<sigh>
On 8/23/06, Tilen <[EMAIL PROTECTED]> wrote:
I get Access-Reject, whole debug log is here:
That is obviously a false statement. While eventually not decisive,
the output from startup is missing. Some Requests prior to #4 are
missing, which might already be more interesting. Finally you seem to
have edited the output in an ill-advised manner here:
[...]
rad_recv: Access-Request packet from host 192.168.1.1:3072, id=0,
length=147
User-Name = "test"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "004010100003"
Calling-Station-Id = "000e3557c74e"
NAS-Identifier = "004010100003"
NAS-Port = 30
Framed-MTU = 1400
State = 0x78d2170e45bcb6eac38f66525f681d9e
Message-Authenticator =
0x90ba3baf012b7509c5c4c985a5452b26
Message-Authenticator is misaligned and EAP-Message is missing, which
is definetly prohibiting the checking against the behaviour further
down (which does indeed look peculiar, and is not the standard openssl
error one would have guest from your previous truncations).
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
3239:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c:1052:SSL alert number 48
3239:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
failure:s3_pkt.c:837:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
_Again_ please see to provide details as has been requested numerous
times. Some sniffing on the radius server might be helpful here too.
I'll refrain from looking into that as long as I have to play some
sort of detective to even get to know what is going on on your
installation.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
