(2): flags=20(S) "
Sending a 0 byte message to the EAP TTLS client:
Received a 120 byte message from the EAP TTLS client:
Handshake,v3.1
ClientHello
version 3.1
random = 43F255CA022ACBB19E09E696EF015585411FF54DB6F7DE67FF6D026CE95
10F6E
session_id =
cipher_suites
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DH_DSS_WITH_AES_256_CBC_SHA
TLS_DH_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_DHE_DSS_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DH_DSS_WITH_AES_128_CBC_SHA
TLS_DH_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DH_DSS_WITH_DES_CBC_SHA
TLS_DH_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
compression_methods
NULL
Xmit: Access-Request
User-Name = "ttls"
EAP-Message = "Response/EAP-TTLS(2): flags=80(L) msg.length=120 frag.len
gth=120"
Message-Authenticator = "00000000000000000000000000000000"
State = "23"
Recv: Access-Challenge after 0 ms.
Message-Authenticator = "74F8168BAA30E429CA2ECE2FB428C845"
State = "24"
Session-Timeout = 180
EAP-Message = "Request/EAP-TTLS(3): flags=C0(LM) msg.length=1076 frag.l
ength=1002"
Acking TLS fragment
Xmit: Access-Request
User-Name = "ttls"
EAP-Message = "Response/EAP-TTLS(3): flags=00()"
Message-Authenticator = "00000000000000000000000000000000"
State = "24"
Recv: Access-Challenge after 0 ms.
Message-Authenticator = "BBEEC5CC72F11F135687C12899153698"
State = "25"
Session-Timeout = 180
EAP-Message = "Request/EAP-TTLS(4): flags=00() frag.length=74"
Sending a 1076 byte message to the EAP TTLS client:
Handshake,v3.1
ServerHello
version 3.1
random = 43F255CA274B66E00BF0A016C24CEA2BFD0654BD443112F1787BD275C73
465D5
session_id = 650FBBA2013078624601163A0742CA5C
cipher_suite = TLS_RSA_WITH_AES_256_CBC_SHA
compression_method = NULL
Certificate
ServerHelloDone
Received a 198 byte message from the EAP TTLS client:
Handshake,v3.1
ClientKeyExchange
ChangeCipherSpec,v3.1
Handshake,v3.1
Finished
Xmit: Access-Request
User-Name = "ttls"
EAP-Message = "Response/EAP-TTLS(4): flags=80(L) msg.length=198 frag.len
gth=198"
Message-Authenticator = "00000000000000000000000000000000"
State = "25"
Recv: Access-Challenge after 16 ms.
Message-Authenticator = "AFAC3A39CF79445AE05977235153668B"
State = "26"
Session-Timeout = 180
EAP-Message = "Request/EAP-TTLS(5): flags=80(L) msg.length=59 frag.leng
th=59"
Sending a 59 byte message to the EAP TTLS client:
ChangeCipherSpec,v3.1
Handshake,v3.1
Finished
Handshake Complete:
Cipher suite = SSL_RSA_WITH_AES_256_CBC_SHA
Session ID = id: 65:0F:BB:A2:01:30:78:62:46:01:16:3A:07:42:CA:5C
Tunneled Request:
User-Name = "local"
User-Password = "local"
Encoded Output:
0: 00 00 00 01 40 00 00 0D 6C 6F 63 61 6C 00 00 00 [....@...local...]
16: 00 00 00 02 40 00 00 17 6C 6F 63 61 6C 00 00 00 [....@...local...]
32: 00 00 00 00 00 00 00 00 [........ ]
Received a 69 byte message from the EAP TTLS client:
ApplicationData,v3.1
Xmit: Access-Request
User-Name = "ttls"
EAP-Message = "Response/EAP-TTLS(5): flags=80(L) msg.length=69 frag.leng
th=69"
Message-Authenticator = "00000000000000000000000000000000"
State = "26"
Recv: Access-Accept after 0 ms.
Service-Type = Framed-User
Session-Timeout = 300
Termination-Action = Radius-Request
MS-MPPE-Recv-Key = 942881A42138A14D2397D5B48A00D3A5D0EC599DA4FE72A28F87C
580172CBA17
MS-MPPE-Send-Key = CF8A2B50BCC061ED2063577330D1620F9553E7A0987B430012ED0
8675032C84F
Message-Authenticator = "81113F6A77CA584C11C7C0B3355ED8BA"
EAP-Message = "Success(5)"
clientRecvKey=942881A42138A14D2397D5B48A00D3A5D0EC599DA4FE72A28F87C580172CBA17
clientSendKey=CF8A2B50BCC061ED2063577330D1620F9553E7A0987B430012ED08675032C84F
----- statistics -----
requests: 5
answers: 5
timeouts: 0
errors: 0
----- result codes -----
Access-Accept = 1
Access-Challenge = 4
----- performance -----
transaction count: 1
elapsed time(ms): 140
trans per second: 7.142857142857143
seconds per tran: 0.14
|
The EapPeap callback provides a client implementation of EAP PEAP as described in IETF draft-josefsson-pppext-eap-tls-eap-05.txt, IETF draft-kamath-pppext-peapv0-00.txt, and as implemeneted by Cisco. EAP PEAP creates an encrypted tunnel to pass EAP messages between the client and server.
C:\va\run>..\bin\aaa-rt -callback EapPeap -id peap -ti mschapv2 -tp mschapv2 -logl
evel debug
Xmit: Access-Request
User-Name = "peap"
EAP-Message = "Response/Identity(1): data=peap"
Message-Authenticator = "00000000000000000000000000000000"
Recv: Access-Challenge after 93 ms.
Message-Authenticator = "E1349230D75C96FED1831A84186D53E1"
State = "27"
Session-Timeout = 180
EAP-Message = "Request/PEAP(2): flags=21(S) "
Sending a 0 byte message to the EAP PEAP client:
Received a 120 byte message from the EAP PEAP client:
Handshake,v3.1
ClientHello
version 3.1
random = 43F256194779CC5A851019950EDB9DFD1F144B350DEF75F5E3FB8BAC7A1
144AE
session_id =
cipher_suites
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DH_DSS_WITH_AES_256_CBC_SHA
TLS_DH_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_DHE_DSS_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DH_DSS_WITH_AES_128_CBC_SHA
TLS_DH_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DH_DSS_WITH_DES_CBC_SHA
TLS_DH_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA
compression_methods
NULL
Xmit: Access-Request
User-Name = "peap"
EAP-Message = "Response/PEAP(2): flags=00() frag.length=120"
Message-Authenticator = "00000000000000000000000000000000"
State = "27"
Recv: Access-Challenge after 0 ms.
Message-Authenticator = "FBA06B4A9A9AE8206D450F043A8BAA9B"
State = "28"
Session-Timeout = 180
EAP-Message = "Request/PEAP(3): flags=C0(LM) msg.length=1076 frag.lengt
h=1002"
Acking PEAP fragment
Xmit: Access-Request
User-Name = "peap"
EAP-Message = "Response/PEAP(3): flags=00()"
Message-Authenticator = "00000000000000000000000000000000"
State = "28"
Recv: Access-Challenge after 16 ms.
Message-Authenticator = "CA7E5094072B84A758C77A296778C904"
State = "29"
Session-Timeout = 180
EAP-Message = "Request/PEAP(4): flags=00() frag.length=74"
Sending a 1076 byte message to the EAP PEAP client:
Handshake,v3.1
ServerHello
version 3.1
random = 43F256197A99E5D42010AFEB868AC86953F2461F5076F80A912A16CF35E
9420B
session_id = 8DD8311816FFEE0076D01835B60F8D7E
cipher_suite = TLS_RSA_WITH_AES_256_CBC_SHA
compression_method = NULL
Certificate
ServerHelloDone
Received a 198 byte message from the EAP PEAP client:
Handshake,v3.1
ClientKeyExchange
ChangeCipherSpec,v3.1
Handshake,v3.1
Finished
Xmit: Access-Request
User-Name = "peap"
EAP-Message = "Response/PEAP(4): flags=00() frag.length=198"
Message-Authenticator = "00000000000000000000000000000000"
State = "29"
Recv: Access-Challenge after 15 ms.
Message-Authenticator = "5317BFB23B03227F35C90638F19118E4"
State = "30"
Session-Timeout = 180
EAP-Message = "Request/PEAP(5): flags=00() frag.length=59"
Sending a 59 byte message to the EAP PEAP client:
ChangeCipherSpec,v3.1
Handshake,v3.1
Finished
Handshake Complete:
Cipher suite = SSL_RSA_WITH_AES_256_CBC_SHA
Session ID = id: 8D:D8:31:18:16:FF:EE:00:76:D0:18:35:B6:0F:8D:7E
Acking PEAP fragment
Xmit: Access-Request
User-Name = "peap"
EAP-Message = "Response/PEAP(5): flags=00()"
Message-Authenticator = "00000000000000000000000000000000"
State = "30"
Recv: Access-Challenge after 16 ms.
Message-Authenticator = "8B6DD59E0B3CCA949BC5031E399E463D"
State = "31"
Session-Timeout = 180
EAP-Message = "Request/PEAP(6): flags=00() frag.length=37"
Sending a 37 byte message to the EAP PEAP client:
ApplicationData,v3.1
Input:
0: 01 [. ]
Output:
0: 01 6D 73 63 68 61 70 76 32 [.mschapv2 ]
Received a 37 byte message from the EAP PEAP client:
ApplicationData,v3.1
Xmit: Access-Request
User-Name = "peap"
EAP-Message = "Response/PEAP(6): flags=00() frag.length=37"
Message-Authenticator = "00000000000000000000000000000000"
State = "31"
Recv: Access-Challenge after 0 ms.
Message-Authenticator = "2E0751057B60AD9F34D532017073C883"
State = "32"
Session-Timeout = 180
EAP-Message = "Request/PEAP(7): flags=00() frag.length=69"
Sending a 69 byte message to the EAP PEAP client:
ApplicationData,v3.1
Input:
0: 1A 01 07 00 1D 10 5B 13 ED 28 8D 73 E4 18 4C D5 [......[..(.s..L.]
16: DB DE 35 BC 79 3B 6D 73 63 68 61 70 76 32 [..5.y;mschapv2 ]
Input EAP-Message:
"Request/EAP-MSCHAPV2(7): (Challenge) id=7 ml=29 vl=16 challenge=5B13ED288D73E41
84CD5DBDE35BC793B name=mschapv2"
Sending message to: com.lucent.aaa.eap.EapMsChapV2$ClientSession@56b93a
User Name is: mschapv2
Challenge Hash is: AF40C4BDC6A52797
Output EAP-Message:
"Response/EAP-MSCHAPV2(7): (Response) id=7 ml=62 vl=49 response=DC347732227BAF06
6731E053F6FB412900000000000000009B28F04891BEACB8ECCEBBFE3D677D8DC2AEF3A7E582D069
00 name=mschapv2"
Output:
0: 1A 02 07 00 3E 31 DC 34 77 32 22 7B AF 06 67 31 [....>1.4w2"{..g1]
16: E0 53 F6 FB 41 29 00 00 00 00 00 00 00 00 9B 28 [.S..A).........(]
32: F0 48 91 BE AC B8 EC CE BB FE 3D 67 7D 8D C2 AE [.H........=g}...]
48: F3 A7 E5 82 D0 69 00 6D 73 63 68 61 70 76 32 [.....i.mschapv2 ]
Received a 101 byte message from the EAP PEAP client:
ApplicationData,v3.1
Xmit: Access-Request
User-Name = "peap"
EAP-Message = "Response/PEAP(7): flags=00() frag.length=101"
Message-Authenticator = "00000000000000000000000000000000"
State = "32"
Recv: Access-Challenge after 16 ms.
Message-Authenticator = "9F34E36916DCE8391EE1E2B4171F8D4D"
State = "33"
Session-Timeout = 180
EAP-Message = "Request/PEAP(8): flags=00() frag.length=85"
Sending a 85 byte message to the EAP PEAP client:
ApplicationData,v3.1
Input:
0: 1A 03 07 00 2E 53 3D 42 45 35 42 43 31 32 41 44 [.....S=BE5BC12AD]
16: 45 42 39 45 30 45 39 31 30 46 37 32 32 41 42 42 [EB9E0E910F722ABB]
32: 45 31 44 42 36 39 39 44 38 32 33 45 46 39 38 [E1DB699D823EF98 ]
Input EAP-Message:
"Request/EAP-MSCHAPV2(8): (Success) id=7 ml=46 msg=S=BE5BC12ADEB9E0E910F722ABBE1
DB699D823EF98"
Sending message to: com.lucent.aaa.eap.EapMsChapV2$ClientSession@56b93a
Local Response is: BE5BC12ADEB9E0E910F722ABBE1DB699D823EF98
Output EAP-Message:
"Response/EAP-MSCHAPV2(8): (Success)"
Output:
0: 1A 03 [.. ]
Received a 37 byte message from the EAP PEAP client:
ApplicationData,v3.1
Xmit: Access-Request
User-Name = "peap"
EAP-Message = "Response/PEAP(8): flags=00() frag.length=37"
Message-Authenticator = "00000000000000000000000000000000"
State = "33"
Recv: Access-Challenge after 16 ms.
Message-Authenticator = "FB4516252B728D2F33D329924D26CBAC"
State = "34"
Session-Timeout = 180
EAP-Message = "Request/PEAP(9): flags=00() frag.length=37"
Sending a 37 byte message to the EAP PEAP client:
ApplicationData,v3.1
Input:
0: 01 09 00 0B 21 80 03 00 02 00 01 [....!...... ]
Output:
0: 02 09 00 0B 21 80 03 00 02 00 01 [....!...... ]
Received a 37 byte message from the EAP PEAP client:
ApplicationData,v3.1
Xmit: Access-Request
User-Name = "peap"
EAP-Message = "Response/PEAP(9): flags=00() frag.length=37"
Message-Authenticator = "00000000000000000000000000000000"
State = "34"
Recv: Access-Accept after 0 ms.
Service-Type = Framed-User
Session-Timeout = 3000
Termination-Action = Radius-Request
MS-MPPE-Recv-Key = F8C29AD8F9429FB70A949C9EFCD4B344D5B76497FA901EE6E35A9
ABC5FFE800C
MS-MPPE-Send-Key = 33CD8B9420758C9E223C213F2353E45817AC63BDBC0BE6FB01FE0
1B8276CF2B2
Message-Authenticator = "C6682CD200F4FE06A1CFB355DA65908A"
EAP-Message = "Success(9)"
clientRecvKey=F8C29AD8F9429FB70A949C9EFCD4B344D5B76497FA901EE6E35A9ABC5FFE800C
clientSendKey=33CD8B9420758C9E223C213F2353E45817AC63BDBC0BE6FB01FE01B8276CF2B2
----- statistics -----
requests: 9
answers: 9
timeouts: 0
errors: 0
----- result codes -----
Access-Accept = 1
Access-Challenge = 8
----- performance -----
transaction count: 1
elapsed time(ms): 187
trans per second: 5.347593582887701
seconds per tran: 0.187
|
The EapMsChapV2 callback implements the EAP type specified in IETF draft-kamath-pppext-eap-mschapv2-00.txt
C:\va\run>..\bin\aaa-rt -callback EapMsChapV2 -id mschapv2 -pw mschapv2 -loglevel
verbose
Xmit: Access-Request
User-Name = "mschapv2"
EAP-Message = "Response/Identity(1): data=mschapv2"
Message-Authenticator = "00000000000000000000000000000000"
Type=1, Ident=0, Len=63, Auth=60 B4 20 BB 38 51 D9 D4 7A CB 93 3D BE 70 39 9B
Off=20, Attr=1, Len=10 01 0A 6D 73 63 68 61 70 [..mschap]
76 32 [v2 ]
Off=30, Attr=79, Len=15 4F 0F 02 01 00 0D 01 6D [O......m]
73 63 68 61 70 76 32 [schapv2 ]
Off=45, Attr=80, Len=18 50 12 27 E7 8C 9A EC A6 [P.'.....]
A5 D3 7E 41 DE 75 F5 49 [..~A.u.I]
5F B3 [_. ]
0: 01 00 00 3F 60 B4 20 BB 38 51 D9 D4 7A CB 93 3D [...?`. .8Q..z..=]
16: BE 70 39 9B 01 0A 6D 73 63 68 61 70 76 32 4F 0F [.p9...mschapv2O.]
32: 02 01 00 0D 01 6D 73 63 68 61 70 76 32 50 12 27 [.....mschapv2P.']
48: E7 8C 9A EC A6 A5 D3 7E 41 DE 75 F5 49 5F B3 [.......~A.u.I_. ]
Recv: Access-Challenge after 47 ms.
Message-Authenticator = "FFFCCBD76E70675B9EB38521B6A26217"
State = "22"
Session-Timeout = 180
EAP-Message = "Request/EAP-MSCHAPV2(2): (Challenge) id=2 ml=29 vl=16 cha
llenge=86871EB01B8D488BCAC8C74CA88A8A1F name=mschapv2"
Type=11, Ident=0, Len=84, Auth=FD ED 36 40 3E FF 22 17 13 94 5F C2 59 0E CB E5
Off=20, Attr=80, Len=18 50 12 FF FC CB D7 6E 70 [P.....np]
67 5B 9E B3 85 21 B6 A2 [g[...!..]
62 17 [b. ]
Off=38, Attr=79, Len=36 4F 24 01 02 00 22 1A 01 [O$..."..]
02 00 1D 10 86 87 1E B0 [........]
1B 8D 48 8B CA C8 C7 4C [..H....L]
A8 8A 8A 1F 6D 73 63 68 [....msch]
61 70 76 32 [apv2 ]
Off=74, Attr=24, Len=4 18 04 32 32 [..22 ]
Off=78, Attr=27, Len=6 1B 06 00 00 00 B4 [...... ]
0: 0B 00 00 54 FD ED 36 40 3E FF 22 17 13 94 5F C2 [...T..6@>."..._.]
16: 59 0E CB E5 50 12 FF FC CB D7 6E 70 67 5B 9E B3 [Y...P.....npg[..]
32: 85 21 B6 A2 62 17 4F 24 01 02 00 22 1A 01 02 00 [.!..b.O$..."....]
48: 1D 10 86 87 1E B0 1B 8D 48 8B CA C8 C7 4C A8 8A [........H....L..]
64: 8A 1F 6D 73 63 68 61 70 76 32 18 04 32 32 1B 06 [..mschapv2..22..]
80: 00 00 00 B4 [.... ]
User Name is: mschapv2
Challenge Hash is: 154928967CAB9968
Added response for state "22" to queue...
Xmit: Access-Request
User-Name = "mschapv2"
EAP-Message = "Response/EAP-MSCHAPV2(2): (Response) id=2 ml=62 vl=49 res
ponse=CBC36409B574A9280C64BF25028A592B0000000000000000C0377DAAFCF9B4E777DCC17C1B
B6D75A78095C0126ACA86F00 name=mschapv2"
Message-Authenticator = "00000000000000000000000000000000"
State = "22"
Type=1, Ident=1, Len=121, Auth=F6 C9 2D A3 3A F0 1D 4F B7 70 E9 8C 03 25 F4 1D
Off=20, Attr=1, Len=10 01 0A 6D 73 63 68 61 70 [..mschap]
76 32 [v2 ]
Off=30, Attr=79, Len=69 4F 45 02 02 00 43 1A 02 [OE...C..]
02 00 3E 31 CB C3 64 09 [..>1..d.]
B5 74 A9 28 0C 64 BF 25 [.t.(.d.%]
02 8A 59 2B 00 00 00 00 [..Y+....]
00 00 00 00 C0 37 7D AA [.....7}.]
FC F9 B4 E7 77 DC C1 7C [....w..|]
1B B6 D7 5A 78 09 5C 01 [...Zx.\.]
26 AC A8 6F 00 6D 73 63 [&..o.msc]
68 61 70 76 32 [hapv2 ]
Off=99, Attr=80, Len=18 50 12 E9 24 CF 8C C1 38 [P..$...8]
7D 19 52 3E D8 B0 FC E9 [}.R>....]
58 33 [X3 ]
Off=117, Attr=24, Len=4 18 04 32 32 [..22 ]
0: 01 01 00 79 F6 C9 2D A3 3A F0 1D 4F B7 70 E9 8C [...y..-.:..O.p..]
16: 03 25 F4 1D 01 0A 6D 73 63 68 61 70 76 32 4F 45 [.%....mschapv2OE]
32: 02 02 00 43 1A 02 02 00 3E 31 CB C3 64 09 B5 74 [...C....>1..d..t]
48: A9 28 0C 64 BF 25 02 8A 59 2B 00 00 00 00 00 00 [.(.d.%..Y+......]
64: 00 00 C0 37 7D AA FC F9 B4 E7 77 DC C1 7C 1B B6 [...7}.....w..|..]
80: D7 5A 78 09 5C 01 26 AC A8 6F 00 6D 73 63 68 61 [.Zx.\.&..o.mscha]
96: 70 76 32 50 12 E9 24 CF 8C C1 38 7D 19 52 3E D8 [pv2P..$...8}.R>.]
112: B0 FC E9 58 33 18 04 32 32 [...X3..22 ]
Recv: Access-Challenge after 15 ms.
Message-Authenticator = "E42A18516C04F5E6EC8FE7EBAA9AD585"
State = "23"
Session-Timeout = 180
EAP-Message = "Request/EAP-MSCHAPV2(3): (Success) id=2 ml=46 msg=S=F6585
7BBC4C8B2CFCEB4875EC0AC9A5351977D58"
Type=11, Ident=1, Len=101, Auth=EB E5 6F A9 61 1E 3F 92 8D EE 1E 48 75 B2 86 66
Off=20, Attr=80, Len=18 50 12 E4 2A 18 51 6C 04 [P..*.Ql.]
F5 E6 EC 8F E7 EB AA 9A [........]
D5 85 [.. ]
Off=38, Attr=79, Len=53 4F 35 01 03 00 33 1A 03 [O5...3..]
02 00 2E 53 3D 46 36 35 [...S=F65]
38 35 37 42 42 43 34 43 [857BBC4C]
38 42 32 43 46 43 45 42 [8B2CFCEB]
34 38 37 35 45 43 30 41 [4875EC0A]
43 39 41 35 33 35 31 39 [C9A53519]
37 37 44 35 38 [77D58 ]
Off=91, Attr=24, Len=4 18 04 32 33 [..23 ]
Off=95, Attr=27, Len=6 1B 06 00 00 00 B4 [...... ]
0: 0B 01 00 65 EB E5 6F A9 61 1E 3F 92 8D EE 1E 48 [...e..o.a.?....H]
16: 75 B2 86 66 50 12 E4 2A 18 51 6C 04 F5 E6 EC 8F [u..fP..*.Ql.....]
32: E7 EB AA 9A D5 85 4F 35 01 03 00 33 1A 03 02 00 [......O5...3....]
48: 2E 53 3D 46 36 35 38 35 37 42 42 43 34 43 38 42 [.S=F65857BBC4C8B]
64: 32 43 46 43 45 42 34 38 37 35 45 43 30 41 43 39 [2CFCEB4875EC0AC9]
80: 41 35 33 35 31 39 37 37 44 35 38 18 04 32 33 1B [A5351977D58..23.]
96: 06 00 00 00 B4 [..... ]
Local Response is: F65857BBC4C8B2CFCEB4875EC0AC9A5351977D58
Added response for state "23" to queue...
Xmit: Access-Request
User-Name = "mschapv2"
EAP-Message = "Response/EAP-MSCHAPV2(3): (Success)"
Message-Authenticator = "00000000000000000000000000000000"
State = "23"
Type=1, Ident=2, Len=60, Auth=3E BA F8 98 6D A7 12 C8 2B CD 4D 55 4B F0 B5 40
Off=20, Attr=1, Len=10 01 0A 6D 73 63 68 61 70 [..mschap]
76 32 [v2 ]
Off=30, Attr=79, Len=8 4F 08 02 03 00 06 1A 03 [O.......]
Off=38, Attr=80, Len=18 50 12 69 3F 2B C2 C9 27 [P.i?+..']
02 92 78 E4 F1 89 2B 7B [..x...+{]
E2 91 [.. ]
Off=56, Attr=24, Len=4 18 04 32 33 [..23 ]
0: 01 02 00 3C 3E BA F8 98 6D A7 12 C8 2B CD 4D 55 [...<>...m...+.MU]
16: 4B F0 B5 40 01 0A 6D 73 63 68 61 70 76 32 4F 08 [K..@..mschapv2O.]
32: 02 03 00 06 1A 03 50 12 69 3F 2B C2 C9 27 02 92 [......P.i?+..'..]
48: 78 E4 F1 89 2B 7B E2 91 18 04 32 33 [x...+{....23 ]
Recv: Access-Accept after 0 ms.
Session-Timeout = 30
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Termination-Action = Radius-Request
MS-MPPE-Send-Key = C57C1D8CB60587F6D23BF3290F4D9ABC
MS-MPPE-Recv-Key = 0A179DBC93F48DC64DF0FFDE5162BFEA
Message-Authenticator = "6143D7108DDA5881807EC2B2B201A6EC"
EAP-Message = "Success(3)"
Type=2, Ident=2, Len=152, Auth=F2 1B 1B 84 E1 1B F6 BE 0C 07 64 38 DE BF 9E C0
Off=20, Attr=27, Len=6 1B 06 00 00 00 1E [...... ]
Off=26, Attr=6, Len=6 06 06 00 00 00 02 [...... ]
Off=32, Attr=8, Len=6 08 06 FF FF FF FF [...... ]
Off=38, Attr=29, Len=6 1D 06 00 00 00 01 [...... ]
Off=44, Attr=26, Len=42 1A 2A 00 00 01 37 10 24 [.*...7.$]
80 07 15 3B 94 53 99 C6 [...;.S..]
4C C1 A4 6B 50 AF 6D 49 [L..kP.mI]
6A FD A4 3F DC EF A9 9A [j..?....]
2C 7B 06 D7 4C BC BC 6A [,{..L..j]
32 73 [2s ]
Off=86, Attr=26, Len=42 1A 2A 00 00 01 37 11 24 [.*...7.$]
80 08 83 8E 2D EA 62 D5 [....-.b.]
47 3B 5C 3B BB 51 63 BA [G;\;.Qc.]
B2 1E 53 DA 94 8B BA 68 [..S....h]
68 50 87 ED 5C C3 C8 71 [hP..\..q]
9C 0A [.. ]
Off=128, Attr=80, Len=18 50 12 61 43 D7 10 8D DA [P.aC....]
58 81 80 7E C2 B2 B2 01 [X..~....]
A6 EC [.. ]
Off=146, Attr=79, Len=6 4F 06 03 03 00 04 [O..... ]
0: 02 02 00 98 F2 1B 1B 84 E1 1B F6 BE 0C 07 64 38 [..............d8]
16: DE BF 9E C0 1B 06 00 00 00 1E 06 06 00 00 00 02 [................]
32: 08 06 FF FF FF FF 1D 06 00 00 00 01 1A 2A 00 00 [.............*..]
48: 01 37 10 24 80 07 15 3B 94 53 99 C6 4C C1 A4 6B [.7.$...;.S..L..k]
64: 50 AF 6D 49 6A FD A4 3F DC EF A9 9A 2C 7B 06 D7 [P.mIj..?....,{..]
80: 4C BC BC 6A 32 73 1A 2A 00 00 01 37 11 24 80 08 [L..j2s.*...7.$..]
96: 83 8E 2D EA 62 D5 47 3B 5C 3B BB 51 63 BA B2 1E [..-.b.G;\;.Qc...]
112: 53 DA 94 8B BA 68 68 50 87 ED 5C C3 C8 71 9C 0A [S....hhP..\..q..]
128: 50 12 61 43 D7 10 8D DA 58 81 80 7E C2 B2 B2 01 [P.aC....X..~....]
144: A6 EC 4F 06 03 03 00 04 [..O..... ]
clientRecvKey=0A179DBC93F48DC64DF0FFDE5162BFEA
clientSendKey=C57C1D8CB60587F6D23BF3290F4D9ABC
----- statistics -----
requests: 3
answers: 3
timeouts: 0
errors: 0
----- result codes -----
Access-Accept = 1
Access-Challenge = 2
----- performance -----
transaction count: 1
elapsed time(ms): 94
trans per second: 10.638297872340425
seconds per tran: 0.094
Reply count is: 1
|
The EapGtc callback implements the Generic Token Card EAP type as described in IETF RFC 2284.
C:\va\run>..\bin\aaa-rt -callback EapGtc -id gtc -loglevel verbose
Xmit: Access-Request
User-Name = "gtc"
EAP-Message = "Response/Identity(1): data=gtc"
Message-Authenticator = "00000000000000000000000000000000"
Type=1, Ident=0, Len=53, Auth=60 B4 20 BB 38 51 D9 D4 7A CB 93 3D BE 70 39 9B
Off=20, Attr=1, Len=5 01 05 67 74 63 [..gtc ]
Off=25, Attr=79, Len=10 4F 0A 02 01 00 08 01 67 [O......g]
74 63 [tc ]
Off=35, Attr=80, Len=18 50 12 3C 7D 4B 38 9F 77 [P.<}K8.w]
CD 98 D1 45 65 20 94 1E [...Ee ..]
60 84 [`. ]
0: 01 00 00 35 60 B4 20 BB 38 51 D9 D4 7A CB 93 3D [...5`. .8Q..z..=]
16: BE 70 39 9B 01 05 67 74 63 4F 0A 02 01 00 08 01 [.p9...gtcO......]
32: 67 74 63 50 12 3C 7D 4B 38 9F 77 CD 98 D1 45 65 [gtcP.<}K8.w...Ee]
48: 20 94 1E 60 84 [ ..`. ]
Recv: Access-Challenge after 31 ms.
Message-Authenticator = "C9BC14CF7B239A655D4896230828F777"
State = "24"
Session-Timeout = 180
EAP-Message = "Request/Generic Token Card(2): data=\"\""
Type=11, Ident=0, Len=55, Auth=1E 8F 5F 48 5D 87 C3 18 B5 2A 67 1C 3D 2E F8 5A
Off=20, Attr=80, Len=18 50 12 C9 BC 14 CF 7B 23 [P.....{#]
9A 65 5D 48 96 23 08 28 [.e]H.#.(]
F7 77 [.w ]
Off=38, Attr=79, Len=7 4F 07 01 02 00 05 06 [O...... ]
Off=45, Attr=24, Len=4 18 04 32 34 [..24 ]
Off=49, Attr=27, Len=6 1B 06 00 00 00 B4 [...... ]
0: 0B 00 00 37 1E 8F 5F 48 5D 87 C3 18 B5 2A 67 1C [...7.._H]....*g.]
16: 3D 2E F8 5A 50 12 C9 BC 14 CF 7B 23 9A 65 5D 48 [=..ZP.....{#.e]H]
32: 96 23 08 28 F7 77 4F 07 01 02 00 05 06 18 04 32 [.#.(.wO........2]
48: 34 1B 06 00 00 00 B4 [4...... ]
gtc
Added response for state "24" to queue...
Xmit: Access-Request
User-Name = "gtc"
EAP-Message = "Response/Generic Token Card(2): data=\"gtc\""
Message-Authenticator = "00000000000000000000000000000000"
State = "24"
Type=1, Ident=1, Len=57, Auth=F6 C9 2D A3 3A F0 1D 4F B7 70 E9 8C 03 25 F4 1D
Off=20, Attr=1, Len=5 01 05 67 74 63 [..gtc ]
Off=25, Attr=79, Len=10 4F 0A 02 02 00 08 06 67 [O......g]
74 63 [tc ]
Off=35, Attr=80, Len=18 50 12 38 56 05 2B 58 AD [P.8V.+X.]
5B 0D FF A6 9B 1B F4 FE [[.......]
B8 48 [.H ]
Off=53, Attr=24, Len=4 18 04 32 34 [..24 ]
0: 01 01 00 39 F6 C9 2D A3 3A F0 1D 4F B7 70 E9 8C [...9..-.:..O.p..]
16: 03 25 F4 1D 01 05 67 74 63 4F 0A 02 02 00 08 06 [.%....gtcO......]
32: 67 74 63 50 12 38 56 05 2B 58 AD 5B 0D FF A6 9B [gtcP.8V.+X.[....]
48: 1B F4 FE B8 48 18 04 32 34 [....H..24 ]
Recv: Access-Accept after 0 ms.
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Session-Timeout = 300
Termination-Action = Radius-Request
Message-Authenticator = "C943E2DDF33FA4DB7DF501FAC9ECCED2"
EAP-Message = "Success(2)"
Type=2, Ident=1, Len=68, Auth=F4 F7 F1 2E 2B AC B9 EB 93 0D 8A 28 84 57 BC 99
Off=20, Attr=6, Len=6 06 06 00 00 00 02 [...... ]
Off=26, Attr=8, Len=6 08 06 FF FF FF FF [...... ]
Off=32, Attr=27, Len=6 1B 06 00 00 01 2C [....., ]
Off=38, Attr=29, Len=6 1D 06 00 00 00 01 [...... ]
Off=44, Attr=80, Len=18 50 12 C9 43 E2 DD F3 3F [P..C...?]
A4 DB 7D F5 01 FA C9 EC [..}.....]
CE D2 [.. ]
Off=62, Attr=79, Len=6 4F 06 03 02 00 04 [O..... ]
0: 02 01 00 44 F4 F7 F1 2E 2B AC B9 EB 93 0D 8A 28 [...D....+......(]
16: 84 57 BC 99 06 06 00 00 00 02 08 06 FF FF FF FF [.W..............]
32: 1B 06 00 00 01 2C 1D 06 00 00 00 01 50 12 C9 43 [.....,......P..C]
48: E2 DD F3 3F A4 DB 7D F5 01 FA C9 EC CE D2 4F 06 [...?..}.......O.]
64: 03 02 00 04 [.... ]
----- statistics -----
requests: 2
answers: 2
timeouts: 0
errors: 0
----- result codes -----
Access-Accept = 1
Access-Challenge = 1
----- performance -----
transaction count: 1
elapsed time(ms): 5672
trans per second: 0.1763046544428773
seconds per tran: 5.672
Reply count is: 1
|