Hi All, I use freeradius-1.0.1 on linux and WindowXP+Dlink-120E Supplicant. I use cert.sh for generating certificats and "HOWTO: EAP/TLS" Setup for freeradius and WindowXP Supplicant" (http://freeradius.org/doc/EAPTLS.pdf) for setup wireless connection.
After setup and start freeradius, when I try to be connected I see in radius.log : Fri Nov 19 17:25:05 2004 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Nov 19 17:25:05 2004 : Info: Ready to process requests. Fri Nov 19 17:25:52 2004 : Info: rlm_eap_md5: Issuing Challenge Fri Nov 19 17:25:52 2004 : Info: rlm_eap_tls: Length Included Fri Nov 19 17:25:52 2004 : Error: TLS_accept:error in SSLv3 read client certificate A Fri Nov 19 17:25:52 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message Fri Nov 19 17:25:52 2004 : Info: rlm_eap_tls: Length Included Fri Nov 19 17:25:52 2004 : Info: (other): SSL negotiation finished successfully Fri Nov 19 17:26:55 2004 : Info: rlm_eap_md5: Issuing Challenge Fri Nov 19 17:26:55 2004 : Info: rlm_eap_tls: Length Included Fri Nov 19 17:26:55 2004 : Error: TLS_accept:error in SSLv3 read client certificate A Fri Nov 19 17:26:55 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message Fri Nov 19 17:26:56 2004 : Info: rlm_eap_tls: Length Included Fri Nov 19 17:26:56 2004 : Info: (other): SSL negotiation finished successfully Fri Nov 19 17:26:59 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message How to solve this problem? This is logs after strart radiusd -X -A: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms listen: port = 0 listen: type = "auth" radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "gljadikati" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = yes realm: ignore_null = yes Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.100:1031, id=104, length=192 User-Name = "Wireless Server certificate" NAS-IP-Address = 192.168.1.100 NAS-Identifier = "123456" NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 Called-Station-Id = "00-60-B3-18-6F-76" Calling-Station-Id = "00-05-5D-89-D1-A6" Connect-Info = "CONNECT BY 11MBPS 802.11B" EAP-Message = 0x0276002001576972656c65737320536572766572206365727469666963617465 Message-Authenticator = 0x0d799ba1cc028bcc28de83718dc74c23 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 118 length 32 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall[authorize]: module "files" returns notfound for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 104 to 192.168.1.100:1031 EAP-Message = 0x017700160410d4e2f57d7fa2aaa99faea8537043d574 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb32b31896c5d947c70faa5e1265692fc Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.100:1031, id=105, length=184 User-Name = "Wireless Server certificate" NAS-IP-Address = 192.168.1.100 NAS-Identifier = "123456" NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 Called-Station-Id = "00-60-B3-18-6F-76" Calling-Station-Id = "00-05-5D-89-D1-A6" Connect-Info = "CONNECT BY 11MBPS 802.11B" EAP-Message = 0x02770006030d State = 0xb32b31896c5d947c70faa5e1265692fc Message-Authenticator = 0xd1badf8f4abddb4c0ff965fe58cd5f32 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 119 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 modcall[authorize]: module "files" returns notfound for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/tls rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 105 to 192.168.1.100:1031 EAP-Message = 0x017800060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8dd690c80da6ba8bee401395d01038c9 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.100:1031, id=106, length=290 User-Name = "Wireless Server certificate" NAS-IP-Address = 192.168.1.100 NAS-Identifier = "123456" NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 Called-Station-Id = "00-60-B3-18-6F-76" Calling-Station-Id = "00-05-5D-89-D1-A6" Connect-Info = "CONNECT BY 11MBPS 802.11B" EAP-Message = 0x027800700d800000006616030100610100005d0301419e031ec83fb51acec481ca8febb6f686f5ffe2b638ab2a5f5499dd9a7326eb208badc70903b99e4e3fb821b08983c52854f6c0ddba4472d36c4b42b14e995612001600040005000a000900640062000300060013001200630100 State = 0x8dd690c80da6ba8bee401395d01038c9 Message-Authenticator = 0x565f3a04f3f69fb8166f32345c23b5f4 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 120 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 modcall[authorize]: module "files" returns notfound for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 062c], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0093], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 106 to 192.168.1.100:1031 EAP-Message = 0x0179040a0dc000000718160301004a020000460301419e03c48db4272aa17da38477b213c98c69d26571c6bf2eeeff212484ac420a2030d4a0548f045896e8ea03507c7a057016098c2ce4f27c5ebb2b67aa04006826000400160301062c0b0006280006250002bf308202bb30820224a003020102020102300d06092a864886f70d0101040500308181310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b13065345525645523120301e06035504031317576972656c65737343 EAP-Message = 0x6c69656e74204956432c4c74642e301e170d3034313131393134313531325a170d3035313131393134313531325a3081ab310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b1306534552564552312630240603550403131d49564320576972656c65737320526f6f742063657274696669636174653122302006092a864886f70d010901161373657276696365406976632e6e6e6f762e727530819f300d06092a864886f70d010101050003818d0030818902818100b1ba675e EAP-Message = 0x56f6dbd136e163d21017598b371ba663d627d75ad90011d9d8b211714a7df06c43516a962b794e926ae4d21e319334d1fc0c3bd54c4648a1dbb0e0b18ea93283edbb6b00957191f3908ed887d193b60aab08c976ca42da520818c3886caedf850354d578289ef2abde764cddafa9ae1680f2eb3291c1f1e74aec27210203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000381810016d0ed7ed0827c3dd03a1616209d259a77a3490a6d635225dba1466ba21fd2feb947a9c65290ded9f4c0181b91d87a757298308cc86aaf37abb97e5782777605e46bc225b79f02a1f8069af98cb71ae6 EAP-Message = 0x9162016f9d75135cb7472456783454b0c6609e43e44aec59de18ac372d4c5878b3cc217a964a19ed1f7601734db0541d0003603082035c308202c5a003020102020100300d06092a864886f70d0101040500308181310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b13065345525645523120301e06035504031317576972656c657373436c69656e74204956432c4c74642e301e170d3034313131393134313531305a170d3130303531323134313531305a308181310b3009 EAP-Message = 0x0603550406130252553111300f060355040813085072 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x394de5fc98e6b29b003e407560f3f08b Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.100:1031, id=107, length=184 User-Name = "Wireless Server certificate" NAS-IP-Address = 192.168.1.100 NAS-Identifier = "123456" NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 Called-Station-Id = "00-60-B3-18-6F-76" Calling-Station-Id = "00-05-5D-89-D1-A6" Connect-Info = "CONNECT BY 11MBPS 802.11B" EAP-Message = 0x027900060d00 State = 0x394de5fc98e6b29b003e407560f3f08b Message-Authenticator = 0xd4d22e01799675da977f3dc673e28a4d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 121 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 modcall[authorize]: module "files" returns notfound for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 107 to 192.168.1.100:1031 EAP-Message = 0x017a03220d80000007186f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b13065345525645523120301e06035504031317576972656c657373436c69656e74204956432c4c74642e30819f300d06092a864886f70d010101050003818d0030818902818100bb89202568952e36746798b08798e703c88014fd02b8dde2a7c7bedbd2b6ae25d00637a218c5a40684db84a915bfb23d58dc382cf0b191db09331c8bdfc15c298b5c3871128e15e99c04e05a0a6f86ffdaedd1d5e15f77fc5e57e52db05d9a8921dea90a140d990046ab11a52b2efc EAP-Message = 0x7fd29ca5ee4d98633be1f6feab2523ccbb0203010001a381e13081de301d0603551d0e04160414e2a2ecadd7009fb6997cac0ce856ad0d101ea4643081ae0603551d230481a63081a38014e2a2ecadd7009fb6997cac0ce856ad0d101ea464a18187a48184308181310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b13065345525645523120301e06035504031317576972656c657373436c69656e74204956432c4c74642e820100300c0603551d13040530030101ff300d06 EAP-Message = 0x092a864886f70d01010405000381810065b8a7db617091b6f7f9b7c2ca2a396e9060e237de9d962e7b7cdaf7118736365ad2d2c55c3849e18cfc4b5f9e7f24ae218ffdcd4dff697a2e8df22232d4a2670064cb6566c4a2c747649115f036e12a2ee7e621a927091b9d75a4fcb2a4f9c9d5df6868dea700a4fd5dab7f052d085591c33901b4c8d9e41bdbac477e1a08d216030100930d00008b02010200860084308181310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b130653 EAP-Message = 0x45525645523120301e06035504031317576972656c657373436c69656e74204956432c4c74642e0e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4c85896438aa07db1d651cf459f1a811 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.100:1031, id=108, length=1223 User-Name = "Wireless Server certificate" NAS-IP-Address = 192.168.1.100 NAS-Identifier = "123456" NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 Called-Station-Id = "00-60-B3-18-6F-76" Calling-Station-Id = "00-05-5D-89-D1-A6" Connect-Info = "CONNECT BY 11MBPS 802.11B" EAP-Message = 0x027a040d0d800000040316030103d30b0002c30002c00002bd308202b930820222a003020102020101300d06092a864886f70d0101040500308181310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b13065345525645523120301e06035504031317576972656c657373436c69656e74204956432c4c74642e301e170d3034313131393134313531315a170d3035313131393134313531315a3081a9310b30090603550406130252553111300f0603550408130850726f76696e EAP-Message = 0x6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b1306534552564552312430220603550403131b576972656c657373205365727665722063657274696669636174653122302006092a864886f70d010901161373657276696365406976632e6e6e6f762e727530819f300d06092a864886f70d010101050003818d0030818902818100ca8241887beb59fc24725ad7465aff8f5f6331cf4201df97b41063d7c6a76ed274cf4f92483bcc68b12907b323e55dd24724d8e8a3cf87b5a6ac508f69b7582d0b91e6a998180d4f5e7a2aaa65057a69880592837a EAP-Message = 0x94846bdba3fb2773bd4873c42f2a76b34ec7c474da9366baf52c2245955f9e2c72aeb00941e4bc0f40ce930203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d010104050003818100b99b967ffd4f77c14b086e119595b988d89adfaf96275ccb490b2955630f81d53230c84d144627526256533411a2f51a3dc9cb16261aba758cc494f86e30dfa36f83718f5673396ddb519a9a923e569b03a4dd18b891b21315120312f4104918dee76cd5f6a510fe57bc4e280f36f33e20ea01859c54dc6c4ca6e65d6b0f58d010000082008046f4266fd9883eca59b272d7d88f01b8b64367d3aa39d4f85605fa EAP-Message = 0xe057ce63411ec3806267a3e30f23ca5064cd8f3fde11a1a2e97154da10b1f4ad2bcea63b26d0999dec901a50f2ec3ee7ada45ab84d119525ea165a1feb3f6e77c5319d5a31c7db828208525f480ebfb78a463727cf0d798b21accb1cc6badf351e84d056b90f00008200800e70b53c5b973f698cb032a24198ceec98b837df558364b3d33924de13a79500e8cadccc02cb21f536825ea560014aa0f2c49ef0ffec81cdb6f713b211ba1f2f7fdb53184fda2afe082bf16569f5bac122843e2b28d55618ef46b778b05f9140f847ac609c457441daf5376297f14454552c1188ca4f0f2e4fd58109c1816c8014030100010116030100207f966ac37fb2a9 EAP-Message = 0x56370d8cbf4c2ebb56a8a52649128fc38253a1c504cc48ab28 State = 0x4c85896438aa07db1d651cf459f1a811 Message-Authenticator = 0xeadad6fc03fc3f17ae6e00dd349221c4 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 122 length 253 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 modcall[authorize]: module "files" returns notfound for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 02c7], Certificate chain-depth=1, error=0 --> User-Name = Wireless Server certificate --> BUF-Name = WirelessClient IVC,Ltd. --> subject = /C=RU/ST=Province/L=Nizhny Novgorod/O=IVC, Ltd./OU=SERVER/CN=WirelessClient IVC,Ltd. --> issuer = /C=RU/ST=Province/L=Nizhny Novgorod/O=IVC, Ltd./OU=SERVER/CN=WirelessClient IVC,Ltd. --> verify return:1 chain-depth=0, error=0 --> User-Name = Wireless Server certificate --> BUF-Name = Wireless Server certificate --> subject = /C=RU/ST=Province/L=Nizhny Novgorod/O=IVC, Ltd./OU=SERVER/CN=Wireless Server certificate/[EMAIL PROTECTED] --> issuer = /C=RU/ST=Province/L=Nizhny Novgorod/O=IVC, Ltd./OU=SERVER/CN=WirelessClient IVC,Ltd. --> verify return:1 TLS_accept: SSLv3 read client certificate A rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify TLS_accept: SSLv3 read certificate verify A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 108 to 192.168.1.100:1031 EAP-Message = 0x017b00350d800000002b14030100010116030100208fdb5abd1d35e23d9b4b848d426a773329758a39f83c1c91512d108845a682ad Message-Authenticator = 0x00000000000000000000000000000000 State = 0xae9a09fb63e35969b759bff48a5fe92a Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.1.100:1031, id=109, length=184 User-Name = "Wireless Server certificate" NAS-IP-Address = 192.168.1.100 NAS-Identifier = "123456" NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 Called-Station-Id = "00-60-B3-18-6F-76" Calling-Station-Id = "00-05-5D-89-D1-A6" Connect-Info = "CONNECT BY 11MBPS 802.11B" EAP-Message = 0x027b00060d00 State = 0xae9a09fb63e35969b759bff48a5fe92a Message-Authenticator = 0xe242f47f2c1348af0d43a5c811a119f9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 123 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 modcall[authorize]: module "files" returns notfound for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 5 modcall: group authenticate returns ok for request 5 Sending Access-Accept of id 109 to 192.168.1.100:1031 MS-MPPE-Recv-Key = 0x5d812b611b36803625b4a055032c14ff45e3070f1d948ef311fdea4c9bf6c7f6 MS-MPPE-Send-Key = 0x5a3cf6ad100455fb2ff70abdd1bc8e6313fb82a8aacc75acefd6c248e97ab68a EAP-Message = 0x037b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "Wireless Server certificate" Finished request 5 Going to the next request Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 104 with timestamp 419e03c4 Cleaning up request 1 ID 105 with timestamp 419e03c4 Cleaning up request 2 ID 106 with timestamp 419e03c4 Cleaning up request 3 ID 107 with timestamp 419e03c4 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 108 with timestamp 419e03c5 Cleaning up request 5 ID 109 with timestamp 419e03c5 Nothing to do. Sleeping until we see a request. Regards Mikhail Demekhov mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html