Hello,
Following is the crux of what I am stuck on now:
I am trying to use freeradius for xp clients,
I get following messages when trying to use peap as default eap type (full log attched) :
First i recieve all the success logs as follows:
.......truncated.......
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 161 to 172.26.6.62:44530
EAP-Message = 0x0106003119001403010001011603010020dcd1f01332d46809f26364
888ab19d2259e9d6cbda6cd4bfad8f3da4a2bdfbbf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa70046675337ee5045cb375a4b7466a0
Finished request 3
Going to the next request
Waking up in 6 seconds...
-------------------------
And when I click on certificate prompt that says click to provide logon information I get following logs:
-------------------------
rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 Segmentation fault
These are the steps I have followed :
1. installed openssl openssl-0.9.7b
2. installed freeradius freeradius-snapshot-20041006
3. imported certificate root.der to xp client and did the set up as in 'how to' document at freeradius web site
TIA AD
_________________________________________________________________
Buy or Sell. http://ads2.baazee.com/cgi-bin/banners/redirect.pl?id=1124 New and Used Items. rad_recv: Access-Request packet from host 172.26.6.62:44530, id=158, length=140
EAP-Message = 0x0202000d01737572696e646572
Calling-Station-Id = "00-09-5B-67-59-5B"
Called-Station-Id = "00-85-A0-01-01-01:Viking"
User-Name = "surinder"
NAS-IP-Address = 172.26.6.62
NAS-Port = 3866625
NAS-Port-Type = Wireless-802.11
NAS-Port-Id = "wlan-0"
Framed-MTU = 1300
Message-Authenticator = 0xbd075cd5ef2ee84b8d1ec889c3893e1b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "surinder", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 13
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "expiration" returns noop for request 0
modcall[authorize]: module "logintime" returns noop for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 158 to 172.26.6.62:44530
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x38f2f52a431bdbaabd3cd770f91831b0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.26.6.62:44530, id=159, length=225
EAP-Message = 0x0203005019800000004616030100410100003d0301416a7618bf49c1
0fde73665508a9676474635f287049af08d36883af96c6a64a00001600040005000a000900640062
000300060013001200630100
Calling-Station-Id = "00-09-5B-67-59-5B"
Called-Station-Id = "00-85-A0-01-01-01:Viking"
User-Name = "surinder"
NAS-IP-Address = 172.26.6.62
NAS-Port = 3866625
NAS-Port-Type = Wireless-802.11
NAS-Port-Id = "wlan-0"
Framed-MTU = 1300
State = 0x38f2f52a431bdbaabd3cd770f91831b0
Message-Authenticator = 0x84cbbd34d0c669b5bf2d268398eaae3c
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "surinder", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 1
modcall[authorize]: module "expiration" returns noop for request 1
modcall[authorize]: module "logintime" returns noop for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 159 to 172.26.6.62:44530
EAP-Message = 0x0104040a19c0000006f1160301004a020000460301416a761b4a4b60
c4fd517f555d557b7e28655396c3f406f3f26c75a06c5ea0262063cfdad483a1e7455a4480e40519
0cffb3f628ca050af1f8df1415b78e5a306500040016030106940b00069000068d0002cd308202c9
30820232a003020102020102300d06092a864886f70d010104050030819f310b3009060355040613
0243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369
747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f6361
6c686f7374311b301906035504031312436c69656e74206365
EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c
69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132
343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f7669
6e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e69
7a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f
74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d70
6c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d
0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d52895
53ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773
999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530
130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a
2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496
fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff
2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203
b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406
130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d652043
69747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63
616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06
092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5571375f01f75e68100ce58346d956af
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.26.6.62:44530, id=160, length=151
EAP-Message = 0x020400061900
Calling-Station-Id = "00-09-5B-67-59-5B"
Called-Station-Id = "00-85-A0-01-01-01:Viking"
User-Name = "surinder"
NAS-IP-Address = 172.26.6.62
NAS-Port = 3866625
NAS-Port-Type = Wireless-802.11
NAS-Port-Id = "wlan-0"
Framed-MTU = 1300
State = 0x5571375f01f75e68100ce58346d956af
Message-Authenticator = 0xe4bfddd15eb11b7f7d539d9bc6fb97bf
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "surinder", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 2
modcall[authorize]: module "expiration" returns noop for request 2
modcall[authorize]: module "logintime" returns noop for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 160 to 172.26.6.62:44530
EAP-Message = 0x010502f71900170d3036303132343133323630375a30819f310b3009
0603550406130243413111300f0603550408130850726f76696e6365311230100603550407130953
6f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b
13096c6f63616c686f7374311b301906035504031312436c69656e74206365727469666963617465
3121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d
06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbf
f4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35c
f5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b1
88b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e041604
1468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d
3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b300906035504061302434131
11300f0603550408130850726f76696e63653112301006035504071309536f6d6520436974793115
3013060355040a130c4f7267616e697a6174696f6e31123010
EAP-Message = 0x060355040b13096c6f63616c686f7374311b30190603550403131243
6c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74
406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01
010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c674
3fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a
00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d43733
54ce9912847651539063b85bbc5485c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2234a929a33822e04c252da45871fe0b
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.26.6.62:44530, id=161, length=337
EAP-Message = 0x020500c01980000000b61603010086100000820080344ffd1084d2fa
b11a51614fb0762e4309e2e4345e6be0ec3a7c60cad3931a576592856ba4322db850c8bf2a84a3b5
80f3457e559778fed6dd98b4102f26781a72c892f50a5c9bba1c3889cac3df395472fc54f9772679
1c6bae0c4c264a05ff7779ced4b8d1e086554709a765511a8528a48194510982d4591d226ed3f257
211403010001011603010020092ced4051b1a4f27ad4e37f518979b3343d5d82cc289b5b7855f7d0
b8026227
Calling-Station-Id = "00-09-5B-67-59-5B"
Called-Station-Id = "00-85-A0-01-01-01:Viking"
User-Name = "surinder"
NAS-IP-Address = 172.26.6.62
NAS-Port = 3866625
NAS-Port-Type = Wireless-802.11
NAS-Port-Id = "wlan-0"
Framed-MTU = 1300
State = 0x2234a929a33822e04c252da45871fe0b
Message-Authenticator = 0x81908daaa9c607c9339c4176577c703d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "surinder", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 5 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 3
modcall[authorize]: module "expiration" returns noop for request 3
modcall[authorize]: module "logintime" returns noop for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 161 to 172.26.6.62:44530
EAP-Message = 0x0106003119001403010001011603010020dcd1f01332d46809f26364
888ab19d2259e9d6cbda6cd4bfad8f3da4a2bdfbbf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa70046675337ee5045cb375a4b7466a0
Finished request 3
Going to the next request
Waking up in 6 seconds...
-------------------------
And when I click on certificate prompt that says click to provide logon information I get following logs:
-------------------------
rad_recv: Access-Request packet from host 172.26.6.62:44530, id=166, length=151
EAP-Message = 0x020600061900
Calling-Station-Id = "00-09-5B-67-59-5B"
Called-Station-Id = "00-85-A0-01-01-01:Viking"
User-Name = "surinder"
NAS-IP-Address = 172.26.6.62
NAS-Port = 3866625
NAS-Port-Type = Wireless-802.11
NAS-Port-Id = "wlan-0"
Framed-MTU = 1300
State = 0x72c7f9410176cb127ec6c0f43999eba9
Message-Authenticator = 0xb579c495602d4f77dcac65f5f50543df
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "surinder", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 8
modcall[authorize]: module "expiration" returns noop for request 8
modcall[authorize]: module "logintime" returns noop for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
Segmentation fault
wlan intf ifname wlan-0 defchannel 11 essid "VikingNew" encrtype disable ip 192.168.2.1 mask 255.255.255.0
