Hello everyone, I'm having trouble setting up my RADIUS to use EAP. Everthing appears normal but the client never gets past "Attempting to Authenticate"
If anyone has experience solving this problem I'd appreciate any help provided :-) Regards, ************ Log File*********** Here is the log file from running /usr/sbin/radius -X -A rad_recv: Access-Request packet from host 192.168.2.253:2049, id=0, length=127 User-Name = "kosburn" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "0013109e63c9" Calling-Station-Id = "00904b624e10" NAS-Identifier = "0013109e63c9" NAS-Port = 60 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000c016b6f736275726e Message-Authenticator = 0x3fe229ff76ac5518897afd4bbacaade2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 12 modcall[authorize]: module "preprocess" returns ok for request 12 rlm_eap: EAP packet type response id 1 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 12 rlm_realm: No '/' in User-Name = "kosburn", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "realmslash" returns noop for request 12 rlm_realm: No '@' in User-Name = "kosburn", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 12 users: Matched entry kosburn at line 1 modcall[authorize]: module "files" returns ok for request 12 modcall: group authorize returns updated for request 12 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 12 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 12 modcall: group authenticate returns handled for request 12 Sending Access-Challenge of id 0 to 192.168.2.253:2049 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbf80de34653e25d74ea49b2f2debeda9 Finished request 12 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.253:2049, id=0, length=139 User-Name = "kosburn" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "0013109e63c9" Calling-Station-Id = "00904b624e10" NAS-Identifier = "0013109e63c9" NAS-Port = 60 Framed-MTU = 1400 State = 0xbf80de34653e25d74ea49b2f2debeda9 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200060319 Message-Authenticator = 0x65415f904ea823671c9fcdf5859edb5d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 modcall[authorize]: module "preprocess" returns ok for request 13 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 13 rlm_realm: No '/' in User-Name = "kosburn", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "realmslash" returns noop for request 13 rlm_realm: No '@' in User-Name = "kosburn", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 13 users: Matched entry kosburn at line 1 modcall[authorize]: module "files" returns ok for request 13 modcall: group authorize returns updated for request 13 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 13 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 13 modcall: group authenticate returns handled for request 13 Sending Access-Challenge of id 0 to 192.168.2.253:2049 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0280af636895c756212430579c4c13bd Finished request 13 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.253:2049, id=0, length=213 User-Name = "kosburn" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "0013109e63c9" Calling-Station-Id = "00904b624e10" NAS-Identifier = "0013109e63c9" NAS-Port = 60 Framed-MTU = 1400 State = 0x0280af636895c756212430579c4c13bd NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203005019800000004616030100410100003d0301435bc1b6fb8a0e3748685ba7bd6ae2215b5c83ce5f6a895681366253ccf0ecdc00001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x89d0841ecd460f7ec92fda23a85cbe61 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 modcall[authorize]: module "preprocess" returns ok for request 14 rlm_eap: EAP packet type response id 3 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 rlm_realm: No '/' in User-Name = "kosburn", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "realmslash" returns noop for request 14 rlm_realm: No '@' in User-Name = "kosburn", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 14 users: Matched entry kosburn at line 1 modcall[authorize]: module "files" returns ok for request 14 modcall: group authorize returns updated for request 14 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 14 modcall: group authenticate returns handled for request 14 Sending Access-Challenge of id 0 to 192.168.2.253:2049 EAP-Message = 0x0104040a19c0000006f1160301004a020000460301435bba463b3a0cf4b3866aeed9db8d18fd66fd4fe13a9e9badeec8eefe1b2d9a203867409260e1ba8fa0a62c2b2e54bae71cd5ee46b6723e571311dc2ea5b95ad300040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x21a771d3dace9f2ac15015b2ca11ba9e Finished request 14 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.253:2049, id=0, length=139 User-Name = "kosburn" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "0013109e63c9" Calling-Station-Id = "00904b624e10" NAS-Identifier = "0013109e63c9" NAS-Port = 60 Framed-MTU = 1400 State = 0x21a771d3dace9f2ac15015b2ca11ba9e NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 Message-Authenticator = 0x888309fd2c450a9ac12dd4bb75ef6d66 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 modcall[authorize]: module "preprocess" returns ok for request 15 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 15 rlm_realm: No '/' in User-Name = "kosburn", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "realmslash" returns noop for request 15 rlm_realm: No '@' in User-Name = "kosburn", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 15 users: Matched entry kosburn at line 1 modcall[authorize]: module "files" returns ok for request 15 modcall: group authorize returns updated for request 15 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 15 modcall: group authenticate returns handled for request 15 Sending Access-Challenge of id 0 to 192.168.2.253:2049 EAP-Message = 0x010502f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x75ae22788c4e9f61f3bc83014ea1e657 Finished request 15 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.253:2049, id=0, length=139 User-Name = "kosburn" NAS-IP-Address = 192.168.2.253 Called-Station-Id = "0013109e63c9" Calling-Station-Id = "00904b624e10" NAS-Identifier = "0013109e63c9" NAS-Port = 60 Framed-MTU = 1400 State = 0x75ae22788c4e9f61f3bc83014ea1e657 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500061900 Message-Authenticator = 0x9bb1bdbc7a23d8f43a42c8ba50add01e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 16 modcall[authorize]: module "preprocess" returns ok for request 16 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 16 rlm_realm: No '/' in User-Name = "kosburn", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "realmslash" returns noop for request 16 rlm_realm: No '@' in User-Name = "kosburn", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 16 users: Matched entry kosburn at line 1 modcall[authorize]: module "files" returns ok for request 16 modcall: group authorize returns updated for request 16 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 16 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 16 modcall: group authenticate returns handled for request 16 Sending Access-Challenge of id 0 to 192.168.2.253:2049 EAP-Message = 0x010600061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1a49638ee4935ae625ddcd34927e721d Finished request 16 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 16 ID 0 with timestamp 435bba46 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html