Hi All,
I am trying to use authenticate one embedded WLAN device with using
freeRadius server 2.0.4
I have radiusd.conf,client.conf files as per my configuration.
I have created certificates using bootstrap script.Values in
ca.cnf,client.cnf and server.cnf have been modified accordingly.
I have copied ca.pem, client.pem to device filesystem.Private key has been
extracted from client.pem.
Since last week I am trying to authenticate freeradius server but I am
getting error like "Unknown CA".
Please see attached radius logs.
When I verify client certificate using "openssl verify -CApath ca.pem
client.pem"
I see following error:
Error 20 at depth 0 lookup : unable to get local issuer certificate.
Device is already tested with Windows 2003 server's TLS(of course with
different set of certificates :<) ) and it is working fine.
What will be possible reason behind this and where am I going wrong?
Appreciate your help.
Thanks and Regards,
Avinash.
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020300060d00
NAS-IP-Address = 192.168.1.202
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "ttls", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
++[eap] returns handled
EAP-Message =
0x010402cd0d8000000aafccf9020b49263d2310a488bfd9b0fceb00498420a91d0649a4d9b0304ca8bf905e575fef160301020d0c0002090080b2f72f8891aa3dc35f1f4a7b84720c2231420c19d1ef3ed9c370cf15998c23f6154717aa1fa1dbc41eeeb2e849c67ec8a33153af1a89b9176e5b77219c7ad7a60a3711c8ef905b7f4f6c58f8f906d7d3ca47f336f9dd02a881fe26df88ef5061598810cb84de6af73246509e36b9bbe5009ebe4fd34a6a32fda99269054d4deb00010200802d3b669985b1de62a5963f89ed45302508f9b470eb4bfc14e8402ebfe818bdde521d2f8fa6045622ff544e00fde1f2d8f15f5af148cc3b0c961f565caeb440
EAP-Message =
0x6ece3b151f16aba0c5a5d00b65daa3fe6632eafe3eb1cd1397e84bc1fde8e7828764df86a10a4f3873f0e548b68deee887e908ee11b948ac1b03fc113f948f870d010015b933dc4a3ba5de954761525aff75ba8b48905029632c38ee64c07655a2a7f38f6ce47a141a8d08c64048d478a506fefbc8c6ed5dee82cec8ac3dc11ec2bf5da4eec7a38ac61ba22c457aff03a5cdbef5a65973f56ed168b2cc7adae11e3ec062aa16ed29816dab34dbc9a6ba66868261712a052a4e7d104c806c302f1ceaebe360d5163350f98f657985c3019315a2838428867d96dd05ffd25b03af9f743a0d89f20e9f0f5b1d24dc7b43bc15c75948d4d638ac8d3309b6e6
EAP-Message =
0x0d69ef9682c3799b8f937862abc892f9c762390a0636243884e4a19f82cee525441b702668c8324f65d6873ea2e66da74e2f0315ea3140ea4a697ef579582a06c1878fd704a816030100880d0000800403040102007900773075310b3009060355040613024b52310f300d06035504081306526164697573310e300c0603550407130553656f756c310c300a060355040a13034c47453122302006092a864886f70d0109011613726f6f74407261646975732e6663702e636f6d311330110603550403130a4578616d706c652043410e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc12f5c20c22b515967037c6c5beccf92
Finished request 125.
Going to the next request
Waking up in 4.0 seconds.
Message-Authenticator = 0x166c2b12ab14ab768f5610222b8ba289
Service-Type = Framed-User
User-Name = "ttls\000"
Framed-MTU = 1488
State = 0xc12f5c20c22b515967037c6c5beccf92
Called-Station-Id = "00-1E-C1-2D-D7-40:FCP_3COM"
Calling-Station-Id = "00-05-C9-A1-C9-70"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020405340d0016030103580b00035400035100034e3082034a30820232020102300d06092a864886f70d01010405003076310b3009060355040613024b52310f300d06035504081306526164697573310c300a060355040a13034c4745312330210603550403131a4578616d706c65205365727665722043657274696669636174653123302106092a864886f70d010901161461646d696e407261646975732e6663702e636f6d301e170d3038303531343037343431335a170d3039303531343037343431335a3060310b3009060355040613024b52310f300d06035504081306526164697573310c300a060355040a13034c4745310d300b06035504
EAP-Message =
0x03130474746c733123302106092a864886f70d010901161461646d696e407261646975732e6663702e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009ff6573f118c48f9f42b21acc00d14cc1ce40c744ff5bf65c1ff8b7b04428a18283118d344d98ec026a8b34c7b5ac20d1aa147e18aab065abdf08412911a08b156420e45a2675841ab6cb5a4fbf2b105f26bc6271a5ab90c9d4de41ed02d5655e10e4574ddfb039da18d48a8dfc21114fbe3d1069dc35b6751c61af032a31ecc8aa077923efdeaee3f423229f810a4322b4f6558c2232c5912dbcd3bc8417ceb35b9f74d4f5d720b86cb8afab816b878
EAP-Message =
0xdea323132fe4db8974d072a90b0b9df30002038d219ea167d757a3c4e9d5280b1dae15e697b952a61f4cea5cec93b9977822fbe1535a7662a5699a9b90e1bc1ed0ae55765658608a14bfcac4a8d6b37f0203010001300d06092a864886f70d0101040500038201010002bab9a9cc29dcf1b373c84622b9d13ed677e5e1a6856433e937f409f19209582278b1480a75130b71882fc45e547868c3cdd79e86e63c3cfb43c1c2489cd6bdea330f24222a1cc3fad971ab7104dc1929235a99d5998be64b84aae9ec2d2602f405ed0fb2e8ba369afad0749385b3ed08c9c0f9f18c3687c6afcddeecac323c88d6da65568a2f303ce62c5b5cd6d1aa13e56e99
EAP-Message =
0xd15fcdde24f742a367bd9aa43913ba3b399dc3c850144486b43392c6d8d87d69b469be79126c53de69220afad277d9cec8e60aefc2b3da0e7e2e1fca078aae990e01803a123573c2dbcdd061a4766cc5ff7a76b41e4dc7a0fd0484f9a61a2ca09cab9e83df83229f5776cdca16030100861000008200804a76db9355945aaf717f8a7568fa03ebc7bb1da2cec4b0a7d1b36b19865251e8d5fc4ae5a658c69a0a81035f8278fff05ba35253040a8b3fc2497bd23d3e9f768bd49d532b9533e3c190b4ee04f55ba31f5c09a8e6be7c77e363cc850c605ef684e28ce18ca84876c2925089493090944a7a9f6a58f1ee5509bde73c23db7fc016030101060f
EAP-Message =
0x000102010007da73b71081680d0ccd12d40af855bc90816632561fea32faf21a3463be10f4bb6ec08dfeea5936bf5d572b0de0f266dc69f678a1a2d40ee32d1dc39eb812ae7e870e920fb86b8ce35a4512c704f30669bc5c5988e9c50b8db01160f871db1b5c18fb0506b408404ea2b7ece24901aa31b440c7f11fdac2c41b29628d7797a75f0216b877646b087fab0dcaf91e4c01cc95ba1f7385e365315ee0b46ef16b4b65e86eef1010cc75592239febf58cc765071220c474a0065cd66659537a1fcc233233eb57eca8697e280a6ff52d319dbb48079aa6686f09f932b0dd8ebb7b053749b39d907d9d0a196d3260609345dc087cb0ff93b025b17
EAP-Message =
0x5d24d18cb97255261403010001011603010030b93b0fecb353228ab7434bb2f5bdcbf0f55c8e2a633653835fc5415535d493b2dd58b1cf94a7979368eafe0d322f2f0d
NAS-IP-Address = 192.168.1.202
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "ttls", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0358], Certificate
--> verify error:num=20:unable to get local issuer certificate
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [ttls\000/<via Auth-Type = EAP>] (from client 192.168.1.202
port 1 cli 00-05-C9-A1-C9-70)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> ttls
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 126 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 126
EAP-Message = 0x04040004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1.0 seconds.
Cleaning up request 122 ID 0 with timestamp +199
Waking up in 0.3 seconds.
Cleaning up request 123 ID 1 with timestamp +199
Waking up in 0.3 seconds.
Cleaning up request 124 ID 2 with timestamp +200
Waking up in 0.3 seconds.
Cleaning up request 125 ID 3 with timestamp +200
Waking up in 2.9 seconds.
Message-Authenticator = 0x4d9a9623cb2475dd10e22653c1a7ae4c
Service-Type = Framed-User
User-Name = "ttls\000"
Framed-MTU = 1488
Called-Station-Id = "00-1E-C1-2D-D7-40:FCP_3COM"
Calling-Station-Id = "00-05-C9-A1-C9-70"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020000090174746c73
NAS-IP-Address = 192.168.1.202
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "ttls", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 0 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x633ee06f633fed565e6416f23cd6dda4
Finished request 127.
Going to the next request
Waking up in 0.6 seconds.
Message-Authenticator = 0x6674fe99baaab5e60e7990a93c0d41e3
Service-Type = Framed-User
User-Name = "ttls\000"
Framed-MTU = 1488
State = 0x633ee06f633fed565e6416f23cd6dda4
Called-Station-Id = "00-1E-C1-2D-D7-40:FCP_3COM"
Calling-Station-Id = "00-05-C9-A1-C9-70"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020100740d001603010069010000650301482cd0f7bf2bfd7c2d577530058a2c98ec29d3710035e951c9c2f6cc7b61c81100003800390038003500880087008400160013000a00330032002f009a0099009600450044004100050004001500120009001400110008000600030100000400230000
NAS-IP-Address = 192.168.1.202
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "ttls", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 116
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0069], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 07bc], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
TLS_accept: SSLv3 write key exchange A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0088], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
++[eap] returns handled
EAP-Message =
0x010204000dc000000aaf160301004a020000460301482a8f22c6eb57d094dbd75b128797081e674708827c9eef57d66c3e4dd6941720170b864a9b84206b1d5ca52decb40d7a155ba5bf10b76baa4a41948b571670d100390016030107bc0b0007b80007b50003633082035f30820247020101300d06092a864886f70d01010405003075310b3009060355040613024b52310f300d06035504081306526164697573310e300c0603550407130553656f756c310c300a060355040a13034c47453122302006092a864886f70d0109011613726f6f74407261646975732e6663702e636f6d311330110603550403130a4578616d706c65204341301e170d
EAP-Message =
0x3038303531343037343333365a170d3039303531343037343333365a3076310b3009060355040613024b52310f300d06035504081306526164697573310c300a060355040a13034c4745312330210603550403131a4578616d706c65205365727665722043657274696669636174653123302106092a864886f70d010901161461646d696e407261646975732e6663702e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d5f502bcbedbaf8653eec69242f0b4bdd6dad0472b9355e7d278573b80bf13097e6a959ff530fbe1deb9a8d81dea922a8ffea06ed638dce9201c8593adac74094d7df4e64a5ff526
EAP-Message =
0x61d73041497df84b2ff318ca5f2866dbb57ad8d2c5f6cc8043a924592a4c45c06967eadcda1ce1470b3337920e2d40a5b4bd035cc1c992886a1c3ea4d786d0399ccd5965d9a5d606f3504d63cac0656da2d745d87642ef2691195a8d4a353786a60d44e9312326c36457d2573de93409973bb1f3a608b16d5d83eeffc16347433f8914cb5acdee9c8f1a56724da12b7d524bd6df22df519e1106d1c8575641ad1f5c5b8c2ba65179e22b9ef7c056005b15bc36b5efdbbf3f0203010001300d06092a864886f70d0101040500038201010018b1390115f8f4092f7a9edf1383789b1f403bb4654da6f34e7674943dd49a9b4a6921d7f6d065f44c8cb396
EAP-Message =
0x7f1961c9bc91c58c475c5606ff5c66c331f2f5f4fd89bc70d6977485a80edfade799ac97a18a8f64093978b51e67f6e442f223bd82cc947865d88d8309904511aea2f343d950d130a163e638c2fe3b165d4c2117898370a076f5394ebe527da241ebdc9d009496d42497ef198e3c96b4841d23412c5172498d0ad49fdc8069d499dadd3411558aae7b33f868cc77b85a6a062a3960fa65e6b103df086b18d9209973a3a90305a0a021462486c9cecea5c022da4e654c1c96460f672b303d3b8c853225969672c8885ecd26667319d8f28348352800044c3082044830820330a003020102020900cb105d7f528e47f7300d06092a864886f70d01010505
EAP-Message = 0x003075310b30090603550406
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x633ee06f623ced565e6416f23cd6dda4
Finished request 128.
Going to the next request
Waking up in 0.3 seconds.
Message-Authenticator = 0xcb8cb3b8f6e65e0fd04a0190f4a7ac0b
Service-Type = Framed-User
User-Name = "ttls\000"
Framed-MTU = 1488
State = 0x633ee06f623ced565e6416f23cd6dda4
Called-Station-Id = "00-1E-C1-2D-D7-40:FCP_3COM"
Calling-Station-Id = "00-05-C9-A1-C9-70"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020200060d00
NAS-IP-Address = 192.168.1.202
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "ttls", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
++[eap] returns handled
EAP-Message =
0x010304000dc000000aaf13024b52310f300d06035504081306526164697573310e300c0603550407130553656f756c310c300a060355040a13034c47453122302006092a864886f70d0109011613726f6f74407261646975732e6663702e636f6d311330110603550403130a4578616d706c65204341301e170d3038303531343037343332305a170d3038303631333037343332305a3075310b3009060355040613024b52310f300d06035504081306526164697573310e300c0603550407130553656f756c310c300a060355040a13034c47453122302006092a864886f70d0109011613726f6f74407261646975732e6663702e636f6d3113301106
EAP-Message =
0x03550403130a4578616d706c6520434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c9be90d1c40dcaa91bfff5e6cabcdee15639076d6783c2eb4ccd7030540514d1f4f7a38fa92398a64146596719696cbfa8ea059b76ab38e748ee17892e06c25ff02ce83dd24f97297dc6bc6ba6ff4ca026714fc7135c8f19753a48c9c365acabc10ef3e716bc553d3e17c800aa3784f7229b8ea123fb28d7fd3cab5d3d40cee911d600ce30e1debb5c70d2caa39efdeb900ee2a469d0cbafa5052b21f7e553fcad20577b622d4cc0857f39c40aa7b9fb065afac739b74d6d3dc92413644385a20c35e28234e158ed75432f99
EAP-Message =
0x9b51cf4b6671377f62386e3a4dc9dfcfee6eaef3ec08b223b36ab8f5ee3e048d047a62bfcaae221e16b5c976f3fa3ec119a66d830203010001a381da3081d7301d0603551d0e04160414b942c7cf714a3480f7834dc03d6a2edbacd184173081a70603551d2304819f30819c8014b942c7cf714a3480f7834dc03d6a2edbacd18417a179a4773075310b3009060355040613024b52310f300d06035504081306526164697573310e300c0603550407130553656f756c310c300a060355040a13034c47453122302006092a864886f70d0109011613726f6f74407261646975732e6663702e636f6d311330110603550403130a4578616d706c65204341
EAP-Message =
0x820900cb105d7f528e47f7300c0603551d13040530030101ff300d06092a864886f70d010105050003820101005cbe871c8eb11ce16adf565428e10de2a0f19ee1f3493f726a282179ac6cbbbe0534855ba65dfab8fbbd2b8169f90672a453704e8a36f65117c5ee035692c512950096696375650797a9b6aa93de1a6c2476c2055ba8cd5fe6ef1472431df6950b731f97fc2819740520f5d00d5ff759f06a7e8705b61f2e8270c7e9c0569760d36c4bb67c42b65d3b8f01b40aebf6d24b1a8f90cd2154f4eb07a4d27b396c1b8be40a7a0d9b9de93b4fe02607e5a2b2f4ad180b1929ea8fbcdb7a8ab6939bd02214fa006f156887c9dacfc92f7cb135
EAP-Message = 0xe7f88e2e242f88162f88e616
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x633ee06f613ded565e6416f23cd6dda4
Finished request 129.
Going to the next request
Cleaning up request 126 ID 4 with timestamp +202
Waking up in 4.3 seconds.
Message-Authenticator = 0xc5ef9c8a6f710e97046b6350a39b5bc5
Service-Type = Framed-User
User-Name = "ttls\000"
Framed-MTU = 1488
State = 0x633ee06f613ded565e6416f23cd6dda4
Called-Station-Id = "00-1E-C1-2D-D7-40:FCP_3COM"
Calling-Station-Id = "00-05-C9-A1-C9-70"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020300060d00
NAS-IP-Address = 192.168.1.202
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "ttls", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
++[eap] returns handled
EAP-Message =
0x010402cd0d8000000aafccf9020b49263d2310a488bfd9b0fceb00498420a91d0649a4d9b0304ca8bf905e575fef160301020d0c0002090080b2f72f8891aa3dc35f1f4a7b84720c2231420c19d1ef3ed9c370cf15998c23f6154717aa1fa1dbc41eeeb2e849c67ec8a33153af1a89b9176e5b77219c7ad7a60a3711c8ef905b7f4f6c58f8f906d7d3ca47f336f9dd02a881fe26df88ef5061598810cb84de6af73246509e36b9bbe5009ebe4fd34a6a32fda99269054d4deb00010200802ee4aa5cd24787de206c7a3133da723b11ed73abd9662d5a5198d61af8ac229a1e2e0e8bfcb8ea5dc5a92b777fb9675871caab52576021c7020f004921298c
EAP-Message =
0xc412eea49aa9435fe3e76b9a9508cfbea67e4bceee4345ddb0e6557c910627a83de74252d082a1d721c1fc309a388f82c2d3b5496994780a5ce3e723a134af40c501007a56f6c86417b891ea006596bddbbd7cc8ac9ebbba6797346d312b8a657f5d6e41827fa2a8340c451a0bee9d88ec0bdaaee8a6e7ba4dc3020b76fa668df45e7b5d5123099893d8f55d66e3401d021f97cefeeb08a57033b9a7950686454664fa562895f5bf29893e8c35439e72a94d56ba879e9947c502cf5110aabbce88143b527d09f1272901e994ee36656679fc04c1fceb5689fb8a475eed11c22278d9ccbb633b9acb7769a91b741750bc5c98c17850538ff8629e8d15fa
EAP-Message =
0x38c21762283068ff88b3819ee78870521bcb179239e975dc91ec8095b02431e5842329c2a3e567d2f21a1116d6fa61e4366820411dd0f03b9ac75f54324684bce4541589ce4216030100880d0000800403040102007900773075310b3009060355040613024b52310f300d06035504081306526164697573310e300c0603550407130553656f756c310c300a060355040a13034c47453122302006092a864886f70d0109011613726f6f74407261646975732e6663702e636f6d311330110603550403130a4578616d706c652043410e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x633ee06f603aed565e6416f23cd6dda4
Finished request 130.
Going to the next request
Waking up in 4.0 seconds.
Message-Authenticator = 0x2e039a51099ff7dc2812d5d147014a14
Service-Type = Framed-User
User-Name = "ttls\000"
Framed-MTU = 1488
State = 0x633ee06f603aed565e6416f23cd6dda4
Called-Station-Id = "00-1E-C1-2D-D7-40:FCP_3COM"
Calling-Station-Id = "00-05-C9-A1-C9-70"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020405330d0016030103580b00035400035100034e3082034a30820232020102300d06092a864886f70d01010405003076310b3009060355040613024b52310f300d06035504081306526164697573310c300a060355040a13034c4745312330210603550403131a4578616d706c65205365727665722043657274696669636174653123302106092a864886f70d010901161461646d696e407261646975732e6663702e636f6d301e170d3038303531343037343431335a170d3039303531343037343431335a3060310b3009060355040613024b52310f300d06035504081306526164697573310c300a060355040a13034c4745310d300b06035504
EAP-Message =
0x03130474746c733123302106092a864886f70d010901161461646d696e407261646975732e6663702e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009ff6573f118c48f9f42b21acc00d14cc1ce40c744ff5bf65c1ff8b7b04428a18283118d344d98ec026a8b34c7b5ac20d1aa147e18aab065abdf08412911a08b156420e45a2675841ab6cb5a4fbf2b105f26bc6271a5ab90c9d4de41ed02d5655e10e4574ddfb039da18d48a8dfc21114fbe3d1069dc35b6751c61af032a31ecc8aa077923efdeaee3f423229f810a4322b4f6558c2232c5912dbcd3bc8417ceb35b9f74d4f5d720b86cb8afab816b878
EAP-Message =
0xdea323132fe4db8974d072a90b0b9df30002038d219ea167d757a3c4e9d5280b1dae15e697b952a61f4cea5cec93b9977822fbe1535a7662a5699a9b90e1bc1ed0ae55765658608a14bfcac4a8d6b37f0203010001300d06092a864886f70d0101040500038201010002bab9a9cc29dcf1b373c84622b9d13ed677e5e1a6856433e937f409f19209582278b1480a75130b71882fc45e547868c3cdd79e86e63c3cfb43c1c2489cd6bdea330f24222a1cc3fad971ab7104dc1929235a99d5998be64b84aae9ec2d2602f405ed0fb2e8ba369afad0749385b3ed08c9c0f9f18c3687c6afcddeecac323c88d6da65568a2f303ce62c5b5cd6d1aa13e56e99
EAP-Message =
0xd15fcdde24f742a367bd9aa43913ba3b399dc3c850144486b43392c6d8d87d69b469be79126c53de69220afad277d9cec8e60aefc2b3da0e7e2e1fca078aae990e01803a123573c2dbcdd061a4766cc5ff7a76b41e4dc7a0fd0484f9a61a2ca09cab9e83df83229f5776cdca160301008510000081007fa5da09e4988a941f8924489609f8abb4c8a5e06d47864dc392d5676de5f26f2ac31163349e93345971a86e5d4435ace9a509c993ae81111771a26b2142037bd4de06a4da8e6dcd008300e4e86e3f18ea32b201b38daa70afa2805db5790928638488faae799bc05ef8124952131df77a0c1c424bf854ceb17f6d1f1d7d2d2616030101060f00
EAP-Message =
0x0102010016feca173177623256cd5c8891ec8405f18d6b6b7df73e4d46a1623f94eec78259421b67e50c3cd5101eb9a70274c2243fdc21714ac6b2745c16dec2389a8963409aed3b02e715c444b0da3137763abbf4c0f76dd45c76cba1dabde36e5a5953dea1800db3f65dea73affeb7e1d3cbabc45762b223a8656f946ffc552bb13f2b4527e0e5d94bff0734e9dd0f733a816f94416c5b8bca4c3c85be43966f561cb1ee63f3a5a16d5e37e858905f1bb84c93a7fc9ebe9e92c48acee6b4238f5f953ff45fc32f972b51815d63ba5b282eb8678cda1af2685cf1d03fca065f0eba03444a4d48ee838cea6750eec1b3ec9fb49681df21365eb20713b9
EAP-Message =
0x78d5256b3b6e9d1403010001011603010030f730bbfd2ddc9cc1de05fddabc585cfe98dcde89435f5a880b53d5cec78d0cb652a62bf0bcc4d7977d0927bf388decd1
NAS-IP-Address = 192.168.1.202
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "ttls", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0358], Certificate
--> verify error:num=20:unable to get local issuer certificate
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [ttls\000/<via Auth-Type = EAP>] (from client 192.168.1.202
port 1 cli 00-05-C9-A1-C9-70)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> ttls
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 131 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 131
EAP-Message = 0x04040004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1.0 seconds.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
