Hello,
I'm trying to do a TLS auth, and I get an error after user sending his
cert;
Could someone please take a look at the log error, maybe it tels you
more than I understand from it.
Thank you!
ps: the cert that is doing problems is a wimax device certificate.
EAP-Message = 0x010700060d00
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3308bf64350fb208895733f1ee92d0aa
Finished request 14.
Going to the next request
Waking up in 3.2 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 32792, id=137, length=449
User-Name = "{2}0017c4274...@asb.com"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Called-Station-Id = "00-00-00-00-00-00:"
Calling-Station-Id = "00-17-C4-27-4F-00"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x020701170d0064f6617958b72c8533fb1a7b14024c0ad059236a6816d7fc7e0744154b8509a42059d21e59ce8eb5c1ecc56859fe27e0cacd495a925f372a36a63245bf4c682c962a5c76808bc58072a902b1d2aaf2e2089db94ccc6bab639b3e3d0fe7ce507aa678646ad0f1c144f02540fabc197bfa6d20fb14ac286637830cb34749ad09c13eb8108dd2d74f114957ffed7eb7fc13f136c5ad2ae3cf72ba01d3c098c1daee398b7def439f63d71e8c3ddf7dcfa30762a1ac05cf28690796629477135c487f65838a3e4b79216cb33b7183015b5d3661605ee72a171403010001011603010030f4dead088c6fd814372bab3e64ed338d9c092cee7195
EAP-Message = 0x2572488de6e84a69ac6b8222da127be264180d403486f70baa24
State = 0x3308bf64350fb208895733f1ee92d0aa
Message-Authenticator = 0x28a0e6f06818284b670729e9df75d99c
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "asb.com" for User-Name = "{2}0017c4274...@asb.com"
[suffix] Found realm "asb.com"
[suffix] Adding Stripped-User-Name = "{2}0017C4274F00"
[suffix] Adding Realm = "asb.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Handshake [length 034f], Certificate
--> verify error:num=7:certificate signature failure
[tls] >>> TLS 1.0 Alert [length 0002], fatal decrypt_error
TLS Alert write:fatal:decrypt error
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
[tls] eaptls_process returned 4
[eap] Handler failed in EAP/tls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> {2}0017c4274...@asb.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 15 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 15
Sending Access-Reject of id 137 to 127.0.0.1 port 32792
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1.8 seconds.
Cleaning up request 8 ID 130 with timestamp +14
Waking up in 0.2 seconds.
Cleaning up request 9 ID 131 with timestamp +14
Waking up in 0.3 seconds.
Cleaning up request 10 ID 132 with timestamp +14
Waking up in 0.2 seconds.
Cleaning up request 11 ID 133 with timestamp +15
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
