Hi I have a little problem with authenticate using EAP/TLS on freeradius. After Access Challenge freeradius not display Reject or Accept, only going to the begin and repeat the same operation. What`s wrong ?? as NAS i`m using CISCO catalyst 2950 and client supplicant WinXP.
this is logs from tcpdump: 21:43:21.547329 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, Access Request (1), id: 0x7d length: 120 21:43:21.648845 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, Access Challenge (11), id: 0x7d length: 64 21:43:21.572693 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, Access Request (1), id: 0x7e length: 189 21:43:21.587661 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, Access Challenge (11), id: 0x7e length: 1100 21:43:21.602274 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, Access Request (1), id: 0x7f length: 115 21:43:21.604767 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, Access Challenge (11), id: 0x7f length: 976 21:43:21.620631 IP 192.168.1.9.radius > 192.168.1.7.radius: RADIUS, Access Request (1), id: 0x80 length: 115 21:43:21.629087 IP 192.168.1.7.radius > 192.168.1.9.radius: RADIUS, Access Challenge (11), id: 0x80 length: 68 and this is logs from freeradius debug mode: rad_recv: Access-Request packet from host 192.168.1.9:1812, id=207, length=115 NAS-IP-Address = 192.168.1.9 NAS-Port-Type = Async User-Name = "client" Service-Type = Framed-User Framed-MTU = 1500 Calling-Station-Id = "00-11-09-26-48-fa" State = 0xf4dbd9e74648ce65d56e471171d0e7f3 EAP-Message = 0x020200060d00 Message-Authenticator = 0x767944f13525d633320393682cb2403f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 90 modcall[authorize]: module "preprocess" returns ok for request 90 modcall[authorize]: module "chap" returns noop for request 90 modcall[authorize]: module "mschap" returns noop for request 90 rlm_realm: No '@' in User-Name = "client", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 90 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 90 modcall[authorize]: module "files" returns notfound for request 90 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 90 modcall: leaving group authorize (returns updated) for request 90 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 90 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 90 modcall: leaving group authenticate (returns handled) for request 90 Sending Access-Challenge of id 207 to 192.168.1.9 port 1812 EAP-Message = 0x010303900d8000000786310b300906035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c30819f300d06092a864886f70d010101050003818d0030818902818100ab728b302468bd3da758ecc16f15f289ae5c37adfac5899868d65302c0ee57926b30c6e450d5359222aa219ab45bb0e9dde0ff05f1435501f3331e19 EAP-Message = 0x88ba32d22d28818f980032dbc1f3da8223bb32cd29ae2c7ecbebd082539086f97fd226292ac4dcaa005767cd00ab6cd544325f19e2a19709b4db1df9952ede369656506b0203010001a38201023081ff301d0603551d0e041604143513a6ddabae787d49cc40b35d86cc53e716de263081cf0603551d230481c73081c480143513a6ddabae787d49cc40b35d86cc53e716de26a181a0a4819d30819a310b300906035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c EAP-Message = 0x0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c820900f3854e49a9d8e78c300c0603551d13040530030101ff300d06092a864886f70d0101050500038181002961967ffb8fd7a6b2062b2d78880f2a61c84eb4b52dc6eeae4511192dee95d22e354171bdca060b84cf6b7c6646081bd7d20d3c38d70708a2eb2695a5180a527354cf7105af7cddb16c3a38bf4bed480b0a50fbbeb7c932a7aed302ff4065763ef1dc7abc1b7459cc3db095bea25cbf11f863d8db6220c62499d15b0cb3a3f216030100ac0d0000a4020102009f009d30819a310b300906 EAP-Message = 0x035504061302504c311630140603550408130d7769656c6b6f706f6c736b6965311430120603550407130b6269616c6f736c69776965310f300d060355040a130670696f6e6172310f300d060355040b130670696f6e6172311e301c0603550403131546756e6e79626f6e6520576972656c657373204341311b301906092a864886f70d010901160c70696f6e61724077702e706c0e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8a37dd36bf1bbbf6747bb6c4216ea380 Finished request 90 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.9:1812, id=208, length=115 NAS-IP-Address = 192.168.1.9 NAS-Port-Type = Async User-Name = "client" Service-Type = Framed-User Framed-MTU = 1500 Calling-Station-Id = "00-11-09-26-48-fa" State = 0x8a37dd36bf1bbbf6747bb6c4216ea380 EAP-Message = 0x020300060d00 Message-Authenticator = 0x6de0700bd6d131fc1cec8bec76fcea72 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 91 modcall[authorize]: module "preprocess" returns ok for request 91 modcall[authorize]: module "chap" returns noop for request 91 modcall[authorize]: module "mschap" returns noop for request 91 rlm_realm: No '@' in User-Name = "client", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 91 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 91 modcall[authorize]: module "files" returns notfound for request 91 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 91 modcall: leaving group authorize (returns updated) for request 91 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 91 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 91 modcall: leaving group authenticate (returns handled) for request 91 Sending Access-Challenge of id 208 to 192.168.1.9 port 1812 EAP-Message = 0x0104000a0d8000000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7b7eac5f542d1c6ec0abd77c3ce3c509 Finished request 91 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 88 ID 205 with timestamp 467ad8b7 Cleaning up request 89 ID 206 with timestamp 467ad8b7 Cleaning up request 90 ID 207 with timestamp 467ad8b7 Cleaning up request 91 ID 208 with timestamp 467ad8b7 Nothing to do. Sleeping until we see a request. ---------------------------------------------------- Nieważne, kim jesteś i jak wyglądasz. Jesteś wart tyle, ile ktoś chce zapłacić za twoją śmierć... Przerażający thriller HOSTEL 2 - w kinach od 22 czerwca! http://klik.wp.pl/?adr=http%3A%2F%2Fadv.reklama.wp.pl%2Fas%2Fhostel2.html&sid=1196 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html