Here's my latest error... TLS_accept:error in SSLv3 read client certificate A
Did I screw up the certificates? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob McCormick Sent: Friday, April 23, 2004 5:40 PM To: [EMAIL PROTECTED] Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP) If it's working you should get something like this at the end of the debugs: modcall: group authenticate returns ok for request 8 Sending Access-Accept of id 47 to 10.140.24.12:21666 Session-Timeout := 300 MS-MPPE-Recv-Key = 0xa11d483cf9aba48bfab9540fd61d804c7237c5eda0b4dc05c54135d87943895f MS-MPPE-Send-Key = 0xe5318527f167aed0bc874c07f301c966c58b3e93747df14a44b5f67477caaf35 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "bobm" Finished request 8 Going to the next request I'm not seeing that in *your* debugs, so unless you left it out, it ain't working. Can you post the contents of your users file? On Apr 23, 2004, at 4:28 PM, Clayton Dukes wrote: > That's what I would have thought -- but the debugs seem to indicate > that the laptop is connecting. > Any ideas for a next step? > > Here's my AP debug: > > Apr 23 18:25:05 EST: RADIUS(0000028A): Using existing nas_port 384 Apr > 23 18:25:05 EST: RADIUS: Pick NAS IP for uid=650 tableid=0 > cfg_addr=10.100.10.10 best_addr=0.0.0.0 Apr 23 18:25:05 EST: RADIUS: > Pick NAS IP for uid=650 tableid=0 cfg_addr=10.100.10.10 > best_addr=0.0.0.0 Apr 23 18:25:05 EST: RADIUS(0000028A): Send > Access-Request to > 16.19.20.133:1812 id 21647/105, len 147 Apr 23 18:25:05 EST: RADIUS: > Received from id 21647/105 16.19.20.133:1812, Access-Challenge, len 82 > Apr 23 18:25:05 EST: RADIUS/DECODE: EAP-Message fragments, 6, total 6 > bytes > > > And here's the associated radius debug: > > Cleaning up request 53 ID 105 with timestamp 408997c2 Nothing to do. > Sleeping until we see a request. > rad_recv: Access-Request packet from host 16.19.20.5:59475, id=106, > length=147 > User-Name = "cdukes" > Framed-MTU = 1400 > Called-Station-Id = "000f.8f76.2e20" > Calling-Station-Id = "0006.25a9.8594" > Message-Authenticator = 0x9b684a21fff2d3e1a47467fd3f363ee2 > EAP-Message = 0x0211000b016364756b6573 > NAS-Port-Type = Wireless-802.11 > NAS-Port = 384 > State = 0x7ef8020751e4e748b152c0a9060b4c2d > Service-Type = Framed-User > NAS-IP-Address = 10.100.10.10 > NAS-Identifier = "ap-noc" > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 54 > modcall[authorize]: module "preprocess" returns ok for request 54 > modcall[authorize]: module "chap" returns noop for request 54 > modcall[authorize]: module "mschap" returns noop for request 54 > rlm_realm: No '@' in User-Name = "cdukes", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 54 > rlm_eap: EAP packet type response id 17 length 11 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 54 > users: Matched DEFAULT at 152 > users: Matched DEFAULT at 171 > users: Matched cdukes at 215 > modcall[authorize]: module "files" returns ok for request 54 > modcall: group authorize returns updated for request 54 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 54 > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Requiring client certificate > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns handled for request 54 > modcall: group authenticate returns handled for request 54 Sending > Access-Challenge of id 106 to 26.19.20.5:59475 > Framed-IP-Address = 255.255.255.254 > Framed-MTU = 576 > Service-Type = Framed-User > EAP-Message = 0x011200060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xa934524327fc14393c93048971b9574c > Finished request 54 > Going to the next request > --- Walking the entire request list --- Waking up in 6 seconds... > --- Walking the entire request list --- Cleaning up request 54 ID 106 > with timestamp 408997e0 Nothing to do. Sleeping until we see a > request. > > #######END > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Alan > DeKok > Sent: Friday, April 23, 2004 5:21 PM > To: [EMAIL PROTECTED] > Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP) > > "Clayton Dukes" <[EMAIL PROTECTED]> wrote: >> Well, I have it working, at least it appears to be, but I am still >> not getting an ip on the laptop -- do I need to pass the dhcp server > somewhere? > > No. The client should send a broadcast DHCP request, and the dhcp > server should pick that up. > > Alan DeKok. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html !DSPAM:40898b61286402097320812! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
