Hello,
I have a Freeradius 0.9.3 installation running on a Redhat 9 machine. It works
GREAT for my home laptop. Thanks so much for this excellent software. I'm
running a DLink 900+ AP and my home laptop has a matching DLink 650+ PCMCIA
wireless card. I'm using EAP-TLS on Windows XP and it is working great for that
machine.
I recently got a new Dell Latitude D600 laptop for work and I cannot seem to get
this silly machine to correctly connect to the wireless network using EAP-TLS.
I first tried the same certificate I created (using OpenSSL) and have been using
on my personal laptop. It gets to Attempting Authentication and just stays
there. I also tried creating a new certificate for this machine, but got the
same results. I don't see anything obvious in the log file for FreeRadius, but
I'm attaching the relevant information in hopes that someone can offer an idea
of what might be wrong.
The new machine has a built-in Intel(R) PRO/Wireless LAN 2100 3A Mini PCI
Adapter. It is running Windows XP + SP1 and patches. I guess I'm unsure why a
different wireless card would have trouble, as it seems to talk to the AP just fine.
Thanks for any help you can give.
Craig
Ready to process requests
rad_recv: Access-Request packet from host 192.168.0.50:1248, id=106, length=135
User-Name = "csetera"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00-40-05-CA-6D-42"
Calling-Station-Id = "00-04-23-53-0D-63"
NAS-Identifier = "DWL-900AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201000c0163736574657261
Message-Authenticator = 0xe5b9e009b38dac2fb879dd1a06885026
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_eap: EAP packet type notification id 1 length 12
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 0
users: Matched csetera at 91
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 0
rlm_eap: EAP packet type notification id 1 length 12
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns ok for request 0
modcall: group authenticate returns ok for request 0
Sending Access-Challenge of id 106 to 192.168.0.50:1248
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x0f1812cd9e34e3291e6614767b2ef0cf2608f73fa740ded30adc1d88ff5b012f9f5b4915
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1248, id=107, length=135
User-Name = "csetera"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00-40-05-CA-6D-42"
Calling-Station-Id = "00-04-23-53-0D-63"
NAS-Identifier = "DWL-900AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0203000c0163736574657261
Message-Authenticator = 0xb189b0090592766341676a4d888e29ea
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_eap: EAP packet type notification id 3 length 12
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 1
users: Matched csetera at 91
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: EAP packet type notification id 3 length 12
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns ok for request 1
modcall: group authenticate returns ok for request 1
Sending Access-Challenge of id 107 to 192.168.0.50:1248
EAP-Message = 0x010400060d20
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xc813bc0205103cd2019947a069e31de32908f73fac424fb83bd323f40336a2002c26867d
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 106 with timestamp 3ff70826
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 107 with timestamp 3ff70829
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.0.50:1248, id=108, length=135
User-Name = "csetera"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00-40-05-CA-6D-42"
Calling-Station-Id = "00-04-23-53-0D-63"
NAS-Identifier = "DWL-900AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0205000c0163736574657261
Message-Authenticator = 0x7d374f69da0b52547a736c9dba71cfd0
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_eap: EAP packet type notification id 5 length 12
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 2
users: Matched csetera at 91
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 2
rlm_eap: EAP packet type notification id 5 length 12
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns ok for request 2
modcall: group authenticate returns ok for request 2
Sending Access-Challenge of id 108 to 192.168.0.50:1248
EAP-Message = 0x010600060d20
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x90c8276fb1b85771e266008d8374c9874708f73fb6c346dcc8687d12328a5c0e6ddfff3b
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.50:1248, id=109, length=241
User-Name = "csetera"
NAS-IP-Address = 192.168.0.50
NAS-Port = 0
Called-Station-Id = "00-40-05-CA-6D-42"
Calling-Station-Id = "00-04-23-53-0D-63"
NAS-Identifier = "DWL-900AP+"
Framed-MTU = 1380
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020600500d800000004616030100410100003d03013ff7084e23a0dc39789f221340229262b6ac939e26f5bf00b82859a59a2bc7d800001600040005000a000900640062000300060013001200630100
State =
0x90c8276fb1b85771e266008d8374c9874708f73fb6c346dcc8687d12328a5c0e6ddfff3b
Message-Authenticator = 0xa2735b37679a5b259c808d3aafef1ff8
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
rlm_eap: EAP packet type notification id 6 length 80
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 3
users: Matched csetera at 91
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 3
rlm_eap: EAP packet type notification id 6 length 80
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0674], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a8], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_tls: SSL_read Error
Error code is ..... 2
SSL Error ..... 2
modcall[authenticate]: module "eap" returns ok for request 3
modcall: group authenticate returns ok for request 3
Sending Access-Challenge of id 109 to 192.168.0.50:1248
EAP-Message =
0x0107040a0dc000000775160301004a0200004603013ff7084720d989adedcef68233466369eb4e611e9c53cf8010aa63b5a468ef4e200c5801f095434c442a081ea007869c95ce7e0cd9c358cb000de5960097c9258900040016030106740b00067000066d0002c8308202c43082022da003020102020101300d06092a864886f70d0101040500308196310b300906035504061302555331123010060355040813094d696e6e65736f74613112301006035504071309526f63686573746572310f300d060355040a130653657465726131143012060355040b130b536574657261486f7573653111300f06035504031308536574657261434131253023
EAP-Message =
0x06092a864886f70d01090116167365746572616a756e6b40636861727465722e6e6574301e170d3033303431353031323335335a170d3038303431333031323335335a30819f310b300906035504061302555331123010060355040813094d696e6e65736f74613112301006035504071309526f63686573746572310f300d060355040a130653657465726131143012060355040b130b536574657261486f757365311a3018060355040313117365746572612e676f74646e732e6f72673125302306092a864886f70d01090116167365746572616a756e6b40636861727465722e6e657430819f300d06092a864886f70d010101050003818d003081
EAP-Message =
0x8902818100a811bb47cecf7b0f9fbe6b1dbcf02bcec5f0e2ca60794f11d0a2c1a01892bfd6aa9293e4c8d557a23814aacae9c0f50367df4843edc0ddd1573d8585e9a04f7e3586c4bb0347dcb9eb5beab2298901a28bb798027a6e5e3c691a388e93eaccef33520ca7328b9a43f73ad66ee7dedafe4d14c29deb953a579b5467def5fff1710203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000381810039efb2b87a31df7125afeaa0ebb0f1a174bc6ac8acd57dabc8c0e22aad93d7ba805ba580690989a27293ce88627341870490128d530802e49388dbccaa4125f324e226a8f0f0a1
EAP-Message =
0xd1cda6aca8b22918938fe6927c608deed36d9c83d2a2fe7a447fa96706f468b00a266873f2e4bd96efc4dcc3b5c27106673de5525d87a99a1e00039f3082039b30820304a003020102020100300d06092a864886f70d0101040500308196310b300906035504061302555331123010060355040813094d696e6e65736f74613112301006035504071309526f63686573746572310f300d060355040a130653657465726131143012060355040b130b536574657261486f7573653111300f0603550403130853657465726143413125302306092a864886f70d01090116167365746572616a756e6b40636861727465722e6e6574301e170d3033303431
EAP-Message = 0x353031323331315a170d303830343133303132333131
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x8552c4636991b3488d5e021870005f564708f73f534b4886050e5fbe1d42c312a596aee2
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 108 with timestamp 3ff70847
Cleaning up request 3 ID 109 with timestamp 3ff70847
Nothing to do. Sleeping until we see a request.
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
