Hi Ivan, Pls ignore my message as it working now it was a network problem
2009/8/4 Devinder Singh <devinbhul...@gmail.com>: > Hi Ivan, > > When i clik on my SSID palstaff it prompts for the certificate name > > username on certificate so i selected > > devin...@palettemm.com > > Click OK then authentication failed on the SSID > > 2009/8/4 Devinder Singh <devinbhul...@gmail.com>: >> Hi Ivan >> >> Ok i managed to install ca.der and client.p12 on my XP >> >> When i run radiusd -X i get >> >> rad_recv: Access-Request packet from host 203.121.4.59 port 6001, >> id=30, length=216 >> User-Name = "devin...@palettemm.com" >> NAS-IP-Address = 203.121.4.59 >> Called-Station-Id = "00-20-a6-6c-49-9d:palstaff" >> Calling-Station-Id = "00-04-23-7b-56-b9" >> NAS-Identifier = "ORiNOCO-AP-700-6c-49-9d" >> State = 0xf30ae66df60debd09c91249e7b82f0a9 >> Framed-MTU = 1400 >> NAS-Port-Type = Wireless-802.11 >> EAP-Message = >> 0x0207002c0d000116030100205a6f866d20eb642ddc9f404f90d8650422eb751e7bb0199a016bb14e384df6fa >> Message-Authenticator = 0x06206416bbe520db012eb924f72ba75e >> +- entering group authorize {...} >> ++[preprocess] returns ok >> ++[chap] returns noop >> ++[mschap] returns noop >> [suffix] Looking up realm "palettemm.com" for User-Name = >> "devin...@palettemm.com" >> [suffix] No such realm "palettemm.com" >> ++[suffix] returns noop >> [eap] EAP packet type response id 7 length 44 >> [eap] No EAP Start, assuming it's an on-going EAP conversation >> ++[eap] returns updated >> ++[unix] returns notfound >> [files] users: Matched entry devin...@palettemm.com at line 94 >> ++[files] returns ok >> ++[expiration] returns noop >> ++[logintime] returns noop >> ++[pap] returns noop >> Found Auth-Type = EAP >> +- entering group authenticate {...} >> [eap] Request found, released from the list >> [eap] EAP/tls >> [eap] processing type tls >> [tls] Authenticate >> [tls] processing EAP-TLS >> [tls] eaptls_verify returned 7 >> [tls] Done initial handshake >> [tls] <<< TLS 1.0 Handshake [length 03b2], Certificate >> --> verify error:num=20:unable to get local issuer certificate >> [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca >> TLS Alert write:fatal:unknown CA >> TLS_accept:error in SSLv3 read client certificate B >> rlm_eap: SSL error error:140890B2:SSL >> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned >> SSL: SSL_read failed in a system call (-1), TLS session fails. >> TLS receive handshake failed during operation >> [tls] eaptls_process returned 4 >> [eap] Handler failed in EAP/tls >> [eap] Failed in EAP select >> ++[eap] returns invalid >> Failed to authenticate the user. >> Using Post-Auth-Type Reject >> +- entering group REJECT {...} >> [attr_filter.access_reject] expand: %{User-Name} -> >> devin...@palettemm.com >> attr_filter: Matched entry DEFAULT at line 11 >> ++[attr_filter.access_reject] returns updated >> Delaying reject of request 6 for 1 seconds >> Going to the next request >> Waking up in 0.9 seconds. >> Sending delayed reject for request 6 >> Sending Access-Reject of id 30 to 203.121.4.59 port 6001 >> EAP-Message = 0x04070004 >> Message-Authenticator = 0x00000000000000000000000000000000 >> Waking up in 3.8 seconds. >> Cleaning up request 0 ID 24 with timestamp +83 >> Cleaning up request 1 ID 25 with timestamp +83 >> Cleaning up request 2 ID 26 with timestamp +83 >> Cleaning up request 3 ID 27 with timestamp +83 >> Cleaning up request 4 ID 28 with timestamp +83 >> Cleaning up request 5 ID 29 with timestamp +83 >> Waking up in 1.0 seconds. >> Cleaning up request 6 ID 30 with timestamp +83 >> Ready to process requests. >> >> >> >> Users File >> >> >> "devin...@palettemm.com" Auth-Type := EAP >> >> DEFAULT Auth-Type := Reject >> Reply-Message = "Authentication Failed" >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> 2009/8/3 Ivan Kalik <t...@kalik.net>: >>>> Do i copy this file to the XP and install ca.der >>>> >>>> ca.der and client.p12 >>> >>> Yes. >>> >>> Ivan Kalik >>> Kalik Informatika ISP >>> >>> >> >> >> >> -- >> Devinder >> > > > > -- > Devinder > -- Devinder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html