Hi All, Below is the complete Log.. Please let me know how to solve/debug it..
Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 4991, id=2, length=144 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 State = 0x45582910465c24fb98a2f4e05021adb4 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204000d0d001503010002012a Message-Authenticator = 0x931254661785b3d79fa3b2f098878921 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] <<< TLS 1.0 Alert [length 0002], warning bad_certificate TLS Alert read:warning:bad certificate [tls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode SSL Application Data TLS failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> maemo attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 4 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 4993, id=2, length=126 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204000d0d001503010002020a Message-Authenticator = 0x59f824b9b0758f49f85a716af1c7654f +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request [eap] Failed in handler ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> maemo attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 5 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 4 Sending Access-Reject of id 2 to 192.168.1.1 port 4991 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Sending delayed reject for request 5 Sending Access-Reject of id 2 to 192.168.1.1 port 4993 Waking up in 3.9 seconds. Cleaning up request 0 ID 2 with timestamp +364 Cleaning up request 1 ID 2 with timestamp +364 Cleaning up request 2 ID 2 with timestamp +364 Cleaning up request 3 ID 2 with timestamp +364 Waking up in 1.0 seconds. Cleaning up request 4 ID 2 with timestamp +364 Cleaning up request 5 ID 2 with timestamp +364 Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.1 port 1124, id=2, length=123 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000a016d61656d6f Message-Authenticator = 0x596ea2d6b93bd2f361c9eeb9553a4df9 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Requiring client certificate [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.1.1 port 1124 EAP-Message = 0x010100060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7ff998ab7fe9479079512a41db6a682 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1126, id=2, length=201 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 State = 0xb7ff998ab7fe9479079512a41db6a682 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100460d800000003c16030100370100003303014b0fe11b9b2b971ae0f083c8e265b1c3eb9dd17dcfa50b25082390340290479100000c000a002f00160033000400050100 Message-Authenticator = 0xb09ee3ebd234b03184c8ec0c658ed6bf +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 70 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS TLS Length 60 [tls] Length Included [tls] eaptls_verify returned 11 [tls] (other): before/accept initialization [tls] TLS_accept: before/accept initialization [tls] <<< TLS 1.0 Handshake [length 0037], ClientHello [tls] TLS_accept: SSLv3 read client hello A [tls] >>> TLS 1.0 Handshake [length 002a], ServerHello [tls] TLS_accept: SSLv3 write server hello A [tls] >>> TLS 1.0 Handshake [length 085e], Certificate [tls] TLS_accept: SSLv3 write certificate A [tls] >>> TLS 1.0 Handshake [length 00a6], CertificateRequest [tls] TLS_accept: SSLv3 write certificate request A [tls] TLS_accept: SSLv3 flush data [tls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.1.1 port 1126 EAP-Message = 0x010204000dc00000093d160301002a0200002603014b0fe155017cb13e0d7e3188e182d6298fad1b95261e1468b64f7a9d76c5b6ae00000a00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039313132373133343535315a170d3130313132373133343535315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b5f42282a7ad26e7add58c56b8d067a8021163ec76f07905ccc83358dedd901d243aa84ce7a023244f8ed5debcbc684a5d0bd4c0b5d805b4d7c1d95c59ae EAP-Message = 0x7bacb059dd02f424d0830c020fb750d0bf63640bf6ff33dfba1783f6b876971f8a9b8a26a455910752e7759ab1a0a34b6b302b6d3b7350528412b3f3de7f76cf72a43329c1c007619225088f55d64b6299c15813844eeb92c072b1cb16774da3b8aabd68b6b816ffcb4e4792c3e75303ebcc9a4ae2b12bafbd6ec0c9ea43c74b6b0b52bd0a82da57d4943cbb1511bc740f7ea1a9a651a60fe01c5bda629eaaaa54cab99f4f59af1e27f98b550cc9e4a302caf67156bd43d8de838c564f00968e90250203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100a4c8d73c140f7728b4 EAP-Message = 0x6ea406b638fd84d9c291c401a750d3d3cdf3f4fce08174898c4aa6bc910a56b18a25fe8a966af33301735d61d54fe4d880f1085b7cce5454ef911f70054c5b3a8b457a83f4a13237fad33d7170e050b8ab27b7985bb05f24d1c5eb05a9fadaeaef5b36f6030f48bc6cd0b63057268a7ce4f30a3bde455e72328c9fe3db94b52c3d89e9f36331622ae72168934222e87d5449ef93260a7d2684c87ee32815d6642e43488f145ecb43c3e2c5fb6532d1efbb68b284bc40c849092ee0535c408bf5faecc5cb4ce11281acd956cb5d1b928d3326295779cf711889839d023086837abc12f17aa6ad833424948dfddf16b062f3faa217f9c7910004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7ff998ab6fd9479079512a41db6a682 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1128, id=2, length=137 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 State = 0xb7ff998ab6fd9479079512a41db6a682 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200060d00 Message-Authenticator = 0x911a331308f2f9fd3be12ee936f776f5 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.1.1 port 1128 EAP-Message = 0x010304000dc00000093d0095e43783392a6bb0300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313132373133343535315a170d3039313232373133343535315a308193310b3009060355040613024652310f300d0603550408130652616469757331123010 EAP-Message = 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c71510fb96ae45b7c0defedb61039780769de388326a8ac6e27b2158153c3e09df28261e2dce422bbc881d23845b76e7180b511fa77969e6174d649e47257700e6d8aff27f82b644d748a0b99d171153ee2e305cbff0ae7c5790da2b0bfef791e8c0017f45b348ba2333e5 EAP-Message = 0xe2f50d6fe9536b45fda6ff9c5e0497452fb99f2ca9ed8f0453443a84b77dd266ae23c160a0cea139267375e15a4b16d14e4aa202caf20bf36d251f67d6685f3d9f1de5114317a17795682ee7a7b03583b6ff626eff4bcd9ed5dd49cd86df98dc4f9a5f7a24bb4176c24cd4806c6a2289bd96c3658fc560546dce827958ae4c096365b926077f76b50bf38108fd9cc5a47e0eed5a110203010001a381fb3081f8301d0603551d0e04160414d3935489ab4f4373f5161ef642c209bdd72034af3081c80603551d230481c03081bd8014d3935489ab4f4373f5161ef642c209bdd72034afa18199a48196308193310b3009060355040613024652310f300d EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090095e43783392a6bb0300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100b86a415d22a869fe7e01ea5f3924948b764cd64851af682ad8e6ac9cea0678288b35517d6ce5602bea997da1d634382c8a758471bd9daccf171936c01d7f0794b9d25421194122ce7b314b9d51a9 EAP-Message = 0xa44ce5af9d6e5dbf8393869a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7ff998ab5fc9479079512a41db6a682 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1130, id=2, length=137 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 State = 0xb7ff998ab5fc9479079512a41db6a682 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300060d00 Message-Authenticator = 0x1fc93a49fa023f01c0f9a4edc81dade5 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.1.1 port 1130 EAP-Message = 0x0104015b0d800000093d4c37042760e6a3747d76641ca50d3d74b25f2169f2273d2c5e019dfd7161e4cb332270b9b0663f3f088a13f53d7e93157d1fc714658fdc17ac94705acd45fbb8e99683082f33d790c4adcbea80070408d663543930891d13f3247cc5f8b2b502b2ad06c4aa70c206c9f46f7e22ae3a70f16fcd57e7af707e5bdd73776585f148cf882cd012a36388c6734ab3e3bea7a5e9a3f8425fc4fa9dca9c115880ecc85645b379b7089d16030100a60d00009e0301024000980096308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355 EAP-Message = 0x040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f726974790e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7ff998ab4fb9479079512a41db6a682 Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1132, id=2, length=144 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 State = 0xb7ff998ab4fb9479079512a41db6a682 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204000d0d001503010002012a Message-Authenticator = 0x776adf5edd8baebf1b09946d8e255b93 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] <<< TLS 1.0 Alert [length 0002], warning bad_certificate TLS Alert read:warning:bad certificate [tls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode SSL Application Data TLS failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> maemo attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 10 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1134, id=2, length=126 User-Name = "maemo" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "0023692c6f74" Calling-Station-Id = "0026cc77eec0" NAS-Identifier = "0023692c6f74" NAS-Port = 25 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204000d0d001503010002020a Message-Authenticator = 0xc0da70e5e3e25e34c5729fe4f3b06799 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "maemo", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated [files] users: Matched entry maemo at line 75 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request [eap] Failed in handler ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> maemo attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 11 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 10 Sending Access-Reject of id 2 to 192.168.1.1 port 1132 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Sending delayed reject for request 11 Sending Access-Reject of id 2 to 192.168.1.1 port 1134 Waking up in 3.9 seconds. Cleaning up request 6 ID 2 with timestamp +1200 Cleaning up request 7 ID 2 with timestamp +1200 Cleaning up request 8 ID 2 with timestamp +1200 Cleaning up request 9 ID 2 with timestamp +1200 Waking up in 1.0 seconds. Cleaning up request 10 ID 2 with timestamp +1200 Cleaning up request 11 ID 2 with timestamp +1200 Ready to process requests. On Sat, Dec 5, 2009 at 7:24 PM, <t...@kalik.net> wrote: > > Iam using Freeeadius 2.1.0. The setup is working fine with EAP-TTLS, > > PEAP > > method.But for EAP TLS, it gives the below error.. > > Please let me know how to solve.. > > > > > > > > [eap] Handler failed in EAP/tls > > [eap] Failed in EAP select > > ++[eap] returns invalid > > Failed to authenticate the user. > > Well, post the rest of the debug. > > Ivan Kalik > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Regards Senthil
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html