Hello! # radiusd -v radiusd: FreeRADIUS Version 2.1.9, for host i686-pc-linux-gnu
I could need some help with authenticating users per certificate to a freeradius server. I created the certificates and copied the ca.pem the testing supplicant. Startet freeradius with radius -X and a local executed radtest miles davis45 192.168.1.220 1812 testing123 gives this result: Sending Access-Request of id 206 to 192.168.1.220 port 1812 User-Name = "miles" User-Password = "davis45" NAS-IP-Address = 192.168.3.1 NAS-Port = 1812 rad_recv: Access-Accept packet from host 192.168.1.220 port 1812, id=206, length=20 I have this in the sqltrace.sql then: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'miles', 'davis45', 'Access-Accept', '2012-07-02 19:31:45'); I tried all kind of settings on the supplicant but I cannot get access using the ca.pem and get no lease from the DHCP-Server of the AP, TL-WA901ND I post the following output of a radius -X session: rad_recv: Access-Request packet from host 192.168.1.254 port 2048, id=155, length=153 User-Name = "andreas" NAS-IP-Address = 192.168.1.254 NAS-Port = 0 Called-Station-Id = "B0-48-7A-F8-A1-19:gehackt" Calling-Station-Id = "00-22-B0-E7-EF-98" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0200000c01616e6472656173 Message-Authenticator = 0xcfc9907d0444926482192aafdcaba630 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "andreas", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> andreas [sql] sql_set_user escaped user --> 'andreas' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'andreas' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'andreas' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'andreas' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'andreas' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'andreas' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'andreas' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 155 to 192.168.1.254 port 2048 EAP-Message = 0x010100160410627ca484105a5653ea83eec8c11115b0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0f58029d0f5906e7a9d59b95861c72dd Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.254 port 2048, id=156, length=165 User-Name = "andreas" NAS-IP-Address = 192.168.1.254 NAS-Port = 0 Called-Station-Id = "B0-48-7A-F8-A1-19:gehackt" Calling-Station-Id = "00-22-B0-E7-EF-98" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x020100060315 State = 0x0f58029d0f5906e7a9d59b95861c72dd Message-Authenticator = 0x764f23c23137bd2125a294f54ca21ac1 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "andreas", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [sql] expand: %{User-Name} -> andreas [sql] sql_set_user escaped user --> 'andreas' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'andreas' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'andreas' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'andreas' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'andreas' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'andreas' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'andreas' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 156 to 192.168.1.254 port 2048 EAP-Message = 0x010200061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0f58029d0e5a17e7a9d59b95861c72dd Finished request 1. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 155 with timestamp +25 Cleaning up request 1 ID 156 with timestamp +25 Ready to process requests. Can somebody help and tell me what to look for next? Thank you for every hint! Andreas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html