We are using FreeRADIUS Version 1.0.2, for host , built on Feb 23 2005 at 15:02:37
We are trying to validate a client XP machine using eap-tls. We used OpenSSL 0.9.7a Feb 19 2003 to generate the certs. I think we have everything configured correctly. We followed "FreeRADIUS EAP/TLS - WinXP HOWTO" at http://www.alphacore.net/contrib/nantes-wireless/eap-tls-HOWTO.html We still do not get a connection. Following is an excerpt from radiusd -X Can anyone give me idea what is going on? Thanks in advance! Bill Stewart :-) Kaman Corporation 1332 Blue Hills Avenue Bloomfield, Connecticut, 06002 (860) 243-7058 rad_recv: Access-Request packet from host 149.158.3.250:1598, id=179, length=69 User-Name = "00-01-f4-ec-97-29" User-Password = "NOPASSWORD" NAS-IP-Address = 149.158.3.250 NAS-Port = 2 rad_rmspace_pair: User-Password now 'NOPASSWORD' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 34 modcall[authorize]: module "preprocess" returns ok for request 34 modcall[authorize]: module "chap" returns noop for request 34 modcall[authorize]: module "mschap" returns noop for request 34 rlm_realm: No '@' in User-Name = "00-01-f4-ec-97-29", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 34 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 34 users: Matched entry DEFAULT at line 155 modcall[authorize]: module "files" returns ok for request 34 modcall: group authorize returns ok for request 34 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 34 modcall[authenticate]: module "unix" returns notfound for request 34 modcall: group authenticate returns notfound for request 34 auth: Failed to validate the user. Login incorrect: [00-01-f4-ec-97-29/NOPASSWORD] (from client wapcor001 port 2) rad_lowerpair: User-Name now '00-01-f4-ec-97-29' rad_rmspace_pair: User-Name now '00-01-f4-ec-97-29' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 34 modcall[authorize]: module "preprocess" returns ok for request 34 modcall[authorize]: module "chap" returns noop for request 34 modcall[authorize]: module "mschap" returns noop for request 34 rlm_realm: No '@' in User-Name = "00-01-f4-ec-97-29", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 34 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 34 users: Matched entry DEFAULT at line 155 modcall[authorize]: module "files" returns ok for request 34 modcall: group authorize returns ok for request 34 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 34 modcall[authenticate]: module "unix" returns notfound for request 34 modcall: group authenticate returns notfound for request 34 auth: Failed to validate the user. Login incorrect: [00-01-f4-ec-97-29/NOPASSWORD] (from client wapcor001 port 2) Delaying request 34 for 1 seconds Finished request 34 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 179 to 149.158.3.250:1598 Waking up in 4 seconds... rad_recv: Access-Request packet from host 149.158.3.250:1599, id=180, length=108 Message-Authenticator = 0x37d8f90a68b1ec4c01b9e2733740fd0f User-Name = "kmnradius" NAS-IP-Address = 149.158.3.250 NAS-Port = 2 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-01-f4-ec-97-29" EAP-Message = 0x0201000e016b6d6e726164697573 Framed-MTU = 1000 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 35 modcall[authorize]: module "preprocess" returns ok for request 35 modcall[authorize]: module "chap" returns noop for request 35 modcall[authorize]: module "mschap" returns noop for request 35 rlm_realm: No '@' in User-Name = "kmnradius", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 35 rlm_eap: EAP packet type response id 1 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 35 users: Matched entry DEFAULT at line 155 modcall[authorize]: module "files" returns ok for request 35 modcall: group authorize returns updated for request 35 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 35 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 35 modcall: group authenticate returns handled for request 35 Sending Access-Challenge of id 180 to 149.158.3.250:1599 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c931410196def2535559d9d1df4c661 Finished request 35 Going to the next request --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 34 ID 179 with timestamp 4230b1f9 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 35 ID 180 with timestamp 4230b1fd Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 149.158.3.250:1600, id=181, length=69 User-Name = "00-01-f4-ec-97-29" User-Password = "NOPASSWORD" NAS-IP-Address = 149.158.3.250 NAS-Port = 2 rad_rmspace_pair: User-Password now 'NOPASSWORD' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 36 modcall[authorize]: module "preprocess" returns ok for request 36 modcall[authorize]: module "chap" returns noop for request 36 modcall[authorize]: module "mschap" returns noop for request 36 rlm_realm: No '@' in User-Name = "00-01-f4-ec-97-29", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 36 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 36 users: Matched entry DEFAULT at line 155 modcall[authorize]: module "files" returns ok for request 36 modcall: group authorize returns ok for request 36 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 36 modcall[authenticate]: module "unix" returns notfound for request 36 modcall: group authenticate returns notfound for request 36 auth: Failed to validate the user. Login incorrect: [00-01-f4-ec-97-29/NOPASSWORD] (from client wapcor001 port 2) rad_lowerpair: User-Name now '00-01-f4-ec-97-29' rad_rmspace_pair: User-Name now '00-01-f4-ec-97-29' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 36 modcall[authorize]: module "preprocess" returns ok for request 36 modcall[authorize]: module "chap" returns noop for request 36 modcall[authorize]: module "mschap" returns noop for request 36 rlm_realm: No '@' in User-Name = "00-01-f4-ec-97-29", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 36 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 36 users: Matched entry DEFAULT at line 155 modcall[authorize]: module "files" returns ok for request 36 modcall: group authorize returns ok for request 36 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 36 modcall[authenticate]: module "unix" returns notfound for request 36 modcall: group authenticate returns notfound for request 36 auth: Failed to validate the user. Login incorrect: [00-01-f4-ec-97-29/NOPASSWORD] (from client wapcor001 port 2) Delaying request 36 for 1 seconds Finished request 36 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 181 to 149.158.3.250:1600 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 36 ID 181 with timestamp 4230b21b Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html