Hi, RADIUS log....
[EMAIL PROTECTED]:/usr/local/radius/sbin# ./runradius.sh + export LD_LIBRARY_PATH=/usr/local/openssl/lib/ + ./radiusd -X -y -z -A -f -i 10.89.49.12 Starting - reading configuration files ... read_config_files: reading dictionary Config: including file: /usr/local/radius/etc/raddb/proxy.conf Config: including file: /usr/local/radius/etc/raddb/clients.conf Config: including file: /usr/local/radius/etc/raddb/snmp.conf Config: including file: /usr/local/radius/etc/raddb/eap.conf Config: including file: /usr/local/radius/etc/raddb/sql.conf main: prefix = "/usr/local/radius" main: localstatedir = "/usr/local/radius/var" main: logdir = "/usr/local/radius/var/log/radius" main: libdir = "/usr/local/radius/lib" main: radacctdir = "/usr/local/radius/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/radius/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid" main: checkrad = "/usr/local/radius/sbin/checkrad" main: debug_level = 0 main: proxy_requests = yes log: syslog_facility = "daemon" proxy: retry_delay = 5 proxy: retry_count = 3 proxy: default_fallback = yes proxy: dead_time = 120 proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no read_config_files: reading realms main: port = 1812 client: secret = "testing123" client: shortname = "localhost" client: nastype = "other" client: secret = "raghu123456" client: shortname = "linksys" client: secret = "raghu123456" client: shortname = "3com" radiusd: entering modules setup Module: Library search path is /usr/local/radius/lib Module: Loaded exec exec: wait = yes exec: input_pairs = "request" exec: shell_escape = yes rlm_exec: wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded expiration expiration: reply-message = "Password Has Expired " Module: Instantiated expiration (expiration) Module: Loaded logintime logintime: reply-message = "You are calling outside your allowed timespan " logintime: minimum-timeout = 60 Module: Instantiated logintime (logintime) Module: Loaded PAP pap: encryption_scheme = "auto" pap: auto_header = no Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded System unix: radwtmp = "/usr/local/radius/var/log/radius/radwtmp" Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "ttls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: pem_file_type = yes tls: private_key_file = "/etc/certs/cert-srv.pem" tls: certificate_file = "/etc/certs/cert-srv.pem" tls: CA_file = "/etc/certs/root.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc/certs/dh" tls: random_file = "/etc/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/radius/etc/raddb/huntgroups" preprocess: hints = "/usr/local/radius/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/radius/etc/raddb/users" files: acctusersfile = "/usr/local/radius/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/radius/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: header = "%t" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/radius/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Initializing the thread pool... Listening on authentication address 10.89.49.12 port 1812 Listening on accounting address 10.89.49.12 port 1813 Listening on proxy address 10.89.49.12 port 1814 Ready to process requests. Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.89.49.1 port 1058, id=0, length=176 Message-Authenticator = 0xef3923bcefa2778f4a84e3c6834b6b9d Service-Type = Framed-User User-Name = "jbibe" Framed-MTU = 1488 Called-Station-Id = "00-0F-CB-FE-2F-5F:3Com" Calling-Station-Id = "00-13-E0-9E-9B-2E" NAS-Identifier = "AP11G" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000a016a62696265 NAS-IP-Address = 10.89.49.1 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall[authorize]: module "unix" returns notfound for request 0 rlm_realm: No '@' in User-Name = "jbibe", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry jbibe at line 93 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "expiration" returns noop for request 0 modcall[authorize]: module "logintime" returns noop for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 0 to 10.89.49.1 port 1058 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb57b1868cae7102fc5220c50fcd079e9 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.89.49.1 port 1060, id=0, length=176 Message-Authenticator = 0x3782e8f02c8699a3c42aca3f7ca282bd Service-Type = Framed-User User-Name = "jbibe" Framed-MTU = 1488 Called-Station-Id = "00-0F-CB-FE-2F-5F:3Com" Calling-Station-Id = "00-13-E0-9E-9B-2E" NAS-Identifier = "AP11G" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000a016a62696265 NAS-IP-Address = 10.89.49.1 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall[authorize]: module "unix" returns notfound for request 1 rlm_realm: No '@' in User-Name = "jbibe", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 0 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry jbibe at line 93 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "expiration" returns noop for request 1 modcall[authorize]: module "logintime" returns noop for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 0 to 10.89.49.1 port 1060 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x28269413248e97f17932076accdf7bf9 Finished request 1 Going to the next request --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 4753fbf2 Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.89.49.1 port 1060, id=1, length=292 Message-Authenticator = 0x40a2937466327040c8dff7c302dfb2a1 Service-Type = Framed-User User-Name = "jbibe" Framed-MTU = 1488 State = 0x28269413248e97f17932076accdf7bf9 Called-Station-Id = "00-0F-CB-FE-2F-5F:3Com" Calling-Station-Id = "00-13-E0-9E-9B-2E" NAS-Identifier = "AP11G" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201006c150016030100610100005d0301475479af4fa14e56d54409683378930066355256926f9f730c13464cdc9d335900003600390038003500160013000a00330032002f0007006600050004006300620061001500120009006500640060001400110008000600030100 NAS-IP-Address = 10.89.49.1 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 modcall[authorize]: module "unix" returns notfound for request 2 rlm_realm: No '@' in User-Name = "jbibe", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 1 length 108 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry jbibe at line 93 modcall[authorize]: module "files" returns ok for request 2 modcall[authorize]: module "expiration" returns noop for request 2 modcall[authorize]: module "logintime" returns noop for request 2 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 02af], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 1 to 10.89.49.1 port 1060 EAP-Message = 0x0102031615800000030c160301004a0200004603014753fbf8f58141daf95e0096db0adfb6f4edafa07203a81824f280d43d72b750205a2d477ae1678eb31d106c57d4858bcc649c3b95d203e6397f61280255dd942200350016030102af0b0002ab0002a80002a5308202a13082020aa003020102020102300d06092a864886f70d0101040500308189310b3009060355040613025553311230100603550408130954656e6e657373656531123010060355040713094272656e74776f6f64310f300d060355040a130648656c61766131143012060355040b130b456e67696e656572696e67310c300a06035504031303484149311d301b06092a8648 EAP-Message = 0x86f70d010901160e6f686240636d636173742e6e6574301e170d3037313132373130333431375a170d3038313132363130333431375a308189310b3009060355040613025553311230100603550408130954656e6e657373656531123010060355040713094272656e74776f6f64310f300d060355040a130648656c61766131143012060355040b130b456e67696e656572696e67310c300a06035504031303484149311d301b06092a864886f70d010901160e6f686240636d636173742e6e657430819f300d06092a864886f70d010101050003818d0030818902818100c66bf62517d85f1a2a4da99c4ba13ac476f36f4f0081558281456bb5d393 EAP-Message = 0x8fecfcf9139b9d0180bdb88918b80236a89cc22b3dee55a092eb50f030d84d772f72e3e5fa6fbc37d8a63dc7df9a291731d7e9879e698eaeac2e2bb89fdef4b4733842ae56dddcdbfd05e0d4865328bbf2d7acb884da421e5dea11c84964fa591fdb0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100999d00ac8272163c5369bbd7d55002ff183856f23515e607972cfb7ea561717f9b8602831725b72b12ec049e140aea62f09e99d58ff510eac7fcd7e00f84e7ccba2d3940eaeee1d481d01390aef10c281e31bbc3eb66fb01af66b216fb1556e8ee6b3751df0fc6808d4f EAP-Message = 0x9fceedd9ecd8527a3a0eb778073cd4822e39c202083916030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc1445c5677d1b2e404d7b7a50a056150 Finished request 2 Going to the next request Waking up in 5 seconds... On 12/3/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > 1. That's normal. You don't have a client certificate in TTLS. Ignore > it. > > 2. Attach the debug output from radiusd -X. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Regards & Thanks Raghavendra. S
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html