Hi, Sorry, I can't help you, but maybe you can help me, what answer your windows 2k send to the A.P EAP request Identity packet ? Thx
Fred > hi all, > > i'm using freeradius with EAP-TLS and windows clients ( xp/2000). with the > user certificates i have no problem but with the machine certificate there > is no tls-handshake. > > i installed the certificate in the local computer store and the > certificate CN match the FQDN . > > i think the reason is the missing line :"Login OK: > [..... " , in my log . > > can somebody tell me why this line is missing? > > thanks in advance, > jens > > see the log capture below > > rad_recv: Access-Request packet from host 192.168.0.10:1812, id=174, > length=144 > NAS-IP-Address = 192.168.0.10 > NAS-Port = 50007 > NAS-Port-Type = Ethernet > User-Name = "host/client.radius.local" > Calling-Station-Id = "00-E0-18-62-33-1F" > Service-Type = Framed-User > Framed-MTU = 1000 > EAP-Message = > 0x0201001d01686f73742f636c69656e742e7261646975732e6c6f63616c > Message-Authenticator = 0x23cdc59ef3c2670e9fd368b1afb9206c > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 34 > modcall[authorize]: module "preprocess" returns ok for request 34 > modcall[authorize]: module "chap" returns noop for request 34 > modcall[authorize]: module "mschap" returns noop for request 34 > rlm_realm: No '@' in User-Name = "host/client.radius.local", looking > up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 34 > rlm_eap: EAP packet type response id 1 length 29 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 34 > users: Matched DEFAULT at 178 > modcall[authorize]: module "files" returns ok for request 34 > modcall: group authorize returns updated for request 34 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 34 > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Requiring client certificate > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns handled for request 34 > modcall: group authenticate returns handled for request 34 > Sending Access-Challenge of id 174 to 192.168.0.10:1812 > EAP-Message = 0x010200060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x21fd96264794667b3baceda3fb8dcdf7 > Finished request 34 > Going to the next request > --- Walking the entire request list --- > Waking up in 6 seconds... > --- Walking the entire request list --- > Cleaning up request 34 ID 174 with timestamp 40b73242 > Nothing to do. Sleeping until we see a request > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
