Hi all,
my configuration is FreeRadius (1.0.5) with Chillispot in proxy mode
(and WPA-Enterprise-Auto), when i try to connect with a client, it
accepts the certificate, but authentication failed.
FreeRadius communicate with Chillispot and all seems work fine.
I've seen that in the firts request, TLS give an error (
TLS_accept:error in SSLv3 read client certificate A ) but in the third
request (whit the same login) it works.
What's wrong?
Best regards.
These are radius and chilli log:
rad_recv: Access-Request packet from host 192.168.181.1:1026, id=0, length=118
User-Name = "prof1"
EAP-Message = 0x020a0170726f6631
Message-Authenticator = 0xa755e14d8f738a60ad50681a848c4d27
Calling-Station-Id = "00-17-F2-44-11-C2"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 192.168.181.1
NAS-Identifier = "14"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=mydomain,dc=it/password to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_che