Even though I got the initial accetance from the Freeradius , server doesnt authenticate, Could certicates cause this problem?
Thanks ... SECO + LD_LIBRARY_PATH=/usr/local/openssl/lib + LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so + export LD_LIBRARY_PATH LD_PRELOAD + /usr/local/sbin/radiusd -X -A Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: servers_per_realm = 15 security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded System unix: cache = yes unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 HASH: Reinitializing hash structures and lists for caching... HASH: user root found in hashtable bucket 11726 HASH: user bin found in hashtable bucket 86651 HASH: user daemon found in hashtable bucket 11668 HASH: user adm found in hashtable bucket 26466 HASH: user lp found in hashtable bucket 54068 HASH: user sync found in hashtable bucket 42895 HASH: user shutdown found in hashtable bucket 71746 HASH: user halt found in hashtable bucket 7481 HASH: user mail found in hashtable bucket 79471 HASH: user news found in hashtable bucket 5375 HASH: user uucp found in hashtable bucket 38541 HASH: user operator found in hashtable bucket 21748 HASH: user games found in hashtable bucket 47657 HASH: user gopher found in hashtable bucket 47357 HASH: user ftp found in hashtable bucket 56226 HASH: user nobody found in hashtable bucket 99723 HASH: user mailnull found in hashtable bucket 78086 HASH: user rpm found in hashtable bucket 72383 HASH: user xfs found in hashtable bucket 17213 HASH: user ntp found in hashtable bucket 21418 HASH: user rpc found in hashtable bucket 72373 HASH: user rpcuser found in hashtable bucket 552 HASH: user nfsnobody found in hashtable bucket 51830 HASH: user nscd found in hashtable bucket 36306 HASH: user ident found in hashtable bucket 40304 HASH: user radvd found in hashtable bucket 66743 HASH: user pcap found in hashtable bucket 55326 HASH: user hozturk found in hashtable bucket 95961 HASH: Stored 28 entries from /etc/passwd HASH: Stored 38 entries from /etc/group Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/1x/srv.pem" tls: certificate_file = "/etc/1x/srv.pem" tls: CA_file = "/etc/1x/root.pem" tls: private_key_password = "XXXXX" tls: dh_file = "/etc/1x/dh" tls: random_file = "/etc/1x/random" tls: fragment_size = 1024 tls: include_length = yes rlm_eap_tls: conf N ctx stored rlm_eap: Loaded and initialized the type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de tail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 131.120.8.136:32776, id=194, length=15 2 User-Name = "hozturk" NAS-IP-Address = 131.xx NAS-Port = 1 Called-Station-Id = "00-05-5D-D9-55-A5:test" Calling-Station-Id = "00-05-5D-D9-57-59" Framed-MTU = 2304 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = "\002\003\000\014\001hozturk" Message-Authenticator = 0xd11ebc27d5da3a88633c794226dd4722 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "hozturk", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched hozturk at 99 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: processing type tls modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 194 to 131.xxxxxx136:32776 EAP-Message = "\001\004\000\006\r " Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7d3bb6cacfcf9085e25f7952651f672a66b5283ea47a593f7fe46a43b7cb0b 84060bbbea Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 131.xxxxx:32776, id=195, length=25 8 User-Name = "hozturk" NAS-IP-Address = 131.1xxxx NAS-Port = 1 Called-Station-Id = "00-05-5D-D9-55-A5:test" Calling-Station-Id = "00-05-5D-D9-57-59" Framed-MTU = 2304 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = "\002\004\000P\r\200\000\000\000F\026\003\001\000A\001\000 \000=\003\001>(\264\357\276`Q\206\216\261=\032g|s\364\226\321M\370*\016\317\352\ 325\206\243uy\311\350I\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003 \000\006\000\023\000\022\000c\001" State = 0x7d3bb6cacfcf9085e25f7952651f672a66b5283ea47a593f7fe46a43b7cb0b 84060bbbea Message-Authenticator = 0x216ed4c5c4f8ae16098352a125e27516 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "hozturk", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched hozturk at 99 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Length Included undefined: before/accept initialization TLS_accept: before/accept initialization <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A >>> TLS 1.0 Handshake [length 0641], Certificate TLS_accept: SSLv3 write certificate A >>> TLS 1.0 Handshake [length 00a1], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap_tls: SSL_read Error Error code is ..... 2 SSL Error ..... 2 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 195 to 131.xxxxxxx32776 EAP-Message = "\001\005\004\n\r\300\000\000\007;\026\003\001\000J\002\00 0\000F\003\001>(\265fA\276\\\260\235,aLxO\256\242\005f\310f{%t\350\231\230q\227\ 327*\275v \221\314$\205\364-\0304\317\371\311\213\224\001\235\023B!Im\010\353L / \364\366\273\nZ\352-\000\004\000\026\003\001\006A\013\000\006=\000\006:\000\002\ 2520\202\002\2460\202\002\017\240\003\002\001\002\002\001\0010\r\006\t*\206H\206 \367\r\001\001\004\005\0000\201\2171\0130\t\006\003U\004\006\023\002US1\0230\021 \006\003U\004\010\023\nCalifornia1\0210\017\006\003U\004" EAP-Message = "H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036\02 7\r030118001144Z\027\r040118001144Z0\201\2111\0130\t\006\003U\004\006\023\002US1 \0230\021\006\003U\004\010\023\nCalifornia1\0210\017\006\003U\004\007\023\010Mon terey1\r0\013\006\003U\004\n\023\004NPGS1\r0\013\006\003U\004\013\023\004SAAM1\0 170\r\006\003U\004\003\023\006radius1#0!\006\t*\206H\206\367\r\001\t\001\026\024 [EMAIL PROTECTED]\201\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\2 01\215\0000\201\211\002\201\201\000\315\226\201\027\332" EAP-Message = ":\245\344]\216,\270yFQ\375F\271\022MR\266\217\003\304\243 &\204xi_\371_\001n\354\221z\r\317\026\357\241N\t\354\\\341b\246\366au\346D\332\3 67\365\343\t"\353Y\315\350t\025\266\032\241\343\2175\337\023:\304i\004g\217#\244 \334\344\366i\235&r\255\004A\366\262C=g\t\245^:\377\202\332\204\333i\2761o\002\0 03\001\000\001\243\0260\0240\022\006\003U\035%\004\0130\t\006\007+\006\001\005\0 05\007\0030\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000\203}\302 \366\013\310\354\211\212\311\242Vd\262\327\354\331/\214" EAP-Message = "\016\271u\245n[\367\005\241\343\3545H^"mo\n^\021\334e\227 N\351\302\256\355\221"\000\003\2120\202\003\2060\202\002\357\240\003\002\001\002 \002\001\0000\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2171\0130\t\006\0 03U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0210\017\006\0 03U\004\007\023\010Monterey1\r0\013\006\003U\004\n\023\004NPGS1\r0\013\006\003U\ 004\013\023\004SAAM1\0250\023\006\003U\004\003\023\014WirelessSAAM1#0!\006\t*\20 6H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036" EAP-Message = "\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifo rni" Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf59c9d7a61f019980b440077feb3cbaa66b5283e21366799975b8a83722798 0be401bf4a Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 131.xxxxxx:32776, id=196, length=18 4 User-Name = "hozturk" NAS-IP-Address = 131.xxxxxx NAS-Port = 1 Called-Station-Id = "00-05-5D-D9-55-A5:test" Calling-Station-Id = "00-05-5D-D9-57-59" Framed-MTU = 2304 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = "\002\005\000\006\r" State = 0xf59c9d7a61f019980b440077feb3cbaa66b5283e21366799975b8a83722798 0be401bf4a Message-Authenticator = 0x7b9266018ffdc922ef0a980c7981cd1a modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "hozturk", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched hozturk at 99 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Received EAP-TLS ACK message modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 196 to 131.xxxxx6:32776 EAP-Message = "\001\006\003E\r\200\000\000\007;a1\0210\017\006\003U\004\ 007\023\010Monterey1\r0\013\006\003U\004\n\023\004NPGS1\r0\013\006\003U\004\013\ 023\004SAAM1\0250\023\006\003U\004\003\023\014WirelessSAAM1#0!\006\t*\206H\206\3 67\r\001\t\001\026\[EMAIL PROTECTED]\201\2370\r\006\t*\206H\206\367\r\001 \001\001\005\000\003\201\215\0000\201\211\002\201\201\000\264\351\213\001e\211\0 20~\357\304\002\010\264r\371>\004Y\3169_N}<\335|\\\256F\231\223U\312\247\037\006 {\243\267"C*\313\371\000e\246M\022\275EO\232: \222\234" EAP-Message = "\240\301\236\213w-\007f\361\251\267?I\376(\021\216*\372)\ 250\325\2330W\002\003\001\000\001\243\201\3570\201\3540\035\006\003U\035\016\004 \026\004\024\034f\351\322^\200x\251 \234ZM\334\234\316\334\027\321\214L0\201\274 \006\003U\035#\004\201\2640\201\261\200\024\034f\351\322^\200x\251 \234ZM\334\23 4\316\334\027\321\214L\241\201\225\244\201\2220\201\2171\0130\t\006\003U\004\006 \023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0210\017\006\003U\004\007 \023\010Monterey1\r0\013\006\003U\004\n\023\004NPGS1\r" EAP-Message = "mil\202\001\0000\014\006\003U\035\023\004\0050\003\001\00 1\3770\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000Gd\017_J\241\3 334o\302\306wZ7[\332\275\376\001\321T\326?\207\331U\340\016\037v\335\333\312~)\3 32\264I-\351\3057)o\235\351\020\210\265\020d\017\000\230\250\200\311i\332\313\30 2`Qe\020\236X\273\211\240\241\341\267\253?\365\332\035\214\005N\304=Ky@A\204\246 \200\r\255\007Q\265t\024\313i9\340\217\265\350\020\3167W\313^4\310\346>L`\230\21 5\323\3367_\312p\0106\366,\026\003\001\000\241\r\000\000" EAP-Message = "GS1\r0\013\006\003U\004\013\023\004SAAM1\0250\023\006\003 U\004\003\023\014WirelessSAAM1#0!\006\t*\206H\206\367\r\001\t\001\026\024hozturk @nps.navy.mil\016\000\000" Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7e68e6c65db68f2098dffa18097d84267b5283e7cba368ffcade49aca3b2b 5851446db9 Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 131.xxxxxxx:32776, id=197, length=18 4 User-Name = "hozturk" NAS-IP-Address = 131.1xxxx NAS-Port = 1 Called-Station-Id = "00-05-5D-D9-55-A5:test" Calling-Station-Id = "00-05-5D-D9-57-59" Framed-MTU = 2304 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = "\002\006\000\006\r" State = 0xb7e68e6c65db68f2098dffa18097d84267b5283e7cba368ffcade49aca3b2b 5851446db9 Message-Authenticator = 0x1d538eba5a69abc9c4b591f6cc9512cd modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "hozturk", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched hozturk at 99 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: Invalid ACK received modcall[authenticate]: module "eap" returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Delaying request 3 for 1 seconds Finished request 3 Going to the next request Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 194 with timestamp 3e28b566 Cleaning up request 1 ID 195 with timestamp 3e28b566 Sending Access-Reject of id 197 to 131.120.8.136:32776 EAP-Message = "\004\006\000\004" Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 196 with timestamp 3e28b567 Cleaning up request 3 ID 197 with timestamp 3e28b567 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html