Hello all,
I am using Freeradius-1.0.2 in some tests I have to do, and I get the
following error "unable to get certificate CRL".
I attached the radius log for this problem(trace_unable_CRL).
If I set check_crl = no in the tls section of eap.conf file I get
another error: "fatal decrypt_error"(the corresponding log file is also
attached: trace_decrypt_err)
If you have an idea of why do I get this error please tell me .
Thanks !!
rad_recv: Access-Request packet from host 172.18.0.28:32797, id=1, length=131
Calling-Station-Id = "20-10-00-00-00-01"
Message-Authenticator = 0xc09296e0e297e91af27c633a5459d6ed
EAP-Message = 0x02120018017370636f6173743140616c636174656c2e726f
Framed-MTU = 3795
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 172.18.0.28
WiMAX-Attr-46 = 0x00250000100100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "alcatel.ro" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "alcatel.ro"
rlm_realm: Adding Stripped-User-Name = "spcoast1"
rlm_realm: Proxying request from user spcoast1 to realm alcatel.ro
rlm_realm: Adding Realm = "alcatel.ro"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 18 length 24
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 533
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 1 to 172.18.0.28:32797
EAP-Message = 0x011300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8c34538827939bb3bb1a0ecc2c37742f
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.0.28:32797, id=2, length=131
Calling-Station-Id = "20-10-00-00-00-01"
Message-Authenticator = 0x899c7971f3d5894f1e1503f0bc45b10b
EAP-Message = 0x02130006030d
Framed-MTU = 3795
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 172.18.0.28
State = 0x8c34538827939bb3bb1a0ecc2c37742f
WiMAX-Attr-46 = 0x00250000100100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: Looking up realm "alcatel.ro" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "alcatel.ro"
rlm_realm: Adding Stripped-User-Name = "spcoast1"
rlm_realm: Proxying request from user spcoast1 to realm alcatel.ro
rlm_realm: Adding Realm = "alcatel.ro"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 19 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 533
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/tls
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 2 to 172.18.0.28:32797
EAP-Message = 0x011400060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9c687e55b16b65767f05297e9f159b1a
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.0.28:32797, id=3, length=189
Calling-Station-Id = "20-10-00-00-00-01"
Message-Authenticator = 0x65ec1af79679d393051f016bc287687f
EAP-Message =
0x021400400d800000003616030100310100002d030146b6fe360102030405060708090a0b0c0d0e0f101112131415161718191a1b1c000006000a002f00350100
Framed-MTU = 3795
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 172.18.0.28
State = 0x9c687e55b16b65767f05297e9f159b1a
WiMAX-Attr-46 = 0x00250000100100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: Looking up realm "alcatel.ro" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "alcatel.ro"
rlm_realm: Adding Stripped-User-Name = "spcoast1"
rlm_realm: Proxying request from user spcoast1 to realm alcatel.ro
rlm_realm: Adding Realm = "alcatel.ro"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 20 length 64
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 533
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0031], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0438], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0061], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
hit in SSL is 0
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 3 to 172.18.0.28:32797
EAP-Message =
0x0115040a0dc0000004f2160301004a02000046030146b6fed2d90c82ef83dc50f53ed42d605704a5f2af486ac1f2741ac47318e7ef20f80478ec1392969232e2e72d7df9998529326705ed0d4f0b950b69433d048742000a0016030104380b000434000431000218308202143082017d020104300d06092a864886f70d01010405003050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b3009060355040313026361301e170d3036313132303135323930365a170d3037313132303135323930365a3055310b3009060355
EAP-Message =
0x040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b13037264723110300e060355040313076173622e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cbb5b3a2a5ace9d8cd6731122160396b47e68e4a1598ad1556f1866dac443aaa289f20337a22204eb78538fc8a3bfcd1be535298c12e55985fb50cfa3b49386d9f5383be937b31fa574daa2bae232aae4dd058c05e82f23ee0fc1ad368bbe7fd50bdc551e440f6ee82006aebc7499eec1469bfb3409028f3474f9bb2538f07990203010001300d06092a864886f70d010104
EAP-Message =
0x05000381810048faa8a1b7993087df11631d03285c12cef27cb6c4fbf340e92eae39b08d541b4890acbb2a08f1bc9b2265616aeebdb0a5599c373d1e903f598395c2ba8df82af9dde1d211ed23c92d0c215824c51974634b7a2bde7943342a3219ebc14ca4db53eae3f3957664d026ba2abb5ef86d1fc9040c940eb5b59d828f7c991c3d1ee70002133082020f30820178020100300d06092a864886f70d01010405003050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b3009060355040313026361301e170d30363131
EAP-Message =
0x32303135323734335a170d3037313132303135323734335a3050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b300906035504031302636130819f300d06092a864886f70d010101050003818d0030818902818100b87bfcb9783335c6ee9df194d18852e92e762deaba00889dcaaa1c7c631686083c11b4e39e6a1525e5d27bcc5121af7c4080cbe9cf855bbeac86b132b057be324d2d855a0d6f29f500d6cc0ccbccdb616d6f29377287bafc116e4e1b55cf1ed7478f4e41773abf267dc11766b8090c22dd56a0fd0c5c
EAP-Message = 0x84269727edd58bb9e74f0203010001300d06092a8648
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x863fd5a12e04024670831e0699514147
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.0.28:32797, id=4, length=131
Calling-Station-Id = "20-10-00-00-00-01"
Message-Authenticator = 0x90f3b75208573fa8a083d29f6e815e62
EAP-Message = 0x021500060d00
Framed-MTU = 3795
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 172.18.0.28
State = 0x863fd5a12e04024670831e0699514147
WiMAX-Attr-46 = 0x00250000100100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: Looking up realm "alcatel.ro" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "alcatel.ro"
rlm_realm: Adding Stripped-User-Name = "spcoast1"
rlm_realm: Proxying request from user spcoast1 to realm alcatel.ro
rlm_realm: Adding Realm = "alcatel.ro"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 21 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 533
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 4 to 172.18.0.28:32797
EAP-Message =
0x011600fc0d80000004f286f70d0101040500038181005ce646a4d51390a366e25a66fdb702e6979a90a003ebeec3a35e561d7a74ad8aa7f72b9ff1200ee8b9786cca3508a62ac21fd54a8c94f57b4a14789fe4da4b2124b5858fda873fb6123bfc640889368a4ee6b340e3ff36aec32b2c1abda267c25ef59fee9cdd62a434cd5dd0ab6e62c080e68133b0c0e306c3b1d5f00f08791616030100610d000059020102005400523050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b30090603550403130263610e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x49573c95d7a0cceceaed8b40f8bb1829
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.0.28:32797, id=5, length=1016
Calling-Station-Id = "20-10-00-00-00-01"
Message-Authenticator = 0x98eed031051d7876bfb180dd15190b23
EAP-Message =
0x021603750d800000036b160301021d0b0002190002160002133082020f30820178020100300d06092a864886f70d01010405003050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b3009060355040313026361301e170d3036313132303135323734335a170d3037313132303135323734335a3050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b300906035504031302636130819f300d06
EAP-Message =
0x092a864886f70d010101050003818d0030818902818100b87bfcb9783335c6ee9df194d18852e92e762deaba00889dcaaa1c7c631686083c11b4e39e6a1525e5d27bcc5121af7c4080cbe9cf855bbeac86b132b057be324d2d855a0d6f29f500d6cc0ccbccdb616d6f29377287bafc116e4e1b55cf1ed7478f4e41773abf267dc11766b8090c22dd56a0fd0c5c84269727edd58bb9e74f0203010001300d06092a864886f70d0101040500038181005ce646a4d51390a366e25a66fdb702e6979a90a003ebeec3a35e561d7a74ad8aa7f72b9ff1200ee8b9786cca3508a62ac21fd54a8c94f57b4a14789fe4da4b2124b5858fda873fb6123bfc640889
EAP-Message =
0x368a4ee6b340e3ff36aec32b2c1abda267c25ef59fee9cdd62a434cd5dd0ab6e62c080e68133b0c0e306c3b1d5f00f08791616030100861000008200809f21a841ccfc4c5fc63c0a328a26e5d78fc3a637e1063e042382bb0bcc1cbae8952834803cf673c4f9c6aa67a9cdf48356b7c12b58eae434d79488126c3104d0469ffadd443f8a1402d905a457478cb6a4e487a09c7525f838ca793d9112947411992d078d05e4429cef0b28616b24fe8ca2d41739bcc29bb2c420428d31fe7516030100860f000082008044178ae2fab6ecbf60536e01be151fbb629da3d46977dbcc04ea54488832d4284f23134ba41a6fc9b1d4284fe71152e605a8b9a851
EAP-Message =
0x9dcf61c1e3aade0321c64bdca19bc2d98f8a6787ed9b5c6174370628ab5b323b96a8153601a571932c554c2b9537342128ca522d89765a446a0bd8a01cd8a8ce71c1fec8521dcff8f8c7ca1403010001011603010028ee92163f4a6b1b2538c4c35a760737f72fec382f42d0eeb1b731eedb808fefdf27d4eecc7e65d29c
Framed-MTU = 3795
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 172.18.0.28
State = 0x49573c95d7a0cceceaed8b40f8bb1829
WiMAX-Attr-46 = 0x00250000100100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: Looking up realm "alcatel.ro" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "alcatel.ro"
rlm_realm: Adding Stripped-User-Name = "spcoast1"
rlm_realm: Proxying request from user spcoast1 to realm alcatel.ro
rlm_realm: Adding Realm = "alcatel.ro"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 22 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 533
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 021d], Certificate
--> verify error:num=3:unable to get certificate CRL
chain-depth=0,
error=3
--> User-Name = [EMAIL PROTECTED]
--> BUF-Name = ca
--> subject = /C=ch/ST=sh/L=sh/O=asb/OU=rdr/CN=ca
--> issuer = /C=ch/ST=sh/L=sh/O=asb/OU=rdr/CN=ca
--> verify return:0
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
12318:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
returned:s3_srvr.c:2004:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
hit in SSL is 0
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 5 to 172.18.0.28:32797
EAP-Message = 0x011700110d800000000715030100020230
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5ac2eb0ff6b15fa879a2d5b335114359
Finished request 4
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 1 with timestamp 46b6fed2
Cleaning up request 1 ID 2 with timestamp 46b6fed2
Cleaning up request 2 ID 3 with timestamp 46b6fed2
Cleaning up request 3 ID 4 with timestamp 46b6fed2
Cleaning up request 4 ID 5 with timestamp 46b6fed2
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.18.0.28:32796, id=1, length=131
Calling-Station-Id = "20-10-00-00-00-01"
Message-Authenticator = 0x22ebf9ae55871a1c1de1a3bdf2111086
EAP-Message = 0x02640018017370636f6173743140616c636174656c2e726f
Framed-MTU = 3795
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 172.18.0.28
WiMAX-Attr-46 = 0x00250000100100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "alcatel.ro" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "alcatel.ro"
rlm_realm: Adding Stripped-User-Name = "spcoast1"
rlm_realm: Proxying request from user spcoast1 to realm alcatel.ro
rlm_realm: Adding Realm = "alcatel.ro"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 100 length 24
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 533
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 1 to 172.18.0.28:32796
EAP-Message = 0x016500061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb2c1d890416c3898f4d6b8697368cd5c
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.0.28:32796, id=2, length=131
Calling-Station-Id = "20-10-00-00-00-01"
Message-Authenticator = 0x9f0dc2f291146b1ceb7db575dcc10fb8
EAP-Message = 0x02650006030d
Framed-MTU = 3795
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 172.18.0.28
State = 0xb2c1d890416c3898f4d6b8697368cd5c
WiMAX-Attr-46 = 0x00250000100100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: Looking up realm "alcatel.ro" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "alcatel.ro"
rlm_realm: Adding Stripped-User-Name = "spcoast1"
rlm_realm: Proxying request from user spcoast1 to realm alcatel.ro
rlm_realm: Adding Realm = "alcatel.ro"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 101 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 533
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/tls
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 2 to 172.18.0.28:32796
EAP-Message = 0x016600060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x89b3be3d0004829d6be986eb71f3283a
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.0.28:32796, id=3, length=189
Calling-Station-Id = "20-10-00-00-00-01"
Message-Authenticator = 0x535fafd07b98dded907fa6a22a103b85
EAP-Message =
0x026600400d800000003616030100310100002d030146b6fdcd0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c000006000a002f00350100
Framed-MTU = 3795
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 172.18.0.28
State = 0x89b3be3d0004829d6be986eb71f3283a
WiMAX-Attr-46 = 0x00250000100100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: Looking up realm "alcatel.ro" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "alcatel.ro"
rlm_realm: Adding Stripped-User-Name = "spcoast1"
rlm_realm: Proxying request from user spcoast1 to realm alcatel.ro
rlm_realm: Adding Realm = "alcatel.ro"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 102 length 64
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 533
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0031], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0438], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0061], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
hit in SSL is 0
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 3 to 172.18.0.28:32796
EAP-Message =
0x0167040a0dc0000004f2160301004a02000046030146b6fe6a9fe83eaa33937328cff937bc165ab0541216ae2506d6a2b87dcbc98020f8aa8865e9fbcb92865dcc3881523b69445107d876f5f615aa4caf4dc118c0c9000a0016030104380b000434000431000218308202143082017d020104300d06092a864886f70d01010405003050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b3009060355040313026361301e170d3036313132303135323930365a170d3037313132303135323930365a3055310b3009060355
EAP-Message =
0x040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b13037264723110300e060355040313076173622e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cbb5b3a2a5ace9d8cd6731122160396b47e68e4a1598ad1556f1866dac443aaa289f20337a22204eb78538fc8a3bfcd1be535298c12e55985fb50cfa3b49386d9f5383be937b31fa574daa2bae232aae4dd058c05e82f23ee0fc1ad368bbe7fd50bdc551e440f6ee82006aebc7499eec1469bfb3409028f3474f9bb2538f07990203010001300d06092a864886f70d010104
EAP-Message =
0x05000381810048faa8a1b7993087df11631d03285c12cef27cb6c4fbf340e92eae39b08d541b4890acbb2a08f1bc9b2265616aeebdb0a5599c373d1e903f598395c2ba8df82af9dde1d211ed23c92d0c215824c51974634b7a2bde7943342a3219ebc14ca4db53eae3f3957664d026ba2abb5ef86d1fc9040c940eb5b59d828f7c991c3d1ee70002133082020f30820178020100300d06092a864886f70d01010405003050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b3009060355040313026361301e170d30363131
EAP-Message =
0x32303135323734335a170d3037313132303135323734335a3050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b300906035504031302636130819f300d06092a864886f70d010101050003818d0030818902818100b87bfcb9783335c6ee9df194d18852e92e762deaba00889dcaaa1c7c631686083c11b4e39e6a1525e5d27bcc5121af7c4080cbe9cf855bbeac86b132b057be324d2d855a0d6f29f500d6cc0ccbccdb616d6f29377287bafc116e4e1b55cf1ed7478f4e41773abf267dc11766b8090c22dd56a0fd0c5c
EAP-Message = 0x84269727edd58bb9e74f0203010001300d06092a8648
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xaa99bd1462f410dc11a6a6761de1dfc9
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.0.28:32796, id=4, length=131
Calling-Station-Id = "20-10-00-00-00-01"
Message-Authenticator = 0xf485eab3f9a19ea023622b1a731c590e
EAP-Message = 0x026700060d00
Framed-MTU = 3795
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 172.18.0.28
State = 0xaa99bd1462f410dc11a6a6761de1dfc9
WiMAX-Attr-46 = 0x00250000100100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: Looking up realm "alcatel.ro" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "alcatel.ro"
rlm_realm: Adding Stripped-User-Name = "spcoast1"
rlm_realm: Proxying request from user spcoast1 to realm alcatel.ro
rlm_realm: Adding Realm = "alcatel.ro"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 103 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 533
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 4 to 172.18.0.28:32796
EAP-Message =
0x016800fc0d80000004f286f70d0101040500038181005ce646a4d51390a366e25a66fdb702e6979a90a003ebeec3a35e561d7a74ad8aa7f72b9ff1200ee8b9786cca3508a62ac21fd54a8c94f57b4a14789fe4da4b2124b5858fda873fb6123bfc640889368a4ee6b340e3ff36aec32b2c1abda267c25ef59fee9cdd62a434cd5dd0ab6e62c080e68133b0c0e306c3b1d5f00f08791616030100610d000059020102005400523050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b30090603550403130263610e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa8e5cef4dd04c58a12422974bc5e9067
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.0.28:32796, id=5, length=1016
Calling-Station-Id = "20-10-00-00-00-01"
Message-Authenticator = 0xef503c9ddc3fa507204420bee814019e
EAP-Message =
0x026803750d800000036b160301021d0b0002190002160002133082020f30820178020100300d06092a864886f70d01010405003050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b3009060355040313026361301e170d3036313132303135323734335a170d3037313132303135323734335a3050310b3009060355040613026368310b3009060355040813027368310b3009060355040713027368310c300a060355040a1303617362310c300a060355040b1303726472310b300906035504031302636130819f300d06
EAP-Message =
0x092a864886f70d010101050003818d0030818902818100b87bfcb9783335c6ee9df194d18852e92e762deaba00889dcaaa1c7c631686083c11b4e39e6a1525e5d27bcc5121af7c4080cbe9cf855bbeac86b132b057be324d2d855a0d6f29f500d6cc0ccbccdb616d6f29377287bafc116e4e1b55cf1ed7478f4e41773abf267dc11766b8090c22dd56a0fd0c5c84269727edd58bb9e74f0203010001300d06092a864886f70d0101040500038181005ce646a4d51390a366e25a66fdb702e6979a90a003ebeec3a35e561d7a74ad8aa7f72b9ff1200ee8b9786cca3508a62ac21fd54a8c94f57b4a14789fe4da4b2124b5858fda873fb6123bfc640889
EAP-Message =
0x368a4ee6b340e3ff36aec32b2c1abda267c25ef59fee9cdd62a434cd5dd0ab6e62c080e68133b0c0e306c3b1d5f00f08791616030100861000008200806ffcbe0dfa183678ed434bfcd5f90d2c3d2a8921ff63677a5d86b68fa2836bc27976bd848660a2ace7d5f6045090fc13f177651fa42127518f4ac99f10e58f45fc707bda6c9de95b08a2b0477e00c648b5d1965810cb5e4fb549e9f7115b854bfdcd83481d0b3134c7681e3818d792ee0ff0b313e18de447ff5cd795f7ed510716030100860f00008200805b74b9af2bced37cacc1c656c2033323c463afd46d2b75998f942a6e96cb88a2aa7b9ac9d0e0c8864054d4155bc3b1ea5837a2bb18
EAP-Message =
0x6ddbcb8c8aa2d34fc8f49c7b128e1885454313f7fd6e189a834c3f0d100cde44670ac9629d09bae908cd7a7a0fd5983d21cfe9f4afee2d7a63df6b7dcadeb052008b3ae52fce184cb889e71403010001011603010028a984f443c15e2ef560721574490852b76ca8844af9fdc310936ab58ee40c4e94153dd3db540c4680
Framed-MTU = 3795
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 172.18.0.28
State = 0xa8e5cef4dd04c58a12422974bc5e9067
WiMAX-Attr-46 = 0x00250000100100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: Looking up realm "alcatel.ro" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "alcatel.ro"
rlm_realm: Adding Stripped-User-Name = "spcoast1"
rlm_realm: Proxying request from user spcoast1 to realm alcatel.ro
rlm_realm: Adding Realm = "alcatel.ro"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 104 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 533
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 021d], Certificate
chain-depth=0,
error=0
--> User-Name = [EMAIL PROTECTED]
--> BUF-Name = ca
--> subject = /C=ch/ST=sh/L=sh/O=asb/OU=rdr/CN=ca
--> issuer = /C=ch/ST=sh/L=sh/O=asb/OU=rdr/CN=ca
--> verify return:1
TLS_accept: SSLv3 read client certificate A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal decrypt_error
TLS Alert write:fatal:decrypt error
TLS_accept:failed in SSLv3 read certificate verify B
12314:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is
not 01:rsa_pk1.c:100:
12314:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rsa_eay.c:618:
12314:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa
signature:s3_srvr.c:1850:
12314:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
failure:s3_pkt.c:837:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
hit in SSL is 0
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 5 to 172.18.0.28:32796
EAP-Message = 0x016900110d800000000715030100020233
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7034f050cb09b88bd8a1e3f22f5215b6
Finished request 4
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 1 with timestamp 46b6fe6a
Cleaning up request 1 ID 2 with timestamp 46b6fe6a
Cleaning up request 2 ID 3 with timestamp 46b6fe6a
Cleaning up request 3 ID 4 with timestamp 46b6fe6a
Cleaning up request 4 ID 5 with timestamp 46b6fe6a
Nothing to do. Sleeping until we see a request.
[EMAIL PROTECTED] sbin]#
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
