Hi All,
I use freeradius-1.0.1 on linux and WindowXP+Dlink-120E Supplicant.
I use cert.sh for generating certificats and "HOWTO: EAP/TLS" Setup
for freeradius and WindowXP Supplicant" (http://freeradius.org/doc/EAPTLS.pdf)
for setup wireless connection.
After setup and start freeradius, when I try to be connected I see in
radius.log :
Fri Nov 19 17:25:05 2004 : Info: Using deprecated naslist file. Support for
this will go away soon.
Fri Nov 19 17:25:05 2004 : Info: Ready to process requests.
Fri Nov 19 17:25:52 2004 : Info: rlm_eap_md5: Issuing Challenge
Fri Nov 19 17:25:52 2004 : Info: rlm_eap_tls: Length Included
Fri Nov 19 17:25:52 2004 : Error: TLS_accept:error in SSLv3 read client
certificate A
Fri Nov 19 17:25:52 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Fri Nov 19 17:25:52 2004 : Info: rlm_eap_tls: Length Included
Fri Nov 19 17:25:52 2004 : Info: (other): SSL negotiation finished
successfully
Fri Nov 19 17:26:55 2004 : Info: rlm_eap_md5: Issuing Challenge
Fri Nov 19 17:26:55 2004 : Info: rlm_eap_tls: Length Included
Fri Nov 19 17:26:55 2004 : Error: TLS_accept:error in SSLv3 read client
certificate A
Fri Nov 19 17:26:55 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Fri Nov 19 17:26:56 2004 : Info: rlm_eap_tls: Length Included
Fri Nov 19 17:26:56 2004 : Info: (other): SSL negotiation finished
successfully
Fri Nov 19 17:26:59 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message
How to solve this problem?
This is logs after strart radiusd -X -A:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
listen: port = 0
listen: type = "auth"
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "gljadikati"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = yes
realm: ignore_null = yes
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.100:1031, id=104, length=192
User-Name = "Wireless Server certificate"
NAS-IP-Address = 192.168.1.100
NAS-Identifier = "123456"
NAS-Port-Type = Wireless-802.11
Framed-MTU = 1400
Called-Station-Id = "00-60-B3-18-6F-76"
Calling-Station-Id = "00-05-5D-89-D1-A6"
Connect-Info = "CONNECT BY 11MBPS 802.11B"
EAP-Message =
0x0276002001576972656c65737320536572766572206365727469666963617465
Message-Authenticator = 0x0d799ba1cc028bcc28de83718dc74c23
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping
NULL due to config.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 118 length 32
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall[authorize]: module "files" returns notfound for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 104 to 192.168.1.100:1031
EAP-Message = 0x017700160410d4e2f57d7fa2aaa99faea8537043d574
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb32b31896c5d947c70faa5e1265692fc
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.100:1031, id=105, length=184
User-Name = "Wireless Server certificate"
NAS-IP-Address = 192.168.1.100
NAS-Identifier = "123456"
NAS-Port-Type = Wireless-802.11
Framed-MTU = 1400
Called-Station-Id = "00-60-B3-18-6F-76"
Calling-Station-Id = "00-05-5D-89-D1-A6"
Connect-Info = "CONNECT BY 11MBPS 802.11B"
EAP-Message = 0x02770006030d
State = 0xb32b31896c5d947c70faa5e1265692fc
Message-Authenticator = 0xd1badf8f4abddb4c0ff965fe58cd5f32
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping
NULL due to config.
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 119 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
modcall[authorize]: module "files" returns notfound for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/tls
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 105 to 192.168.1.100:1031
EAP-Message = 0x017800060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8dd690c80da6ba8bee401395d01038c9
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.100:1031, id=106, length=290
User-Name = "Wireless Server certificate"
NAS-IP-Address = 192.168.1.100
NAS-Identifier = "123456"
NAS-Port-Type = Wireless-802.11
Framed-MTU = 1400
Called-Station-Id = "00-60-B3-18-6F-76"
Calling-Station-Id = "00-05-5D-89-D1-A6"
Connect-Info = "CONNECT BY 11MBPS 802.11B"
EAP-Message =
0x027800700d800000006616030100610100005d0301419e031ec83fb51acec481ca8febb6f686f5ffe2b638ab2a5f5499dd9a7326eb208badc70903b99e4e3fb821b08983c52854f6c0ddba4472d36c4b42b14e995612001600040005000a000900640062000300060013001200630100
State = 0x8dd690c80da6ba8bee401395d01038c9
Message-Authenticator = 0x565f3a04f3f69fb8166f32345c23b5f4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping
NULL due to config.
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 120 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
modcall[authorize]: module "files" returns notfound for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 062c], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0093], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 106 to 192.168.1.100:1031
EAP-Message =
0x0179040a0dc000000718160301004a020000460301419e03c48db4272aa17da38477b213c98c69d26571c6bf2eeeff212484ac420a2030d4a0548f045896e8ea03507c7a057016098c2ce4f27c5ebb2b67aa04006826000400160301062c0b0006280006250002bf308202bb30820224a003020102020102300d06092a864886f70d0101040500308181310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b13065345525645523120301e06035504031317576972656c65737343
EAP-Message =
0x6c69656e74204956432c4c74642e301e170d3034313131393134313531325a170d3035313131393134313531325a3081ab310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b1306534552564552312630240603550403131d49564320576972656c65737320526f6f742063657274696669636174653122302006092a864886f70d010901161373657276696365406976632e6e6e6f762e727530819f300d06092a864886f70d010101050003818d0030818902818100b1ba675e
EAP-Message =
0x56f6dbd136e163d21017598b371ba663d627d75ad90011d9d8b211714a7df06c43516a962b794e926ae4d21e319334d1fc0c3bd54c4648a1dbb0e0b18ea93283edbb6b00957191f3908ed887d193b60aab08c976ca42da520818c3886caedf850354d578289ef2abde764cddafa9ae1680f2eb3291c1f1e74aec27210203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000381810016d0ed7ed0827c3dd03a1616209d259a77a3490a6d635225dba1466ba21fd2feb947a9c65290ded9f4c0181b91d87a757298308cc86aaf37abb97e5782777605e46bc225b79f02a1f8069af98cb71ae6
EAP-Message =
0x9162016f9d75135cb7472456783454b0c6609e43e44aec59de18ac372d4c5878b3cc217a964a19ed1f7601734db0541d0003603082035c308202c5a003020102020100300d06092a864886f70d0101040500308181310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b13065345525645523120301e06035504031317576972656c657373436c69656e74204956432c4c74642e301e170d3034313131393134313531305a170d3130303531323134313531305a308181310b3009
EAP-Message = 0x0603550406130252553111300f060355040813085072
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x394de5fc98e6b29b003e407560f3f08b
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.100:1031, id=107, length=184
User-Name = "Wireless Server certificate"
NAS-IP-Address = 192.168.1.100
NAS-Identifier = "123456"
NAS-Port-Type = Wireless-802.11
Framed-MTU = 1400
Called-Station-Id = "00-60-B3-18-6F-76"
Calling-Station-Id = "00-05-5D-89-D1-A6"
Connect-Info = "CONNECT BY 11MBPS 802.11B"
EAP-Message = 0x027900060d00
State = 0x394de5fc98e6b29b003e407560f3f08b
Message-Authenticator = 0xd4d22e01799675da977f3dc673e28a4d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping
NULL due to config.
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 121 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall[authorize]: module "files" returns notfound for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 107 to 192.168.1.100:1031
EAP-Message =
0x017a03220d80000007186f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b13065345525645523120301e06035504031317576972656c657373436c69656e74204956432c4c74642e30819f300d06092a864886f70d010101050003818d0030818902818100bb89202568952e36746798b08798e703c88014fd02b8dde2a7c7bedbd2b6ae25d00637a218c5a40684db84a915bfb23d58dc382cf0b191db09331c8bdfc15c298b5c3871128e15e99c04e05a0a6f86ffdaedd1d5e15f77fc5e57e52db05d9a8921dea90a140d990046ab11a52b2efc
EAP-Message =
0x7fd29ca5ee4d98633be1f6feab2523ccbb0203010001a381e13081de301d0603551d0e04160414e2a2ecadd7009fb6997cac0ce856ad0d101ea4643081ae0603551d230481a63081a38014e2a2ecadd7009fb6997cac0ce856ad0d101ea464a18187a48184308181310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b13065345525645523120301e06035504031317576972656c657373436c69656e74204956432c4c74642e820100300c0603551d13040530030101ff300d06
EAP-Message =
0x092a864886f70d01010405000381810065b8a7db617091b6f7f9b7c2ca2a396e9060e237de9d962e7b7cdaf7118736365ad2d2c55c3849e18cfc4b5f9e7f24ae218ffdcd4dff697a2e8df22232d4a2670064cb6566c4a2c747649115f036e12a2ee7e621a927091b9d75a4fcb2a4f9c9d5df6868dea700a4fd5dab7f052d085591c33901b4c8d9e41bdbac477e1a08d216030100930d00008b02010200860084308181310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b130653
EAP-Message =
0x45525645523120301e06035504031317576972656c657373436c69656e74204956432c4c74642e0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4c85896438aa07db1d651cf459f1a811
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.100:1031, id=108,
length=1223
User-Name = "Wireless Server certificate"
NAS-IP-Address = 192.168.1.100
NAS-Identifier = "123456"
NAS-Port-Type = Wireless-802.11
Framed-MTU = 1400
Called-Station-Id = "00-60-B3-18-6F-76"
Calling-Station-Id = "00-05-5D-89-D1-A6"
Connect-Info = "CONNECT BY 11MBPS 802.11B"
EAP-Message =
0x027a040d0d800000040316030103d30b0002c30002c00002bd308202b930820222a003020102020101300d06092a864886f70d0101040500308181310b30090603550406130252553111300f0603550408130850726f76696e6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b13065345525645523120301e06035504031317576972656c657373436c69656e74204956432c4c74642e301e170d3034313131393134313531315a170d3035313131393134313531315a3081a9310b30090603550406130252553111300f0603550408130850726f76696e
EAP-Message =
0x6365311830160603550407130f4e697a686e79204e6f76676f726f6431123010060355040a13094956432c204c74642e310f300d060355040b1306534552564552312430220603550403131b576972656c657373205365727665722063657274696669636174653122302006092a864886f70d010901161373657276696365406976632e6e6e6f762e727530819f300d06092a864886f70d010101050003818d0030818902818100ca8241887beb59fc24725ad7465aff8f5f6331cf4201df97b41063d7c6a76ed274cf4f92483bcc68b12907b323e55dd24724d8e8a3cf87b5a6ac508f69b7582d0b91e6a998180d4f5e7a2aaa65057a69880592837a
EAP-Message =
0x94846bdba3fb2773bd4873c42f2a76b34ec7c474da9366baf52c2245955f9e2c72aeb00941e4bc0f40ce930203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d010104050003818100b99b967ffd4f77c14b086e119595b988d89adfaf96275ccb490b2955630f81d53230c84d144627526256533411a2f51a3dc9cb16261aba758cc494f86e30dfa36f83718f5673396ddb519a9a923e569b03a4dd18b891b21315120312f4104918dee76cd5f6a510fe57bc4e280f36f33e20ea01859c54dc6c4ca6e65d6b0f58d010000082008046f4266fd9883eca59b272d7d88f01b8b64367d3aa39d4f85605fa
EAP-Message =
0xe057ce63411ec3806267a3e30f23ca5064cd8f3fde11a1a2e97154da10b1f4ad2bcea63b26d0999dec901a50f2ec3ee7ada45ab84d119525ea165a1feb3f6e77c5319d5a31c7db828208525f480ebfb78a463727cf0d798b21accb1cc6badf351e84d056b90f00008200800e70b53c5b973f698cb032a24198ceec98b837df558364b3d33924de13a79500e8cadccc02cb21f536825ea560014aa0f2c49ef0ffec81cdb6f713b211ba1f2f7fdb53184fda2afe082bf16569f5bac122843e2b28d55618ef46b778b05f9140f847ac609c457441daf5376297f14454552c1188ca4f0f2e4fd58109c1816c8014030100010116030100207f966ac37fb2a9
EAP-Message = 0x56370d8cbf4c2ebb56a8a52649128fc38253a1c504cc48ab28
State = 0x4c85896438aa07db1d651cf459f1a811
Message-Authenticator = 0xeadad6fc03fc3f17ae6e00dd349221c4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping
NULL due to config.
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 122 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall[authorize]: module "files" returns notfound for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 02c7], Certificate
chain-depth=1,
error=0
--> User-Name = Wireless Server certificate
--> BUF-Name = WirelessClient IVC,Ltd.
--> subject = /C=RU/ST=Province/L=Nizhny Novgorod/O=IVC,
Ltd./OU=SERVER/CN=WirelessClient IVC,Ltd.
--> issuer = /C=RU/ST=Province/L=Nizhny Novgorod/O=IVC,
Ltd./OU=SERVER/CN=WirelessClient IVC,Ltd.
--> verify return:1
chain-depth=0,
error=0
--> User-Name = Wireless Server certificate
--> BUF-Name = Wireless Server certificate
--> subject = /C=RU/ST=Province/L=Nizhny Novgorod/O=IVC,
Ltd./OU=SERVER/CN=Wireless Server certificate/[EMAIL PROTECTED]
--> issuer = /C=RU/ST=Province/L=Nizhny Novgorod/O=IVC,
Ltd./OU=SERVER/CN=WirelessClient IVC,Ltd.
--> verify return:1
TLS_accept: SSLv3 read client certificate A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
TLS_accept: SSLv3 read certificate verify A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 108 to 192.168.1.100:1031
EAP-Message =
0x017b00350d800000002b14030100010116030100208fdb5abd1d35e23d9b4b848d426a773329758a39f83c1c91512d108845a682ad
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae9a09fb63e35969b759bff48a5fe92a
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.1.100:1031, id=109, length=184
User-Name = "Wireless Server certificate"
NAS-IP-Address = 192.168.1.100
NAS-Identifier = "123456"
NAS-Port-Type = Wireless-802.11
Framed-MTU = 1400
Called-Station-Id = "00-60-B3-18-6F-76"
Calling-Station-Id = "00-05-5D-89-D1-A6"
Connect-Info = "CONNECT BY 11MBPS 802.11B"
EAP-Message = 0x027b00060d00
State = 0xae9a09fb63e35969b759bff48a5fe92a
Message-Authenticator = 0xe242f47f2c1348af0d43a5c811a119f9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "Wireless Server certificate", skipping
NULL due to config.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 123 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
modcall[authorize]: module "files" returns notfound for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 5
modcall: group authenticate returns ok for request 5
Sending Access-Accept of id 109 to 192.168.1.100:1031
MS-MPPE-Recv-Key =
0x5d812b611b36803625b4a055032c14ff45e3070f1d948ef311fdea4c9bf6c7f6
MS-MPPE-Send-Key =
0x5a3cf6ad100455fb2ff70abdd1bc8e6313fb82a8aacc75acefd6c248e97ab68a
EAP-Message = 0x037b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "Wireless Server certificate"
Finished request 5
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 104 with timestamp 419e03c4
Cleaning up request 1 ID 105 with timestamp 419e03c4
Cleaning up request 2 ID 106 with timestamp 419e03c4
Cleaning up request 3 ID 107 with timestamp 419e03c4
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 108 with timestamp 419e03c5
Cleaning up request 5 ID 109 with timestamp 419e03c5
Nothing to do. Sleeping until we see a request.
Regards
Mikhail Demekhov
mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
