Hello, when I use eaptls freeradius-0.8 show this:
**************************************************************************************************
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=36, length=200
User-Name = "adam-ctl"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-05-5D-5C-20-D3:lolored2"
Calling-Station-Id = "00-02-2D-2B-BB-21"
Framed-MTU = 2304
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = "\002b\000\021\r\200\000\000\000\007\025\003\001\000\002\002-"
State =
0xe82d8de7712359fdba5c6e493e6c9bafa5016f3e6240c1360aeb808fd664e6df449609cf
Message-Authenticator = 0x8cc94d08936d1e1bb43c2dcfb410e37f
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched adam-ctl at 6
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
content_type = 21
record_len = 2
<<< TLS 1.0 rad_recv: Access-Request packet from host 127.0.0.1:1025, id=32, length=196
User-Name = "adam-ctl"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-05-5D-5C-20-D3:lolored2"
Calling-Station-Id = "00-02-2D-2B-BB-21"
Framed-MTU = 2304
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = "\002^\000\r\001adam-ctl"
State =
0x690be8ccca8e8563bbe7e315f95fc97676ff6e3e06914174dd1ea46966c66b061f818e9b
Message-Authenticator = 0x0158460883122be6203190906d330cf4
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched adam-ctl at 6
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 32 to 127.0.0.1:1025
EAP-Message = "\001_\000\006\r "
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xae4210e15fdaed07a2bdf30bd8e657bda1016f3e402fc1bc5b99835c98edc4848cb50021
Finished request 25
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=33, length=295
User-Name = "adam-ctl"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-05-5D-5C-20-D3:lolored2"
Calling-Station-Id = "00-02-2D-2B-BB-21"
Framed-MTU = 2304
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
"\002_\000p\r\200\000\000\000f\026\003\001\000a\001\000\000]\003\001>o\001K[E\340v\335\307\272\026\342\374\033\235\327\033[\253\001\036\246\327mUSOyCO\355\000\0006\0009\0008\0005\000\026\000\023\000\n\0003\0002\000/\000f\000\007\000\005\000\004\000e\000d\000c\000b\000a\000`\000\025\000\022\000\t\000\024\000\021\000\010\000\006\000\003\001"
State =
0xae4210e15fdaed07a2bdf30bd8e657bda1016f3e402fc1bc5b99835c98edc4848cb50021
Message-Authenticator = 0x0b92bd9e777fe835b5bb7deccd199d49
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched adam-ctl at 6
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
Callback has been called because a new handshake is started.
(SSL_accept) before/accept initialization
content_type = 22
record_len = 97
<<< TLS 1.0 Handshake [length 0061], ClientHello
(SSL_accept) SSLv3 read client hello A
content_type = 22
record_len = 74
>>> TLS 1.0 Handshake [length 004a], ServerHello
(SSL_accept) SSLv3 write server hello A
content_type = 22
record_len = 1962
>>> TLS 1.0 Handshake [length 07aa], Certificate
(SSL_accept) SSLv3 write certificate A
content_type = 22
record_len = 13
>>> TLS 1.0 Handshake [length 000d], CertificateRequest
(SSL_accept) SSLv3 write certificate request A
(SSL_accept) SSLv3 flush data
SSL_accept:error in SSLv3 read client certificate A
<-----------------------------------------------------------
SSL Error ..... 2
In SSL Handshake Phase
In SSL Accept mode
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 33 to 127.0.0.1:1025
EAP-Message =
"\001`\004\n\r\300\000\000\010\020\026\003\001\000J\002\000\000F\003\001>o\001\245j\322\336PdT\002]\301?\302\326icG\350t\204\035\250\250\031\307\345\304\356\024\351
D\0026A^\010yf\343\023\027\336\217\372\214\356\242\254\024l(Pqi\232\200)hB\321\021'\0005\000\026\003\001\007\252\013\000\007\246\000\007\243\000\003\3460\202\003\3420\202\003K\240\003\002\001\002\002\001\0020\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2361\0130\t\006\003U\004\006\023\002US1\0210\017\006\003U\004\010\023\010Maryland1\0250\023"
EAP-Message = "\tadam-root1 [EMAIL PROTECTED]
Park1\0370\035\006\003U\004\n\023\026University of
Maryland1\0160\014\006\003U\004\013\023\005MISSL1\0240\022\006\003U\004\003\023\013adam-server1
[EMAIL PROTECTED]"
EAP-Message =
"\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\273\002\302CT\014\t\242\rd\245\310\302\233\312w'\366*d2&\\8\375I\0009-WTF\226\0278n\225\234\264>\356w\314\230\250\014\036\217\317\332U\2011\025\355\301B\024\033\225;Wq\267\236\0322\273\334/;\035\000F\010-\262\217\345Sc\037\203\315!A\023\210\224\2242\303\260\331l\327|\004k2([EMAIL
PROTECTED]
\260\222\036\365\310\263\315\032\237\255\356\2342V\306\345\002\003\001\000\001\243\202\001*0\202\001&0\t\006\003U\035\023\004\0020\0000,\006\t`\206"
EAP-Message =
"#\004\201\3030\201\300\200\024o\211XNU\355\305\320\346\275-\213\200\376\221\226\005\211v\224\241\201\244\244\201\2410\201\2361\0130\t\006\003U\004\006\023\002US1\0210\017\006\003U\004\010\023\010Maryland1\0250\023\006\003U\004\007\023\014College
Park1\0370\035\006\003U\004\n\023\026University of
Maryland1\0160\014\006\003U\004\013\023\005MISSL1\0220\020\006\003U\004\003\023\tadam-root1
[EMAIL PROTECTED]"
EAP-Message =
"\361\205\034\323\274z\2738\247\331\005\332\247\253\262\256L\274\266\207~C~\213\341\r"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x272dece100fd0f3805238caecf1cf2e8a5016f3e49666f6663df7ab20e2439920a28f735
Finished request 26
Going to the next request
--- Walking the entire request list ---
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=34, length=189
User-Name = "adam-ctl"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-05-5D-5C-20-D3:lolored2"
Calling-Station-Id = "00-02-2D-2B-BB-21"
Framed-MTU = 2304
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = "\002`\000\006\r"
State =
0x272dece100fd0f3805238caecf1cf2e8a5016f3e49666f6663df7ab20e2439920a28f735
Message-Authenticator = 0xeb54a3b95053b101a7ff03df232977c1
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched adam-ctl at 6
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 34 to 127.0.0.1:1025
EAP-Message =
"\001a\004\n\r\300\000\000\010\020\223\271\303\245\331dd\231\n,r\300\357\334\325\345\376\004\rA\241\264\304&\254\265s\254\226\216r\010\320l\376\201\264\317yeZ\023Bu\330D\374S\326\263\245_\334\325\372\301\316\340\252\206\3233\216\237\274*\314\000\003\2670\202\003\2630\202\003\034\240\003\002\001\002\002\001\0000\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2361\0130\t\006\003U\004\006\023\002US1\0210\017\006\003U\004\010\023\010Maryland1\0250\023\006\003U\004\007\023\014College
Park1\0370\035\006\003U\004"
EAP-Message = "[EMAIL PROTECTED]
Park1\0370\035\006\003U\004\n\023\026University of
Maryland1\0160\014\006\003U\004\013\023\005MISSL1\0220\020\006\003U\004\003\023\tadam-root1
[EMAIL PROTECTED]"
EAP-Message = "\\>[EMAIL
PROTECTED];\232\004]\024\365\267Q}\272u\352/\262\203\001\364>6[\362Mp\210\226\264kHCk\027\274\30678x\373,\222\3065^\316\375\241\216Jo\233="\332i>\207\020\204\020t\253\245\364q\0278\252#$\214\256\024\354\240$6er\356\375\277rT\236\223|\227z,\352\307d\242\311]\241c\345\300Ynl\260\222\264\256\021\335\002\003\001\000\001\243\201\3760\201\3730\035\006\003U\035\016\004\026\004\024o\211XNU\355\305\320\346\275-\213\200\376\221\226\005\211v\2240\201\313\006\003U\035#\004\201\3030\201\300\200\024o\211"
EAP-Message = "lege Park1\0370\035\006\003U\004\n\023\026University of
Maryland1\0160\014\006\003U\004\013\023\005MISSL1\0220\020\006\003U\004\003\023\tadam-root1
[EMAIL PROTECTED]
T.\317\035u6?\010\262\314\007\313\204\266\327E\032\377qLzw];\361fis\373\0145\347\317\326\303\032\027\235p\300\205\274E\233\241)L\035\312"\313\222s\307"
EAP-Message =
"\301\365\241u1<\231\212BS~\201\024\340\273\240\010\230\311\22691\326M\026\003"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x7163e58fac7d48cb08aefa1d40043807a5016f3e7a46230cad7eeae0acda24844b1e161e
Finished request 27
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=35, length=189
User-Name = "adam-ctl"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-05-5D-5C-20-D3:lolored2"
Calling-Station-Id = "00-02-2D-2B-BB-21"
Framed-MTU = 2304
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = "\002a\000\006\r"
State =
0x7163e58fac7d48cb08aefa1d40043807a5016f3e7a46230cad7eeae0acda24844b1e161e
Message-Authenticator = 0xaa6d5cbb8086c3678f2976bf49ce0f2c
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched adam-ctl at 6
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 35 to 127.0.0.1:1025
EAP-Message =
"\001b\000\032\r\200\000\000\010\020\001\000\r\r\000\000\005\002\001\002\000\000\016\000\000"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xe82d8de7712359fdba5c6e493e6c9bafa5016f3e6240c1360aeb808fd664e6df449609cf
Finished request 28
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=36, length=200
User-Name = "adam-ctl"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-05-5D-5C-20-D3:lolored2"
Calling-Station-Id = "00-02-2D-2B-BB-21"
Framed-MTU = 2304
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = "\002b\000\021\r\200\000\000\000\007\025\003\001\000\002\002-"
State =
0xe82d8de7712359fdba5c6e493e6c9bafa5016f3e6240c1360aeb808fd664e6df449609cf
Message-Authenticator = 0x8cc94d08936d1e1bb43c2dcfb410e37f
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched adam-ctl at 6
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
content_type = 21
record_len = 2
<<< TLS 1.0 Alert [length 0002], fatal certificate_expired
(SSL_accept) failed in SSLv3 read client certificate A
Error in SSL ..... 1
<-------------------------------------------------------------------------
In SSL Handshake Phase
In SSL Accept mode
rlm_eap_tls: BIO_read Error
Error in SSL ..... 1
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 36 to 127.0.0.1:1025
EAP-Message = "\001c\000\n\r\200\000\000\000"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x508e039aabc81fb50490bf4785fb969fa5016f3e84464ca27352e66c47e24f425f66ff78
Finished request 29
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=37, length=189
User-Name = "adam-ctl"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-05-5D-5C-20-D3:lolored2"
Calling-Station-Id = "00-02-2D-2B-BB-21"
Framed-MTU = 2304
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = "\002c\000\006\r"
State = 0x508e039aabc81fb50490bf4785fb969fa5016f3e84464ca273
52e66c47e24f425f66ff78
Message-Authenticator = 0x0767bef251b3ee9989eee00dea2a58af
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched adam-ctl at 6
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: Unexpected ACK received
modcall[authenticate]: module "eap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 30 for 1 seconds
Finished request 30
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 25 ID 32 with timestamp 3e6f01a1
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 37 to 127.0.0.1:1025
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 26 ID 33 with timestamp 3e6f01a5
Cleaning up request 27 ID 34 with timestamp 3e6f01a5
Cleaning up request 28 ID 35 with timestamp 3e6f01a5
Cleaning up request 29 ID 36 with timestamp 3e6f01a5
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 30 ID 37 with timestamp 3e6f01a6
Nothing to do. Sleeping until we see a request.
**************************************************************************************************
The errors I have found are marked with "<---------". Somebody can help me?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
