hello, I ve installed freeRadius with EAP-TTLS. i've done the configuration but i have always an access reject. for a user who is in the users file. Can u help me plz ? I have freeradius snapshot 20031208 with openssl 0.9.7c thank you for your help
*********************************************************** the log given by ./radiusd -X when i launched it and tried to connect thank u for ur help !! ************************************************************ Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.Ready to process requests. -rad_recv: Access-Request packet from host 172.17.3.143:6001, id=73, length=112 User-Name = "Rola" NAS-IP-Address = 172.17.3.143 Called-Station-Id = "0008027608dc" Calling-Station-Id = "0002a52ece4f" NAS-Identifier = "projet hp" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x022e000901526f6c61 Message-Authenticator = 0x63e0879dc130b56da5f0a2b0db4458aa modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_eap: EAP packet type response id 46 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched Rola at 92 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 73 to 172.17.3.143:6001 EAP-Message = 0x012f00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x50ff8358905644caaeaf96f69824ac43 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.3.143:6001, id=74, length=127 User-Name = "Rola" NAS-IP-Address = 172.17.3.143 Called-Station-Id = "0008027608dc" Calling-Station-Id = "0002a52ece4f" NAS-Identifier = "projet hp" State = 0x50ff8358905644caaeaf96f69824ac43 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x022f00060315 Message-Authenticator = 0x6e1c186fe7810fd73012d0408a3e8491 modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 rlm_eap: EAP packet type response id 47 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 users: Matched Rola at 92 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/ttls rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 74 to 172.17.3.143:6001 EAP-Message = 0x013000061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a5bc83a65edf411d448ecb0b1286dcd Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.3.143:6001, id=75, length=181 User-Name = "Rola" NAS-IP-Address = 172.17.3.143 Called-Station-Id = "0008027608dc" Calling-Station-Id = "0002a52ece4f" NAS-Identifier = "projet hp" State = 0x9a5bc83a65edf411d448ecb0b1286dcd Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0230003c158000000032160301002d0100002903012b0217004281095ac08bdb14ec298b8fda2563b3c26cb28ae3d9c0ec576e7a94000002000a0100 Message-Authenticator = 0xe13ffadf56f2d9adcb43cc5c36c3a635 modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 rlm_eap: EAP packet type response id 48 length 60 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 users: Matched Rola at 92 modcall[authorize]: module "files" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 undefined: before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 05ec], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 75 to 172.17.3.143:6001 EAP-Message = 0x0131040a15c000000649160301004a020000460301404c972b121329496a6abf00b11f48487233b4501518bb07442ef10038298199205500a240a4439bf1476fc31aa325f0ff2605b95c876afb97b40e0d99cea52c61000a0016030105ec0b0005e80005e500029f3082029b30820204a003020102020101300d06092a864886f70d01010405003078310b30090603550406130246523111300f060355040813084272657461676e65310f300d0603550407130652656e6e65733110300e060355040a1307537570656c6563310a3008060355040b1301493127302506092a864886f70d01090116186d6172636f2e646962656c6c6f40737570656c65 EAP-Message = 0x632e6672301e170d3034303330373231343632315a170d3035303330373231343632315a308195310b30090603550406130246523111300f060355040813084272657461676e65310f300d0603550407130652656e6e65733110300e060355040a1307537570656c6563310c300a060355040b130349535231193017060355040313106d6172636f2e737570656c65632e66723127302506092a864886f70d01090116186d6172636f2e646962656c6c6f40737570656c65632e667230819f300d06092a864886f70d010101050003818d0030818902818100cca50f24d76aa3244c2656941d8c9fc0ec2e878c7db587fd4493ffe18860cb7cf063a0c2 EAP-Message = 0xe8b7df9c9bf50735f7a498f0e174604c4b94946c12bfc18b4b7ded90c7e9bfe30fc272508cd221a44a6146a3c033d287d921e2df5e7af732f34ebc4d404333cb4facedea5b583944a7eb744ac8e5c3f7caad6b2666680deb2322fa850203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100012ba8e7e69ce174f3dbd2bbe9cc18a2d46a8a87c8ba72d07e7367e7e7d6030ad6036dc09c962d0e4f07becd4242b984d1d7f6a7ef6d225cf406584d7d219f813a169dba35c717aacf5751c8a39a6c6fb2629179d2816642ff0710886d9b80abfd46c3f6cd85028faf4d2173b2526891 EAP-Message = 0xea9db1d4cf8e197801544a31e1bead8f0003403082033c308202a5a003020102020100300d06092a864886f70d01010405003078310b30090603550406130246523111300f060355040813084272657461676e65310f300d0603550407130652656e6e65733110300e060355040a1307537570656c6563310a3008060355040b1301493127302506092a864886f70d01090116186d6172636f2e646962656c6c6f40737570656c65632e6672301e170d3034303330373133353633355a170d3034303430363133353633355a3078310b30090603550406130246523111300f060355040813084272657461676e65310f300d0603550407130652656e6e EAP-Message = 0x65733110300e060355040a1307537570656c6563310a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x555c391c272543e695466d89129e001b Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.3.143:6001, id=76, length=127 User-Name = "Rola" NAS-IP-Address = 172.17.3.143 Called-Station-Id = "0008027608dc" Calling-Station-Id = "0002a52ece4f" NAS-Identifier = "projet hp" State = 0x555c391c272543e695466d89129e001b Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x023100061500 Message-Authenticator = 0xcaf3f5d6c58e1d912b6998935387f1df modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 rlm_eap: EAP packet type response id 49 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 users: Matched Rola at 92 modcall[authorize]: module "files" returns ok for request 3 modcall[authorize]: module "mschap" returns noop for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 76 to 172.17.3.143:6001 EAP-Message = 0x013202531580000006493008060355040b1301493127302506092a864886f70d01090116186d6172636f2e646962656c6c6f40737570656c65632e667230819f300d06092a864886f70d010101050003818d0030818902818100a1062368d465628f190f3ca39023166cdabf132afe416a3d30504f591e0f9e1aece9c7c712c7e4ced202c9ad782998a422aebb1f2f8c9ec064368712963685bd18373253a0fcce9f42c43aae5c17f38f0232007534d672ef653e15ff9f34012f383072439f199689bac11c23dfa8b5738e3a9518b7d31d4ced3e5b81d7f7b8130203010001a381d53081d2301d0603551d0e04160414a104900767a1c4598d5cb280b5 EAP-Message = 0x9e343e8e89403f3081a20603551d2304819a3081978014a104900767a1c4598d5cb280b59e343e8e89403fa17ca47a3078310b30090603550406130246523111300f060355040813084272657461676e65310f300d0603550407130652656e6e65733110300e060355040a1307537570656c6563310a3008060355040b1301493127302506092a864886f70d01090116186d6172636f2e646962656c6c6f40737570656c65632e6672820100300c0603551d13040530030101ff300d06092a864886f70d010104050003818100677e8c89bcea2e7d47f14fea7c6b8684a1368058e9536119f9d09c6397de10c3e37294ac5d9581ff46df488f809a1512 EAP-Message = 0xe3067d299a9189610dc746316be835b11dd4fd4ea9420a05709fb07d3df252bd75c971e0458e524841f9049f10a310235cc9b830f8cf0a60a2863061d3be345b13cd0b38eeba9087c78216b94a89e3f516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x37e51e7504de84783903a458b2d7e78a Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.3.143:6001, id=77, length=321 User-Name = "Rola" NAS-IP-Address = 172.17.3.143 Called-Station-Id = "0008027608dc" Calling-Station-Id = "0002a52ece4f" NAS-Identifier = "projet hp" State = 0x37e51e7504de84783903a458b2d7e78a Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x023200c81580000000be1603010086100000820080ba7709b45f988c85ae2936668b26627a9107e2b94a9ed6ba30d36f6eeeba5a0d681aecc701613a717e84b2f62c20f685a28289379fbae4ae2b9f7e33086b5799d9910a5a72c74fbe047364d1977ea098ef9ffccad5046d3cb5e4cc07028cc6f9cdcd5bc64adb45877c025f44d762d15c26a81bc7a5cdbb0da43bcf987a55e9711403010001011603010028a2f256104bf69ad935f662f2189b0fdd4509cc5e9ce6b73b8db6f4ff5456edf2f9b656989df800ff Message-Authenticator = 0xbc6cb2d5d641fcbd8906dc7b8eea3f57 modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 rlm_eap: EAP packet type response id 50 length 200 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 users: Matched Rola at 92 modcall[authorize]: module "files" returns ok for request 4 modcall[authorize]: module "mschap" returns noop for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data undefined: SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 77 to 172.17.3.143:6001 EAP-Message = 0x0133003d1580000000331403010001011603010028a8848c7fd6ec013dcb9d5645bdae93cc45003eb9e4f36d178ba6a7296c35fc398cdf91e48ec05060 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf55dd056caf46a02b4d08dd0db0f5899 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.3.143:6001, id=78, length=192 User-Name = "Rola" NAS-IP-Address = 172.17.3.143 Called-Station-Id = "0008027608dc" Calling-Station-Id = "0002a52ece4f" NAS-Identifier = "projet hp" State = 0xf55dd056caf46a02b4d08dd0db0f5899 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0233004715800000003d170301003876e66b6c599774f1b8c64d6b30d1d6cf08fc3ce7ec5adc591b9caa8d8fdc4234df3c119e99db7bf6c42b6006b894a2e67aaf3bfc138822b3 Message-Authenticator = 0x8a4f08521ab30aaf0ed61af96534ae2e modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 rlm_eap: EAP packet type response id 51 length 71 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 users: Matched Rola at 92 modcall[authorize]: module "files" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled request User-Name = "Rola" User-Password = "testing" Freeradius-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "Rola" User-Password = "testing" Freeradius-Proxied-To = 127.0.0.1 modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 5 rlm_realm: No '@' in User-Name = "Rola", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 users: Matched Rola at 92 modcall[authorize]: module "files" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 modcall: group authorize returns ok for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 5 rlm_eap: EAP-Message not found rlm_eap: Malformed EAP Message modcall[authenticate]: module "eap" returns fail for request 5 modcall: group authenticate returns fail for request 5 auth: Failed to validate the user. TTLS: Got tunneled reply RADIUS code 3 TTLS: Got tunneled Access-Reject rlm_eap: Handler failed in EAP/ttls rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 5 modcall: group authenticate returns invalid for request 5 auth: Failed to validate the user. Delaying request 5 for 1 seconds Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.3.143:6001, id=78, length=192 Sending Access-Reject of id 78 to 172.17.3.143:6001 EAP-Message = 0x04330004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 73 with timestamp 404c972b - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html