Hi, I did follow HOWTO setup and create run-radiusd wrapper to include the lib. I just try to double check whether I got everything right. In order to get a clean setup again, I use another machine to re-install everything again following HOWTO (3 openssl stuffs and with latest freeradius snapshot and obviously with the Makefile changes under src/modules/rlm_eap/types/rlm_eap_tls, of course I modified clients.conf, radiusd.conf and users under /etc/raddb) and got "run-radiusd -X -A" running well, and just got stuck at "rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: Invalid ACK received modcall[authenticate]: module "eap" returns invalid" I know I am very close. Just don't know where to proceed to fix the problem. I compared with the sample log file: "rlm_eap_tls: Received EAP-TLS ACK message modcall[authenticate]: module "eap" returns ok" I also fiddled with the fragment_size from 1024 to 1600, 2601 but still get the same message. Unless the certificates I generated have problem?! beyond that I cannot think of any other cause at this moment. Anyone has similar experience before?
-Paul Subject: RE: EAP/TLS From: Jeffery Huang <[EMAIL PROTECTED]> To: freeradius-list <[EMAIL PROTECTED]> Date: 14 Nov 2002 09:31:44 +0800 Reply-To: [EMAIL PROTECTED] you need to find out these two library! If u follow the howto setup! It will at /usr/local/openssl/lib so before u run radiusd you must=20 $ export LD_LIBRARY_PATH=3D/usr/local/openssl/lib Regard, Jeffery =A6b =B6g=A5|, 2002-11-14 08:26, Ynjiun P. Wang =BCg=B9D=A1G > More information: > I checked rlm_eap_tls-0.8-pre.so using ldd and found that "libssl.so.0.9.= 8 =3D> not found". Is this normal? If not, how to > fix it? Thanks. >=20 > [root@curve EAP]# ldd /usr/local/lib/rlm_eap_tls-0.8-pre.so > libssl.so.0.9.8 =3D> not found > libcrypto.so.0.9.8 =3D> not found > libnsl.so.1 =3D> /lib/libnsl.so.1 (0x40025000) > libresolv.so.2 =3D> /lib/libresolv.so.2 (0x4003a000) > libpthread.so.0 =3D> /lib/i686/libpthread.so.0 (0x4004b000) > libc.so.6 =3D> /lib/i686/libc.so.6 (0x42000000) > /lib/ld-linux.so.2 =3D> /lib/ld-linux.so.2 (0x80000000) >=20 > -----Original Message----- > From: Ynjiun P. Wang [mailto:ypw@;worldnet.att.net] > Sent: Wednesday, November 13, 2002 3:15 PM > To: [EMAIL PROTECTED] > Subject: EAP/TLS >=20 >=20 > Hi, >=20 > I was able to get Radius running with EAP/TLS. But when I get my Windows= XP logon through 802.11 (with root.der and > cert-clt.p12 installed), after couple rounds of exchanges of info with Ra= dius server, I got : > "rlm_eap_tls: Invalid ACK received > modcall[authenticate]: module "eap" returns invalid" > end up with "Access-Reject" > I cut out part of the log info as below. Does anyone encounter this probl= em? What causing it? What's the fix? Please > help. Thanks. >=20 > -Paul >=20 >=20 > Called-Station-Id =3D "004096495de0" > Calling-Station-Id =3D "0006250baad2" > NAS-Identifier =3D "AP350-495de0" > NAS-Port =3D 37 > Framed-MTU =3D 1400 > State =3D 0xdbe3f75a75d354c306c7870c1762e63dc8d4d23d9ec744a89fcd5= df6fd96d72d69fecdab > NAS-Port-Type =3D Wireless-802.11 > Service-Type =3D Login-User > EAP-Message =3D "\002\272\000\006\r" > Message-Authenticator =3D 0x7c7f78aa5e807d1d3ed5aaddbca89613 > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "eap" returns updated > rlm_realm: No '@' in User-Name =3D "kevin", looking up realm NULL > rlm_realm: No such realm NULL > modcall[authorize]: module "suffix" returns noop > users: Matched kevin at 95 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns updated > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: Request found, released from the list > rlm_eap: EAP_TYPE - tls > rlm_eap: processing type tls > rlm_eap_tls: Received EAP-TLS ACK message > rlm_eap_tls: Invalid ACK received > modcall[authenticate]: module "eap" returns invalid > modcall: group authenticate returns invalid > auth: Failed to validate the user. > Delaying request 2 for 1 seconds > Finished request 2 > Going to the next request > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 66.135.138.204:19375, id=3D56, = length=3D183 > Sending Access-Reject of id 56 to 66.135.138.204:19375 > EAP-Message =3D "\004\272\000\004" > Message-Authenticator =3D 0x00000000000000000000000000000000 >=20 >=20 > -=20 > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users= .html --=20 Regard, Jeffery Huang iMining Technology Inc., 8F-4, No.432, Sec.1 Keelung Rd., Taipei,Taiwan Tel:886-2-27235122 ext 20 Fax:886-2-27232287 http://www.imining.com.tw email:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html