hi!
unfortunately, there is no error in what you've sent. Freeradius replies correctly to the received EAP Identity with a challenge. No error is displayed. In your log, no answer from client appears, so it's impossible to say what is NOT working. ciao artur > Lee Puay Yong wrote: > > hi, > > I had tried using the freeRADIUS EAP/TLS - WinXP HOWTO and has been > successfully with the packages used in the guide (FreeRADIUS > snapshot-20021028). Everything was well. > > However, I tried to upgrade using the latest radius packages (version > 0.9) but it does work anymore (same packes for OpenSSL for the > previous radius version). > > modcall: entering group authenticate > rlm_eap: EAP packet type notification id 5 length 15 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns ok > > I got the above messages. Is there a problem with the eap-tls module > in version 0.9. I was able to established ttls handshake following > the guide. Do I have to use a different OpenSSL version for radius 0.9 > (can suggest what I should use)? > > Have anyone tried radius 0.9 eap-tls module able to provide > some insights to the problem? > > > > regards, > > Puay Yong > > > > [EMAIL PROTECTED] root]# run-radiusd -X -A > + LD_LIBRARY_PATH=/usr/local/openssl/lib > + LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so > + export LD_LIBRARY_PATH LD_PRELOAD > + /usr/sbin/radiusd -X -A > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /etc/raddb/proxy.conf > Config: including file: /etc/raddb/clients.conf > Config: including file: /etc/raddb/snmp.conf > Config: including file: /etc/raddb/sql.conf > main: prefix = "/usr" > main: localstatedir = "/var" > main: logdir = "/var/log/radius" > main: libdir = "/usr/lib" > main: radacctdir = "/var/log/radius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = "/var/log/radius/radius.log" > main: log_auth = no > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = "/var/run/radiusd/radiusd.pid" > main: user = "(null)" > main: group = "(null)" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/sbin/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = yes > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 > read_config_files: reading dictionary > read_config_files: reading naslist > Using deprecated naslist file. Support for this will go away soon. > read_config_files: reading clients > Using deprecated clients file. Support for this will go away soon. > read_config_files: reading realms > Using deprecated realms file. Support for this will go away soon. > radiusd: entering modules setup > Module: Library search path is /usr/lib > Module: Loaded expr > Module: Instantiated expr (expr) > Module: Loaded System > unix: cache = no > unix: passwd = "(null)" > unix: shadow = "(null)" > unix: group = "(null)" > unix: radwtmp = "/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 > Module: Instantiated unix (unix) > Module: Loaded eap > eap: default_eap_type = "tls" > eap: timer_expire = 60 > tls: rsa_key_exchange = no > tls: dh_key_exchange = yes > tls: rsa_key_length = 512 > tls: dh_key_length = 512 > tls: verify_depth = 0 > tls: CA_path = "(null)" > tls: pem_file_type = yes > tls: private_key_file = "/etc/radius/radiusap.pem" > tls: certificate_file = "/etc/radius/radiusap.pem" > tls: CA_file = "/etc/radius/root.pem" > tls: private_key_password = "whatever" > tls: dh_file = "/etc/radius/DH" > tls: random_file = "/etc/radius/random" > tls: fragment_size = 1024 > tls: include_length = yes > rlm_eap_tls: conf N ctx stored > rlm_eap: Loaded and initialized the type tls > Module: Instantiated eap (eap) > Module: Loaded preprocess > preprocess: huntgroups = "/etc/raddb/huntgroups" > preprocess: hints = "/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no > Module: Instantiated preprocess (preprocess) > Module: Loaded realm > realm: format = "suffix" > realm: delimiter = "@" > Module: Instantiated realm (suffix) > Module: Loaded files > files: usersfile = "/etc/raddb/users" > files: acctusersfile = "/etc/raddb/acct_users" > files: preproxy_usersfile = "/etc/raddb/preproxy_users" > files: compat = "no" > Module: Instantiated files (files) > Module: Loaded Acct-Unique-Session-Id > acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, > Client-IP-Addre > ss, NAS-Port-Id" > Module: Instantiated acct_unique (acct_unique) > Module: Loaded detail > detail: detailfile = > "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m% > d" > detail: detailperm = 384 > detail: dirperm = 493 > detail: locking = no > Module: Instantiated detail (detail) > Module: Loaded radutmp > radutmp: filename = "/var/log/radius/radutmp" > radutmp: username = "%{User-Name}" > radutmp: case_sensitive = yes > radutmp: check_with_nas = yes > radutmp: perm = 384 > radutmp: callerid = yes > Module: Instantiated radutmp (radutmp) > Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on > 1814/udp. > Ready to process requests. > rad_recv: Access-Request packet from host 172.28.10.222:1645, id=24, > length=135 > User-Name = "everything" > Framed-MTU = 1400 > Called-Station-Id = "0002.8a78.b76c" > Calling-Station-Id = "0007.50ca.f48e" > NAS-Port-Type = Wireless-802.11 > Message-Authenticator = 0x559ad0c76f3ada1c49ab476c7312c8ef > EAP-Message = 0x0205000f0165766572797468696e67 > NAS-Port-Type = Virtual > NAS-Port = 8 > Service-Type = Login-User > NAS-IP-Address = 172.28.10.222 > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > rlm_eap: EAP packet type notification id 5 length 15 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated > rlm_realm: No '@' in User-Name = "everything", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop > users: Matched everything at 154 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns updated > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: EAP packet type notification id 5 length 15 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns ok > modcall: group authenticate returns ok > Sending Access-Challenge of id 24 to 172.28.10.222:1645 > EAP-Message = 0x010600060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = > 0x8a72e6e82a8f36e597ee10ce669bf1047eaf3c3f5baafeac546001236e4968 > 37139d135a > Finished request 0 > Going to the next request > --- Walking the entire request list --- > -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html