-----Forwarded Message----- From: Arvind Ghanekar <[EMAIL PROTECTED]> Sent: Apr 12, 2004 3:22 PM To: [EMAIL PROTECTED] Subject: Fw: Problems running EAP-TLS with xsupplicant 0.8b and FreeRadius 0.9.3
-----Original Message----- From: Arvind Ghanekar <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Monday, April 12, 2004 3:01 PM Subject: Problems running EAP-TLS with xsupplicant 0.8b and FreeRadius 0.9.3 >Hi, > >I am trying to get xsupplicant (RedHat Linux 8.0) to work with FreeRadius >and Cisco 2950 running EAP/TLS. > >The versions are as follows: >xsupplicant 0.8b >FreeRadius version 0.9.3 >openssl version 0.9.7d >Cisco 2950 version 12..1.20 dated Feb 9 2004. > >I set up Freeradius using instructions from: > >1. http://www.freeradius.org/doc/EAPTLS.pdf >2. http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm >3. http://www.missl.cs.umd.edu/wireless/eaptls/?tag=missl-802-1 > >But when I run xsupplicant the server complains about error reading client >certificate A. The radius log: > >Starting - reading configuration files ... >reread_config: reading radiusd.conf >Config: including file: /usr/local/etc/raddb/proxy.conf >Config: including file: /usr/local/etc/raddb/clients.conf >Config: including file: /usr/local/etc/raddb/snmp.conf >Config: including file: /usr/local/etc/raddb/sql.conf > main: prefix = "/usr/local" > main: localstatedir = "/usr/local/var" > main: logdir = "/usr/local/var/log/radius" > main: libdir = "/usr/local/lib" > main: radacctdir = "/usr/local/var/log/radius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = "/usr/local/var/log/radius/radius.log" > main: log_auth = no > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" > main: user = "(null)" > main: group = "(null)" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/local/sbin/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = yes > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 >read_config_files: reading dictionary >read_config_files: reading naslist >Using deprecated naslist file. Support for this will go away soon. >read_config_files: reading clients >Using deprecated clients file. Support for this will go away soon. >read_config_files: reading realms >Using deprecated realms file. Support for this will go away soon. >radiusd: entering modules setup >Module: Library search path is /usr/local/lib >Module: Loaded expr >Module: Instantiated expr (expr) >Module: Loaded PAP > pap: encryption_scheme = "crypt" >Module: Instantiated pap (pap) >Module: Loaded CHAP >Module: Instantiated chap (chap) >Module: Loaded MS-CHAP > mschap: use_mppe = yes > mschap: require_encryption = no > mschap: require_strong = no > mschap: passwd = "(null)" > mschap: authtype = "MS-CHAP" >Module: Instantiated mschap (mschap) >Module: Loaded System > unix: cache = no > unix: passwd = "(null)" > unix: shadow = "(null)" > unix: group = "(null)" > unix: radwtmp = "/usr/local/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 >Module: Instantiated unix (unix) >Module: Loaded eap > eap: default_eap_type = "tls" > eap: timer_expire = 60 >rlm_eap: Loaded and initialized the type md5 >rlm_eap: Loaded and initialized the type leap > tls: rsa_key_exchange = no > tls: dh_key_exchange = yes > tls: rsa_key_length = 512 > tls: dh_key_length = 512 > tls: verify_depth = 0 > tls: CA_path = "(null)" > tls: pem_file_type = yes > tls: private_key_file = "/etc/1x/unix/srv.pem" > tls: certificate_file = "/etc/1x/unix/srv.pem" > tls: CA_file = "/etc/1x/unix/root.pem" > tls: private_key_password = "whatever" > tls: dh_file = "/etc/1x/dh" > tls: random_file = "/etc/1x/random" > tls: fragment_size = 1024 > tls: include_length = yes >rlm_eap_tls: conf N ctx stored >rlm_eap: Loaded and initialized the type tls >Module: Instantiated eap (eap) >Module: Loaded preprocess > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" > preprocess: hints = "/usr/local/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no >Module: Instantiated preprocess (preprocess) >Module: Loaded realm > realm: format = "suffix" > realm: delimiter = "@" >Module: Instantiated realm (suffix) >Module: Loaded files > files: usersfile = "/usr/local/etc/raddb/users" > files: acctusersfile = "/usr/local/etc/raddb/acct_users" > files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" > files: compat = "no" >Module: Instantiated files (files) >Module: Loaded Acct-Unique-Session-Id > acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, >Client-IP-Address, NAS-Port-Id" >Module: Instantiated acct_unique (acct_unique) >Module: Loaded detail > detail: detailfile = >"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" > detail: detailperm = 384 > detail: dirperm = 493 > detail: locking = no >Module: Instantiated detail (detail) >Module: Loaded radutmp > radutmp: filename = "/usr/local/var/log/radius/radutmp" > radutmp: username = "%{User-Name}" > radutmp: case_sensitive = yes > radutmp: check_with_nas = yes > radutmp: perm = 384 > radutmp: callerid = yes >Module: Instantiated radutmp (radutmp) >Initializing the thread pool... > thread: start_servers = 5 > thread: max_servers = 32 > thread: min_spare_servers = 3 > thread: max_spare_servers = 10 > thread: max_requests_per_server = 0 > thread: cleanup_delay = 5 >Thread spawned new child 1. Total threads in pool: 1 >Thread spawned new child 2. Total threads in pool: 2 >Thread 1 waiting to be assigned a request >Thread 2 waiting to be assigned a request >Thread 3 waiting to be assigned a request >Thread spawned new child 3. Total threads in pool: 3 >Thread spawned new child 4. Total threads in pool: 4 >Thread spawned new child 5. Total threads in pool: 5 >Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on >1814/udp. >Ready to process requests. >Thread 4 waiting to be assigned a request >Thread 5 waiting to be assigned a request >rad_recv: Access-Request packet from host 192.168.177.190:1812, id=221, >length=102 >Thread 1 assigned request 0 >--- Walking the entire request list --- >Threads: total/active/spare threads = 5/1/4 >Waking up in 5 seconds... >Thread 1 handling request 0, (1 handled so far) > NAS-IP-Address = 192.168.177.190 > NAS-Port-Type = Async > User-Name = "arvind" > Service-Type = Framed-User > Framed-MTU = 1500 > Calling-Station-Id = "00-50-da-0b-8c-d7" > EAP-Message = 0x0200000b01617276696e64 > Message-Authenticator = 0xb59de48d314a0892a0f550dbf357842f >modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > rlm_eap: EAP packet type notification id 0 length 11 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated for request 0 > rlm_realm: No '@' in User-Name = "arvind", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > users: Matched arvind at 76 > modcall[authorize]: module "files" returns ok for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 >modcall: group authorize returns updated for request 0 > rad_check_password: Found Auth-Type EAP >auth: type "EAP" >modcall: entering group authenticate for request 0 > rlm_eap: EAP packet type notification id 0 length 11 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns ok for request 0 >modcall: group authenticate returns ok for request 0 >Sending Access-Challenge of id 221 to 192.168.177.190:1812 > EAP-Message = 0x010100060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = >0x0c48a4e8e20554974036d64e128150a4ce187b40132d9d37017eddf8ddabc9df4276ba3f >Finished request 0 >Going to the next request >Thread 1 waiting to be assigned a request >rad_recv: Access-Request packet from host 192.168.177.190:1812, id=222, >length=227 >Thread 2 assigned request 1 >--- Walking the entire request list --- >Waking up in 5 seconds... >Thread 2 handling request 1, (1 handled so far) > NAS-IP-Address = 192.168.177.190 > NAS-Port-Type = Async > User-Name = "arvind" > Service-Type = Framed-User > Framed-MTU = 1500 > Calling-Station-Id = "00-50-da-0b-8c-d7" > State = >0x0c48a4e8e20554974036d64e128150a4ce187b40132d9d37017eddf8ddabc9df4276ba3f > EAP-Message = >0x020100620d800000005d16030100530100004f0301407b2704361014f0eb11d2f0601780b 9 >8b94b4c346bfe861103c7b211b0ebc7d00002800160013000a0066000500040065006400630 0 >6200610060001500120009001400110008000600030100 > Message-Authenticator = 0xcd0908b75a9e8448d081c3aa4a53af91 >modcall: entering group authorize for request 1 > modcall[authorize]: module "preprocess" returns ok for request 1 > modcall[authorize]: module "chap" returns noop for request 1 > rlm_eap: EAP packet type notification id 1 length 98 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated for request 1 > rlm_realm: No '@' in User-Name = "arvind", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 1 > users: Matched arvind at 76 > modcall[authorize]: module "files" returns ok for request 1 > modcall[authorize]: module "mschap" returns noop for request 1 >modcall: group authorize returns updated for request 1 > rad_check_password: Found Auth-Type EAP >auth: type "EAP" >modcall: entering group authenticate for request 1 > rlm_eap: EAP packet type notification id 1 length 98 > rlm_eap: EAP Start not found > rlm_eap: Request found, released from the list > rlm_eap: EAP_TYPE - tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate >rlm_eap_tls: Length Included >Total Length Included >undefined: before/accept initialization >TLS_accept: before/accept initialization >rlm_eap_tls: <<< TLS 1.0 Handshake [length 0053], ClientHello >TLS_accept: SSLv3 read client hello A >rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello >TLS_accept: SSLv3 write server hello A >rlm_eap_tls: >>> TLS 1.0 Handshake [length 0531], Certificate >TLS_accept: SSLv3 write certificate A >rlm_eap_tls: >>> TLS 1.0 Handshake [length 009f], CertificateRequest >TLS_accept: SSLv3 write certificate request A >TLS_accept: SSLv3 flush data >TLS_accept:error in SSLv3 read client certificate A >rlm_eap_tls: SSL_read Error > Error code is ..... 2 > SSL Error ..... 2 > modcall[authenticate]: module "eap" returns ok for request 1 >modcall: group authenticate returns ok for request 1 >Sending Access-Challenge of id 222 to 192.168.177.190:1812 > EAP-Message = >0x0102040a0dc000000629160301004a020000460301407b18cfc0dc7fb57cfb7f5628a378e 1 >431f97ddf6765830a685bac87a870b35203e413463d8cb84fad17702adc52e97dd7b0966a43 4 >828c5eb8435a0e636b2b2c000a0016030105310b00052d00052a00022530820221308201cba 0 >03020102020102300d06092a864886f70d010104050030818d310b300906035504061302555 3 >311330110603550408130a43616c69666f726e69613111300f0603550407130853616e204a6 f >73653110300e060355040a1307466f756e647279310b3009060355040b13025141310f300d0 6 >035504031306617276696e643126302406092a864886f70d0109 > EAP-Message = >0x0116176768616e656b617240666f756e6472796e65742e636f6d301e170d3034303430393 2 >32343131385a170d3035303430393232343131385a30818a310b30090603550406130255533 1 >1330110603550408130a43616c69666f726e69613111300f0603550407130853616e204a6f7 3 >653110300e060355040a1307466f756e647279310b3009060355040b13025141310c300a060 3 >55040313037334363126302406092a864886f70d01090116176768616e656b617240666f756 e >6472796e65742e636f6d305c300d06092a864886f70d0101010500034b003048024100b947d d >b5188b49acab89685e248fccee6a7e314d02edad10942d49b3a4 > EAP-Message = >0x8b7bfd7035a8c7f808bed2ca516eb3562edcb96da3dd36535e7bb2224ae1545a0a6ab3020 3 >010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70 d >010104050003410021dc9e3a553b6573f18af85812f8fc7dde0824957fe652ca9b47c1745e2 9 >b011d8dc6ce75e9a625bf720af63fc3d0c911d6b07fb9d2ea229aba843db073c28990002ff3 0 >8202fb308202a5a003020102020100300d06092a864886f70d010104050030818d310b30090 6 >0355040613025553311330110603550408130a43616c69666f726e69613111300f060355040 7 >130853616e204a6f73653110300e060355040a1307466f756e64 > EAP-Message = >0x7279310b3009060355040b13025141310f300d06035504031306617276696e64312630240 6 >092a864886f70d01090116176768616e656b617240666f756e6472796e65742e636f6d301e1 7 >0d3034303430393232343033395a170d3034303530393232343033395a30818d310b3009060 3 >55040613025553311330110603550408130a43616c69666f726e69613111300f06035504071 3 >0853616e204a6f73653110300e060355040a1307466f756e647279310b3009060355040b130 2 >5141310f300d06035504031306617276696e643126302406092a864886f70d0109011617676 8 >616e656b617240666f756e6472796e65742e636f6d305c300d06 > EAP-Message = 0x092a864886f70d0101010500034b003048024100ba87 > Message-Authenticator = 0x00000000000000000000000000000000 > State = >0xde3a2fdaf91151f1b58e59aacfa5f54dcf187b4056c13ef21a4af0b08175b77aa4217869 >Finished request 1 >Going to the next request >Thread 2 waiting to be assigned a request >rad_recv: Access-Request packet from host 192.168.177.190:1812, id=223, >length=146 >Thread 3 assigned request 2 >Waking up in 5 seconds... >Thread 3 handling request 2, (1 handled so far) > NAS-IP-Address = 192.168.177.190 > NAS-Port-Type = Async > User-Name = "arvind" > Service-Type = Framed-User > Framed-MTU = 1500 > Calling-Station-Id = "00-50-da-0b-8c-d7" > State = >0xde3a2fdaf91151f1b58e59aacfa5f54dcf187b4056c13ef21a4af0b08175b77aa4217869 > EAP-Message = 0x020200110d800000000715030100020250 > Message-Authenticator = 0x61e80c2f1380e8b83f6361f6c0ebb2bd >modcall: entering group authorize for request 2 > modcall[authorize]: module "preprocess" returns ok for request 2 > modcall[authorize]: module "chap" returns noop for request 2 > rlm_eap: EAP packet type notification id 2 length 17 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated for request 2 > rlm_realm: No '@' in User-Name = "arvind", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 2 > users: Matched arvind at 76 > modcall[authorize]: module "files" returns ok for request 2 > modcall[authorize]: module "mschap" returns noop for request 2 >modcall: group authorize returns updated for request 2 > rad_check_password: Found Auth-Type EAP >auth: type "EAP" >modcall: entering group authenticate for request 2 > rlm_eap: EAP packet type notification id 2 length 17 > rlm_eap: EAP Start not found > rlm_eap: Request found, released from the list > rlm_eap: EAP_TYPE - tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate >rlm_eap_tls: Length Included >rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal internal_error >TLS Alert read:fatal:internal error >TLS_accept:failed in SSLv3 read client certificate A >rlm_eap_tls: SSL_read Error > Error code is ..... 5 > Error in SSL ..... 5 >rlm_eap_tls: BIO_read Error > Error code is ..... 5 > Error in SSL ..... 5 > rlm_eap: Freeing handler > modcall[authenticate]: module "eap" returns ok for request 2 >modcall: group authenticate returns ok for request 2 >Delaying request 2 for 1 seconds >Finished request 2 >Going to the next request >Thread 3 waiting to be assigned a request >--- Walking the entire request list --- >Threads: total/active/spare threads = 5/0/5 >Cleaning up request 0 ID 221 with timestamp 407b18ce >Sending Access-Reject of id 223 to 192.168.177.190:1812 > EAP-Message = 0x04020004 > Message-Authenticator = 0x00000000000000000000000000000000 >Waking up in 1 seconds... >rad_recv: Access-Request packet from host 192.168.177.190:1812, id=224, >length=102 >Thread 4 assigned request 3 >--- Walking the entire request list --- >Threads: total/active/spare threads = 5/1/4 >Cleaning up request 1 ID 222 with timestamp 407b18cf >Cleaning up request 2 ID 223 with timestamp 407b18cf >Waking up in 5 seconds... >Thread 4 handling request 3, (1 handled so far) > NAS-IP-Address = 192.168.177.190 > NAS-Port-Type = Async > User-Name = "arvind" > Service-Type = Framed-User > Framed-MTU = 1500 > Calling-Station-Id = "00-50-da-0b-8c-d7" > EAP-Message = 0x0204000b01617276696e64 > Message-Authenticator = 0xae9616477860d7c5f7b042f341e6492f >modcall: entering group authorize for request 3 > modcall[authorize]: module "preprocess" returns ok for request 3 > modcall[authorize]: module "chap" returns noop for request 3 > rlm_eap: EAP packet type notification id 4 length 11 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated for request 3 > rlm_realm: No '@' in User-Name = "arvind", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 3 > users: Matched arvind at 76 > modcall[authorize]: module "files" returns ok for request 3 > modcall[authorize]: module "mschap" returns noop for request 3 >modcall: group authorize returns updated for request 3 > rad_check_password: Found Auth-Type EAP >auth: type "EAP" >modcall: entering group authenticate for request 3 > rlm_eap: EAP packet type notification id 4 length 11 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns ok for request 3 >modcall: group authenticate returns ok for request 3 >Sending Access-Challenge of id 224 to 192.168.177.190:1812 > EAP-Message = 0x010500060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = >0x0e1885070689f915a2e224ed2c2d8371d5187b40a97d9e0c0758cf6a730335b6036aa76d >Finished request 3 >Going to the next request >Thread 4 waiting to be assigned a request >rad_recv: Access-Request packet from host 192.168.177.190:1812, id=225, >length=227 >Thread 5 assigned request 4 >--- Walking the entire request list --- >Waking up in 5 seconds... >Thread 5 handling request 4, (1 handled so far) > NAS-IP-Address = 192.168.177.190 > NAS-Port-Type = Async > User-Name = "arvind" > Service-Type = Framed-User > Framed-MTU = 1500 > Calling-Station-Id = "00-50-da-0b-8c-d7" > State = >0x0e1885070689f915a2e224ed2c2d8371d5187b40a97d9e0c0758cf6a730335b6036aa76d > EAP-Message = >0x020500620d800000005d16030100530100004f0301407b270bda6ccdc8bee7d6c2fc28988 2 >e33c84539b611f5c88764be4e4d1da8f00002800160013000a0066000500040065006400630 0 >6200610060001500120009001400110008000600030100 > Message-Authenticator = 0x831f815d5371a6c02d7f5ab88bf6d9d5 >modcall: entering group authorize for request 4 > modcall[authorize]: module "preprocess" returns ok for request 4 > modcall[authorize]: module "chap" returns noop for request 4 > rlm_eap: EAP packet type notification id 5 length 98 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated for request 4 > rlm_realm: No '@' in User-Name = "arvind", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 4 > users: Matched arvind at 76 > modcall[authorize]: module "files" returns ok for request 4 > modcall[authorize]: module "mschap" returns noop for request 4 >modcall: group authorize returns updated for request 4 > rad_check_password: Found Auth-Type EAP >auth: type "EAP" >modcall: entering group authenticate for request 4 > rlm_eap: EAP packet type notification id 5 length 98 > rlm_eap: EAP Start not found > rlm_eap: Request found, released from the list > rlm_eap: EAP_TYPE - tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate >rlm_eap_tls: Length Included >Total Length Included >undefined: before/accept initialization >TLS_accept: before/accept initialization >rlm_eap_tls: <<< TLS 1.0 Handshake [length 0053], ClientHello >TLS_accept: SSLv3 read client hello A >rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello >TLS_accept: SSLv3 write server hello A >rlm_eap_tls: >>> TLS 1.0 Handshake [length 0531], Certificate >TLS_accept: SSLv3 write certificate A >rlm_eap_tls: >>> TLS 1.0 Handshake [length 009f], CertificateRequest >TLS_accept: SSLv3 write certificate request A >TLS_accept: SSLv3 flush data >TLS_accept:error in SSLv3 read client certificate A >rlm_eap_tls: SSL_read Error > Error code is ..... 2 > SSL Error ..... 2 > modcall[authenticate]: module "eap" returns ok for request 4 >modcall: group authenticate returns ok for request 4 >Sending Access-Challenge of id 225 to 192.168.177.190:1812 > EAP-Message = >0x0106040a0dc000000629160301004a020000460301407b18d6fbd4fc9d2eaca309bebc6bb 0 >139f5c49e6b7187f807b1275af6d42af20a26f9e8ec4cc4b65145ad60a87e41df8eb43da72b 6 >8b6bf07f1d5ff8d1823f3f000a0016030105310b00052d00052a00022530820221308201cba 0 >03020102020102300d06092a864886f70d010104050030818d310b300906035504061302555 3 >311330110603550408130a43616c69666f726e69613111300f0603550407130853616e204a6 f >73653110300e060355040a1307466f756e647279310b3009060355040b13025141310f300d0 6 >035504031306617276696e643126302406092a864886f70d0109 > EAP-Message = >0x0116176768616e656b617240666f756e6472796e65742e636f6d301e170d3034303430393 2 >32343131385a170d3035303430393232343131385a30818a310b30090603550406130255533 1 >1330110603550408130a43616c69666f726e69613111300f0603550407130853616e204a6f7 3 >653110300e060355040a1307466f756e647279310b3009060355040b13025141310c300a060 3 >55040313037334363126302406092a864886f70d01090116176768616e656b617240666f756 e >6472796e65742e636f6d305c300d06092a864886f70d0101010500034b003048024100b947d d >b5188b49acab89685e248fccee6a7e314d02edad10942d49b3a4 > EAP-Message = >0x8b7bfd7035a8c7f808bed2ca516eb3562edcb96da3dd36535e7bb2224ae1545a0a6ab3020 3 >010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70 d >010104050003410021dc9e3a553b6573f18af85812f8fc7dde0824957fe652ca9b47c1745e2 9 >b011d8dc6ce75e9a625bf720af63fc3d0c911d6b07fb9d2ea229aba843db073c28990002ff3 0 >8202fb308202a5a003020102020100300d06092a864886f70d010104050030818d310b30090 6 >0355040613025553311330110603550408130a43616c69666f726e69613111300f060355040 7 >130853616e204a6f73653110300e060355040a1307466f756e64 > EAP-Message = >0x7279310b3009060355040b13025141310f300d06035504031306617276696e64312630240 6 >092a864886f70d01090116176768616e656b617240666f756e6472796e65742e636f6d301e1 7 >0d3034303430393232343033395a170d3034303530393232343033395a30818d310b3009060 3 >55040613025553311330110603550408130a43616c69666f726e69613111300f06035504071 3 >0853616e204a6f73653110300e060355040a1307466f756e647279310b3009060355040b130 2 >5141310f300d06035504031306617276696e643126302406092a864886f70d0109011617676 8 >616e656b617240666f756e6472796e65742e636f6d305c300d06 > EAP-Message = 0x092a864886f70d0101010500034b003048024100ba87 > Message-Authenticator = 0x00000000000000000000000000000000 > State = >0x47c03bd2ba00d2b9ffc5cfa235b0726ad6187b40d3b4d68a97310cdff26837198d9208ba >Finished request 4 >Going to the next request >Thread 5 waiting to be assigned a request >rad_recv: Access-Request packet from host 192.168.177.190:1812, id=226, >length=135 >Thread 1 assigned request 5 >Waking up in 5 seconds... >Thread 1 handling request 5, (2 handled so far) > NAS-IP-Address = 192.168.177.190 > NAS-Port-Type = Async > User-Name = "arvind" > Service-Type = Framed-User > Framed-MTU = 1500 > Calling-Station-Id = "00-50-da-0b-8c-d7" > State = >0x47c03bd2ba00d2b9ffc5cfa235b0726ad6187b40d3b4d68a97310cdff26837198d9208ba > EAP-Message = 0x020600060d00 > Message-Authenticator = 0xe80bb2891852e064f74f148a32004a34 >modcall: entering group authorize for request 5 > modcall[authorize]: module "preprocess" returns ok for request 5 > modcall[authorize]: module "chap" returns noop for request 5 > rlm_eap: EAP packet type notification id 6 length 6 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated for request 5 > rlm_realm: No '@' in User-Name = "arvind", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 5 > users: Matched arvind at 76 > modcall[authorize]: module "files" returns ok for request 5 > modcall[authorize]: module "mschap" returns noop for request 5 >modcall: group authorize returns updated for request 5 > rad_check_password: Found Auth-Type EAP >auth: type "EAP" >modcall: entering group authenticate for request 5 > rlm_eap: EAP packet type notification id 6 length 6 > rlm_eap: EAP Start not found > rlm_eap: Request found, released from the list > rlm_eap: EAP_TYPE - tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate >rlm_eap_tls: Received EAP-TLS ACK message > modcall[authenticate]: module "eap" returns ok for request 5 >modcall: group authenticate returns ok for request 5 >Sending Access-Challenge of id 226 to 192.168.177.190:1812 > EAP-Message = >0x010702330d800000062985d740f70bdb88b83e155f4f6318d89e7f608565ff0a4a97a3ebe d >eed743afa3357022e9a03d42db2e8e534ac00527fdb98caf2e22eebc5fc32c753301b702030 1 >0001a381ed3081ea301d0603551d0e041604148dc0795eacfb8bcf22a4ce2529c670f5d2429 f >e93081ba0603551d230481b23081af80148dc0795eacfb8bcf22a4ce2529c670f5d2429fe9a 1 >8193a4819030818d310b3009060355040613025553311330110603550408130a43616c69666 f >726e69613111300f0603550407130853616e204a6f73653110300e060355040a1307466f756 e >647279310b3009060355040b13025141310f300d060355040313 > EAP-Message = >0x06617276696e643126302406092a864886f70d01090116176768616e656b617240666f756 e >6472796e65742e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d0 1 >010405000341001260aaaa7211e459cd2ba15678b8ab98929109750e1fc1d04fd471732ad59 b >19cac99d7ead5e31bf1ee026fead287fb46c472aaaa4ecae9689c9c6d659961be0160301009 f >0d0000970201020092009030818d310b3009060355040613025553311330110603550408130 a >43616c69666f726e69613111300f0603550407130853616e204a6f73653110300e060355040 a >1307466f756e647279310b3009060355040b13025141310f300d > EAP-Message = >0x06035504031306617276696e643126302406092a864886f70d01090116176768616e656b6 1 >7240666f756e6472796e65742e636f6d0e000000 > Message-Authenticator = 0x00000000000000000000000000000000 > State = >0xa0e4e6a02e4ed0bdd4559bc59c6e7fdfd6187b408d6c013d4ec1556345988eb461ba3ec0 >Finished request 5 >Going to the next request >Thread 1 waiting to be assigned a request >rad_recv: Access-Request packet from host 192.168.177.190:1812, id=227, >length=146 >Thread 2 assigned request 6 >Waking up in 5 seconds... >Thread 2 handling request 6, (2 handled so far) > NAS-IP-Address = 192.168.177.190 > NAS-Port-Type = Async > User-Name = "arvind" > Service-Type = Framed-User > Framed-MTU = 1500 > Calling-Station-Id = "00-50-da-0b-8c-d7" > State = >0xa0e4e6a02e4ed0bdd4559bc59c6e7fdfd6187b408d6c013d4ec1556345988eb461ba3ec0 > EAP-Message = 0x020700110d800000000715030100020250 > Message-Authenticator = 0x92a3bd2a2169f8eb2f44841e609e8e5b >modcall: entering group authorize for request 6 > modcall[authorize]: module "preprocess" returns ok for request 6 > modcall[authorize]: module "chap" returns noop for request 6 > rlm_eap: EAP packet type notification id 7 length 17 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated for request 6 > rlm_realm: No '@' in User-Name = "arvind", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 6 > users: Matched arvind at 76 > modcall[authorize]: module "files" returns ok for request 6 > modcall[authorize]: module "mschap" returns noop for request 6 >modcall: group authorize returns updated for request 6 > rad_check_password: Found Auth-Type EAP >auth: type "EAP" >modcall: entering group authenticate for request 6 > rlm_eap: EAP packet type notification id 7 length 17 > rlm_eap: EAP Start not found > rlm_eap: Request found, released from the list > rlm_eap: EAP_TYPE - tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate >rlm_eap_tls: Length Included >rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal internal_error >TLS Alert read:fatal:internal error >TLS_accept:failed in SSLv3 read client certificate A >rlm_eap_tls: SSL_read Error > Error code is ..... 5 > Error in SSL ..... 5 >rlm_eap_tls: BIO_read Error > Error code is ..... 5 > Error in SSL ..... 5 > rlm_eap: Freeing handler > modcall[authenticate]: module "eap" returns ok for request 6 >modcall: group authenticate returns ok for request 6 >Delaying request 6 for 1 seconds >Finished request 6 >Going to the next request >Thread 2 waiting to be assigned a request >--- Walking the entire request list --- >Threads: total/active/spare threads = 5/0/5 >Cleaning up request 3 ID 224 with timestamp 407b18d5 >Sending Access-Reject of id 227 to 192.168.177.190:1812 > EAP-Message = 0x04070004 > Message-Authenticator = 0x00000000000000000000000000000000 >Waking up in 1 seconds... >rad_recv: Access-Request packet from host 192.168.177.190:1812, id=227, >length=146 >Sending duplicate reply to client bigiron:1812 - ID: 227 >Re-sending Access-Reject of id 227 to 192.168.177.190:1812 > EAP-Message = 0x04070004 > Message-Authenticator = 0x00000000000000000000000000000000 >Cleaning up request 4 ID 225 with timestamp 407b18d6 >Cleaning up request 5 ID 226 with timestamp 407b18d6 >rl_next: returning NULL >Cleaning up request 6 ID 227 with timestamp 407b18d6 >Waking up in 1 seconds... >--- Walking the entire request list --- >Nothing to do. Sleeping until we see a request. > > >Can anyone help? Thanks. > >Arvind > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html