|
Hi, I’m using freeradius v1.0.1 on Suse Linux 9.1 with
EAP-TLS for authentication. After installing new certs, created with my own scripts I get
the Message "Receiving unexpected Tunneled Data". Does anyone have a clue what went wrong ?! THX |
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/server.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/server.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/root.pem"
tls: private_key_password = "x_beekma_ext"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 134.244.128.148:1027, id=41, length=205
User-Name = "UGS Germany Client Certificate"
NAS-IP-Address = 134.244.128.148
Connect-Info = "CONNECT 11Mbps 802.11b"
Called-Station-Id = "00904b77d468"
Calling-Station-Id = "00095bb7df8c"
NAS-Identifier = "00-09-5b-b7-df-8c"
NAS-Port-Type = Wireless-802.11
NAS-Port = 6
NAS-Port-Id = "6"
Framed-MTU = 1400
EAP-Message =
0x0201002301554753204765726d616e7920436c69656e74204365727469666963617465
Message-Authenticator = 0x9503de6dad1560076edf207ca211e980
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "UGS Germany Client Certificate", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 35
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 41 to 134.244.128.148:1027
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x35208a88cc4941503bd08643aea3ad74
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 134.244.128.148:1027, id=42, length=268
User-Name = "UGS Germany Client Certificate"
NAS-IP-Address = 134.244.128.148
Connect-Info = "CONNECT 11Mbps 802.11b"
Called-Station-Id = "00904b77d468"
Calling-Station-Id = "00095bb7df8c"
NAS-Identifier = "00-09-5b-b7-df-8c"
NAS-Port-Type = Wireless-802.11
NAS-Port = 6
NAS-Port-Id = "6"
Framed-MTU = 1400
State = 0x35208a88cc4941503bd08643aea3ad74
EAP-Message =
0x020200500d800000004616030100410100003d03014174e29f400e017ab549eccdb55a6c1f8e3630b68317adaf34adaa89ba093feb00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x3396cd258b4569c4babc5ad51d57a6b2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "UGS Germany Client Certificate", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 04c9], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 005b], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 42 to 134.244.128.148:1027
EAP-Message =
0x0103040a0dc00000057d160301004a0200004603014174e2abf1db9e6069b18adad07fea5873df22ab3383d6e87cde8fbc1cf3810820bb4a73881a6622b548666b81c1b1ef5dbb54b48b43e021f43d22d78ffc2410ae00040016030104c90b0004c50004c2000209308202053082016e020102300d06092a864886f70d0101040500304a310b300906035504061302444531143012060355040a130b554753204765726d616e79312530230603550403131c554753204765726d616e7920526f6f74204365727469666963617465301e170d3034313031393039323735375a170d3035313031393039323735375a304c310b3009060355040613024445
EAP-Message =
0x31143012060355040a130b554753204765726d616e79312730250603550403131e554753204765726d616e792053657276657220436572746966696361746530819f300d06092a864886f70d010101050003818d0030818902818100c233835aa6b3af446c120c74f393bfaa7dd607f30b6cfa09e3b2f51364ead4ec56b77bcc6c5743539a4e2e5557ff06cb91aa517991d95eb9ffd4e683762b51ff75262885e58bfddca0d81ab09a17fdd07d102f0ed820ad76361ef95ad28beb34d599f4b3159eb678ba4cfbdb6214ceb2cd9a51bbb0474438e5dd63fbc9356a570203010001300d06092a864886f70d0101040500038181002e4d780f72b270e454
EAP-Message =
0xf573141f683cf6bf4c62b84e0bca05a943b59feaffe74bf9e575e9265cd86fc058f04a1ea64b978cde66cb3634155da29f6a85fe2764d5ab341020cb36547e6b6fa33af24b325e4940e514d9a9ce40a67b35c90b5447be8af818f33a8d53f6d1f8c96ee1523159fe41bf854d7f7bfe8d95f3d4642e21fe0002b3308202af30820218a003020102020100300d06092a864886f70d0101040500304a310b300906035504061302444531143012060355040a130b554753204765726d616e79312530230603550403131c554753204765726d616e7920526f6f74204365727469666963617465301e170d3034313031393039323734385a170d3034313131
EAP-Message =
0x383039323734385a304a310b300906035504061302444531143012060355040a130b554753204765726d616e79312530230603550403131c554753204765726d616e7920526f6f7420436572746966696361746530819f300d06092a864886f70d010101050003818d0030818902818100b5118650859a673a5c409b47c7de45fa38fcb6631cbaf2d3c08bbe610b8806ab889f1310eeea06196dadec812e261f9690d68313dc49c3c0a96e5eea8aa387e8c94df9c412f1e4845b707340fc7d084e5613009e77de617a723a2c0de197be8afc8a394e5c233290abcfe88d4da8fe1356552279add92a8dc70418e0c8d580950203010001a381a43081a130
EAP-Message = 0x1d0603551d0e04160414845fbfbcbfceaaac28ea31e0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf0a50a71bd765e1f8f9df35cd3a90562
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 134.244.128.148:1027, id=43, length=194
User-Name = "UGS Germany Client Certificate"
NAS-IP-Address = 134.244.128.148
Connect-Info = "CONNECT 11Mbps 802.11b"
Called-Station-Id = "00904b77d468"
Calling-Station-Id = "00095bb7df8c"
NAS-Identifier = "00-09-5b-b7-df-8c"
NAS-Port-Type = Wireless-802.11
NAS-Port = 6
NAS-Port-Id = "6"
Framed-MTU = 1400
State = 0xf0a50a71bd765e1f8f9df35cd3a90562
EAP-Message = 0x020300060d00
Message-Authenticator = 0x1e357b8edb639830aec364d516c83dd6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "UGS Germany Client Certificate", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 43 to 134.244.128.148:1027
EAP-Message =
0x010401870d800000057d7f783ee52b80fb9530720603551d23046b30698014845fbfbcbfceaaac28ea31e07f783ee52b80fb95a14ea44c304a310b300906035504061302444531143012060355040a130b554753204765726d616e79312530230603550403131c554753204765726d616e7920526f6f74204365727469666963617465820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810041ade193c93ab349e8ce525c04005f4a2c622d1240b85d3c195111963583871d1bf813fdbf513047b4dec3e4fb8fc6ebcb6ae9c5911951869a5afcacbc67ed7e3dbf0cff0ff45c3fa20a1fb72d4119433ede5f1400d1
EAP-Message =
0xf3726f6fd5664974691cb913eb1b8ae34f99e7a611b618fd79797c28ab41f7acea977ae5a7270ae5601d160301005b0d000053020102004e004c304a310b300906035504061302444531143012060355040a130b554753204765726d616e79312530230603550403131c554753204765726d616e7920526f6f742043657274696669636174650e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x569bc58a34b4372326841ec8de6d7c55
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 134.244.128.148:1027, id=44, length=1051
User-Name = "UGS Germany Client Certificate"
NAS-IP-Address = 134.244.128.148
Connect-Info = "CONNECT 11Mbps 802.11b"
Called-Station-Id = "00904b77d468"
Calling-Station-Id = "00095bb7df8c"
NAS-Identifier = "00-09-5b-b7-df-8c"
NAS-Port-Type = Wireless-802.11
NAS-Port = 6
NAS-Port-Id = "6"
Framed-MTU = 1400
State = 0x569bc58a34b4372326841ec8de6d7c55
EAP-Message =
0x020403590d800000034f160301031f0b00020f00020c000209308202053082016e020102300d06092a864886f70d0101040500304a310b300906035504061302444531143012060355040a130b554753204765726d616e79312530230603550403131c554753204765726d616e7920526f6f74204365727469666963617465301e170d3034313031393039323735325a170d3035313031393039323735325a304c310b300906035504061302444531143012060355040a130b554753204765726d616e79312730250603550403131e554753204765726d616e7920436c69656e7420436572746966696361746530819f300d06092a864886f70d010101
EAP-Message =
0x050003818d0030818902818100e2b10af941c59b9353b5d9d21014739d7d7a557d28a00bca879bca13dce1846226cbbde4d2f7cd7c08ff80a0c440797e5c038df42a1f275fdf636928f519af06fc3314b1c2698ed0414f81a9965ecdc883fa2365f51ae704b50ef0baa7dd29ae635a34383873c8d1e59e59374de9a2ce26671bdf8b03b69f5a8b28a8de61e7750203010001300d06092a864886f70d010104050003818100a928bf060b986fa5f22801aa588f9bdc1863c89c13235b1d772f1002877bc488a8e45e686d8ec31f0d377e5c07ee7960cd3348eea7d337d2f2a8fb508b6be472b1c5930ec19c788b166b3763e881793b3d1db0e3a7cd0e5a
EAP-Message =
0xd6632f17cbca5b8ec1448144f127642e9f66c8d81bb7e0865efefa623c4d00b75f5d1e26efde9922100000820080578a8a501c7335077545d0ebc7aea2889586bf01bbda5ead6413af4c31c0477458db87cc3d219f1e4ad0a0cd6c03e2e703dc7d1c2fd09926ddcc07cacd4a1f020b2bd867563a541f9a412fd095aade7397df246c683c4913c5deed8195bf9a80a9a0751685185d86044defcfd8219bfd83cedc8590971ae00d97166a954160ba0f00008200809dcd5cd8efe85fd7166bb35b74bf771ff3d070eac9ecdec64e1e0a837ee828639b2b73503451b399b47334873d5f11ed37a124f646d873bce518d08f4fe44db73a5536f1a6811d1c35
EAP-Message =
0xd6a6aac2ca1029bf0b3204979a84cb92a7e37f2cfaa39b8ba9e71dd0ff68f2a1a52453c1a0400e8e01e1d4b4b14f2a5fa5e9111b5ff31d14030100010116030100208204bf2fcdebaeab35353996273a9778241f11046265d6ad496d7fad72c0b4f5
Message-Authenticator = 0xd3c94e5157d8a587b8514331bbb7f92b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "UGS Germany Client Certificate", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 4 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0213], Certificate
chain-depth=1,
error=0
--> User-Name = UGS Germany Client Certificate
--> BUF-Name = UGS Germany Root Certificate
--> subject = /C=DE/O=UGS Germany/CN=UGS Germany Root Certificate
--> issuer = /C=DE/O=UGS Germany/CN=UGS Germany Root Certificate
--> verify return:1
chain-depth=0,
error=0
--> User-Name = UGS Germany Client Certificate
--> BUF-Name = UGS Germany Client Certificate
--> subject = /C=DE/O=UGS Germany/CN=UGS Germany Client Certificate
--> issuer = /C=DE/O=UGS Germany/CN=UGS Germany Root Certificate
--> verify return:1
TLS_accept: SSLv3 read client certificate A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
TLS_accept: SSLv3 read certificate verify A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 44 to 134.244.128.148:1027
EAP-Message =
0x010500350d800000002b140301000101160301002013b1e70602eb05ee90844900284be0fb33d8e97f554ab907084a71f0864773be
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc478d9588628bd1276d1c70095dbd70d
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 134.244.128.148:1027, id=45, length=221
User-Name = "UGS Germany Client Certificate"
NAS-IP-Address = 134.244.128.148
Connect-Info = "CONNECT 11Mbps 802.11b"
Called-Station-Id = "00904b77d468"
Calling-Station-Id = "00095bb7df8c"
NAS-Identifier = "00-09-5b-b7-df-8c"
NAS-Port-Type = Wireless-802.11
NAS-Port = 6
NAS-Port-Id = "6"
Framed-MTU = 1400
State = 0xc478d9588628bd1276d1c70095dbd70d
EAP-Message =
0x020500210d8000000017150301001227e7dd6ae29ec75937855d110deed2943065
Message-Authenticator = 0xa319a7944836b2a8337ec9e579d283d3
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "UGS Germany Client Certificate", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 5 length 33
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
>>>>>>>>>>>>>>>>>>>>>>>>>>> rlm_eap_tls: Received unexpected tunneled data after
>>>>>>>>>>>>>>>>>>>>>>>>>>> successful handshake.
rlm_eap: Handler failed in EAP/tls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 4
modcall: group authenticate returns invalid for request 4
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 41 with timestamp 4174e2ab
Cleaning up request 1 ID 42 with timestamp 4174e2ab
Cleaning up request 2 ID 43 with timestamp 4174e2ab
Cleaning up request 3 ID 44 with timestamp 4174e2ab
Sending Access-Reject of id 45 to 134.244.128.148:1027
EAP-Message = 0x04050004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 4 ID 45 with timestamp 4174e2ab
Nothing to do. Sleeping until we see a request.
