Johan Arens wrote:
Hi
I cannot authenticate with the radius, I got this error when the
handheld try to auth :
Wed Feb 15 15:27:42 2006 : Info: Ready to process requests.
Wed Feb 15 15:28:21 2006 : Error: TLS_accept:error in SSLv3 read
client certificate A
Wed Feb 15 15:28:21 2006 : Info: rlm_eap_tls: Received EAP-TLS ACK message
That is not a significant error - it's just noise, ignore it.
However, if I enable the radius inside the access point, the handheld
can authenticate. This tells me that the handheld has been configured
properly.
What is missing in my freeradius config ?
Probably nothing. The last thing the server does is:
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 8 to 192.168.0.1:1024
EAP-Message = snip
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8c3b86d02966b223e117138d5c1d946e
Finished request 2
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 7 with timestamp 43f489f9
Cleaning up request 2 ID 8 with timestamp 43f489f9
Nothing to do. Sleeping until we see a request.
The supplicant or the AP stops sending EAP messages. Up to that point as
far as FreeRadius is concerned it's all fine. Consult the logs on the
supplicant or AP to determine why.
Users
gun Auth-Type := EAP, User-Password := "gun123"
Note, although it is not likely to be causing your current problems, it
is ALMOST ALWAYS a bad idea to set Auth-Type to EAP. The default config
is very specific on this. It will certainly fail later on when the inner
request of the TTLS is handled and EAP gets forced for that username
when in fact you want PAP or something.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html