hello,
I ve installed freeRadius with EAP-TTLS.
i've done the configuration but i have always an access reject. for a user who is in
the users file.
Can u help me plz ?
I have freeradius snapshot 20031208 with openssl 0.9.7c
thank you for your help
***********************************************************
the log given by ./radiusd -X when i launched it and tried to connect
thank u for ur help !!
************************************************************
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.Ready
to process requests.
-rad_recv: Access-Request packet from host 172.17.3.143:6001, id=73, length=112
User-Name = "Rola"
NAS-IP-Address = 172.17.3.143
Called-Station-Id = "0008027608dc"
Calling-Station-Id = "0002a52ece4f"
NAS-Identifier = "projet hp"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022e000901526f6c61
Message-Authenticator = 0x63e0879dc130b56da5f0a2b0db4458aa
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_eap: EAP packet type response id 46 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched Rola at 92
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 73 to 172.17.3.143:6001
EAP-Message = 0x012f00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x50ff8358905644caaeaf96f69824ac43
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.17.3.143:6001, id=74, length=127
User-Name = "Rola"
NAS-IP-Address = 172.17.3.143
Called-Station-Id = "0008027608dc"
Calling-Station-Id = "0002a52ece4f"
NAS-Identifier = "projet hp"
State = 0x50ff8358905644caaeaf96f69824ac43
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022f00060315
Message-Authenticator = 0x6e1c186fe7810fd73012d0408a3e8491
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
rlm_eap: EAP packet type response id 47 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
users: Matched Rola at 92
modcall[authorize]: module "files" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 74 to 172.17.3.143:6001
EAP-Message = 0x013000061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9a5bc83a65edf411d448ecb0b1286dcd
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.17.3.143:6001, id=75, length=181
User-Name = "Rola"
NAS-IP-Address = 172.17.3.143
Called-Station-Id = "0008027608dc"
Calling-Station-Id = "0002a52ece4f"
NAS-Identifier = "projet hp"
State = 0x9a5bc83a65edf411d448ecb0b1286dcd
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0230003c158000000032160301002d0100002903012b0217004281095ac08bdb14ec298b8fda2563b3c26cb28ae3d9c0ec576e7a94000002000a0100
Message-Authenticator = 0xe13ffadf56f2d9adcb43cc5c36c3a635
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
rlm_eap: EAP packet type response id 48 length 60
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched Rola at 92
modcall[authorize]: module "files" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
undefined: before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 05ec], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 75 to 172.17.3.143:6001
EAP-Message =
0x0131040a15c000000649160301004a020000460301404c972b121329496a6abf00b11f48487233b4501518bb07442ef10038298199205500a240a4439bf1476fc31aa325f0ff2605b95c876afb97b40e0d99cea52c61000a0016030105ec0b0005e80005e500029f3082029b30820204a003020102020101300d06092a864886f70d01010405003078310b30090603550406130246523111300f060355040813084272657461676e65310f300d0603550407130652656e6e65733110300e060355040a1307537570656c6563310a3008060355040b1301493127302506092a864886f70d01090116186d6172636f2e646962656c6c6f40737570656c65
EAP-Message =
0x632e6672301e170d3034303330373231343632315a170d3035303330373231343632315a308195310b30090603550406130246523111300f060355040813084272657461676e65310f300d0603550407130652656e6e65733110300e060355040a1307537570656c6563310c300a060355040b130349535231193017060355040313106d6172636f2e737570656c65632e66723127302506092a864886f70d01090116186d6172636f2e646962656c6c6f40737570656c65632e667230819f300d06092a864886f70d010101050003818d0030818902818100cca50f24d76aa3244c2656941d8c9fc0ec2e878c7db587fd4493ffe18860cb7cf063a0c2
EAP-Message =
0xe8b7df9c9bf50735f7a498f0e174604c4b94946c12bfc18b4b7ded90c7e9bfe30fc272508cd221a44a6146a3c033d287d921e2df5e7af732f34ebc4d404333cb4facedea5b583944a7eb744ac8e5c3f7caad6b2666680deb2322fa850203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100012ba8e7e69ce174f3dbd2bbe9cc18a2d46a8a87c8ba72d07e7367e7e7d6030ad6036dc09c962d0e4f07becd4242b984d1d7f6a7ef6d225cf406584d7d219f813a169dba35c717aacf5751c8a39a6c6fb2629179d2816642ff0710886d9b80abfd46c3f6cd85028faf4d2173b2526891
EAP-Message =
0xea9db1d4cf8e197801544a31e1bead8f0003403082033c308202a5a003020102020100300d06092a864886f70d01010405003078310b30090603550406130246523111300f060355040813084272657461676e65310f300d0603550407130652656e6e65733110300e060355040a1307537570656c6563310a3008060355040b1301493127302506092a864886f70d01090116186d6172636f2e646962656c6c6f40737570656c65632e6672301e170d3034303330373133353633355a170d3034303430363133353633355a3078310b30090603550406130246523111300f060355040813084272657461676e65310f300d0603550407130652656e6e
EAP-Message = 0x65733110300e060355040a1307537570656c6563310a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x555c391c272543e695466d89129e001b
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.17.3.143:6001, id=76, length=127
User-Name = "Rola"
NAS-IP-Address = 172.17.3.143
Called-Station-Id = "0008027608dc"
Calling-Station-Id = "0002a52ece4f"
NAS-Identifier = "projet hp"
State = 0x555c391c272543e695466d89129e001b
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x023100061500
Message-Authenticator = 0xcaf3f5d6c58e1d912b6998935387f1df
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
rlm_eap: EAP packet type response id 49 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
users: Matched Rola at 92
modcall[authorize]: module "files" returns ok for request 3
modcall[authorize]: module "mschap" returns noop for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 76 to 172.17.3.143:6001
EAP-Message =
0x013202531580000006493008060355040b1301493127302506092a864886f70d01090116186d6172636f2e646962656c6c6f40737570656c65632e667230819f300d06092a864886f70d010101050003818d0030818902818100a1062368d465628f190f3ca39023166cdabf132afe416a3d30504f591e0f9e1aece9c7c712c7e4ced202c9ad782998a422aebb1f2f8c9ec064368712963685bd18373253a0fcce9f42c43aae5c17f38f0232007534d672ef653e15ff9f34012f383072439f199689bac11c23dfa8b5738e3a9518b7d31d4ced3e5b81d7f7b8130203010001a381d53081d2301d0603551d0e04160414a104900767a1c4598d5cb280b5
EAP-Message =
0x9e343e8e89403f3081a20603551d2304819a3081978014a104900767a1c4598d5cb280b59e343e8e89403fa17ca47a3078310b30090603550406130246523111300f060355040813084272657461676e65310f300d0603550407130652656e6e65733110300e060355040a1307537570656c6563310a3008060355040b1301493127302506092a864886f70d01090116186d6172636f2e646962656c6c6f40737570656c65632e6672820100300c0603551d13040530030101ff300d06092a864886f70d010104050003818100677e8c89bcea2e7d47f14fea7c6b8684a1368058e9536119f9d09c6397de10c3e37294ac5d9581ff46df488f809a1512
EAP-Message =
0xe3067d299a9189610dc746316be835b11dd4fd4ea9420a05709fb07d3df252bd75c971e0458e524841f9049f10a310235cc9b830f8cf0a60a2863061d3be345b13cd0b38eeba9087c78216b94a89e3f516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x37e51e7504de84783903a458b2d7e78a
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.17.3.143:6001, id=77, length=321
User-Name = "Rola"
NAS-IP-Address = 172.17.3.143
Called-Station-Id = "0008027608dc"
Calling-Station-Id = "0002a52ece4f"
NAS-Identifier = "projet hp"
State = 0x37e51e7504de84783903a458b2d7e78a
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x023200c81580000000be1603010086100000820080ba7709b45f988c85ae2936668b26627a9107e2b94a9ed6ba30d36f6eeeba5a0d681aecc701613a717e84b2f62c20f685a28289379fbae4ae2b9f7e33086b5799d9910a5a72c74fbe047364d1977ea098ef9ffccad5046d3cb5e4cc07028cc6f9cdcd5bc64adb45877c025f44d762d15c26a81bc7a5cdbb0da43bcf987a55e9711403010001011603010028a2f256104bf69ad935f662f2189b0fdd4509cc5e9ce6b73b8db6f4ff5456edf2f9b656989df800ff
Message-Authenticator = 0xbc6cb2d5d641fcbd8906dc7b8eea3f57
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
rlm_eap: EAP packet type response id 50 length 200
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
users: Matched Rola at 92
modcall[authorize]: module "files" returns ok for request 4
modcall[authorize]: module "mschap" returns noop for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
undefined: SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 77 to 172.17.3.143:6001
EAP-Message =
0x0133003d1580000000331403010001011603010028a8848c7fd6ec013dcb9d5645bdae93cc45003eb9e4f36d178ba6a7296c35fc398cdf91e48ec05060
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf55dd056caf46a02b4d08dd0db0f5899
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.17.3.143:6001, id=78, length=192
User-Name = "Rola"
NAS-IP-Address = 172.17.3.143
Called-Station-Id = "0008027608dc"
Calling-Station-Id = "0002a52ece4f"
NAS-Identifier = "projet hp"
State = 0xf55dd056caf46a02b4d08dd0db0f5899
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0233004715800000003d170301003876e66b6c599774f1b8c64d6b30d1d6cf08fc3ce7ec5adc591b9caa8d8fdc4234df3c119e99db7bf6c42b6006b894a2e67aaf3bfc138822b3
Message-Authenticator = 0x8a4f08521ab30aaf0ed61af96534ae2e
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
rlm_eap: EAP packet type response id 51 length 71
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
users: Matched Rola at 92
modcall[authorize]: module "files" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS:
Got tunneled request
User-Name = "Rola"
User-Password = "testing"
Freeradius-Proxied-To = 127.0.0.1
TTLS: Sending tunneled request
User-Name = "Rola"
User-Password = "testing"
Freeradius-Proxied-To = 127.0.0.1
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 5
rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
users: Matched Rola at 92
modcall[authorize]: module "files" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
modcall: group authorize returns ok for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 5
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
modcall[authenticate]: module "eap" returns fail for request 5
modcall: group authenticate returns fail for request 5
auth: Failed to validate the user.
TTLS: Got tunneled reply RADIUS code 3
TTLS: Got tunneled Access-Reject
rlm_eap: Handler failed in EAP/ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 5
modcall: group authenticate returns invalid for request 5
auth: Failed to validate the user.
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.17.3.143:6001, id=78, length=192
Sending Access-Reject of id 78 to 172.17.3.143:6001
EAP-Message = 0x04330004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 73 with timestamp 404c972b
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
