Hi,
I did follow HOWTO setup and create run-radiusd wrapper to include the lib. I
just try to double check whether I got
everything right. In order to get a clean setup again, I use another machine to
re-install everything again following
HOWTO (3 openssl stuffs and with latest freeradius snapshot and obviously with the
Makefile changes under
src/modules/rlm_eap/types/rlm_eap_tls, of course I modified clients.conf, radiusd.conf
and users under /etc/raddb) and
got "run-radiusd -X -A" running well, and just got stuck at
"rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: Invalid ACK received
modcall[authenticate]: module "eap" returns invalid"
I know I am very close. Just don't know where to proceed to fix the problem.
I compared with the sample log file:
"rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok"
I also fiddled with the fragment_size from 1024 to 1600, 2601 but still get the same
message.
Unless the certificates I generated have problem?! beyond that I cannot think of any
other cause at this moment. Anyone
has similar experience before?
-Paul
Subject: RE: EAP/TLS
From: Jeffery Huang <[EMAIL PROTECTED]>
To: freeradius-list <[EMAIL PROTECTED]>
Date: 14 Nov 2002 09:31:44 +0800
Reply-To: [EMAIL PROTECTED]
you need to find out these two library!
If u follow the howto setup!
It will at /usr/local/openssl/lib
so before u run radiusd
you must=20
$ export LD_LIBRARY_PATH=3D/usr/local/openssl/lib
Regard,
Jeffery
=A6b =B6g=A5|, 2002-11-14 08:26, Ynjiun P. Wang =BCg=B9D=A1G
> More information:
> I checked rlm_eap_tls-0.8-pre.so using ldd and found that "libssl.so.0.9.=
8 =3D> not found". Is this normal? If not, how to
> fix it? Thanks.
>=20
> [root@curve EAP]# ldd /usr/local/lib/rlm_eap_tls-0.8-pre.so
> libssl.so.0.9.8 =3D> not found
> libcrypto.so.0.9.8 =3D> not found
> libnsl.so.1 =3D> /lib/libnsl.so.1 (0x40025000)
> libresolv.so.2 =3D> /lib/libresolv.so.2 (0x4003a000)
> libpthread.so.0 =3D> /lib/i686/libpthread.so.0 (0x4004b000)
> libc.so.6 =3D> /lib/i686/libc.so.6 (0x42000000)
> /lib/ld-linux.so.2 =3D> /lib/ld-linux.so.2 (0x80000000)
>=20
> -----Original Message-----
> From: Ynjiun P. Wang [mailto:ypw@;worldnet.att.net]
> Sent: Wednesday, November 13, 2002 3:15 PM
> To: [EMAIL PROTECTED]
> Subject: EAP/TLS
>=20
>=20
> Hi,
>=20
> I was able to get Radius running with EAP/TLS. But when I get my Windows=
XP logon through 802.11 (with root.der and
> cert-clt.p12 installed), after couple rounds of exchanges of info with Ra=
dius server, I got :
> "rlm_eap_tls: Invalid ACK received
> modcall[authenticate]: module "eap" returns invalid"
> end up with "Access-Reject"
> I cut out part of the log info as below. Does anyone encounter this probl=
em? What causing it? What's the fix? Please
> help. Thanks.
>=20
> -Paul
>=20
>=20
> Called-Station-Id =3D "004096495de0"
> Calling-Station-Id =3D "0006250baad2"
> NAS-Identifier =3D "AP350-495de0"
> NAS-Port =3D 37
> Framed-MTU =3D 1400
> State =3D 0xdbe3f75a75d354c306c7870c1762e63dc8d4d23d9ec744a89fcd5=
df6fd96d72d69fecdab
> NAS-Port-Type =3D Wireless-802.11
> Service-Type =3D Login-User
> EAP-Message =3D "\002\272\000\006\r"
> Message-Authenticator =3D 0x7c7f78aa5e807d1d3ed5aaddbca89613
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "eap" returns updated
> rlm_realm: No '@' in User-Name =3D "kevin", looking up realm NULL
> rlm_realm: No such realm NULL
> modcall[authorize]: module "suffix" returns noop
> users: Matched kevin at 95
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP_TYPE - tls
> rlm_eap: processing type tls
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: Invalid ACK received
> modcall[authenticate]: module "eap" returns invalid
> modcall: group authenticate returns invalid
> auth: Failed to validate the user.
> Delaying request 2 for 1 seconds
> Finished request 2
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 66.135.138.204:19375, id=3D56, =
length=3D183
> Sending Access-Reject of id 56 to 66.135.138.204:19375
> EAP-Message =3D "\004\272\000\004"
> Message-Authenticator =3D 0x00000000000000000000000000000000
>=20
>=20
> -=20
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users=
.html
--=20
Regard,
Jeffery Huang
iMining Technology Inc.,
8F-4, No.432, Sec.1 Keelung Rd.,
Taipei,Taiwan
Tel:886-2-27235122 ext 20
Fax:886-2-27232287
http://www.imining.com.tw
email:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
