I am new to FreeRadius and 802.1x. I have had dealings with Livingston v1.xx & v2.xx years ago in my days with an ISP.
I am wondering if anyone has some pointers on how I should proceed from here. I am at a loss as to why this isn't working. Output and version info below. The intent of the configuration is toward EAP/TLS... Thank you. Versions: freeradius-0.9.3 [RHL 7.3] openssl-0.9.7c Client: Odyssey v2.22.00.516 [Win 2000Pro] AP: SMC2804WBR Barricade ======================== + LD_LIBRARY_PATH=/usr/local/ssl/lib + LD_PRELOAD=/usr/local/ssl/lib/libcrypto.so + export LD_LIBRARY_PATH + export LD_PRELOAD + /usr/local/sbin/radiusd -X -A Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: bind_address = 172.28.1.1 IP address [172.28.1.1] main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 rlm_eap: Loaded and initialized the type leap tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/1x/gandalf-wl.pem" tls: certificate_file = "/etc/1x/gandalf-wl.pem" tls: CA_file = "/etc/1x/root.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc/1x/DH" tls: random_file = "/etc/1x/random" tls: fragment_size = 512 tls: include_length = yes rlm_eap_tls: conf N ctx stored rlm_eap: Loaded and initialized the type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address 172.28.1.1, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 172.28.1.2:32801, id=3, length=150 User-Name = "jfurman" NAS-IP-Address = 172.28.1.2 Called-Station-Id = "00-04-E2-7A-E3-3F:photonic" Calling-Station-Id = "00-90-4B-16-66-0A" NAS-Identifier = "gandalf-wl" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203000c016a6675726d616e Message-Authenticator = 0x36556d778c502734d8a41b1dd29bf361 modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_eap: EAP packet type notification id 3 length 12 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 0 rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched jfurman at 101 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 0 rlm_eap: EAP packet type notification id 3 length 12 rlm_eap: EAP Start not found rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns ok for request 0 modcall: group authenticate returns ok for request 0 Login OK: [jfurman] (from client gandalf-SMC port 29 cli 00-90-4B-16-66-0A) Sending Access-Challenge of id 3 to 172.28.1.2:32801 EAP-Message = 0x010400060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3d9e372e1e779e46ee03a982e6e21878b424c43f9b2e78a75b11a9540b4e0983f617ac bc Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.28.1.2:32802, id=4, length=274 User-Name = "jfurman" NAS-IP-Address = 172.28.1.2 Called-Station-Id = "00-04-E2-7A-E3-3F:photonic" Calling-Station-Id = "00-90-4B-16-66-0A" NAS-Identifier = "gandalf-wl" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x3d9e372e1e779e46ee03a982e6e21878b424c43f9b2e78a75b11a9540b4e0983f617ac bc EAP-Message = 0x020400620d800000005816030100530100004f03013fc425c06a2d4485697d30480499 6d3f433e999e01cdca27cee4c3f84265810900002800160013006600150012000a000500 040009006300650060006200610064001400110003000600080100 Message-Authenticator = 0xa9b6ea3ec4e5940686348e1922b48bfd modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 rlm_eap: EAP packet type notification id 4 length 98 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 1 rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 users: Matched jfurman at 101 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 1 rlm_eap: EAP packet type notification id 4 length 98 rlm_eap: EAP Start not found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: Length Included undefined: before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0053], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06b8], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 00b5], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap_tls: SSL_read Error Error code is ..... 2 SSL Error ..... 2 modcall[authenticate]: module "eap" returns ok for request 1 modcall: group authenticate returns ok for request 1 Login OK: [jfurman] (from client gandalf-SMC port 29 cli 00-90-4B-16-66-0A) Sending Access-Challenge of id 4 to 172.28.1.2:32802 EAP-Message = 0x0105020a0dc0000007c6160301004a0200004603013fc424b4f9fedaedbe1147e2eee4 5ad8d3452502bf9ab58a151a697c9328f4252096e8b3dab584c560b1f869a8298145ae09 6b3cac3fe568ee975a94717c7cba87000a0016030106b80b0006b40006b10002e3308202 df30820248a003020102020101300d06092a864886f70d01010405003081a3310b300906 03550406130243413110300e060355040813074f6e746172696f3111300f060355040713 0857617465726c6f6f311d301b060355040a1314546865204261726f6e2053742e204d61 74726978311a3018060355040b13114469676974616c20576f726b2053686f7031143012 0603 EAP-Message = 0x550403130b4a6f686e204675726d616e311e301c06092a864886f70d010901160f6a6f 686e406675726d616e2e6e6574301e170d3033313132363033323233355a170d31333131 32333033323233355a3081ad310b30090603550406130243413110300e06035504081307 4f6e746172696f3111300f0603550407130857617465726c6f6f311d301b060355040a13 14546865204261726f6e2053742e204d6174726978311a3018060355040b131144696769 74616c20576f726b2053686f70311e301c0603550403131567616e64616c662d776c2e66 75726d616e2e6e6574311e301c06092a864886f70d010901160f6a6f686e406675726d61 6e2e EAP-Message = 0x6e657430819f300d06092a864886f70d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x06acb8be557eedd4f4c540e82ddbcb51b424c43ff6c2dc8b666fc15cb83d54fa5947a2 64 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.28.1.2:32803, id=5, length=182 User-Name = "jfurman" NAS-IP-Address = 172.28.1.2 Called-Station-Id = "00-04-E2-7A-E3-3F:photonic" Calling-Station-Id = "00-90-4B-16-66-0A" NAS-Identifier = "gandalf-wl" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x06acb8be557eedd4f4c540e82ddbcb51b424c43ff6c2dc8b666fc15cb83d54fa5947a2 64 EAP-Message = 0x020500060d00 Message-Authenticator = 0xf724929138014975203c6ab9414934e4 modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 rlm_eap: EAP packet type notification id 5 length 6 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 2 rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 users: Matched jfurman at 101 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 2 rlm_eap: EAP packet type notification id 5 length 6 rlm_eap: EAP Start not found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: Received EAP-TLS ACK message modcall[authenticate]: module "eap" returns ok for request 2 modcall: group authenticate returns ok for request 2 Login OK: [jfurman] (from client gandalf-SMC port 29 cli 00-90-4B-16-66-0A) Sending Access-Challenge of id 5 to 172.28.1.2:32803 EAP-Message = 0x0106020a0dc0000007c6010101050003818d0030818902818100cf5f17f66223c8bdbc 2c91ce38eeed14c9ddbe0650af72c16d6665f9aa23bb24b716493e7528ba394efbd5a2ee 52cdf35c20b8f3328edda0f9f8b6954a59476345319a9fe19b06771da2ef98a7341896c6 5e9a6d0659aeae555aacc3af044919ae7c3e196667cf825fce7bbae5a9585140f71882e8 7e88cccb76db43c8ab86a10203010001a317301530130603551d25040c300a06082b0601 0505070301300d06092a864886f70d01010405000381810088b1aa9ba826acc6168cf85e 7491ff9876b54a607ee2c443a9daf9226e0184348c88be0d35a911f7387b3cac2e80d5f4 6242 EAP-Message = 0x967fd45b2f71bc0f5b60a5e01a40f68a4977be6d30f71b4246e952ed781e58bd306c6b 0728fc4d2b646c8373c26c814b658a8cdc746a474c67d9f8092e918d1c5c7144eb9049eb 4b7e5cc561fa8e0003c8308203c43082032da003020102020100300d06092a864886f70d 01010405003081a3310b30090603550406130243413110300e060355040813074f6e7461 72696f3111300f0603550407130857617465726c6f6f311d301b060355040a1314546865 204261726f6e2053742e204d6174726978311a3018060355040b13114469676974616c20 576f726b2053686f70311430120603550403130b4a6f686e204675726d616e311e301c06 092a EAP-Message = 0x864886f70d010901160f6a6f686e4066 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa89eb29be3afe1308aff59713662ea3bb424c43ff54c10a60c1ec2a3b0dd89df110cfe 19 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.28.1.2:32804, id=6, length=182 User-Name = "jfurman" NAS-IP-Address = 172.28.1.2 Called-Station-Id = "00-04-E2-7A-E3-3F:photonic" Calling-Station-Id = "00-90-4B-16-66-0A" NAS-Identifier = "gandalf-wl" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xa89eb29be3afe1308aff59713662ea3bb424c43ff54c10a60c1ec2a3b0dd89df110cfe 19 EAP-Message = 0x020600060d00 Message-Authenticator = 0x1814370217223b14ff685eefa66fe8a2 modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 rlm_eap: EAP packet type notification id 6 length 6 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 3 rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 users: Matched jfurman at 101 modcall[authorize]: module "files" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 3 rlm_eap: EAP packet type notification id 6 length 6 rlm_eap: EAP Start not found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: Received EAP-TLS ACK message modcall[authenticate]: module "eap" returns ok for request 3 modcall: group authenticate returns ok for request 3 Login OK: [jfurman] (from client gandalf-SMC port 29 cli 00-90-4B-16-66-0A) Sending Access-Challenge of id 6 to 172.28.1.2:32804 EAP-Message = 0x0107020a0dc0000007c675726d616e2e6e6574301e170d303331313236303332313435 5a170d3033313232363033323134355a3081a3310b30090603550406130243413110300e 060355040813074f6e746172696f3111300f0603550407130857617465726c6f6f311d30 1b060355040a1314546865204261726f6e2053742e204d6174726978311a301806035504 0b13114469676974616c20576f726b2053686f70311430120603550403130b4a6f686e20 4675726d616e311e301c06092a864886f70d010901160f6a6f686e406675726d616e2e6e 657430819f300d06092a864886f70d010101050003818d0030818902818100bfddd47040 520d EAP-Message = 0x8c7fc48b34025b9776e472a0d724270bb5c21059e1e3f0588e3fe0161e21ebd49102d4 39d9b9a817f23b97b8aa70a0dec4e6004132d6bcab310081e670fdcd5ea42b2c3f7ef516 543910702ce5b8f07f77ee381bd5f12f5de856abc6c47d5ceb953e25dfb6a7b51d7748ef 6633ad192eac8e0cf30b922945230203010001a382010430820100301d0603551d0e0416 04144ee96822f8daeb3f3e4a4d286439ebdde51ac9433081d00603551d230481c83081c5 80144ee96822f8daeb3f3e4a4d286439ebdde51ac943a181a9a481a63081a3310b300906 03550406130243413110300e060355040813074f6e746172696f3111300f060355040713 0857 EAP-Message = 0x617465726c6f6f311d301b060355040a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3e72fdcbe8347fa2b5ea91270c722b2fb424c43f5551d4902c7806714f5dda64aeea04 59 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.28.1.2:32805, id=7, length=182 User-Name = "jfurman" NAS-IP-Address = 172.28.1.2 Called-Station-Id = "00-04-E2-7A-E3-3F:photonic" Calling-Station-Id = "00-90-4B-16-66-0A" NAS-Identifier = "gandalf-wl" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x3e72fdcbe8347fa2b5ea91270c722b2fb424c43f5551d4902c7806714f5dda64aeea04 59 EAP-Message = 0x020700060d00 Message-Authenticator = 0x2a2bede34876c9f2a5c665d6167dd8a0 modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 rlm_eap: EAP packet type notification id 7 length 6 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 4 rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 users: Matched jfurman at 101 modcall[authorize]: module "files" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 4 rlm_eap: EAP packet type notification id 7 length 6 rlm_eap: EAP Start not found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: Received EAP-TLS ACK message modcall[authenticate]: module "eap" returns ok for request 4 modcall: group authenticate returns ok for request 4 Login OK: [jfurman] (from client gandalf-SMC port 29 cli 00-90-4B-16-66-0A) Sending Access-Challenge of id 7 to 172.28.1.2:32805 EAP-Message = 0x010801d00d80000007c61314546865204261726f6e2053742e204d6174726978311a30 18060355040b13114469676974616c20576f726b2053686f70311430120603550403130b 4a6f686e204675726d616e311e301c06092a864886f70d010901160f6a6f686e40667572 6d616e2e6e6574820100300c0603551d13040530030101ff300d06092a864886f70d0101 04050003818100b384d95f067fb36265b9d538171886c9809a5df2cbb8eafd92b27f36e1 42e893db682394c465c2aa2ca4d9a8a8a4a633f1a7ef01acc65699adcf3c61c233ad2833 b39a551b5637a467aa5da3e82cc01d3d854c1ee48d28e7a5f1b3e1ab0e6b08dcc03f8106 5c17 EAP-Message = 0xf4866794daa7c7a883e18d6ddeb24dec8ef0a9239a9ecdd3c016030100b50d0000ad02 010200a800a63081a3310b30090603550406130243413110300e060355040813074f6e74 6172696f3111300f0603550407130857617465726c6f6f311d301b060355040a13145468 65204261726f6e2053742e204d6174726978311a3018060355040b13114469676974616c 20576f726b2053686f70311430120603550403130b4a6f686e204675726d616e311e301c 06092a864886f70d010901160f6a6f686e406675726d616e2e6e65740e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdf049e84facb017230b9603e60148fbab424c43fc126f34100aa954f5a248962519f65 e9 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.28.1.2:32806, id=8, length=1184 User-Name = "jfurman" NAS-IP-Address = 172.28.1.2 State = 0xdf049e84facb017230b9603e60148fbab424c43fc126f34100aa954f5a248962519f65 e9 EAP-Message = 0x0208043b0d800000043116030102e30b0002df0002dc0002d9308202d53082023ea003 020102020102300d06092a864886f70d01010405003081a3310b30090603550406130243 413110300e060355040813074f6e746172696f3111300f0603550407130857617465726c 6f6f311d301b060355040a1314546865204261726f6e2053742e204d6174726978311a30 18060355040b13114469676974616c20576f726b2053686f70311430120603550403130b 4a6f686e204675726d616e311e301c06092a864886f70d010901160f6a6f686e40667572 6d616e2e6e6574301e170d3033313132363033323335325a170d31333131323330333233 3532 EAP-Message = 0x5a3081a3310b30090603550406130243413110300e060355040813074f6e746172696f 3111300f0603550407130857617465726c6f6f311d301b060355040a1314546865204261 726f6e2053742e204d6174726978311a3018060355040b13114469676974616c20576f72 6b2053686f70311430120603550403130b4a6f686e204675726d616e311e301c06092a86 4886f70d010901160f6a6f686e406675726d616e2e6e657430819f300d06092a864886f7 0d010101050003818d0030818902818100a9fd3ecf95d14f9ba6949ce368727cb2592964 8cc7ddc63d454d877f7a52a0e43e4beb5c4008c7c3f8733b5afd8a41ff16256c2c491737 d27a EAP-Message = 0xc2615554dd2cbff2ebce2e81c0e188011abe0111fd40b17525ba602ca6941e7bce1832 51b11ed6b9b060e5006a9a1339fc1915bfd033ab5b54451d968dd612014ad7f73cc151d9 0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a86 4886f70d01010405000381810094c61bcb3927b2fab9dca2e0ba87a90d46ed0d87cfb9e5 10af1ab65ca9077cf17377dca0473b4e132fe5a040b46dc873982c52439a584959bb323e 13d1f9fa33015e615e9bc1d865f58c02d62a61a26cadb23a3069cb5a156452459b30405d 7c10f58c8c7b72ebd9f420588f2f645aaf63089286ae7820cafa2c521ce3062f6c160301 0086 EAP-Message = 0x100000820080c6f3c75b00bb3e4c3650ef244cc94cc02cf3b219ce51910552dd46648d ce427edf67877678e2c417b0bf296e40e856c7d547e3b56d82c7bc565e731b048ef68253 dafc78cf4c68bf8f3e2dd23b4b88dac1f3bd48dde3fcbb74575e170c5ad2d587225e38e1 8a74eae1e358f89001f777ec741e4d622d5fa28a0ee171cd8e898916030100860f000082 0080676a9d694657cfc750f19794175fb37c7c755c82e6c8226f2e5d39766b0756b2f18f 197277cc2ee36afa8ba6de2cc2b151912bf27eb9ce2a1e75636f18539e6c05a65d5616d1 b994c92a797fcfb30ccd454e1039aa7128ab8ac4708a9f9ff272ac6585b8578a5408f012 f3b0 EAP-Message = 0xb471c078bd58d695080828fb9131a8cb388497c014030100010116030100280d5d92d1 412eb3d3bc97cb1bac51d34fc86e72ef8330d2c79dcf0b3611e83638996af62020ef1227 Message-Authenticator = 0xffbad49fddab0937a09d292bb5fef198 modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 rlm_eap: EAP packet type notification id 8 length 1083 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 5 rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 users: Matched jfurman at 101 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 5 rlm_eap: EAP packet type notification id 8 length 1083 rlm_eap: EAP Start not found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: Length Included rlm_eap_tls: <<< TLS 1.0 Handshake [length 02e3], Certificate --> verify error:num=18:self signed certificate chain-depth=0, error=18 --> User-Name = jfurman --> BUF-Name = John Furman --> subject = /C=CA/ST=Ontario/L=Waterloo/O=The Baron St. Matrix/OU=Digital Work Shop/CN=John Furman/[EMAIL PROTECTED] --> issuer = /C=CA/ST=Ontario/L=Waterloo/O=The Baron St. Matrix/OU=Digital Work Shop/CN=John Furman/[EMAIL PROTECTED] --> verify return:0 rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap_tls: SSL_read Error 14485:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:1987: Error code is ..... 5 Error in SSL ..... 5 modcall[authenticate]: module "eap" returns ok for request 5 modcall: group authenticate returns ok for request 5 Login OK: [jfurman] (from client gandalf-SMC port 0) Sending Access-Challenge of id 8 to 172.28.1.2:32806 EAP-Message = 0x010900110d800000000715030100020230 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa06941ccbefba80f1610a7bcbb13e3cb524c43ff671c9a40334808de0326a4aec127e b6 Finished request 5 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.28.1.2:32807, id=9, length=182 User-Name = "jfurman" NAS-IP-Address = 172.28.1.2 Called-Station-Id = "00-04-E2-7A-E3-3F:photonic" Calling-Station-Id = "00-90-4B-16-66-0A" NAS-Identifier = "gandalf-wl" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xaa06941ccbefba80f1610a7bcbb13e3cb524c43ff671c9a40334808de0326a4aec127e b6 EAP-Message = 0x020900060d00 Message-Authenticator = 0x445e8e2c362db6017d01e367d2e66b2f modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 rlm_eap: EAP packet type notification id 9 length 6 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 6 rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 users: Matched jfurman at 101 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 6 rlm_eap: EAP packet type notification id 9 length 6 rlm_eap: EAP Start not found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: Received EAP-TLS ACK message rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 6 modcall: group authenticate returns ok for request 6 Login OK: [jfurman] (from client gandalf-SMC port 29 cli 00-90-4B-16-66-0A) Delaying request 6 for 1 seconds Finished request 6 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.28.1.2:32807, id=9, length=182 Sending Access-Reject of id 9 to 172.28.1.2:32807 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 3 with timestamp 3fc424b4 Cleaning up request 1 ID 4 with timestamp 3fc424b4 Cleaning up request 2 ID 5 with timestamp 3fc424b4 Cleaning up request 3 ID 6 with timestamp 3fc424b4 Cleaning up request 4 ID 7 with timestamp 3fc424b4 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 5 ID 8 with timestamp 3fc424b5 Cleaning up request 6 ID 9 with timestamp 3fc424b5 Nothing to do. Sleeping until we see a request. ======================== Regards, -- John Furman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html