Hi ALL!!!!!!!!!!!!!!!!!!!!!!! I did more then 20 openssl commands in order to issue a CA for tests... Howto in http://www.linuxjournal.com/node/8095/print and http://www.linuxjournal.com/node/8151/print. I DID ALL THE COMMANDS!!!
XP client do not authenticate :-( Do I need users file??? What the correct sintaxe for login guaraldi and password mudar123? I defined users file like: guaraldi Auth-Type := EAP, Cleartext-Password == "mudar123" CA defined in OPENSSL!!! Radius server stop displaying "can not get issuer certificate" and "unknow CA" Server certificate signed!!! Client certificate defined!!! XP with cacert.pem and client_cert.p12!!!!!!!!!!!! I did not use ca.der .... XP Config with EAP to Smartcard or other certificates TLS and so on... AP with WPA/TKIP with 802.1x to 192.168.0.254 port 1812. OK!!! It works... Why XP do not authenticate with radius??? Guaraldi
Ready to process requests.
Threads: total/active/spare threads = 5/0/5
Waking up in 0.9 seconds.
Thread 1 got semaphore
Thread 1 handling request 0, (1 handled so far)
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] expand: %t -> Tue Aug 18 14:06:40 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "guaraldi", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry guaraldi at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Finished request 0.
Going to the next request
Thread 1 waiting to be assigned a request
Waking up in 0.9 seconds.
Thread 2 got semaphore
Thread 2 handling request 1, (1 handled so far)
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] expand: %t -> Tue Aug 18 14:06:40 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "guaraldi", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 80
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry guaraldi at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 70
[tls] Length Included
[tls] eaptls_verify returned 11
[tls] (other): before/accept initialization
[tls] TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0041], ClientHello
[tls] TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls] TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 0697], Certificate
[tls] TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 00d0], CertificateRequest
[tls] TLS_accept: SSLv3 write certificate request A
[tls] TLS_accept: SSLv3 flush data
[tls] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Finished request 1.
Going to the next request
Thread 2 waiting to be assigned a request
Waking up in 0.9 seconds.
Thread 3 got semaphore
Thread 3 handling request 2, (1 handled so far)
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] expand: %t -> Tue Aug 18 14:06:41 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "guaraldi", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry guaraldi at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Finished request 2.
Going to the next request
Thread 3 waiting to be assigned a request
Waking up in 0.8 seconds.
Thread 4 got semaphore
Thread 4 handling request 3, (1 handled so far)
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090818
[auth_log] expand: %t -> Tue Aug 18 14:06:41 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "guaraldi", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry guaraldi at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Finished request 3.
Going to the next request
Thread 4 waiting to be assigned a request
Waking up in 3.8 seconds.
Cleaning up request 0 ID 65 with timestamp +36
Cleaning up request 1 ID 66 with timestamp +36
Cleaning up request 2 ID 67 with timestamp +37
Cleaning up request 3 ID 68 with timestamp +37
Ready to process requests.
start-up
Description: Binary data
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
