Have you use the last Intel driver, Firmware and the XP update for WPA?? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Adam Rogalski Sent: Saturday, December 31, 2005 5:12 PM To: FreeRadius users mailing list Subject: Re: FreeRadius +TLS (base on openssl)
Hi thanks for replay, I use only one static IP adress on my server, were I have radius. And I made client and server certificate with xpextenisions file so I think it's not that. Regards Adam ----- Original Message ----- From: "Frank Buttner" <[EMAIL PROTECTED]> To: "'FreeRadius users mailing list'" <freeradius-users@lists.freeradius.org> Sent: Saturday, December 31, 2005 10:18 AM Subject: RE: FreeRadius +TLS (base on openssl) > Have your radius server multiple IP addresses? In my case that was one of > my > problems. And the second was that the client and server certificate has > not > extensions part. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > ] On Behalf Of Adam Rogalski > Sent: Friday, December 30, 2005 12:10 PM > To: FreeRadius users mailing list > Subject: FreeRadius +TLS (base on openssl) > > Hi > > I figth with my Radius for one week and I don't have more ideas. I would > like to make my home network with WPA enterprise (WPA with TKIP + 802.1x). > I > made my own CA and generate certificates for server and client. Everything > like I red in howto from freeradius.org. My server is on fedora core 4 but > I > try on slackware too. > When I use on my AP (linksys wrt54g) WPA enterprise command radiusd -X > stops > after: > > Listening on authentication *:1812 > Listening on accounting *:1813 > Listening on proxy *:1814 > Ready to process requests. > > > > when I change for only RADIUS and WEP I get after radiusd -X message: > > [EMAIL PROTECTED] sbin]# ./radiusd -X > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /etc/raddb/proxy.conf > Config: including file: /etc/raddb/clients.conf > Config: including file: /etc/raddb/snmp.conf > Config: including file: /etc/raddb/eap.conf > Config: including file: /etc/raddb/sql.conf > main: prefix = "/usr" > main: localstatedir = "/var" > main: logdir = "/var/log/radius" > main: libdir = "/usr/lib" > main: radacctdir = "/var/log/radius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = "/var/log/radius/radius.log" > main: log_auth = no > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = "/var/run/radiusd/radiusd.pid" > main: user = "nobody" > main: group = "nobody" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/sbin/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = yes > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 > read_config_files: reading dictionary > read_config_files: reading naslist > Using deprecated naslist file. Support for this will go away soon. > read_config_files: reading clients > read_config_files: reading realms > radiusd: entering modules setup > Module: Library search path is /usr/lib > Module: Loaded exec > exec: wait = yes > exec: program = "(null)" > exec: input_pairs = "request" > exec: output_pairs = "(null)" > exec: packet_type = "(null)" > rlm_exec: Wait=yes but no output defined. Did you mean output=none? > Module: Instantiated exec (exec) > Module: Loaded expr > Module: Instantiated expr (expr) > Module: Loaded PAP > pap: encryption_scheme = "crypt" > Module: Instantiated pap (pap) > Module: Loaded CHAP > Module: Instantiated chap (chap) > Module: Loaded MS-CHAP > mschap: use_mppe = yes > mschap: require_encryption = no > mschap: require_strong = no > mschap: with_ntdomain_hack = no > mschap: passwd = "(null)" > mschap: authtype = "MS-CHAP" > mschap: ntlm_auth = "(null)" > Module: Instantiated mschap (mschap) > Module: Loaded System > unix: cache = no > unix: passwd = "(null)" > unix: shadow = "/etc/shadow" > unix: group = "(null)" > unix: radwtmp = "/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 > Module: Instantiated unix (unix) > Module: Loaded eap > eap: default_eap_type = "tls" > eap: timer_expire = 60 > eap: ignore_unknown_eap_types = no > eap: cisco_accounting_username_bug = no > rlm_eap: Loaded and initialized type md5 > rlm_eap: Loaded and initialized type leap > gtc: challenge = "Password: " > gtc: auth_type = "PAP" > rlm_eap: Loaded and initialized type gtc > tls: rsa_key_exchange = no > tls: dh_key_exchange = yes > tls: rsa_key_length = 512 > tls: dh_key_length = 512 > tls: verify_depth = 0 > tls: CA_path = "(null)" > tls: pem_file_type = yes > tls: private_key_file = "/etc/raddb/certs/server_keycert.pem" > tls: certificate_file = "/etc/raddb/certs/server_keycert.pem" > tls: CA_file = "/etc/raddb/certs/cacert.pem" > tls: private_key_password = "adam01" > tls: dh_file = "/etc/raddb/certs/dh" > tls: random_file = "/etc/raddb/certs/random" > tls: fragment_size = 1024 > tls: include_length = yes > tls: check_crl = no > tls: check_cert_cn = "(null)" > rlm_eap: Loaded and initialized type tls > mschapv2: with_ntdomain_hack = no > rlm_eap: Loaded and initialized type mschapv2 > Module: Instantiated eap (eap) > Module: Loaded preprocess > preprocess: huntgroups = "/etc/raddb/huntgroups" > preprocess: hints = "/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no > Module: Instantiated preprocess (preprocess) > Module: Loaded realm > realm: format = "suffix" > realm: delimiter = "@" > realm: ignore_default = no > realm: ignore_null = no > Module: Instantiated realm (suffix) > Module: Loaded files > files: usersfile = "/etc/raddb/users" > files: acctusersfile = "/etc/raddb/acct_users" > files: preproxy_usersfile = "/etc/raddb/preproxy_users" > files: compat = "no" > Module: Instantiated files (files) > Module: Loaded Acct-Unique-Session-Id > acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, > Client-IP-Addre ss, NAS-Port" > Module: Instantiated acct_unique (acct_unique) > Module: Loaded detail > detail: detailfile = > "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m% > d" > detail: detailperm = 384 > detail: dirperm = 493 > detail: locking = no > Module: Instantiated detail (detail) > Module: Loaded radutmp > radutmp: filename = "/var/log/radius/radutmp" > radutmp: username = "%{User-Name}" > radutmp: case_sensitive = yes > radutmp: check_with_nas = yes > radutmp: perm = 384 > radutmp: callerid = yes > Module: Instantiated radutmp (radutmp) > Listening on authentication *:1812 > Listening on accounting *:1813 > Listening on proxy *:1814 > Ready to process requests. > > [EMAIL PROTECTED] sbin]# ./radiusd -X > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /etc/raddb/proxy.conf > Config: including file: /etc/raddb/clients.conf > Config: including file: /etc/raddb/snmp.conf > Config: including file: /etc/raddb/eap.conf > Config: including file: /etc/raddb/sql.conf > main: prefix = "/usr" > main: localstatedir = "/var" > main: logdir = "/var/log/radius" > main: libdir = "/usr/lib" > main: radacctdir = "/var/log/radius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = "/var/log/radius/radius.log" > main: log_auth = no > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = "/var/run/radiusd/radiusd.pid" > main: user = "nobody" > main: group = "nobody" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/sbin/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = yes > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 > read_config_files: reading dictionary > read_config_files: reading naslist > Using deprecated naslist file. Support for this will go away soon. > read_config_files: reading clients > read_config_files: reading realms > radiusd: entering modules setup > Module: Library search path is /usr/lib > Module: Loaded exec > exec: wait = yes > exec: program = "(null)" > exec: input_pairs = "request" > exec: output_pairs = "(null)" > exec: packet_type = "(null)" > rlm_exec: Wait=yes but no output defined. Did you mean output=none? > Module: Instantiated exec (exec) > Module: Loaded expr > Module: Instantiated expr (expr) > Module: Loaded PAP > pap: encryption_scheme = "crypt" > Module: Instantiated pap (pap) > Module: Loaded CHAP > Module: Instantiated chap (chap) > Module: Loaded MS-CHAP > mschap: use_mppe = yes > mschap: require_encryption = no > mschap: require_strong = no > mschap: with_ntdomain_hack = no > mschap: passwd = "(null)" > mschap: authtype = "MS-CHAP" > mschap: ntlm_auth = "(null)" > Module: Instantiated mschap (mschap) > Module: Loaded System > unix: cache = no > unix: passwd = "(null)" > unix: shadow = "/etc/shadow" > unix: group = "(null)" > unix: radwtmp = "/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 > Module: Instantiated unix (unix) > Module: Loaded eap > eap: default_eap_type = "tls" > eap: timer_expire = 60 > eap: ignore_unknown_eap_types = no > eap: cisco_accounting_username_bug = no > rlm_eap: Loaded and initialized type md5 > rlm_eap: Loaded and initialized type leap > gtc: challenge = "Password: " > gtc: auth_type = "PAP" > rlm_eap: Loaded and initialized type gtc > tls: rsa_key_exchange = no > tls: dh_key_exchange = yes > tls: rsa_key_length = 512 > tls: dh_key_length = 512 > tls: verify_depth = 0 > tls: CA_path = "(null)" > tls: pem_file_type = yes > tls: private_key_file = "/etc/raddb/certs/server_keycert.pem" > tls: certificate_file = "/etc/raddb/certs/server_keycert.pem" > tls: CA_file = "/etc/raddb/certs/cacert.pem" > tls: private_key_password = "adam01" > tls: dh_file = "/etc/raddb/certs/dh" > tls: random_file = "/etc/raddb/certs/random" > tls: fragment_size = 1024 > tls: include_length = yes > tls: check_crl = no > tls: check_cert_cn = "(null)" > rlm_eap: Loaded and initialized type tls > mschapv2: with_ntdomain_hack = no > rlm_eap: Loaded and initialized type mschapv2 > Module: Instantiated eap (eap) > Module: Loaded preprocess > preprocess: huntgroups = "/etc/raddb/huntgroups" > preprocess: hints = "/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no > Module: Instantiated preprocess (preprocess) > Module: Loaded realm > realm: format = "suffix" > realm: delimiter = "@" > realm: ignore_default = no > realm: ignore_null = no > Module: Instantiated realm (suffix) > Module: Loaded files > files: usersfile = "/etc/raddb/users" > files: acctusersfile = "/etc/raddb/acct_users" > files: preproxy_usersfile = "/etc/raddb/preproxy_users" > files: compat = "no" > Module: Instantiated files (files) > Module: Loaded Acct-Unique-Session-Id > acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, > Client-IP-Addre ss, NAS-Port" > Module: Instantiated acct_unique (acct_unique) > Module: Loaded detail > detail: detailfile = > "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m% > d" > detail: detailperm = 384 > detail: dirperm = 493 > detail: locking = no > Module: Instantiated detail (detail) > Module: Loaded radutmp > radutmp: filename = "/var/log/radius/radutmp" > radutmp: username = "%{User-Name}" > radutmp: case_sensitive = yes > radutmp: check_with_nas = yes > radutmp: perm = 384 > radutmp: callerid = yes > Module: Instantiated radutmp (radutmp) > Listening on authentication *:1812 > Listening on accounting *:1813 > Listening on proxy *:1814 > Ready to process requests. > rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, > length=121 > User-Name = "Adam" > NAS-IP-Address = 192.168.1.1 > Called-Station-Id = "0014bf2f16c2" > Calling-Station-Id = "000e3573296d" > NAS-Identifier = "0014bf2f16c2" > NAS-Port = 55 > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x02000009014164616d > Message-Authenticator = 0x88f32269e104d036be28f8411cd133b6 > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > rlm_eap: EAP packet type response id 0 length 9 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 0 > users: Matched entry DEFAULT at line 152 > modcall[authorize]: module "files" returns ok for request 0 > modcall: group authorize returns updated for request 0 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 0 > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Requiring client certificate > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns handled for request 0 > modcall: group authenticate returns handled for request 0 Sending > Access-Challenge of id 0 to 192.168.1.1:2054 > EAP-Message = 0x010100060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x44e256d6f94136dbb146b56055f69cf3 > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, > length=236 > User-Name = "Adam" > NAS-IP-Address = 192.168.1.1 > Called-Station-Id = "0014bf2f16c2" > Calling-Station-Id = "000e3573296d" > NAS-Identifier = "0014bf2f16c2" > NAS-Port = 55 > Framed-MTU = 1400 > State = 0x44e256d6f94136dbb146b56055f69cf3 > NAS-Port-Type = Wireless-802.11 > EAP-Message = > 0x0201006a0d8000000060160301005b01000057030143b50d1a0e6730 > f71ec0114327ca53bc3eade6ecabd6c027a46f2642fb6e39d000003000390038003500160013 > 000a > 00330032002f0066000500040065006400630062006000150012000900140011000800030100 > Message-Authenticator = 0xe801c7aec46700968dfa44913e23d516 > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 1 > modcall[authorize]: module "preprocess" returns ok for request 1 > modcall[authorize]: module "chap" returns noop for request 1 > modcall[authorize]: module "mschap" returns noop for request 1 > rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 1 > rlm_eap: EAP packet type response id 1 length 106 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 1 > users: Matched entry DEFAULT at line 152 > modcall[authorize]: module "files" returns ok for request 1 > modcall: group authorize returns updated for request 1 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 1 > rlm_eap: Request found, released from the list > rlm_eap: EAP/tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate > rlm_eap_tls: processing TLS > rlm_eap_tls: Length Included > eaptls_verify returned 11 > (other): before/accept initialization > TLS_accept: before/accept initialization > rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello > TLS_accept: SSLv3 read client hello A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello > TLS_accept: SSLv3 write server hello A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 02a7], Certificate > TLS_accept: SSLv3 write certificate A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 010d], ServerKeyExchange > TLS_accept: SSLv3 write key exchange A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 0099], CertificateRequest > TLS_accept: SSLv3 write certificate request A > TLS_accept: SSLv3 flush data > TLS_accept:error in SSLv3 read client certificate A In SSL Handshake > Phase In SSL Accept mode > eaptls_process returned 13 > modcall[authenticate]: module "eap" returns handled for request 1 > modcall: group authenticate returns handled for request 1 Sending > Access-Challenge of id 0 to 192.168.1.1:2054 > EAP-Message = > 0x0102040a0dc0000004ab160301004a02000046030143b50c5e53e9e8 > a74a80938207f2b0b3bb015986bef383fbada6998b571453ee2050a14d2d1936b94767dc8e38 > 5486 > 0e4a418ee7d1541dc3c54807f12c5996889200390016030102a70b0002a30002a000029d3082 > 0299 > 30820202a003020102020101300d06092a864886f70d0101040500308185310b300906035504 > 0613 > 02504c311330110603550408130a446f6c6e79536c61736b3110300e0603550407130757726f > 636c > 6177310e300c060355040a1305446f6d656b3122302006035504031319736572776572656b2e > 6164 > 616d656b2e686f70746f2e6f7267311b301906092a864886f7 > EAP-Message = > 0x0d010901160c61726f67616c4077702e706c301e170d303531323330 > 3038333635345a170d3036313233303038333635345a308185310b300906035504061302504c > 3113 > 30110603550408130a446f6c6e79536c61736b3110300e0603550407130757726f636c617731 > 0e30 > 0c060355040a1305446f6d656b3122302006035504031319736572776572656b2e6164616d65 > 6b2e > 686f70746f2e6f7267311b301906092a864886f70d010901160c61726f67616c4077702e706c > 3081 > 9f300d06092a864886f70d010101050003818d0030818902818100e446b6595abca00c76e48b > 21d6 > 95f43d9a2770dd067bfcaef859ec5bcedb74a14600a9dd179e > EAP-Message = > 0x23d8f7809495f018a50d359f78915fb18b41a74e7441f6716823e415 > 0febd758698291dd48150bc697d56be21a536b089b17f9e3fa049db4e52402fac8f72e493cbf > cbda > 0e217cdd2a93598632c1c64cc7d70840ec0fbce918e30203010001a317301530130603551d25 > 040c > 300a06082b06010505070301300d06092a864886f70d0101040500038181000662e9a572dec1 > 51d2 > 6adb88c7cee3cc7bf0f7f41e8c03d8b85b2b7db7ab2b35fb21ecabb9f15f395e6482b762c04a > ec81 > 0c4a9883986037d5c17eaf0539e64aae928e7da2394d5b5b3c7d61791d3ae373cf15a1592502 > 1f00 > 51f518de9c12f6e04fe46f39a2b53f6b2345b0b94fc9da2499 > EAP-Message = > 0x110108df4251a2d2f21ca4ebaf2c160301010d0c0001090040ca7f38 > db174492ff0737acbd4117d15bb7b41b837016a8422f3a34f9af06244de89a01df120f154711 > 7480 > 2929bc655907ca6ff7b441f03ea72c1ad2c3caae8b00010500407f8f356cf73802cb22f17e4d > 3a2c > ea90839f15a1b1c4d7d15014724bd5ef9aba1e17dd262df70a5c8784c64dbd5dcb6a0ae0bdfa > 390b > 337d50ed9e97d97324b60080c10536878e2d1ec56f2ad550b03e61c35ae1920f1d5ab39c5ed5 > bfe2 > f8cd2b804799634038088cd836ab6229e86a39589c5a3f9cf93c700c2dfd6bf684ea2e5efc90 > 12db > f4a6704e75cdd233d632c43e0f0a762ad8df90da110e39dd2f > EAP-Message = 0x0aab1b9e0bc4fe20ea2b877b8ccb0c2e7b89e1e6952f > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x767b202144333f7b0182c93a33070eb4 > Finished request 1 > Going to the next request > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, > length=136 > User-Name = "Adam" > NAS-IP-Address = 192.168.1.1 > Called-Station-Id = "0014bf2f16c2" > Calling-Station-Id = "000e3573296d" > NAS-Identifier = "0014bf2f16c2" > NAS-Port = 55 > Framed-MTU = 1400 > State = 0x767b202144333f7b0182c93a33070eb4 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x020200060d00 > Message-Authenticator = 0x2e5131827a4a1a6955a9eada5a37ad5d > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 2 > modcall[authorize]: module "preprocess" returns ok for request 2 > modcall[authorize]: module "chap" returns noop for request 2 > modcall[authorize]: module "mschap" returns noop for request 2 > rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 2 > rlm_eap: EAP packet type response id 2 length 6 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 2 > users: Matched entry DEFAULT at line 152 > modcall[authorize]: module "files" returns ok for request 2 > modcall: group authorize returns updated for request 2 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 2 > rlm_eap: Request found, released from the list > rlm_eap: EAP/tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate > rlm_eap_tls: processing TLS > rlm_eap_tls: Received EAP-TLS ACK message > rlm_eap_tls: ack handshake fragment handler > eaptls_verify returned 1 > eaptls_process returned 13 > modcall[authenticate]: module "eap" returns handled for request 2 > modcall: group authenticate returns handled for request 2 Sending > Access-Challenge of id 0 to 192.168.1.1:2054 > EAP-Message = > 0x010300b50d80000004abea37366e949b739e4e8ce5d1051603010099 > 0d0000910403040102008a0088308185310b300906035504061302504c311330110603550408 > 130a > 446f6c6e79536c61736b3110300e0603550407130757726f636c6177310e300c060355040a13 > 0544 > 6f6d656b3122302006035504031319736572776572656b2e6164616d656b2e686f70746f2e6f > 7267 > 311b301906092a864886f70d010901160c61726f67616c4077702e706c0e000000 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xe15d58f49422b6ce53338dbcb286d67d > Finished request 2 > Going to the next request > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 192.168.1.1:2054, id=0, > length=147 > User-Name = "Adam" > NAS-IP-Address = 192.168.1.1 > Called-Station-Id = "0014bf2f16c2" > Calling-Station-Id = "000e3573296d" > NAS-Identifier = "0014bf2f16c2" > NAS-Port = 55 > Framed-MTU = 1400 > State = 0xe15d58f49422b6ce53338dbcb286d67d > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x020300110d800000000715030100020230 > Message-Authenticator = 0x9ccbb7428e7fb4c0adce582d01b259c6 > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 3 > modcall[authorize]: module "preprocess" returns ok for request 3 > modcall[authorize]: module "chap" returns noop for request 3 > modcall[authorize]: module "mschap" returns noop for request 3 > rlm_realm: No '@' in User-Name = "Adam", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 3 > rlm_eap: EAP packet type response id 3 length 17 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 3 > users: Matched entry DEFAULT at line 152 > modcall[authorize]: module "files" returns ok for request 3 > modcall: group authorize returns updated for request 3 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 3 > rlm_eap: Request found, released from the list > rlm_eap: EAP/tls > rlm_eap: processing type tls > rlm_eap_tls: Authenticate > rlm_eap_tls: processing TLS > rlm_eap_tls: Length Included > eaptls_verify returned 11 > rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert > read:fatal:unknown CA > TLS_accept:failed in SSLv3 read client certificate A > 2426:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown > ca:s3_pkt.c :1052:SSL alert number 48 > 2426:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake > failure:s3_pkt.c: 837: > rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. > In SSL Handshake Phase > In SSL Accept mode > rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails. > eaptls_process returned 13 > rlm_eap: Freeing handler > modcall[authenticate]: module "eap" returns reject for request 3 > modcall: group authenticate returns reject for request 3 > auth: Failed to validate the user. > Delaying request 3 for 1 seconds > Finished request 3 > Going to the next request > Waking up in 6 seconds... > --- Walking the entire request list --- > Sending Access-Reject of id 0 to 192.168.1.1:2054 > EAP-Message = 0x04030004 > Message-Authenticator = 0x00000000000000000000000000000000 > Cleaning up request 3 ID 0 with timestamp 43b50c5e Nothing to do. > Sleeping > until we see a request. > > > As a client I use my buildin centrino card intel2200 and windows xp with > sp2 > > > So if enybody can help I will be very gratefull > > Best regards > > Adam > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html