Hi, Thanks to David for you answer; Changing tls by ttls in the eap module don't change the rlm_eap message: rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned
If I change tls par ttls in the tls module the mac OSX ask for accepting certificate and I obtain: client connected via TTLS in the 802.1X logging window. But I don't connect to my network. I don't understand what happens now. If I configure the en1 interface by hand (ifconfig en1 .., route add default .) I can connect. Does this problem know of anyone ? regards Maurice ---------------------- The used eap.conf file: ----------------------- eap { # MB tls default_eap_type = md5 default_eap_type = tls timer_expire = 60 # MB yes ignore_unknown_eap_types = no ignore_unknown_eap_types = yes cisco_accounting_username_bug = no #MD5# md5 { } # Cisco LEAP leap { } gtc { auth_type = PAP } ## EAP-TLS # decommente MB tls { # changing tls by ttls to obtain freeradisu to work default_eap_type = ttls # CA_path=${raddbdir}/certs private_key_password = whatever private_key_file=${raddbdir}/certs/euler.univ-mrs.fr.pem # If Private key & Certificate are located in # the same file, then private_key_file & # certificate_file must contain the same file # name. certificate_file=${raddbdir}/certs/euler.univ-mrs.fr.pem # Trusted Root CA list CA_file = ${raddbdir}/certs/root.pem # CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random # MB 1750 fragment_size = 1024 fragment_size = 1750 include_length = yes check_crl = yes } ttls { # default_eap_type = md5 # # allowed values: {no, yes} copy_request_to_tunnel = yes # MB yes # allowed values: {no, yes} use_tunneled_reply = yesa # MB yes } The radiusd debugging output ----------------------------- auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 26 HASH: user mbourguel found in hashtable bucket 32912 modcall[authenticate]: module "unix" returns ok for request 26 modcall: group authenticate returns ok for request 26 Login OK: [mbourguel/XXXXX] (from client localhost port 265 cli 0011.2420.94f9) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 26 radius_xlat: '/var/log/radius/radacct/localhost/reply-detail-20050601' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/localhost/reply-detail-20050601 modcall[post-auth]: module "reply_log" returns ok for request 26 modcall: group post-auth returns ok for request 26 TTLS: Got tunneled Access-Accept rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 26 modcall: group authenticate returns ok for request 26 Login OK: [mbourguel/<no User-Password attribute>] (from client Radius port 265 cli 0011.2420.94f9) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 26 radius_xlat: '/var/log/radius/radacct/Wf-bast5/reply-detail-20050601' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/Wf-bast5/reply-detail-20050601 modcall[post-auth]: module "reply_log" returns ok for request 26 modcall: group post-auth returns ok for request 26 Sending Access-Accept of id 46 to 139.124.3.235:21645 Framed-MTU = 576 Service-Type = Framed-User Framed-MTU = 576 Service-Type = Framed-User MS-MPPE-Recv-Key = 0x6eb67fa031a685d0f892bf8c7d9e03a08f177601494b571538707de605d56af4 MS-MPPE-Send-Key = 0x8899e08fbcfb4523c7c0eb7d734df9973e032b78cb594a7c2d405d5bcba45438 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "mbourguel" Finished request 26 Going to the next request --- Walking the entire request list --- Waking up in 2 seconds... rad_recv: Accounting-Request packet from host 139.124.3.235:21645, id=47, length=210 Acct-Session-Id = "0000000C" Called-Station-Id = "0012.dacb.b0c0" Calling-Station-Id = "0011.2420.94f9" Cisco-AVPair = "ssid=tsunami" Cisco-AVPair = "nas-location=unspecified" Cisco-AVPair = "connect-progress=Call Up" Acct-Authentic = RADIUS User-Name = "mbourguel" Acct-Status-Type = Start NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "265" NAS-Port = 265 Service-Type = Framed-User NAS-IP-Address = 139.124.3.235 Acct-Delay-Time = 0 Processing the preacct section of radiusd.conf modcall: entering group preacct for request 27 modcall[preacct]: module "preprocess" returns noop for request 27 rlm_acct_unique: Hashing 'NAS-Port = 265,Client-IP-Address = Wf-bast5,NAS-IP-Address = 139.124.3.235,Acct-Session-Id = "0000000C",User-Name = "mbourguel"' rlm_acct_unique: Acct-Unique-Session-ID = "5c292ba8903fd30c". modcall[preacct]: module "acct_unique" returns ok for request 27 rlm_realm: No '@' in User-Name = "mbourguel", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 27 modcall[preacct]: module "files" returns noop for request 27 modcall: group preacct returns ok for request 27 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 27 radius_xlat: '/var/log/radius/radacct/Wf-bast5/detail-20050601' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/Wf-bast5/detail-20050601 modcall[accounting]: module "detail" returns ok for request 27 radius_xlat: '/var/log/radius/radutmp' radius_xlat: 'mbourguel' modcall[accounting]: module "radutmp" returns ok for request 27 modcall: group accounting returns ok for request 27 Sending Accounting-Response of id 47 to 139.124.3.235:21645 Finished request 27 Going to the next request Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 22 ID 42 with timestamp 429dc9aa Cleaning up request 23 ID 43 with timestamp 429dc9aa Cleaning up request 24 ID 44 with timestamp 429dc9aa Cleaning up request 25 ID 45 with timestamp 429dc9aa Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 26 ID 46 with timestamp 429dc9ae Cleaning up request 27 ID 47 with timestamp 429dc9ae Nothing to do. Sleeping until we see a request. Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 26 HASH: user mbourguel found in hashtable bucket 32912 modcall[authenticate]: module "unix" returns ok for request 26 modcall: group authenticate returns ok for request 26 Login OK: [mbourguel/XXXXXX] (from client localhost port 265 cli 0011.2420.94f9) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 26 radius_xlat: '/var/log/radius/radacct/localhost/reply-detail-20050601' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/localhost/reply-detail-20050601 modcall[post-auth]: module "reply_log" returns ok for request 26 modcall: group post-auth returns ok for request 26 TTLS: Got tunneled Access-Accept rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 26 modcall: group authenticate returns ok for request 26 Login OK: [mbourguel/<no User-Password attribute>] (from client Radius port 265 cli 0011.2420.94f9) *********************************************************** * e-mail : [EMAIL PROTECTED] * ---------------------------------------------------------- * Maurice Bourguel + * * CIRM - MENRT-CNRS-SMF + * * case 916, 163 Avenue de Luminy + tel (33) 04 91 83 30 23* * 13288 Marseille Cedex 9 + fax (33) 04 91 83 30 05* *********************************************************** *http://www.cirm.univ-mrs.fr * *********************************************************** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html