Now I have full captured logs (ethereal(0.9.3), freeradius(snapshot10282002) and AP350(v.12T))regarding to the problem of: "rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: Invalid ACK received modcall[authenticate]: module "eap" returns invalid"
Could you please take a look to see if there is any obvious blonder? Thanks. /****************Ethereal (0.9.3) capture: *******************************/ Frame 14 (191 on wire, 191 captured) Arrival Time: Nov 15, 2002 13:44:03.415674000 Time delta from previous packet: 1.267728000 seconds Time relative to first packet: 19.405991000 seconds Frame Number: 14 Packet Length: 191 bytes Capture Length: 191 bytes Ethernet II Destination: 00:c0:9f:05:12:a6 (curve.esignx.com) Source: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net) Type: IP (0x0800) Internet Protocol, Src Addr: ip204.aec-1.sfo.interquest.net (66.135.138.204), Dst Addr: curve.esignx.com (66.135.138.207) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 177 Identification: 0x3981 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: UDP (0x11) Header checksum: 0xa711 (correct) Source: ip204.aec-1.sfo.interquest.net (66.135.138.204) Destination: curve.esignx.com (66.135.138.207) User Datagram Protocol, Src Port: 22563 (22563), Dst Port: radius (1812) Source port: 22563 (22563) Destination port: radius (1812) Length: 157 Checksum: 0x50c2 (correct) Radius Protocol Code: Access Request (1) Packet identifier: 0x4d (77) Length: 149 Authenticator Attribute value pairs t:User Name(1) l:7, Value:"kevin" t:Vendor Specific(26) l:20, Vendor:Cisco, Type:Cisco AV Pair, Len:12 Value:"ssid=tsunami" t:NAS IP Address(4) l:6, Value:192.168.0.8 t:Called Station Id(30) l:14, Value:"004096495de0" t:Calling Station Id(31) l:14, Value:"0006250baad2" t:NAS identifier(32) l:14, Value:"AP350-495de0" t:NAS Port(5) l:6, Value:37 t:Framed MTU(12) l:6, Value:1400 t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11 t:Service Type(6) l:6, Value:Login t:EAP-Message(79) l:12 Extensible Authentication Protocol Code: Response (2) Id: 2 Length: 10 Type: Identity [RFC2284] (1) Identity (5 bytes): kevin t:Message Authenticator(80) l:18, Value:"ÃN»k~\147¦íÂÁ,c\144Èí\025" Frame 15 (126 on wire, 126 captured) Arrival Time: Nov 15, 2002 13:44:03.417986000 Time delta from previous packet: 0.002312000 seconds Time relative to first packet: 19.408303000 seconds Frame Number: 15 Packet Length: 126 bytes Capture Length: 126 bytes Ethernet II Destination: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net) Source: 00:c0:9f:05:12:a6 (curve.esignx.com) Type: IP (0x0800) Internet Protocol, Src Addr: curve.esignx.com (66.135.138.207), Dst Addr: ip204.aec-1.sfo.interquest.net (66.135.138.204) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x0000 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0x9fd3 (correct) Source: curve.esignx.com (66.135.138.207) Destination: ip204.aec-1.sfo.interquest.net (66.135.138.204) User Datagram Protocol, Src Port: radius (1812), Dst Port: 22563 (22563) Source port: radius (1812) Destination port: 22563 (22563) Length: 92 Checksum: 0x0f31 (correct) Radius Protocol Code: Access challenge (11) Packet identifier: 0x4d (77) Length: 84 Authenticator Attribute value pairs t:EAP-Message(79) l:8 Extensible Authentication Protocol Code: Request (1) Id: 3 Length: 6 Type: EAP-TLS [RFC2716] [Aboba] (13) Flags(0x20): Start t:Message Authenticator(80) l:18, Value:"ÈÂt\001ç\143¡G¥¶\148\128âJ/?" t:State(24) l:38, Value:"\005\023\017b\019\013jy\145\153îx1P'£jÕ=ºZ^#\013´ýMõÚkFF\007Ró" Frame 17 (299 on wire, 299 captured) Arrival Time: Nov 15, 2002 13:44:03.789273000 Time delta from previous packet: 0.106425000 seconds Time relative to first packet: 19.779590000 seconds Frame Number: 17 Packet Length: 299 bytes Capture Length: 299 bytes Ethernet II Destination: 00:c0:9f:05:12:a6 (curve.esignx.com) Source: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net) Type: IP (0x0800) Internet Protocol, Src Addr: ip204.aec-1.sfo.interquest.net (66.135.138.204), Dst Addr: curve.esignx.com (66.135.138.207) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 285 Identification: 0x3984 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: UDP (0x11) Header checksum: 0xa6a2 (correct) Source: ip204.aec-1.sfo.interquest.net (66.135.138.204) Destination: curve.esignx.com (66.135.138.207) User Datagram Protocol, Src Port: 22564 (22564), Dst Port: radius (1812) Source port: 22564 (22564) Destination port: radius (1812) Length: 265 Checksum: 0xa839 (correct) Radius Protocol Code: Access Request (1) Packet identifier: 0x4e (78) Length: 257 Authenticator Attribute value pairs t:User Name(1) l:7, Value:"kevin" t:Vendor Specific(26) l:20, Vendor:Cisco, Type:Cisco AV Pair, Len:12 Value:"ssid=tsunami" t:NAS IP Address(4) l:6, Value:192.168.0.8 t:Called Station Id(30) l:14, Value:"004096495de0" t:Calling Station Id(31) l:14, Value:"0006250baad2" t:NAS identifier(32) l:14, Value:"AP350-495de0" t:NAS Port(5) l:6, Value:37 t:Framed MTU(12) l:6, Value:1400 t:State(24) l:38, Value:"\005\023\017b\019\013jy\145\153îx1P'£jÕ=ºZ^#\013´ýMõÚkFF\007Ró" t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11 t:Service Type(6) l:6, Value:Login t:EAP-Message(79) l:82 Extensible Authentication Protocol Code: Response (2) Id: 3 Length: 80 Type: EAP-TLS [RFC2716] [Aboba] (13) Flags(0x80): Length Length: 70 Secure Socket Layer TLS Record Layer: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 65 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 61 Version: TLS 1.0 (0x0301) Random.gmt_unix_time: Nov 15, 2002 13:45:56.000000000 Random.bytes Session ID Length: 0 Cipher Suites Length: 22 Cipher Suites (11 suites) Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004) Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009) Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064) Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062) Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003) Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012) Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x0063) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) t:Message Authenticator(80) l:18, Value:"Ý\131\021Ð|\030\144ïÌ·È\020LÀk\022" Frame 18 (1145 on wire, 1145 captured) Arrival Time: Nov 15, 2002 13:44:03.792712000 Time delta from previous packet: 0.003439000 seconds Time relative to first packet: 19.783029000 seconds Frame Number: 18 Packet Length: 1145 bytes Capture Length: 1145 bytes Ethernet II Destination: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net) Source: 00:c0:9f:05:12:a6 (curve.esignx.com) Type: IP (0x0800) Internet Protocol, Src Addr: curve.esignx.com (66.135.138.207), Dst Addr: ip204.aec-1.sfo.interquest.net (66.135.138.204) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1131 Identification: 0x0000 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0x9bd8 (correct) Source: curve.esignx.com (66.135.138.207) Destination: ip204.aec-1.sfo.interquest.net (66.135.138.204) User Datagram Protocol, Src Port: radius (1812), Dst Port: 22564 (22564) Source port: radius (1812) Destination port: 22564 (22564) Length: 1111 Checksum: 0xdec5 (correct) Radius Protocol Code: Access challenge (11) Packet identifier: 0x4e (78) Length: 1103 Authenticator Attribute value pairs t:EAP-Message(79) l:254 EAP fragment t:EAP-Message(79) l:254 EAP fragment t:EAP-Message(79) l:254 EAP fragment t:EAP-Message(79) l:254 EAP fragment t:EAP-Message(79) l:11 EAP fragment Extensible Authentication Protocol Code: Request (1) Id: 4 Length: 1017 Type: EAP-TLS [RFC2716] [Aboba] (13) Flags(0x80): Length Length: 1007 Secure Socket Layer TLS Record Layer: Server Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 74 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 70 Version: TLS 1.0 (0x0301) Random.gmt_unix_time: Nov 15, 2002 13:44:03.000000000 Random.bytes Session ID Length: 32 Session ID (32 bytes) Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004) Compression Method: null (0) TLS Record Layer: Certificate Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 737 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 733 Certificates Length: 730 Certificates (730 bytes) Certificate Length: 727 Certificate (727 bytes) TLS Record Layer: Multiple Handshake Messages Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 181 Handshake Protocol: Certificate Request Handshake Type: Certificate Request (13) Length: 173 Certificate types count: 3 Certificate types (3 types) Certificate type: RSA Sign (1) Certificate type: DSS Sign (2) Certificate type: Unknown (5) Distinguished Names Length: 167 Distinguished Names (167 bytes) Distinguished Name Length: 165 Distinguished Name (165 bytes) Handshake Protocol: Server Hello Done Handshake Type: Server Hello Done (14) Length: 0 t:Message Authenticator(80) l:18, Value:"$\155\004çï\013f\001Ê\025ÚP\136ÈÏ=" t:State(24) l:38, Value:"õνÚð¢ÇyÇÄ\141Ê\148O2b£jÕ=S\127,\138Ì:û\026\026Ì\01253\136\017" Frame 21 (225 on wire, 225 captured) Arrival Time: Nov 15, 2002 13:44:05.004527000 Time delta from previous packet: 0.715416000 seconds Time relative to first packet: 20.994844000 seconds Frame Number: 21 Packet Length: 225 bytes Capture Length: 225 bytes Ethernet II Destination: 00:c0:9f:05:12:a6 (curve.esignx.com) Source: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net) Type: IP (0x0800) Internet Protocol, Src Addr: ip204.aec-1.sfo.interquest.net (66.135.138.204), Dst Addr: curve.esignx.com (66.135.138.207) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 211 Identification: 0x398d Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 63 Protocol: UDP (0x11) Header checksum: 0xa6e3 (correct) Source: ip204.aec-1.sfo.interquest.net (66.135.138.204) Destination: curve.esignx.com (66.135.138.207) User Datagram Protocol, Src Port: 22565 (22565), Dst Port: radius (1812) Source port: 22565 (22565) Destination port: radius (1812) Length: 191 Checksum: 0xa27e (correct) Radius Protocol Code: Access Request (1) Packet identifier: 0x4f (79) Length: 183 Authenticator Attribute value pairs t:User Name(1) l:7, Value:"kevin" t:Vendor Specific(26) l:20, Vendor:Cisco, Type:Cisco AV Pair, Len:12 Value:"ssid=tsunami" t:NAS IP Address(4) l:6, Value:192.168.0.8 t:Called Station Id(30) l:14, Value:"004096495de0" t:Calling Station Id(31) l:14, Value:"0006250baad2" t:NAS identifier(32) l:14, Value:"AP350-495de0" t:NAS Port(5) l:6, Value:37 t:Framed MTU(12) l:6, Value:1400 t:State(24) l:38, Value:"õνÚð¢ÇyÇÄ\141Ê\148O2b£jÕ=S\127,\138Ì:û\026\026Ì\01253\136\017" t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11 t:Service Type(6) l:6, Value:Login t:EAP-Message(79) l:8 Extensible Authentication Protocol Code: Response (2) Id: 4 Length: 6 Type: EAP-TLS [RFC2716] [Aboba] (13) Flags(0x0): t:Message Authenticator(80) l:18, Value:"K\148öû³ñvÚ\134Ü\152\023'\006\154" Frame 23 (86 on wire, 86 captured) Arrival Time: Nov 15, 2002 13:44:07.003563000 Time delta from previous packet: 0.968648000 seconds Time relative to first packet: 22.993880000 seconds Frame Number: 23 Packet Length: 86 bytes Capture Length: 86 bytes Ethernet II Destination: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net) Source: 00:c0:9f:05:12:a6 (curve.esignx.com) Type: IP (0x0800) Internet Protocol, Src Addr: curve.esignx.com (66.135.138.207), Dst Addr: ip204.aec-1.sfo.interquest.net (66.135.138.204) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 72 Identification: 0x0000 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0x9ffb (correct) Source: curve.esignx.com (66.135.138.207) Destination: ip204.aec-1.sfo.interquest.net (66.135.138.204) User Datagram Protocol, Src Port: radius (1812), Dst Port: 22565 (22565) Source port: radius (1812) Destination port: 22565 (22565) Length: 52 Checksum: 0x220e (correct) Radius Protocol Code: Access Reject (3) Packet identifier: 0x4f (79) Length: 44 Authenticator Attribute value pairs t:EAP-Message(79) l:6 Extensible Authentication Protocol Code: Failure (4) Id: 4 Length: 4 t:Message Authenticator(80) l:18, Value:"8\129ÃdãbÓÍÂÚÂ\138¥²\1495" /************************************freeradius log******************************/ Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: servers_per_realm = 15 security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded System unix: cache = yes unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 HASH: Reinitializing hash structures and lists for caching... HASH: user root found in hashtable bucket 11726 HASH: user bin found in hashtable bucket 86651 HASH: user daemon found in hashtable bucket 11668 HASH: user adm found in hashtable bucket 26466 HASH: user lp found in hashtable bucket 54068 HASH: user sync found in hashtable bucket 42895 HASH: user shutdown found in hashtable bucket 71746 HASH: user halt found in hashtable bucket 7481 HASH: user mail found in hashtable bucket 79471 HASH: user news found in hashtable bucket 5375 HASH: user uucp found in hashtable bucket 38541 HASH: user operator found in hashtable bucket 21748 HASH: user games found in hashtable bucket 47657 HASH: user gopher found in hashtable bucket 47357 HASH: user ftp found in hashtable bucket 56226 HASH: user nobody found in hashtable bucket 99723 HASH: user vcsa found in hashtable bucket 25959 HASH: user mailnull found in hashtable bucket 78086 HASH: user rpm found in hashtable bucket 72383 HASH: user wnn found in hashtable bucket 59815 HASH: user ntp found in hashtable bucket 21418 HASH: user rpc found in hashtable bucket 72373 HASH: user xfs found in hashtable bucket 17213 HASH: user gdm found in hashtable bucket 50360 HASH: user rpcuser found in hashtable bucket 552 HASH: user nfsnobody found in hashtable bucket 51830 HASH: user nscd found in hashtable bucket 36306 HASH: user ident found in hashtable bucket 40304 HASH: user radvd found in hashtable bucket 66743 HASH: user postgres found in hashtable bucket 19301 HASH: user apache found in hashtable bucket 26582 HASH: user squid found in hashtable bucket 62826 HASH: user named found in hashtable bucket 7729 HASH: user pcap found in hashtable bucket 55326 HASH: user amanda found in hashtable bucket 72438 HASH: user junkbust found in hashtable bucket 14816 HASH: user mailman found in hashtable bucket 53563 HASH: user mysql found in hashtable bucket 46314 HASH: user netdump found in hashtable bucket 34321 HASH: user ldap found in hashtable bucket 45563 HASH: user postfix found in hashtable bucket 23093 HASH: user pvm found in hashtable bucket 78527 HASH: user ypw found in hashtable bucket 16936 HASH: user richard found in hashtable bucket 70235 HASH: user jzhu found in hashtable bucket 89989 HASH: user yfeng found in hashtable bucket 79945 HASH: user cms found in hashtable bucket 38933 HASH: user sandy found in hashtable bucket 91713 HASH: Stored 48 entries from /etc/passwd HASH: Stored 58 entries from /etc/group Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/eap/cert-srv.pem" tls: certificate_file = "/etc/eap/cert-srv.pem" tls: CA_file = "/etc/eap/root.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc/eap/DH" tls: random_file = "/etc/eap/random" tls: fragment_size = 4048 tls: include_length = yes rlm_eap_tls: conf N ctx stored rlm_eap: Loaded and initialized the type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) main: smux_password = "i9s44A5bSNMP" main: snmp_write_access = no SMUX connect try 1 Can't connect to SNMP agent with SMUX: Connection refused Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 66.135.138.204:22563, id=77, length=149 User-Name = "kevin" Cisco-AVPair = "ssid=tsunami" NAS-IP-Address = 192.168.0.8 Called-Station-Id = "004096495de0" Calling-Station-Id = "0006250baad2" NAS-Identifier = "AP350-495de0" NAS-Port = 37 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Login-User EAP-Message = "\002\002\000\n\001kevin" Message-Authenticator = 0xc34ebb6b7e93a6edc2c12c6390c8ed19 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched kevin at 95 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: processing type tls modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 77 to 66.135.138.204:22563 EAP-Message = "\001\003\000\006\r " Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05171162130d6a799199ee78315027c2a36ad53dba5a5e230db4fd4df5da6b46460752f3 Finished request 0 Going to the next request SMUX connect try 2 Can't connect to SNMP agent with SMUX: Connection refused --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 66.135.138.204:22564, id=78, length=257 User-Name = "kevin" Cisco-AVPair = "ssid=tsunami" NAS-IP-Address = 192.168.0.8 Called-Station-Id = "004096495de0" Calling-Station-Id = "0006250baad2" NAS-Identifier = "AP350-495de0" NAS-Port = 37 Framed-MTU = 1400 State = 0x05171162130d6a799199ee78315027c2a36ad53dba5a5e230db4fd4df5da6b46460752f3 NAS-Port-Type = Wireless-802.11 Service-Type = Login-User EAP-Message = "\002\003\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001=\325k\024\367\0053d\210\223_\330(\206a\305\217\2 52g\030\375\252EL,\331Dzn\261n\361\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000 c\001" Message-Authenticator = 0xdd8315d07c1e90efccb7c8144cc06b16 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched kevin at 95 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Length Included undefined: before/accept initialization TLS_accept: before/accept initialization <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A >>> TLS 1.0 Handshake [length 02e1], Certificate TLS_accept: SSLv3 write certificate A >>> TLS 1.0 Handshake [length 00b5], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap_tls: SSL_read Error Error code is ..... 2 SSL Error ..... 2 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 78 to 66.135.138.204:22564 EAP-Message = "\001\004\003\371\r\200\000\000\003\357\026\003\001\000J\002\000\000F\003\001=\325j\243p\r\320z\377\006b\254\352\353\021 \262|\225K\023\212H\372\377\226\004\223/\2355\0034 "\023.Dr\001\314\232~<\350\020\013\306\n0L\203\366\304F\275\264J\320\323i\335\251\311\345\241\000\004\000\026\003\001\00 2\341\013\000\002\335\000\002\332\000\002\3270\202\002\3230\202\002<\240\003\002\001\002\002\001\0020\r\006\t*\206H\206\ 367\r\001\001\004\005\0000\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023" EAP-Message = "urve.esignx.com1\0370\035\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036\027\r021113185626Z\027\r03111318 5626Z0\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0220\020\006\003U\004\007\ 023\tCupertino1\0330\031\006\003U\004\n\023\022eSignX Corporation1\0210\017\006\003U\004\013\023\010Wireless1\0310\027\006\003U\004\003\023\020curve.esignx.com1\0370\035\006\ t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201\2370\r\006\t" EAP-Message = "*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\307yX6\221#\003\322y\3762\313Z\212\rl\273 K\2026\355J\242\274\013m\370*\005Y\365\320\314C^\023\277\036\001\273+\244M1\022E\275bt\265j\331\032\311;\253\006%:\337/\ 304F\374.\316\274\335\317\271\304\355\367\263\315\322#\035\277v\334]\005\317b\007\255\023(\034Z\256\022\333q\232_\021\3 34!m92<\260\022\010\023\377PT\205\027\003D\004Pg\214\310\246\033!$WqE\002\003\001\000\001\243\0270\0250\023\006\003U\035 %\004\0140\n\006\010+\006\001\005" EAP-Message = "Itp!\rF{\241\347\342+\351\017\217\215\225\377\336]E\036!!\334\\\250\230\2203h\010\266\350\022#\031\036\375l\366\244\271 \371\356\214)\033\347;\345\002\300\020D\271J\003\264K\254uL}tv\350!;\257\342\001\343\366d1\026\003\001\000\265\r\000\000 \255\003\001\002\005\000\247\000\2450\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifor nia1\0220\020\006\003U\004\007\023\tCupertino1\0330\031\006\003U\004\n\023\022eSignX Corporation1\0210\017\006\003U\004\013\023\010Wireless1\0310\027\006" EAP-Message = "x.com\016\000\000" Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf5cebddaf0a2c779c7c48dca944f3262a36ad53d53ad7f2c8acc3afb1a1acc0c35338811 Finished request 1 Going to the next request SMUX connect try 3 Can't connect to SNMP agent with SMUX: Connection refused Waking up in 6 seconds... rad_recv: Access-Request packet from host 66.135.138.204:22565, id=79, length=183 User-Name = "kevin" Cisco-AVPair = "ssid=tsunami" NAS-IP-Address = 192.168.0.8 Called-Station-Id = "004096495de0" Calling-Station-Id = "0006250baad2" NAS-Identifier = "AP350-495de0" NAS-Port = 37 Framed-MTU = 1400 State = 0xf5cebddaf0a2c779c7c48dca944f3262a36ad53d53ad7f2c8acc3afb1a1acc0c35338811 NAS-Port-Type = Wireless-802.11 Service-Type = Login-User EAP-Message = "\002\004\000\006\r" Message-Authenticator = 0x4b94f6fbb3f176da86dc981727069aad modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched kevin at 95 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: Invalid ACK received modcall[authenticate]: module "eap" returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 79 to 66.135.138.204:22565 EAP-Message = "\004\004\000\004" Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 77 with timestamp 3dd56aa3 Cleaning up request 1 ID 78 with timestamp 3dd56aa3 Waking up in 2 seconds... rad_recv: Access-Request packet from host 66.135.138.204:22566, id=80, length=149 User-Name = "kevin" Cisco-AVPair = "ssid=tsunami" NAS-IP-Address = 192.168.0.8 Called-Station-Id = "004096495de0" Calling-Station-Id = "0006250baad2" NAS-Identifier = "AP350-495de0" NAS-Port = 37 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Login-User EAP-Message = "\002\005\000\n\001kevin" Message-Authenticator = 0xe6652cc53692bf0e39991f47ed505fa9 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched kevin at 95 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: processing type tls modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 80 to 66.135.138.204:22566 EAP-Message = "\001\006\000\006\r " Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3e74b0ab3499a907dd5cf9b4236f60aa96ad53d8214b104a2059fbad1124d71eba325e1 Finished request 3 Going to the next request Waking up in 2 seconds... rad_recv: Access-Request packet from host 66.135.138.204:22567, id=81, length=257 User-Name = "kevin" Cisco-AVPair = "ssid=tsunami" NAS-IP-Address = 192.168.0.8 Called-Station-Id = "004096495de0" Calling-Station-Id = "0006250baad2" NAS-Identifier = "AP350-495de0" NAS-Port = 37 Framed-MTU = 1400 State = 0xe3e74b0ab3499a907dd5cf9b4236f60aa96ad53d8214b104a2059fbad1124d71eba325e1 NAS-Port-Type = Wireless-802.11 Service-Type = Login-User EAP-Message = "\002\006\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001=\325k\032\n(\334\303\372I}\025A\256\316\244\212\ n^dp\2573%\313\377TX\3049\203i\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\00 1" Message-Authenticator = 0x5a6ea97f88ebe9d13de815e2ff22c2b8 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched kevin at 95 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Length Included undefined: before/accept initialization TLS_accept: before/accept initialization <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A >>> TLS 1.0 Handshake [length 02e1], Certificate TLS_accept: SSLv3 write certificate A >>> TLS 1.0 Handshake [length 00b5], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap_tls: SSL_read Error Error code is ..... 2 SSL Error ..... 2 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 81 to 66.135.138.204:22567 EAP-Message = "\001\007\003\371\r\200\000\000\003\357\026\003\001\000J\002\000\000F\003\001=\325j\251)\333[\251\222\303\231\230\0354O\ 000\310>\022\340\273\267S\235\205K\315J\005\035q \334+6Q^\203{\247R4\013\013\252\302\230\023'E\3613\313\005\244e\270\241\354\246Ss\353\277\000\004\000\026\003\001\002\34 1\013\000\002\335\000\002\332\000\002\3270\202\002\3230\202\002<\240\003\002\001\002\002\001\0020\r\006\t*\206H\206\367\ r\001\001\004\005\0000\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCal" EAP-Message = "urve.esignx.com1\0370\035\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036\027\r021113185626Z\027\r03111318 5626Z0\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0220\020\006\003U\004\007\ 023\tCupertino1\0330\031\006\003U\004\n\023\022eSignX Corporation1\0210\017\006\003U\004\013\023\010Wireless1\0310\027\006\003U\004\003\023\020curve.esignx.com1\0370\035\006\ t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201\2370\r\006\t" EAP-Message = "*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\307yX6\221#\003\322y\3762\313Z\212\rl\273 K\2026\355J\242\274\013m\370*\005Y\365\320\314C^\023\277\036\001\273+\244M1\022E\275bt\265j\331\032\311;\253\006%:\337/\ 304F\374.\316\274\335\317\271\304\355\367\263\315\322#\035\277v\334]\005\317b\007\255\023(\034Z\256\022\333q\232_\021\3 34!m92<\260\022\010\023\377PT\205\027\003D\004Pg\214\310\246\033!$WqE\002\003\001\000\001\243\0270\0250\023\006\003U\035 %\004\0140\n\006\010+\006\001\005" EAP-Message = "Itp!\rF{\241\347\342+\351\017\217\215\225\377\336]E\036!!\334\\\250\230\2203h\010\266\350\022#\031\036\375l\366\244\271 \371\356\214)\033\347;\345\002\300\020D\271J\003\264K\254uL}tv\350!;\257\342\001\343\366d1\026\003\001\000\265\r\000\000 \255\003\001\002\005\000\247\000\2450\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifor nia1\0220\020\006\003U\004\007\023\tCupertino1\0330\031\006\003U\004\n\023\022eSignX Corporation1\0210\017\006\003U\004\013\023\010Wireless1\0310\027\006" EAP-Message = "x.com\016\000\000" Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6aa384f436dbdaad6138d980b507a71ba96ad53d0e982f9b594714a39dbf235aee306ed5 Finished request 4 Going to the next request Waking up in 2 seconds... rad_recv: Access-Request packet from host 66.135.138.204:22568, id=82, length=183 User-Name = "kevin" Cisco-AVPair = "ssid=tsunami" NAS-IP-Address = 192.168.0.8 Called-Station-Id = "004096495de0" Calling-Station-Id = "0006250baad2" NAS-Identifier = "AP350-495de0" NAS-Port = 37 Framed-MTU = 1400 State = 0x6aa384f436dbdaad6138d980b507a71ba96ad53d0e982f9b594714a39dbf235aee306ed5 NAS-Port-Type = Wireless-802.11 Service-Type = Login-User EAP-Message = "\002\007\000\006\r" Message-Authenticator = 0x828a7278b70043a2068044344ee907bf modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched kevin at 95 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: Invalid ACK received modcall[authenticate]: module "eap" returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Delaying request 5 for 1 seconds Finished request 5 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 79 with timestamp 3dd56aa5 Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 82 to 66.135.138.204:22568 EAP-Message = "\004\007\000\004" Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 80 with timestamp 3dd56aa9 Cleaning up request 4 ID 81 with timestamp 3dd56aa9 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 5 ID 82 with timestamp 3dd56aaa Nothing to do. Sleeping until we see a request. /*********************************Cisco AP350 eap log********************************/ 2002/11/15 13:45:30 (Info): Station 0006250baad2 Authenticated Dot1x entry (kevin,0006250baad2) is being deleted(Current Count=3) 2002/11/15 13:45:30 (Info): Station 0006250baad2 Associated Dot1X Authentication Entry (0006250baad2) is created (Current Count=4) RADIUS: Sending EAP-Request/Identity(id=1) packet to client 0006250baad2 00baabd0: 01 00 * .* 00baabe0: 00 33 01 01 00 33 01 00 6e 65 74 77 6f 72 6b 69 *.3...3..networki* 00baabf0: 64 3d 74 73 75 6e 61 6d 69 2c 6e 61 73 69 64 3d *d=tsunami,nasid=* 00baac00: 41 50 33 35 30 2d 34 39 35 64 65 30 2c 70 6f 72 *AP350-495de0,por* 00baac10: 74 69 64 3d 30 *tid=0...........* EAP: Received EAPOL-Start from client 0006250baad2 RADIUS: Sending EAP-Request/Identity(id=2) packet to client 0006250baad2 00ba7dd0: 01 00 00 33 01 02 * ..3..* 00ba7de0: 00 33 01 00 6e 65 74 77 6f 72 6b 69 64 3d 74 73 *.3..networkid=ts* 00ba7df0: 75 6e 61 6d 69 2c 6e 61 73 69 64 3d 41 50 33 35 *unami,nasid=AP35* 00ba7e00: 30 2d 34 39 35 64 65 30 2c 70 6f 72 74 69 64 3d *0-495de0,portid=* 00ba7e10: 30 *0...............* EAP: Received EAP-Response/Identity(id=1) packet from client 0006250baad2 00bab4f0: 01 00 00 0a 02 01 00 0a * .......* 00bab500: 01 6b 65 76 69 6e *.kevin..........* EAP: Response not from most recent request (ID: Expected=2, Actual=1) EAP: Received EAP-Response/Identity(id=2) packet from client 0006250baad2 00ba7dc0: 01 00 00 0a 02 02 00 0a 01 6b 65 76 69 6e *.........kevin..* EAP: Forwarding packet to RADIUS server 008a35e0: 01 4d 00 95 22 5f c1 ad 91 0c e2 d8 f2 50 fb c5 *.M.."_.......P..* 008a35f0: ab b5 d9 ad 01 07 6b 65 76 69 6e 1a 14 00 00 00 *......kevin.....* 008a3600: 09 01 0e 73 73 69 64 3d 74 73 75 6e 61 6d 69 04 *...ssid=tsunami.* 008a3610: 06 c0 a8 00 08 1e 0e 30 30 34 30 39 36 34 39 35 *.......004096495* 008a3620: 64 65 30 1f 0e 30 30 30 36 32 35 30 62 61 61 64 *de0..0006250baad* 008a3630: 32 20 0e 41 50 33 35 30 2d 34 39 35 64 65 30 05 *2 .AP350-495de0.* 008a3640: 06 00 00 00 25 0c 06 00 00 05 78 3d 06 00 00 00 *....%.....x=....* 008a3650: 13 06 06 00 00 00 01 4f 0c 02 02 00 0a 01 6b 65 *.......O......ke* 008a3660: 76 69 6e 50 12 c3 4e bb 6b 7e 93 a6 ed c2 c1 2c *vinP..N.k~.....,* 008a3670: 63 90 c8 ed 19 *c...............* RADIUS: Received packet for client 0006250baad2 008a2dd0: 0b 4d 00 54 b4 f6 c5 a1 * M.T....* 008a2de0: 46 d2 f2 88 5c 69 ad 63 64 d0 ed c1 4f 08 01 03 *F...\i.cd...O...* 008a2df0: 00 06 0d 20 50 12 c8 c2 74 01 e7 8f a1 47 a5 b6 *... P...t....G..* 008a2e00: 94 80 e2 4a 2f 3f 18 26 05 17 11 62 13 0d 6a 79 *...J/?.&...b..jy* 008a2e10: 91 99 ee 78 31 50 27 c2 a3 6a d5 3d ba 5a 5e 23 *...x1P'..j.=.Z^#* 008a2e20: 0d b4 fd 4d f5 da 6b 46 46 07 52 f3 *...M..kFF.R.....* RADIUS: Received Challenge Request RADIUS: Server's state attribute was saved RADIUS: Sending EAP-Request/EAP-TLS(id=3) packet to client 0006250baad2 00baabd0: 01 00 * .* 00baabe0: 00 06 01 03 00 06 0d 20 *....... ........* EAP: Received EAP-Response/EAP-TLS(id=3) packet from client 0006250baad2 00bac760: 01 00 00 50 02 03 00 50 0d 80 00 00 00 46 16 03 *...P...P.....F..* 00bac770: 01 00 41 01 00 00 3d 03 01 3d d5 6b 14 f7 05 33 *..A...=..=.k...3* 00bac780: 64 88 93 5f d8 28 86 61 c5 8f aa 67 18 fd aa 45 *d.._.(.a...g...E* 00bac790: 4c 2c d9 44 7a 6e b1 6e f1 00 00 16 00 04 00 05 *L,.Dzn.n........* 00bac7a0: 00 0a 00 09 00 64 00 62 00 03 00 06 00 13 00 12 *.....d.b........* 00bac7b0: 00 63 01 00 *.c..............* EAP: Forwarding packet to RADIUS server 008a35e0: 01 4e 01 01 87 89 9d 15 a5 d1 37 b6 93 16 7b f8 *.N........7...{.* 008a35f0: b2 99 fa f5 01 07 6b 65 76 69 6e 1a 14 00 00 00 *......kevin.....* 008a3600: 09 01 0e 73 73 69 64 3d 74 73 75 6e 61 6d 69 04 *...ssid=tsunami.* 008a3610: 06 c0 a8 00 08 1e 0e 30 30 34 30 39 36 34 39 35 *.......004096495* 008a3620: 64 65 30 1f 0e 30 30 30 36 32 35 30 62 61 61 64 *de0..0006250baad* 008a3630: 32 20 0e 41 50 33 35 30 2d 34 39 35 64 65 30 05 *2 .AP350-495de0.* 008a3640: 06 00 00 00 25 0c 06 00 00 05 78 18 26 05 17 11 *....%.....x.&...* 008a3650: 62 13 0d 6a 79 91 99 ee 78 31 50 27 c2 a3 6a d5 *b..jy...x1P'..j.* 008a3660: 3d ba 5a 5e 23 0d b4 fd 4d f5 da 6b 46 46 07 52 *=.Z^#...M..kFF.R* 008a3670: f3 3d 06 00 00 00 13 06 06 00 00 00 01 4f 52 02 *.=...........OR.* 008a3680: 03 00 50 0d 80 00 00 00 46 16 03 01 00 41 01 00 *..P.....F....A..* 008a3690: 00 3d 03 01 3d d5 6b 14 f7 05 33 64 88 93 5f d8 *.=..=.k...3d.._.* 008a36a0: 28 86 61 c5 8f aa 67 18 fd aa 45 4c 2c d9 44 7a *(.a...g...EL,.Dz* 008a36b0: 6e b1 6e f1 00 00 16 00 04 00 05 00 0a 00 09 00 *n.n.............* 008a36c0: 64 00 62 00 03 00 06 00 13 00 12 00 63 01 00 50 *d.b.........c..P* 008a36d0: 12 dd 83 15 d0 7c 1e 90 ef cc b7 c8 14 4c c0 6b *.....|.......L.k* 008a36e0: 16 *................* RADIUS: Received packet for client 0006250baad2 008a2dd0: 0b 4e 04 4f a6 a0 55 68 * N.O..Uh* 008a2de0: 84 95 4f 9b f9 6e 7c 0e 44 0c 03 cc 4f fe 01 04 *..O..n|.D...O...* 008a2df0: 03 f9 0d 80 00 00 03 ef 16 03 01 00 4a 02 00 00 *............J...* 008a2e00: 46 03 01 3d d5 6a a3 70 0d d0 7a ff 06 62 ac ea *F..=.j.p..z..b..* 008a2e10: eb 11 b2 7c 95 4b 13 8a 48 fa ff 96 04 93 2f 9d *...|.K..H...../.* 008a2e20: 35 03 34 20 22 13 2e 44 72 01 cc 9a 7e 3c e8 10 *5.4 "..Dr...~<..* 008a2e30: 0b c6 0a 30 4c 83 f6 c4 46 bd b4 4a d0 d3 69 dd *...0L...F..J..i.* 008a2e40: a9 c9 e5 a1 00 04 00 16 03 01 02 e1 0b 00 02 dd *................* 008a2e50: 00 02 da 00 02 d7 30 82 02 d3 30 82 02 3c a0 03 *......0...0..<..* 008a2e60: 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d *......0...*.H...* 008a2e70: 01 01 04 05 00 30 81 a2 31 0b 30 09 06 03 55 04 *.....0..1.0...U.* 008a2e80: 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a *...US1.0...U....* 008a2e90: 43 61 6c 69 66 6f 72 6e 69 61 31 12 30 10 06 03 *California1.0...* 008a2ea0: 55 04 07 13 09 43 75 70 65 72 74 69 6e 6f 31 1b *U....Cupertino1.* 008a2eb0: 30 19 06 03 55 04 0a 13 12 65 53 69 67 6e 58 20 *0...U....eSignX * 008a2ec0: 43 6f 72 70 6f 72 61 74 69 6f 6e 31 11 30 0f 06 *Corporation1.0..* 008a2ed0: 03 55 04 0b 13 08 57 69 72 65 6c 65 73 73 31 19 *.U....Wireless1.* 008a2ee0: 30 17 06 03 55 04 03 13 10 63 4f fe 75 72 76 65 *0...U....cO.urve* 008a2ef0: 2e 65 73 69 67 6e 78 2e 63 6f 6d 31 1f 30 1d 06 *.esignx.com1.0..* 008a2f00: 09 2a 86 48 86 f7 0d 01 09 01 16 10 63 75 72 76 *.*.H........curv* 008a2f10: 65 40 65 73 69 67 6e 78 2e 63 6f 6d 30 1e 17 0d *[EMAIL PROTECTED]* 008a2f20: 30 32 31 31 31 33 31 38 35 36 32 36 5a 17 0d 30 *021113185626Z..0* 008a2f30: 33 31 31 31 33 31 38 35 36 32 36 5a 30 81 a2 31 *31113185626Z0..1* 008a2f40: 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 *.0...U....US1.0.* 008a2f50: 06 03 55 04 08 13 0a 43 61 6c 69 66 6f 72 6e 69 *..U....Californi* 008a2f60: 61 31 12 30 10 06 03 55 04 07 13 09 43 75 70 65 *a1.0...U....Cupe* 008a2f70: 72 74 69 6e 6f 31 1b 30 19 06 03 55 04 0a 13 12 *rtino1.0...U....* 008a2f80: 65 53 69 67 6e 58 20 43 6f 72 70 6f 72 61 74 69 *eSignX Corporati* 008a2f90: 6f 6e 31 11 30 0f 06 03 55 04 0b 13 08 57 69 72 *on1.0...U....Wir* 008a2fa0: 65 6c 65 73 73 31 19 30 17 06 03 55 04 03 13 10 *eless1.0...U....* 008a2fb0: 63 75 72 76 65 2e 65 73 69 67 6e 78 2e 63 6f 6d *curve.esignx.com* 008a2fc0: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 *1.0...*.H.......* 008a2fd0: 10 63 75 72 76 65 40 65 73 69 67 6e 78 2e 63 6f *[EMAIL PROTECTED]* 008a2fe0: 6d 30 81 9f 30 0d 06 09 4f fe 2a 86 48 86 f7 0d *m0..0...O.*.H...* 008a2ff0: 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 *.........0......* 008a3000: c7 79 58 36 91 23 03 d2 79 fe 32 cb 5a 8a 0d 6c *.yX6.#..y.2.Z..l* 008a3010: bb 4b 82 36 ed 4a a2 bc 0b 6d f8 2a 05 59 f5 d0 *.K.6.J...m.*.Y..* 008a3020: cc 43 5e 13 bf 1e 01 bb 2b a4 4d 31 12 45 bd 62 *.C^.....+.M1.E.b* 008a3030: 74 b5 6a d9 1a c9 3b ab 06 25 3a df 2f c4 46 fc *t.j...;..%:./.F.* 008a3040: 2e ce bc dd cf b9 c4 ed f7 b3 cd d2 23 1d bf 76 *............#..v* 008a3050: dc 7f 5d 05 cf 62 07 ad 13 28 1c 5a ae 12 db 71 *..]..b...(.Z...q* 008a3060: 9a 5f 11 dc 21 6d 39 32 3c b0 12 08 13 ff 50 54 *._..!m92<.....PT* 008a3070: 85 17 03 44 04 50 67 8c c8 a6 1b 21 24 57 71 45 *...D.Pg....!$WqE* 008a3080: 02 03 01 00 01 a3 17 30 15 30 13 06 03 55 1d 25 *.......0.0...U.%* 008a3090: 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0d *..0...+.......0.* 008a30a0: 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 *..*.H...........* 008a30b0: 00 96 93 8b 16 a9 3f 96 a7 de 90 ed 76 09 89 87 *......?.....v...* 008a30c0: 11 58 de db 53 f2 da 7d f0 57 ff d1 39 8b 76 94 *.X..S..}.W..9.v.* 008a30d0: 66 ff ff cb ed e9 18 8c a9 67 87 c3 46 1d 48 5a *f........g..F.HZ* 008a30e0: 66 3b f0 75 6c 8d 4f fe 49 74 70 21 0d 46 7b a1 *f;.ul.O.Itp!.F{.* 008a30f0: e7 e2 2b e9 0f 8f 8d 95 ff de 5d 45 1e 21 21 dc *..+.......]E.!!.* 008a3100: 5c a8 98 90 33 68 08 b6 e8 12 23 19 1e fd 6c f6 *\...3h....#...l.* 008a3110: a4 b9 f9 ee 8c 29 1b e7 3b e5 02 c0 10 44 b9 4a *.....)..;....D.J* 008a3120: 03 b4 4b ac 75 4c 7d 74 76 e8 21 3b af e2 01 e3 *..K.uL}tv.!;....* 008a3130: f6 64 31 16 03 01 00 b5 0d 00 00 ad 03 01 02 05 *.d1.............* 008a3140: 00 a7 00 a5 30 81 a2 31 0b 30 09 06 03 55 04 06 *....0..1.0...U..* 008a3150: 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 43 *..US1.0...U....C* 008a3160: 61 6c 69 66 6f 72 6e 69 61 31 12 30 10 06 03 55 *alifornia1.0...U* 008a3170: 04 07 13 09 43 75 70 65 72 74 69 6e 6f 31 1b 30 *....Cupertino1.0* 008a3180: 19 06 03 55 04 0a 13 12 65 53 69 67 6e 58 20 43 *...U....eSignX C* 008a3190: 6f 72 70 6f 72 61 74 69 6f 6e 31 11 30 0f 06 03 *orporation1.0...* 008a31a0: 55 04 0b 13 08 57 69 72 65 6c 65 73 73 31 19 30 *U....Wireless1.0* 008a31b0: 17 06 03 55 04 03 13 10 63 75 72 76 65 2e 65 73 *...U....curve.es* 008a31c0: 69 67 6e 78 2e 63 6f 6d 31 1f 30 1d 06 09 2a 86 *ignx.com1.0...*.* 008a31d0: 48 86 f7 0d 01 09 01 16 10 63 75 72 76 65 40 65 *H........curve@e* 008a31e0: 73 69 67 6e 4f 0b 78 2e 63 6f 6d 0e 00 00 00 50 *signO.x.com....P* 008a31f0: 12 24 9b 04 e7 ef 0d 66 01 ca 19 da 50 88 c8 cf *.$.....f....P...* 008a3200: 3d 18 26 f5 ce bd da f0 a2 c7 79 c7 c4 8d ca 94 *=.&.......y.....* 008a3210: 4f 32 62 a3 6a d5 3d 53 ad 7f 2c 8a cc 3a fb 1a *O2b.j.=S..,..:..* 008a3220: 1a cc 0c 35 33 88 11 *...53...........* RADIUS: Received Challenge Request RADIUS: Server's state attribute was saved RADIUS: Appending EAP attribute value of length 254 RADIUS: Appending EAP attribute value of length 254 RADIUS: Appending EAP attribute value of length 254 RADIUS: Appending EAP attribute value of length 11 RADIUS: Sending EAP-code=120/type=109(id=46) packet to client 0006250baad2 00bac770: 01 00 03 f9 01 04 * .....* 00bac780: 03 f9 0d 80 00 00 03 ef 16 03 01 00 4a 02 00 00 *............J...* 00bac790: 46 03 01 3d d5 6a a3 70 0d d0 7a ff 06 62 ac ea *F..=.j.p..z..b..* 00bac7a0: eb 11 b2 7c 95 4b 13 8a 48 fa ff 96 04 93 2f 9d *...|.K..H...../.* 00bac7b0: 35 03 34 20 22 13 2e 44 72 01 cc 9a 7e 3c e8 10 *5.4 "..Dr...~<..* 00bac7c0: 0b c6 0a 30 4c 83 f6 c4 46 bd b4 4a d0 d3 69 dd *...0L...F..J..i.* 00bac7d0: a9 c9 e5 a1 00 04 00 16 03 01 02 e1 0b 00 02 dd *................* 00bac7e0: 00 02 da 00 02 d7 30 82 02 d3 30 82 02 3c a0 03 *......0...0..<..* 00bac7f0: 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d *......0...*.H...* 00bac800: 01 01 04 05 00 30 81 a2 31 0b 30 09 06 03 55 04 *.....0..1.0...U.* 00bac810: 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a *...US1.0...U....* 00bac820: 43 61 6c 69 66 6f 72 6e 69 61 31 12 30 10 06 03 *California1.0...* 00bac830: 55 04 07 13 09 43 75 70 65 72 74 69 6e 6f 31 1b *U....Cupertino1.* 00bac840: 30 19 06 03 55 04 0a 13 12 65 53 69 67 6e 58 20 *0...U....eSignX * 00bac850: 43 6f 72 70 6f 72 61 74 69 6f 6e 31 11 30 0f 06 *Corporation1.0..* 00bac860: 03 55 04 0b 13 08 57 69 72 65 6c 65 73 73 31 19 *.U....Wireless1.* 00bac870: 30 17 06 03 55 04 03 13 10 63 75 72 76 65 2e 65 *0...U....curve.e* 00bac880: 73 69 67 6e 78 2e 63 6f 6d 31 1f 30 1d 06 09 2a *signx.com1.0...** 00bac890: 86 48 86 f7 0d 01 09 01 16 10 63 75 72 76 65 40 *.H........curve@* 00bac8a0: 65 73 69 67 6e 78 2e 63 6f 6d 30 1e 17 0d 30 32 *esignx.com0...02* 00bac8b0: 31 31 31 33 31 38 35 36 32 36 5a 17 0d 30 33 31 *1113185626Z..031* 00bac8c0: 31 31 33 31 38 35 36 32 36 5a 30 81 a2 31 0b 30 *113185626Z0..1.0* 00bac8d0: 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 *...U....US1.0...* 00bac8e0: 55 04 08 13 0a 43 61 6c 69 66 6f 72 6e 69 61 31 *U....California1* 00bac8f0: 12 30 10 06 03 55 04 07 13 09 43 75 70 65 72 74 *.0...U....Cupert* 00bac900: 69 6e 6f 31 1b 30 19 06 03 55 04 0a 13 12 65 53 *ino1.0...U....eS* 00bac910: 69 67 6e 58 20 43 6f 72 70 6f 72 61 74 69 6f 6e *ignX Corporation* 00bac920: 31 11 30 0f 06 03 55 04 0b 13 08 57 69 72 65 6c *1.0...U....Wirel* 00bac930: 65 73 73 31 19 30 17 06 03 55 04 03 13 10 63 75 *ess1.0...U....cu* 00bac940: 72 76 65 2e 65 73 69 67 6e 78 2e 63 6f 6d 31 1f *rve.esignx.com1.* 00bac950: 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 10 63 *0...*.H........c* 00bac960: 75 72 76 65 40 65 73 69 67 6e 78 2e 63 6f 6d 30 *[EMAIL PROTECTED]* 00bac970: 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 *..0...*.H.......* 00bac980: 00 03 81 8d 00 30 81 89 02 81 81 00 c7 79 58 36 *.....0.......yX6* 00bac990: 91 23 03 d2 79 fe 32 cb 5a 8a 0d 6c bb 4b 82 36 *.#..y.2.Z..l.K.6* 00bac9a0: ed 4a a2 bc 0b 6d f8 2a 05 59 f5 d0 cc 43 5e 13 *.J...m.*.Y...C^.* 00bac9b0: bf 1e 01 bb 2b a4 4d 31 12 45 bd 62 74 b5 6a d9 *....+.M1.E.bt.j.* 00bac9c0: 1a c9 3b ab 06 25 3a df 2f c4 46 fc 2e ce bc dd *..;..%:./.F.....* 00bac9d0: cf b9 c4 ed f7 b3 cd d2 23 1d bf 76 dc 7f 5d 05 *........#..v..].* 00bac9e0: cf 62 07 ad 13 28 1c 5a ae 12 db 71 9a 5f 11 dc *.b...(.Z...q._..* 00bac9f0: 21 6d 39 32 3c b0 12 08 13 ff 50 54 85 17 03 44 *!m92<.....PT...D* 00baca00: 04 50 67 8c c8 a6 1b 21 24 57 71 45 02 03 01 00 *.Pg....!$WqE....* 00baca10: 01 a3 17 30 15 30 13 06 03 55 1d 25 04 0c 30 0a *...0.0...U.%..0.* 00baca20: 06 08 2b 06 01 05 05 07 03 01 30 0d 06 09 2a 86 *..+.......0...*.* 00baca30: 48 86 f7 0d 01 01 04 05 00 03 81 81 00 96 93 8b *H...............* 00baca40: 16 a9 3f 96 a7 de 90 ed 76 09 89 87 11 58 de db *..?.....v....X..* 00baca50: 53 f2 da 7d f0 57 ff d1 39 8b 76 94 66 ff ff cb *S..}.W..9.v.f...* 00baca60: ed e9 18 8c a9 67 87 c3 46 1d 48 5a 66 3b f0 75 *.....g..F.HZf;.u* 00baca70: 6c 8d 49 74 70 21 0d 46 7b a1 e7 e2 2b e9 0f 8f *l.Itp!.F{...+...* 00baca80: 8d 95 ff de 5d 45 1e 21 21 dc 5c a8 98 90 33 68 *....]E.!!.\...3h* 00baca90: 08 b6 e8 12 23 19 1e fd 6c f6 a4 b9 f9 ee 8c 29 *....#...l......)* 00bacaa0: 1b e7 3b e5 02 c0 10 44 b9 4a 03 b4 4b ac 75 4c *..;....D.J..K.uL* 00bacab0: 7d 74 76 e8 21 3b af e2 01 e3 f6 64 31 16 03 01 *}tv.!;.....d1...* 00bacac0: 00 b5 0d 00 00 ad 03 01 02 05 00 a7 00 a5 30 81 *..............0.* 00bacad0: a2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 *.1.0...U....US1.* 00bacae0: 30 11 06 03 55 04 08 13 0a 43 61 6c 69 66 6f 72 *0...U....Califor* 00bacaf0: 6e 69 61 31 12 30 10 06 03 55 04 07 13 09 43 75 *nia1.0...U....Cu* 00bacb00: 70 65 72 74 69 6e 6f 31 1b 30 19 06 03 55 04 0a *pertino1.0...U..* 00bacb10: 13 12 65 53 69 67 6e 58 20 43 6f 72 70 6f 72 61 *..eSignX Corpora* 00bacb20: 74 69 6f 6e 31 11 30 0f 06 03 55 04 0b 13 08 57 *tion1.0...U....W* 00bacb30: 69 72 65 6c 65 73 73 31 19 30 17 06 03 55 04 03 *ireless1.0...U..* 00bacb40: 13 10 63 75 72 76 65 2e 65 73 69 67 6e 78 2e 63 *..curve.esignx.c* 00bacb50: 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 *om1.0...*.H.....* 00bacb60: 01 16 10 63 75 72 76 65 40 65 73 69 67 6e 78 2e *...curve@esignx.* 00bacb70: 63 6f 6d 0e 00 00 00 *com.............* EAP: Received EAP-Response/EAP-TLS(id=4) packet from client 0006250baad2 00baabc0: 01 00 00 06 02 04 00 06 0d 00 * ...........* EAP: Forwarding packet to RADIUS server 008a35e0: 01 4f 00 b7 a7 75 07 c2 3a a0 f7 ea 0b 66 2b 2a *.O...u..:....f+** 008a35f0: 90 25 81 ff 01 07 6b 65 76 69 6e 1a 14 00 00 00 *.%....kevin.....* 008a3600: 09 01 0e 73 73 69 64 3d 74 73 75 6e 61 6d 69 04 *...ssid=tsunami.* 008a3610: 06 c0 a8 00 08 1e 0e 30 30 34 30 39 36 34 39 35 *.......004096495* 008a3620: 64 65 30 1f 0e 30 30 30 36 32 35 30 62 61 61 64 *de0..0006250baad* 008a3630: 32 20 0e 41 50 33 35 30 2d 34 39 35 64 65 30 05 *2 .AP350-495de0.* 008a3640: 06 00 00 00 25 0c 06 00 00 05 78 18 26 f5 ce bd *....%.....x.&...* 008a3650: da f0 a2 c7 79 c7 c4 8d ca 94 4f 32 62 a3 6a d5 *....y.....O2b.j.* 008a3660: 3d 53 ad 7f 2c 8a cc 3a fb 1a 1a cc 0c 35 33 88 *=S..,..:.....53.* 008a3670: 11 3d 06 00 00 00 13 06 06 00 00 00 01 4f 08 02 *.=...........O..* 008a3680: 04 00 06 0d 00 50 12 4b 94 f6 fb b3 f1 76 da 86 *.....P.K.....v..* 008a3690: dc 98 17 27 06 9a ad *...'............* RADIUS: Received packet for client 0006250baad2 008a2dd0: 03 4f 00 2c 2a a8 ad 47 * O.,*..G* 008a2de0: 92 ff a6 87 ce 56 24 84 df 9d e5 a4 4f 06 04 04 *.....V$.....O...* 008a2df0: 00 04 50 12 38 81 c3 64 e3 62 d3 cd c2 da c2 8a *..P.8..d.b......* 008a2e00: a5 b2 95 35 *...5............* RADIUS: Access-Deny for 0006250baad2 RADIUS: Sending EAP-Failure/type=0(id=4) packet to client 0006250baad2 00bac770: 01 00 00 04 04 04 * .....* 00bac780: 00 04 *................* 2002/11/15 13:45:34 (Warning): Station=0006250baad2 user="kevin" Failed EAP-Authentication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html