I am having an issue authenticating against mysql backended radius now. I have been toyin with this for around 4 hours, and cannot seem to make it work. In my previous email about rpm build, something about quirks was mentioned on this arch... it has me weary...
Here is the output from radiusd -X ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7a0f3a2b7b0d23f0e1d4dc591995af63 Finished request 13. Going to the next request Waking up in 9.9 seconds. User-Name = "digitalson" NAS-IP-Address = 192.168.246.5 NAS-Port = 0 Called-Station-Id = "00-1D-7E-97-F6-7A:Northpoint Premium" Calling-Station-Id = "00-1D-E0-8C-07-61" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0202007919800000006f160301006a01000066030147f95b9753cefb5adae0b4ba1f59 d49dc0614fbb9ff218341ee80ef4354aaa7d000018002f00350005000ac009c00ac013c0 140032003800130004010000250000000f000d00000a6469676974616c736f6e000a0008 0006001700180019000b00020100 State = 0x7a0f3a2b7b0d23f0e1d4dc591995af63 Message-Authenticator = 0x4a75ae062299e625fed959b6fa4bd464 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "digitalson", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 121 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 111 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 006a], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled EAP-Message = 0x0103040019c0000008bb160301004a02000046030147f9543a68321a7a62ce34c26376 3d3359f2099e1fd9ca05349a30804f08280420aea048386039e1a5cc9a13b4f0429a3914 fb0ae478c40bb9fcfc9adeadc74431002f00160301085e0b00085a0008570003a6308203 a23082028aa003020102020101300d06092a864886f70d0101040500308193310b300906 0355040613024652310f300d060355040813065261646975733112301006035504071309 536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e 06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603 5504 EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e17 0d3038303430363134333131365a170d3039303430363134333131365a307c310b300906 0355040613024652310f300d0603550408130652616469757331153013060355040a130c 4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665 722043657274696669636174653120301e06092a864886f70d010901161161646d696e40 6578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f0030 82010a0282010100ca117750f8f17a2992b0480a1399839df3eec850117b33a6f511045c 2093 EAP-Message = 0xea2001890a23edf356bcdb56313eaac53f5a9783a01cfe4b39a11e8f6e82dd36326b42 dc2605862d578bdf14bfc46dd83a66b0620a9852fe5f01e360e86cf158556d3843c9a370 dd7ed1a0b6da543766b806b94cd419f6a20569b120002f010c4fb65d552527040a6fce79 b5552714e8492a40f0661c88003c8e513c605fe44a8bbe2fd809e6325cde81310109c86d e406aa83fbb92d28cbf54efb47b1359dcc15fee7770389f0cf81203a81936d23f4eb4ae5 cec9913065dbb8a6364efbf4057cfdb1249317865866f0a56f62bb563b1a1cb1f57a0d40 2de7770548787e6812d4810203010001a317301530130603551d25040c300a06082b0601 0505 EAP-Message = 0x070301300d06092a864886f70d010104050003820101001d7a32050162b36928e88d5f 705cbee9f73970a986be65705210a399078f05012c239a18ea7b9605f35855cc26b91a91 9a5e578afd47847b5dd04e74e26bcbbcedc7632ef09e7a90825d5513681e0539f03aa6dd 74f932a1d27b80670734e9be3760f93673631b8b1bd663fde8356f2573ed87af640f9a50 401dcfdbb317115248e70b429ced6810b5e6fdf7bb4f373d445324acb9e50ea013624430 4df7dd6c12b4b7f2a340b8953b5f2320f099123c98f760b7d8c1e4120c2e9f45152074fa 1757ea0fe2aef2917cd3c120ca448ff70a4e074a67a59893ea2fdddfa7c793d65519720a f126 EAP-Message = 0xc21109cfb9e3422ba776a96b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7a0f3a2b780c23f0e1d4dc591995af63 Finished request 14. Going to the next request Waking up in 9.9 seconds. User-Name = "digitalson" NAS-IP-Address = 192.168.246.5 NAS-Port = 0 Called-Station-Id = "00-1D-7E-97-F6-7A:Northpoint Premium" Calling-Station-Id = "00-1D-E0-8C-07-61" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300061900 State = 0x7a0f3a2b780c23f0e1d4dc591995af63 Message-Authenticator = 0x1ce44b64106d26fcd359de6619859946 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "digitalson", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled EAP-Message = 0x010403fc1940970a7f6f1c3963e9ee36c9d44b1e0004ab308204a73082038fa0030201 02020900945a69e3e183b155300d06092a864886f70d0101050500308193310b30090603 55040613024652310f300d06035504081306526164697573311230100603550407130953 6f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06 092a864886f70d010901161161646d696e406578616d706c652e636f6d31263024060355 0403131d4578616d706c6520436572746966696361746520417574686f72697479301e17 0d3038303430363134333131355a170d3038303530363134333131355a308193310b3009 0603 EAP-Message = 0x55040613024652310f300d060355040813065261646975733112301006035504071309 536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e 06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603 550403131d4578616d706c6520436572746966696361746520417574686f726974793082 0122300d06092a864886f70d01010105000382010f003082010a0282010100c5e93d4905 1e396fb916d49d7953268bf0a4ca316b9039587d2a4be095d95a410a7fb23f8a54e80997 12211740ae4a215077f8f0e393429649fede567817eecc110fa93800f2d5b3c26a017b5f 2ab0 EAP-Message = 0xbce70664aa453ab85af07f0f2ea63c5421a39c856c06b1a6261b8e93fe1ef88ff615a5 6c17d96bc6c4499872300813316678cfc6223eecb54844fe7e578e6dffdad24db022c315 c5da9eedde0d35c003d33c195e381b0388d68b07549bf349e186fc4dff38f634549dedb8 dfcf06771f296d2ea99f2a2d5f08f0359887dd51885b5eec69d78e6cb95f0cdfba41447a ca7dc777067ecea80dd8f5c5c246e207c3a9afbf1350857b449b3b8cc8d6570bfe290203 010001a381fb3081f8301d0603551d0e041604149404f079c9d6448388d1d83af2cb1493 98094d863081c80603551d230481c03081bd80149404f079c9d6448388d1d83af2cb1493 9809 EAP-Message = 0x4d86a18199a48196308193310b3009060355040613024652310f300d06035504081306 5261646975733112301006035504071309536f6d65776865726531153013060355040a13 0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e40 6578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966 696361746520417574686f72697479820900945a69e3e183b155300c0603551d13040530 030101ff300d06092a864886f70d010105050003820101003b94781a23220539481af383 f93b481cf03c645b2ed6ea40331ba8bbe72299c64b416153fc059c8d8beeaf2487ab0cd4 5089 EAP-Message = 0xc4e35d2df42af41f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7a0f3a2b790b23f0e1d4dc591995af63 Finished request 15. Going to the next request Waking up in 9.9 seconds. User-Name = "digitalson" NAS-IP-Address = 192.168.246.5 NAS-Port = 0 Called-Station-Id = "00-1D-7E-97-F6-7A:Northpoint Premium" Calling-Station-Id = "00-1D-E0-8C-07-61" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400061900 State = 0x7a0f3a2b790b23f0e1d4dc591995af63 Message-Authenticator = 0xdcb63ac17c637f3a2986c92aff1f3af0 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "digitalson", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 4 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled EAP-Message = 0x010500d519001afd8b58bd12e3cb9fedaf77df710a1b666378f924516cb6351265906d d9dcf5cc8b6c9f6c4e98e7bdc03e464e0086f76c69294284fe27e0429cdc608ad2290544 97961089f1a6b59a255a4e289556f77922ebeae185caac925ae7b515ddd487009ab7d9bc 8a424e3a39cf78ce3dcad4e9a04043bac9cf89387f2947b064e201189139fce33b0e1d14 6d691c4c9d60c3285e6e45a531e9c7e8cf9a012a0d1459d2d7113aa6c7f9392cb1bb738c 086f6657446aa1f9014b1cdc490d0cdda99d70ad4d2135a1ad16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7a0f3a2b7e0a23f0e1d4dc591995af63 Finished request 16. Going to the next request Waking up in 9.9 seconds. User-Name = "digitalson" NAS-IP-Address = 192.168.246.5 NAS-Port = 0 Called-Station-Id = "00-1D-7E-97-F6-7A:Northpoint Premium" Calling-Station-Id = "00-1D-E0-8C-07-61" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020500061900 State = 0x7a0f3a2b7e0a23f0e1d4dc591995af63 Message-Authenticator = 0xc2f762f0550b5bc3d0385797a35f7bda +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "digitalson", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 5 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled EAP-Message = 0x010600061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7a0f3a2b7f0923f0e1d4dc591995af63 Finished request 17. Going to the next request Waking up in 9.9 seconds. Cleaning up request 12 ID 18 with timestamp +618 Cleaning up request 13 ID 19 with timestamp +618 Cleaning up request 14 ID 20 with timestamp +618 Cleaning up request 15 ID 21 with timestamp +618 Cleaning up request 16 ID 22 with timestamp +618 Cleaning up request 17 ID 23 with timestamp +618 Ready to process requests. Austin G. Smith, A+, MCP Digital Son, I.T. Services www.digitalson.com 678.213.0550 x:101 Office 678.213.0535 Fax Need reliable hosting? www.digitalsonhosting.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html