Re: Another PEAP Authentication problem

---

• From: "Manjunath Bharadwaj [MSFT]" <mbhara@xxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 4 Aug 2005 11:08:47 -0700

---

Dspero,

The sniffer should be run on the machine running IAS (or a machine which
can sniff all packets to/from the IAS server) so you can see what that
machine is receiving.

Event ID 16, "A RADIUS message with the Code field set to 5, which is
not valid, was received on port 1812 from RADIUS client Netgear WAP.
Valid values of the RADIUS Code field are documented in RFC 2865."

Packet type 5 stands for "ACCOUNTING_RESPONSE". So, this is something that
should not be sent to IAS. Can you use the sniffer to make sure that the
packet type is indeed wrong? The machine auth packet is a regular RADIUS
packet, so netmon/ethereal should be able to parse it so you can see the
packet type (and other interesting data).

Thanks, Manju

+++++++++++++++++++++++++++++++++++++++++++++++
This posting is provided "AS IS" with no warranties, and confers no rights


"dspero" <dustinspero@xxxxxxxxx> wrote in message
news:1123161571.431733.234020@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Okay, I previously posted some tracing logs and nobody responded, so I
> thought that maybe those logs were not good. I have posted some new
> logs below. I omitted some of the repetitious log files so that this
> post wouldn't be so long. Are there any logs that I'm missing?
>
> As far as my event logs on the IAS server, I do not see anything about
> machine authentication in them. With netmon / ethereal, do I need to
> run that on a Linux machine? With windows, it will only get traffic
> from that wireless machine. Or, should I run it on the IAS server to
> see what packets are coming in? Also, what does a machine
> authentication packet look like?
>
> Here are my RASTLS.log, IASRAD.log and IASSAM.log. I included IASRAD
> log because of the errors that were logged at the EOF about the
> unsupported packet type. I see a lot of these in the event log about
> the unsupported packet type. Here is the corresponding event log:
>
> Event ID 16, "A RADIUS message with the Code field set to 5, which is
> not valid, was received on port 1812 from RADIUS client Netgear WAP.
> Valid values of the RADIUS Code field are documented in RFC 2865."
>
> IASRAD.LOG
>
>
> [2420] 08-04 08:44:14:663: WARNING Worker Thread failed on recvfrom
> with error:10054
> [2420] 08-04 08:44:15:194: message authenticator Attribute added to
> out-bound RADIUS packet
> [2420] 08-04 08:44:15:194: Message Authenticator Attribute set in out
> UDP buffer
> [1008] 08-04 08:44:24:257: WARNING failed to receive data, quit
> processing in CPacketReceiver::WorkerRoutine
> [208] 08-04 08:44:27:257: WARNING failed to receive data, quit
> processing in CPacketReceiver::WorkerRoutine
> [1008] 08-04 08:44:42:335: Message Authenticator Attribute set in out
> UDP buffer
> [2420] 08-04 08:44:42:351: message authenticator Attribute added to
> out-bound RADIUS packet
> [2420] 08-04 08:49:22:208: WARNING failed to receive data, quit
> processing in CPacketReceiver::WorkerRoutine
> [1008] 08-04 08:49:37:599: UnSupported Packet type:5 on this port
> [1008] 08-04 08:49:37:614: Silently discarding packet received
> from:192.168.1.40
> [3048] 08-04 08:49:37:614: WARNING failed to receive data, quit
> processing in CPacketReceiver::WorkerRoutine
> [1008] 08-04 08:49:37:614: message authenticator Attribute added to
> out-bound RADIUS packet
> [1008] 08-04 08:49:37:614: Message Authenticator Attribute set in out
> UDP buffer
> [208] 08-04 08:49:37:630: message authenticator Attribute added to
> out-bound RADIUS packet
> [208] 08-04 08:49:37:630: Message Authenticator Attribute set in out
> UDP buffer
> [1008] 08-04 08:49:37:661: message authenticator Attribute added to
> out-bound RADIUS packet
> [1008] 08-04 08:49:37:661: Message Authenticator Attribute set in out
> UDP buffer
> [208] 08-04 08:49:37:677: message authenticator Attribute added to
> out-bound RADIUS packet
> [208] 08-04 08:49:37:677: Message Authenticator Attribute set in out
> UDP buffer
> [1008] 08-04 08:49:40:724: UnSupported Packet type:5 on this port
> [2420] 08-04 08:49:40:724: WARNING failed to receive data, quit
> processing in CPacketReceiver::WorkerRoutine
> [1008] 08-04 08:49:40:724: Silently discarding packet received
> from:192.168.1.40
> [2420] 08-04 08:49:55:755: UnSupported Packet type:5 on this port
> [208] 08-04 08:49:55:755: WARNING failed to receive data, quit
> processing in CPacketReceiver::WorkerRoutine
> [2420] 08-04 08:49:55:755: Silently discarding packet received
> from:192.168.1.40
> [208] 08-04 08:49:58:755: UnSupported Packet type:5 on this port
> [2420] 08-04 08:49:58:755: WARNING failed to receive data, quit
> processing in CPacketReceiver::WorkerRoutine
> [208] 08-04 08:49:58:755: Silently discarding packet received
> from:192.168.1.40
> [2420] 08-04 08:50:13:786: UnSupported Packet type:5 on this port
> [1008] 08-04 08:50:13:786: WARNING failed to receive data, quit
> processing in CPacketReceiver::WorkerRoutine
> [2420] 08-04 08:50:13:786: Silently discarding packet received
> from:192.168.1.40
> [1008] 08-04 08:50:16:786: UnSupported Packet type:5 on this port
> [2420] 08-04 08:50:16:786: WARNING failed to receive data, quit
> processing in CPacketReceiver::WorkerRoutine
> [1008] 08-04 08:50:16:786: Silently discarding packet received
> from:192.168.1.40
>
> RASTLS.LOG
>
>
> [208] 08:48:24:177: EapTlsBegin(DOMAIN\USER)
> [208] 08:48:24:177: SetupMachineChangeNotification
> [208] 08:48:24:177: State change to Initial
> [208] 08:48:24:177: EapTlsBegin: Detected PEAP authentication
> [208] 08:48:24:177: MaxTLSMessageLength is now 16384
> [208] 08:48:24:177: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
> [208] 08:48:24:177: CRYPT_E_REVOCATION_OFFLINE will not be ignored
> [208] 08:48:24:177: The root cert will not be checked for revocation
> [208] 08:48:24:177: The cert will be checked for revocation
> [208] 08:48:24:177: EapPeapBegin done
> [208] 08:48:24:177: EapPeapMakeMessage
> [208] 08:48:24:177: EapPeapSMakeMessage
> [208] 08:48:24:177: PEAP:PEAP_STATE_INITIAL
> [208] 08:48:24:177: EapTlsSMakeMessage
> [208] 08:48:24:177: EapTlsReset
> [208] 08:48:24:177: State change to Initial
> [208] 08:48:24:177: GetCredentials
> [208] 08:48:24:177: Flag is Server and Store is local Machine
> [208] 08:48:24:177: GetCachedCredentials Flags = 0x4061
> [208] 08:48:24:177: GetCachedCredentials: Using Cached Credentials
> [208] 08:48:24:177: GetCachedCredentials: Hash of the cert in the cache
> is ...
> [208] 08:48:24:177: BuildPacket
> [208] 08:48:24:177: << Sending Request (Code: 1) packet: Id: 2, Length:
> 6, Type: 13, TLS blob length: 0. Flags: S
> [208] 08:48:24:177: State change to SentStart
> [208] 08:48:24:177: EapPeapSMakeMessage done
> [208] 08:48:24:177: EapPeapMakeMessage done
> [208] 08:48:27:958: EapPeapMakeMessage
> [208] 08:48:27:958: EapPeapSMakeMessage
> [208] 08:48:27:958: PEAP:PEAP_STATE_TLS_INPROGRESS
> [208] 08:48:27:958: EapTlsSMakeMessage
> [208] 08:48:27:958: MakeReplyMessage
> [208] 08:48:27:958: Reallocating input TLS blob buffer
> [208] 08:48:27:958: SecurityContextFunction
> [208] 08:48:27:958: AcceptSecurityContext returned 0x90312
> [208] 08:48:27:958: State change to SentHello
> [208] 08:48:27:958: BuildPacket
> [208] 08:48:27:958: << Sending Request (Code: 1) packet: Id: 3, Length:
> 1484, Type: 13, TLS blob length: 4933. Flags: LM
> [208] 08:48:27:958: EapPeapSMakeMessage done
> [208] 08:48:27:958: EapPeapMakeMessage done
> [1008] 08:48:27:974: EapPeapMakeMessage
> [1008] 08:48:27:974: EapPeapSMakeMessage
> [1008] 08:48:27:974: PEAP:PEAP_STATE_TLS_INPROGRESS
> [1008] 08:48:27:974: EapTlsSMakeMessage
> [1008] 08:48:27:974: BuildPacket
> [1008] 08:48:27:974: << Sending Request (Code: 1) packet: Id: 4,
> Length: 1484, Type: 13, TLS blob length: 0. Flags: M
> [1008] 08:48:27:974: EapPeapSMakeMessage done
> [1008] 08:48:27:974: EapPeapMakeMessage done
> [208] 08:48:27:974: EapPeapMakeMessage
> [208] 08:48:27:974: EapPeapSMakeMessage
> [208] 08:48:27:974: PEAP:PEAP_STATE_TLS_INPROGRESS
> [208] 08:48:27:974: EapTlsSMakeMessage
> [208] 08:48:27:974: BuildPacket
> [208] 08:48:27:974: << Sending Request (Code: 1) packet: Id: 5, Length:
> 1484, Type: 13, TLS blob length: 0. Flags: M
> [208] 08:48:27:974: EapPeapSMakeMessage done
> [208] 08:48:27:974: EapPeapMakeMessage done
> [1008] 08:48:27:990: EapPeapMakeMessage
> [1008] 08:48:27:990: EapPeapSMakeMessage
> [1008] 08:48:27:990: PEAP:PEAP_STATE_TLS_INPROGRESS
> [1008] 08:48:27:990: EapTlsSMakeMessage
> [1008] 08:48:27:990: BuildPacket
> [1008] 08:48:27:990: << Sending Request (Code: 1) packet: Id: 6,
> Length: 509, Type: 13, TLS blob length: 0. Flags:
> [1008] 08:48:27:990: EapPeapSMakeMessage done
> [1008] 08:48:27:990: EapPeapMakeMessage done
> [208] 08:48:29:162: EapPeapMakeMessage
> [208] 08:48:29:162: EapPeapSMakeMessage
> [208] 08:48:29:162: PEAP:PEAP_STATE_TLS_INPROGRESS
> [208] 08:48:29:162: EapTlsSMakeMessage
> [208] 08:48:29:162: MakeReplyMessage
> [208] 08:48:29:162: Reallocating input TLS blob buffer
> [208] 08:48:29:162: SecurityContextFunction
> [208] 08:48:29:177: AcceptSecurityContext returned 0x0
> [208] 08:48:29:177: AuthenticateUser
> [208] 08:48:29:177: QueryContextAttributes failed and returned
> 0x8009030e
> [208] 08:48:29:177: Got no credentials from the client and executing
> PEAP. This is a success for eaptls.
> [208] 08:48:29:177: CreateMPPEKeyAttributes
> [208] 08:48:29:177: State change to SentFinished
> [208] 08:48:29:177: BuildPacket
> [208] 08:48:29:177: << Sending Request (Code: 1) packet: Id: 7, Length:
> 53, Type: 13, TLS blob length: 43. Flags: L
> [208] 08:48:29:177: EapPeapSMakeMessage done
> [208] 08:48:29:177: EapPeapMakeMessage done
> [1008] 08:48:31:021: EapPeapMakeMessage
> [1008] 08:48:31:021: EapPeapSMakeMessage
> [1008] 08:48:31:021: PEAP:PEAP_STATE_TLS_INPROGRESS
> [1008] 08:48:31:021: EapTlsSMakeMessage
> [1008] 08:48:31:021: Negotiation successful
> [1008] 08:48:31:021: BuildPacket
> [1008] 08:48:31:021: << Sending Success (Code: 3) packet: Id: 7,
> Length: 4, Type: 0, TLS blob length: 0. Flags:
> [1008] 08:48:31:021: AuthResultCode = (0), bCode = (3)
> [1008] 08:48:31:021: PeapGetTunnelProperties
> [1008] 08:48:31:021: Successfully negotiated TLS with following
> parametersdwProtocol = 0x40, Cipher= 0x6801, CipherStrength=0x80,
> Hash=0x8003
> [1008] 08:48:31:021: PeapGetTunnelProperties done
> [1008] 08:48:31:021: GetTLSSessionCookie
> [1008] 08:48:31:021: IsTLSSessionReconnect
> [1008] 08:48:31:021: Full authentication
> [1008] 08:48:31:021: PeapEncryptTunnelData
> [1008] 08:48:31:021: PeapEncryptTunnelData completed with status 0x0
> [1008] 08:48:31:021: EapPeapSMakeMessage done
> [1008] 08:48:31:021: EapPeapMakeMessage done
> [208] 08:48:31:037: EapPeapMakeMessage
> [208] 08:48:31:037: EapPeapSMakeMessage
> [208] 08:48:31:037: PEAP:PEAP_STATE_IDENTITY_REQUEST_SENT
> [208] 08:48:31:037: PeapDecryptTunnelData dwSizeofData = 0x25, pData =
> 0x25efb6
> [208] 08:48:31:037: PeapDecryptTunnelData completed with status 0x0
> [208] 08:48:31:037: PeapEncryptTunnelData
> [208] 08:48:31:037: PeapEncryptTunnelData completed with status 0x0
> [208] 08:48:31:037: EapPeapSMakeMessage done
> [208] 08:48:31:037: EapPeapMakeMessage done
> [1008] 08:48:31:240: EapPeapMakeMessage
> [1008] 08:48:31:240: EapPeapSMakeMessage
> [1008] 08:48:31:240: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
> [1008] 08:48:31:240: PeapDecryptTunnelData dwSizeofData = 0x5b, pData =
> 0x16d3ed6
> [1008] 08:48:31:240: PeapDecryptTunnelData completed with status 0x0
> [1008] 08:48:31:255: PeapEncryptTunnelData
> [1008] 08:48:31:255: PeapEncryptTunnelData completed with status 0x0
> [1008] 08:48:31:255: EapPeapSMakeMessage done
> [1008] 08:48:31:255: EapPeapMakeMessage done
> [208] 08:48:31:255: EapPeapMakeMessage
> [208] 08:48:31:255: EapPeapSMakeMessage
> [208] 08:48:31:255: PEAP:PEAP_STATE_EAP_TYPE_INPROGRESS
> [208] 08:48:31:255: PeapDecryptTunnelData dwSizeofData = 0x17, pData =
> 0x16d418e
> [208] 08:48:31:255: PeapDecryptTunnelData completed with status 0x0
> [208] 08:48:31:255: PeapSetTypeUserAttributes
> [208] 08:48:31:255: EapPeapSMakeMessage done
> [208] 08:48:31:255: EapPeapMakeMessage done
> [208] 08:48:31:255: EapPeapMakeMessage
> [208] 08:48:31:255: EapPeapSMakeMessage
> [208] 08:48:31:255: PEAP:PEAP_STATE_WAIT_FOR_APPLICATION_TLV
> [208] 08:48:31:255: CreatePEAPTLVPacket
> [208] 08:48:31:255: PeapEncryptTunnelData
> [208] 08:48:31:255: PeapEncryptTunnelData completed with status 0x0
> [208] 08:48:31:255: EapPeapSMakeMessage done
> [208] 08:48:31:255: EapPeapMakeMessage done
> [1008] 08:48:31:271: EapPeapMakeMessage
> [1008] 08:48:31:271: EapPeapSMakeMessage
> [1008] 08:48:31:271: PEAP:PEAP_STATE_PEAP_SUCCESS_SEND
> [1008] 08:48:31:271: PeapDecryptTunnelData dwSizeofData = 0x20, pData =
> 0x173c77e
> [1008] 08:48:31:271: PeapDecryptTunnelData completed with status 0x0
> [1008] 08:48:31:271: GetPEAPTLVStatusMessageValue
> [1008] 08:48:31:271: PeapCreateCookie
> [1008] 08:48:31:271: SetTLSSessionCookie
> [1008] 08:48:31:271: Session cookie set successfully
>
> [1008] 08:48:31:271: SetTLSFastReconnect
> [1008] 08:48:31:271: IsTLSSessionReconnect
> [1008] 08:48:31:271: Fast Reconnects Enabled
> [1008] 08:48:31:271: PeapAddContextAttributes
> [1008] 08:48:31:271: RasAuthAttributeConcat
> [1008] 08:48:31:271: EapPeapSMakeMessage done
> [1008] 08:48:31:271: EapPeapMakeMessage done
> [1008] 08:48:31:271: EapPeapEnd
> [1008] 08:48:31:271: EapTlsEnd
> [1008] 08:48:31:271: EapTlsEnd(DOMAIN\USER)
> [1008] 08:48:31:271: EapPeapEnd done
> [208] 08:48:53:115: EapPeapBegin
> [208] 08:48:53:115: PeapReadUserData
> [208] 08:48:53:115:
> [208] 08:48:53:115: EapTlsBegin(DOMAIN\USER)
> [208] 08:48:53:115: SetupMachineChangeNotification
> [208] 08:48:53:115: State change to Initial
> [208] 08:48:53:115: EapTlsBegin: Detected PEAP authentication
> [208] 08:48:53:115: MaxTLSMessageLength is now 16384
> [208] 08:48:53:115: CRYPT_E_NO_REVOCATION_CHECK will not be ignored
> [208] 08:48:53:115: CRYPT_E_REVOCATION_OFFLINE will not be ignored
> [208] 08:48:53:115: The root cert will not be checked for revocation
> [208] 08:48:53:115: The cert will be checked for revocation
> [208] 08:48:53:130: EapPeapBegin done
> [208] 08:48:53:130: EapPeapMakeMessage
> [208] 08:48:53:130: EapPeapSMakeMessage
> [208] 08:48:53:130: PEAP:PEAP_STATE_INITIAL
> [208] 08:48:53:130: EapTlsSMakeMessage
> [208] 08:48:53:130: EapTlsReset
> [208] 08:48:53:130: State change to Initial
> [208] 08:48:53:130: GetCredentials
> [208] 08:48:53:130: Flag is Server and Store is local Machine
> [208] 08:48:53:130: GetCachedCredentials Flags = 0x4061
> [208] 08:48:53:130: GetCachedCredentials: Using Cached Credentials
> [208] 08:48:53:130: GetCachedCredentials: Hash of the cert in the cache
> is ...
> [208] 08:48:53:130: BuildPacket
> [208] 08:48:53:130: << Sending Request (Code: 1) packet: Id: 14,
> Length: 6, Type: 13, TLS blob length: 0. Flags: S
> [208] 08:48:53:130: State change to SentStart
> [208] 08:48:53:130: EapPeapSMakeMessage done
> [208] 08:48:53:130: EapPeapMakeMessage done
> [1008] 08:48:53:130: EapPeapMakeMessage
> [1008] 08:48:53:130: EapPeapSMakeMessage
> [1008] 08:48:53:130: PEAP:PEAP_STATE_TLS_INPROGRESS
> [1008] 08:48:53:130: EapTlsSMakeMessage
> [1008] 08:48:53:130: MakeReplyMessage
> [1008] 08:48:53:130: Reallocating input TLS blob buffer
> [1008] 08:48:53:130: SecurityContextFunction
> [1008] 08:48:53:130: AcceptSecurityContext returned 0x90312
> [1008] 08:48:53:130: State change to SentHello
> [1008] 08:48:53:130: BuildPacket
> [1008] 08:48:53:130: << Sending Request (Code: 1) packet: Id: 15,
> Length: 132, Type: 13, TLS blob length: 122. Flags: L
> [1008] 08:48:53:130: EapPeapSMakeMessage done
> [1008] 08:48:53:130: EapPeapMakeMessage done
> [208] 08:48:53:443: EapPeapMakeMessage
> [208] 08:48:53:443: EapPeapSMakeMessage
> [208] 08:48:53:443: PEAP:PEAP_STATE_TLS_INPROGRESS
> [208] 08:48:53:443: EapTlsSMakeMessage
> [208] 08:48:53:443: MakeReplyMessage
> [208] 08:48:53:443: SecurityContextFunction
> [208] 08:48:53:443: AcceptSecurityContext returned 0x0
> [208] 08:48:53:443: AuthenticateUser
> [208] 08:48:53:443: QueryContextAttributes failed and returned
> 0x8009030e
> [208] 08:48:53:443: Got no credentials from the client and executing
> PEAP. This is a success for eaptls.
> [208] 08:48:53:443: CreateMPPEKeyAttributes
> [208] 08:48:53:443: State change to SentFinished
> [208] 08:48:53:443: Negotiation successful
> [208] 08:48:53:443: BuildPacket
> [208] 08:48:53:443: << Sending Success (Code: 3) packet: Id: 16,
> Length: 4, Type: 0, TLS blob length: 0. Flags:
> [208] 08:48:53:443: AuthResultCode = (0), bCode = (3)
> [208] 08:48:53:443: PeapGetTunnelProperties
> [208] 08:48:53:443: Successfully negotiated TLS with following
> parametersdwProtocol = 0x40, Cipher= 0x6801, CipherStrength=0x80,
> Hash=0x8003
> [208] 08:48:53:443: PeapGetTunnelProperties done
> [208] 08:48:53:443: GetTLSSessionCookie
> [208] 08:48:53:443: IsTLSSessionReconnect
> [208] 08:48:53:443: Session Reconnected.
> [208] 08:48:53:443: TLS session fast reconnected
> [208] 08:48:53:443: PeapCheckCookie
> [208] 08:48:53:443: EapPeapSMakeMessage done
> [208] 08:48:53:443: EapPeapMakeMessage done
> [208] 08:48:53:443: EapPeapMakeMessage
> [208] 08:48:53:443: EapPeapSMakeMessage
> [208] 08:48:53:443: PEAP:PEAP_STATE_WAIT_FOR_APPLICATION_TLV
> [208] 08:48:53:443: CreatePEAPTLVPacket
> [208] 08:48:53:443: PeapEncryptTunnelData
> [208] 08:48:53:443: PeapEncryptTunnelData completed with status 0x0
> [208] 08:48:53:443: EapPeapSMakeMessage done
> [208] 08:48:53:443: EapPeapMakeMessage done
> [1008] 08:48:53:474: EapPeapMakeMessage
> [1008] 08:48:53:474: EapPeapSMakeMessage
> [1008] 08:48:53:474: PEAP:PEAP_STATE_PEAP_SUCCESS_SEND
> [1008] 08:48:53:474: PeapDecryptTunnelData dwSizeofData = 0x20, pData =
> 0x173cace
> [1008] 08:48:53:474: PeapDecryptTunnelData completed with status 0x0
> [1008] 08:48:53:474: GetPEAPTLVStatusMessageValue
> [1008] 08:48:53:474: PeapAddContextAttributes
> [1008] 08:48:53:474: RasAuthAttributeConcat
> [1008] 08:48:53:474: EapPeapSMakeMessage done
> [1008] 08:48:53:474: EapPeapMakeMessage done
> [1008] 08:48:53:474: EapPeapEnd
> [1008] 08:48:53:474: EapTlsEnd
> [1008] 08:48:53:474: EapTlsEnd(DOMAIN\USER)
> [1008] 08:48:53:474: EapPeapEnd done
> [2420] 08:49:20:146: EapPeapBegin
> [2420] 08:49:20:146: PeapReadUserData
>
> IASSAM.LOG
>
>
> [208] 08-04 08:48:24:162: Creating EAP session
> [208] 08-04 08:48:24:162: NT-SAM Names handler received request with
> user identity DOMAIN\USER.
> [208] 08-04 08:48:24:162: Username is already an NT4 account name.
> [208] 08-04 08:48:24:162: SAM-Account-Name is "DOMAIN\USER".
> [208] 08-04 08:48:24:162: NT-SAM Authentication handler received
> request for DOMAIN\USER.
> [208] 08-04 08:48:24:162: Validating Windows account DOMAIN\USER.
> [208] 08-04 08:48:24:162: Sending LDAP search to
> DTI-EXCHG-1.dynamic.dynamictechnology.com.
> [208] 08-04 08:48:24:177: Successfully validated windows account.
> [208] 08-04 08:48:24:177: NT-SAM User Authorization handler received
> request for DOMAIN\USER.
> [208] 08-04 08:48:24:177: Using native-mode dial-in parameters.
> [208] 08-04 08:48:24:177: Sending LDAP search to
> DTI-EXCHG-1.dynamic.dynamictechnology.com.
> [208] 08-04 08:48:24:177: Successfully retrieved per-user attributes.
> [208] 08-04 08:48:24:177: Allowed EAP type: 25
> [208] 08-04 08:48:24:177: Setting max. packet length to 1484.
> [208] 08-04 08:48:24:177: Processing output from EAP DLL.
> [208] 08-04 08:48:24:177: EAPACTION_Send
> [208] 08-04 08:48:24:177: Inserting outbound EAP-Message of length 6.
> [208] 08-04 08:48:24:177: Issuing Access-Challenge.
> [208] 08-04 08:48:24:177: Saving the response
> [208] 08-04 08:48:27:958: Successfully retrieved existing session
> [208] 08-04 08:48:27:958: Injecting the profile
> [208] 08-04 08:48:27:958: Processing output from EAP DLL.
> [208] 08-04 08:48:27:958: EAPACTION_Send
> [208] 08-04 08:48:27:958: Inserting outbound EAP-Message of length
> 1484.
> [208] 08-04 08:48:27:958: Issuing Access-Challenge.
> [208] 08-04 08:48:27:958: Saving the response
> [1008] 08-04 08:48:27:974: Successfully retrieved existing session
> [1008] 08-04 08:48:27:974: Injecting the profile
> [1008] 08-04 08:48:27:974: Processing output from EAP DLL.
> [1008] 08-04 08:48:27:974: EAPACTION_Send
> [1008] 08-04 08:48:27:974: Inserting outbound EAP-Message of length
> 1484.
> [1008] 08-04 08:48:27:974: Issuing Access-Challenge.
> [1008] 08-04 08:48:27:974: Saving the response
> [208] 08-04 08:48:27:974: Successfully retrieved existing session
> [208] 08-04 08:48:27:974: Injecting the profile
> [208] 08-04 08:48:27:974: Processing output from EAP DLL.
> [208] 08-04 08:48:27:974: EAPACTION_Send
> [208] 08-04 08:48:27:974: Inserting outbound EAP-Message of length
> 1484.
> [208] 08-04 08:48:27:974: Issuing Access-Challenge.
> [208] 08-04 08:48:27:974: Saving the response
> [1008] 08-04 08:48:27:974: Successfully retrieved existing session
> [1008] 08-04 08:48:27:974: Injecting the profile
> [1008] 08-04 08:48:27:990: Processing output from EAP DLL.
> [1008] 08-04 08:48:27:990: EAPACTION_Send
> [1008] 08-04 08:48:27:990: Inserting outbound EAP-Message of length
> 509.
> [1008] 08-04 08:48:27:990: Issuing Access-Challenge.
> [1008] 08-04 08:48:27:990: Saving the response
> [208] 08-04 08:48:29:162: Successfully retrieved existing session
> [208] 08-04 08:48:29:162: Injecting the profile
> [208] 08-04 08:48:29:177: Processing output from EAP DLL.
> [208] 08-04 08:48:29:177: EAPACTION_Send
> [208] 08-04 08:48:29:177: Inserting outbound EAP-Message of length 53.
> [208] 08-04 08:48:29:177: Issuing Access-Challenge.
> [208] 08-04 08:48:29:177: Saving the response
> [1008] 08-04 08:48:31:021: Successfully retrieved existing session
> [1008] 08-04 08:48:31:021: Injecting the profile
> [1008] 08-04 08:48:31:021: Processing output from EAP DLL.
> [1008] 08-04 08:48:31:021: EAPACTION_Send
> [1008] 08-04 08:48:31:021: Inserting outbound EAP-Message of length 28.
> [1008] 08-04 08:48:31:021: Issuing Access-Challenge.
> [1008] 08-04 08:48:31:021: Saving the response
> [208] 08-04 08:48:31:037: Successfully retrieved existing session
> [208] 08-04 08:48:31:037: Injecting the profile
> [208] 08-04 08:48:31:037: Processing output from EAP DLL.
> [208] 08-04 08:48:31:037: EAPACTION_Send
> [208] 08-04 08:48:31:037: Inserting outbound EAP-Message of length 57.
> [208] 08-04 08:48:31:037: Issuing Access-Challenge.
> [208] 08-04 08:48:31:037: Saving the response
> [1008] 08-04 08:48:31:240: Successfully retrieved existing session
> [1008] 08-04 08:48:31:240: Injecting the profile
> [1008] 08-04 08:48:31:255: Processing output from EAP DLL.
> [1008] 08-04 08:48:31:255: EAPACTION_Send
> [1008] 08-04 08:48:31:255: Inserting outbound EAP-Message of length 74.
> [1008] 08-04 08:48:31:255: Issuing Access-Challenge.
> [1008] 08-04 08:48:31:255: Saving the response
> [208] 08-04 08:48:31:255: Successfully retrieved existing session
> [208] 08-04 08:48:31:255: Injecting the profile
> [208] 08-04 08:48:31:255: Processing output from EAP DLL.
> [208] 08-04 08:48:31:255: EAPACTION_IndicateTLV
> [208] 08-04 08:48:31:255: Translating attributes returned by EAP DLL.
> [208] 08-04 08:48:31:255: Inserting attribute 8102
> [208] 08-04 08:48:31:255: Processing output from EAP DLL.
> [208] 08-04 08:48:31:255: EAPACTION_Send
> [208] 08-04 08:48:31:255: Inserting outbound EAP-Message of length 38.
> [208] 08-04 08:48:31:255: Issuing Access-Challenge.
> [208] 08-04 08:48:31:255: Saving the response
> [1008] 08-04 08:48:31:255: Successfully retrieved existing session
> [1008] 08-04 08:48:31:271: Injecting the profile
> [1008] 08-04 08:48:31:271: Processing output from EAP DLL.
> [1008] 08-04 08:48:31:271: EAPACTION_Done
> [1008] 08-04 08:48:31:271: Translating attributes returned by EAP DLL.
> [1008] 08-04 08:48:31:271: Inserting attribute 4120
> [1008] 08-04 08:48:31:271: Inserting attribute 4145
> [1008] 08-04 08:48:31:271: Inserting attribute 8100
> [1008] 08-04 08:48:31:271: Inserting attribute 8099
> [1008] 08-04 08:48:31:271: Inserting attribute 4140
> [1008] 08-04 08:48:31:271: Inserting attribute 4141
> [1008] 08-04 08:48:31:271: EAP authentication succeeded.
> [1008] 08-04 08:48:31:271: Inserting outbound EAP-Message of length 4.
> [1008] 08-04 08:48:31:271: Saving the response
> [208] 08-04 08:48:53:115: Creating EAP session
> [208] 08-04 08:48:53:115: NT-SAM Names handler received request with
> user identity DOMAIN\USER.
> [208] 08-04 08:48:53:115: Username is already an NT4 account name.
> [208] 08-04 08:48:53:115: SAM-Account-Name is "DOMAIN\USER".
> [208] 08-04 08:48:53:115: NT-SAM Authentication handler received
> request for DOMAIN\USER.
> [208] 08-04 08:48:53:115: Validating Windows account DOMAIN\USER.
> [208] 08-04 08:48:53:115: Sending LDAP search to
> DTI-EXCHG-1.dynamic.dynamictechnology.com.
> [208] 08-04 08:48:53:115: Successfully validated windows account.
> [208] 08-04 08:48:53:115: NT-SAM User Authorization handler received
> request for DOMAIN\USER.
> [208] 08-04 08:48:53:115: Using native-mode dial-in parameters.
> [208] 08-04 08:48:53:115: Sending LDAP search to
> DTI-EXCHG-1.dynamic.dynamictechnology.com.
> [208] 08-04 08:48:53:115: Successfully retrieved per-user attributes.
> [208] 08-04 08:48:53:115: Allowed EAP type: 25
> [208] 08-04 08:48:53:115: Setting max. packet length to 1484.
> [208] 08-04 08:48:53:130: Processing output from EAP DLL.
> [208] 08-04 08:48:53:130: EAPACTION_Send
> [208] 08-04 08:48:53:130: Inserting outbound EAP-Message of length 6.
> [208] 08-04 08:48:53:130: Issuing Access-Challenge.
> [208] 08-04 08:48:53:130: Saving the response
> [1008] 08-04 08:48:53:130: Successfully retrieved existing session
> [1008] 08-04 08:48:53:130: Injecting the profile
> [1008] 08-04 08:48:53:130: Processing output from EAP DLL.
> [1008] 08-04 08:48:53:130: EAPACTION_Send
> [1008] 08-04 08:48:53:130: Inserting outbound EAP-Message of length
> 132.
> [1008] 08-04 08:48:53:130: Issuing Access-Challenge.
> [1008] 08-04 08:48:53:130: Saving the response
> [208] 08-04 08:48:53:443: Successfully retrieved existing session
> [208] 08-04 08:48:53:443: Injecting the profile
> [208] 08-04 08:48:53:443: Processing output from EAP DLL.
> [208] 08-04 08:48:53:443: EAPACTION_IndicateTLV
> [208] 08-04 08:48:53:443: Translating attributes returned by EAP DLL.
> [208] 08-04 08:48:53:443: Inserting attribute 8102
> [208] 08-04 08:48:53:443: Processing output from EAP DLL.
> [208] 08-04 08:48:53:443: EAPACTION_Send
> [208] 08-04 08:48:53:443: Inserting outbound EAP-Message of length 38.
> [208] 08-04 08:48:53:443: Issuing Access-Challenge.
> [208] 08-04 08:48:53:443: Saving the response
> [1008] 08-04 08:48:53:474: Successfully retrieved existing session
> [1008] 08-04 08:48:53:474: Injecting the profile
> [1008] 08-04 08:48:53:474: Processing output from EAP DLL.
> [1008] 08-04 08:48:53:474: EAPACTION_Done
> [1008] 08-04 08:48:53:474: Translating attributes returned by EAP DLL.
> [1008] 08-04 08:48:53:474: Inserting attribute 8100
> [1008] 08-04 08:48:53:474: Inserting attribute 8099
> [1008] 08-04 08:48:53:474: Inserting attribute 4140
> [1008] 08-04 08:48:53:474: Inserting attribute 4141
> [1008] 08-04 08:48:53:474: EAP authentication succeeded.
> [1008] 08-04 08:48:53:474: Inserting outbound EAP-Message of length 4.
> [1008] 08-04 08:48:53:474: Saving the response
>


.

---

• Follow-Ups:
  • Re: Another PEAP Authentication problem
    • From: dspero
  • Re: Another PEAP Authentication problem
    • From: dspero

• References:
  • Re: Another PEAP Authentication problem
    • From: Manjunath Bharadwaj [MSFT]
  • Re: Another PEAP Authentication problem
    • From: dspero

• Prev by Date: Re: ISA - max Client count
• Next by Date: Re: Another PEAP Authentication problem
• Previous by thread: Re: Another PEAP Authentication problem
• Next by thread: Re: Another PEAP Authentication problem
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [Full-Disclosure] write events log to CD? ... IMHO even using packet writing this is not a good solution for log ... The principle of using WORM media for storing logs is an interesting ... 20mb overhead, about as efficient as drinking water to increase your ... Some googled details on packet writing support on CDR's: ... (Full-Disclosure) Re: strange firewall log ... Oh,I found that the packet sent to the destination IP is not my IP, it sent ... Please help me with the understanding of logs. ... >> I didn't use any outgoing program to access the internet. ... (microsoft.public.security) Re: Strange ICMP packets ... >>doing Stateful Packet Inspection that should be preventing IP ... > I would check for the same addresses cropping up in both logs. ... > What I have been doing is having the firewall send me the log each day ... all blocked unsolicted inbound connection. ... (comp.security.firewalls) Re: Security for Desktop ... Well, I set up a chain called LOGACCEPT, which logs and accepts a packet. ... (comp.os.linux.security) Re: Catalyst 3550 and IAS authorization ... IAS server and then see no reply packet. ... IOS config) ... why I can login from my host after I login from host which is in the same VLAN as IAS Server? ... (comp.dcom.sys.cisco)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet  > microsoft.public.internet.radius  > 2005-08