I am new to FreeRadius and 802.1x. I have had dealings with Livingston
v1.xx & v2.xx years ago in my days with an ISP.
I am wondering if anyone has some pointers on how I should proceed from
here. I am at a loss as to why this isn't working. Output and version
info below.
The intent of the configuration is toward EAP/TLS...
Thank you.
Versions:
freeradius-0.9.3 [RHL 7.3]
openssl-0.9.7c
Client: Odyssey v2.22.00.516 [Win 2000Pro]
AP: SMC2804WBR Barricade
========================
+ LD_LIBRARY_PATH=/usr/local/ssl/lib
+ LD_PRELOAD=/usr/local/ssl/lib/libcrypto.so
+ export LD_LIBRARY_PATH
+ export LD_PRELOAD
+ /usr/local/sbin/radiusd -X -A
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: bind_address = 172.28.1.1 IP address [172.28.1.1]
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
Using deprecated clients file. Support for this will go away soon.
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
rlm_eap: Loaded and initialized the type leap
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/1x/gandalf-wl.pem"
tls: certificate_file = "/etc/1x/gandalf-wl.pem"
tls: CA_file = "/etc/1x/root.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/1x/DH"
tls: random_file = "/etc/1x/random"
tls: fragment_size = 512
tls: include_length = yes
rlm_eap_tls: conf N ctx stored
rlm_eap: Loaded and initialized the type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address 172.28.1.1, ports 1812/udp and 1813/udp, with
proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 172.28.1.2:32801, id=3,
length=150
User-Name = "jfurman"
NAS-IP-Address = 172.28.1.2
Called-Station-Id = "00-04-E2-7A-E3-3F:photonic"
Calling-Station-Id = "00-90-4B-16-66-0A"
NAS-Identifier = "gandalf-wl"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0203000c016a6675726d616e
Message-Authenticator = 0x36556d778c502734d8a41b1dd29bf361
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_eap: EAP packet type notification id 3 length 12
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 0
rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched jfurman at 101
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 0
rlm_eap: EAP packet type notification id 3 length 12
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns ok for request 0
modcall: group authenticate returns ok for request 0
Login OK: [jfurman] (from client gandalf-SMC port 29 cli
00-90-4B-16-66-0A)
Sending Access-Challenge of id 3 to 172.28.1.2:32801
EAP-Message = 0x010400060d20
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x3d9e372e1e779e46ee03a982e6e21878b424c43f9b2e78a75b11a9540b4e0983f617ac
bc
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.28.1.2:32802, id=4,
length=274
User-Name = "jfurman"
NAS-IP-Address = 172.28.1.2
Called-Station-Id = "00-04-E2-7A-E3-3F:photonic"
Calling-Station-Id = "00-90-4B-16-66-0A"
NAS-Identifier = "gandalf-wl"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State =
0x3d9e372e1e779e46ee03a982e6e21878b424c43f9b2e78a75b11a9540b4e0983f617ac
bc
EAP-Message =
0x020400620d800000005816030100530100004f03013fc425c06a2d4485697d30480499
6d3f433e999e01cdca27cee4c3f84265810900002800160013006600150012000a000500
040009006300650060006200610064001400110003000600080100
Message-Authenticator = 0xa9b6ea3ec4e5940686348e1922b48bfd
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_eap: EAP packet type notification id 4 length 98
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 1
rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
users: Matched jfurman at 101
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: EAP packet type notification id 4 length 98
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0053], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 06b8], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 00b5], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_tls: SSL_read Error
Error code is ..... 2
SSL Error ..... 2
modcall[authenticate]: module "eap" returns ok for request 1
modcall: group authenticate returns ok for request 1
Login OK: [jfurman] (from client gandalf-SMC port 29 cli
00-90-4B-16-66-0A)
Sending Access-Challenge of id 4 to 172.28.1.2:32802
EAP-Message =
0x0105020a0dc0000007c6160301004a0200004603013fc424b4f9fedaedbe1147e2eee4
5ad8d3452502bf9ab58a151a697c9328f4252096e8b3dab584c560b1f869a8298145ae09
6b3cac3fe568ee975a94717c7cba87000a0016030106b80b0006b40006b10002e3308202
df30820248a003020102020101300d06092a864886f70d01010405003081a3310b300906
03550406130243413110300e060355040813074f6e746172696f3111300f060355040713
0857617465726c6f6f311d301b060355040a1314546865204261726f6e2053742e204d61
74726978311a3018060355040b13114469676974616c20576f726b2053686f7031143012
0603
EAP-Message =
0x550403130b4a6f686e204675726d616e311e301c06092a864886f70d010901160f6a6f
686e406675726d616e2e6e6574301e170d3033313132363033323233355a170d31333131
32333033323233355a3081ad310b30090603550406130243413110300e06035504081307
4f6e746172696f3111300f0603550407130857617465726c6f6f311d301b060355040a13
14546865204261726f6e2053742e204d6174726978311a3018060355040b131144696769
74616c20576f726b2053686f70311e301c0603550403131567616e64616c662d776c2e66
75726d616e2e6e6574311e301c06092a864886f70d010901160f6a6f686e406675726d61
6e2e
EAP-Message = 0x6e657430819f300d06092a864886f70d
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x06acb8be557eedd4f4c540e82ddbcb51b424c43ff6c2dc8b666fc15cb83d54fa5947a2
64
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.28.1.2:32803, id=5,
length=182
User-Name = "jfurman"
NAS-IP-Address = 172.28.1.2
Called-Station-Id = "00-04-E2-7A-E3-3F:photonic"
Calling-Station-Id = "00-90-4B-16-66-0A"
NAS-Identifier = "gandalf-wl"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State =
0x06acb8be557eedd4f4c540e82ddbcb51b424c43ff6c2dc8b666fc15cb83d54fa5947a2
64
EAP-Message = 0x020500060d00
Message-Authenticator = 0xf724929138014975203c6ab9414934e4
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_eap: EAP packet type notification id 5 length 6
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 2
rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched jfurman at 101
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 2
rlm_eap: EAP packet type notification id 5 length 6
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok for request 2
modcall: group authenticate returns ok for request 2
Login OK: [jfurman] (from client gandalf-SMC port 29 cli
00-90-4B-16-66-0A)
Sending Access-Challenge of id 5 to 172.28.1.2:32803
EAP-Message =
0x0106020a0dc0000007c6010101050003818d0030818902818100cf5f17f66223c8bdbc
2c91ce38eeed14c9ddbe0650af72c16d6665f9aa23bb24b716493e7528ba394efbd5a2ee
52cdf35c20b8f3328edda0f9f8b6954a59476345319a9fe19b06771da2ef98a7341896c6
5e9a6d0659aeae555aacc3af044919ae7c3e196667cf825fce7bbae5a9585140f71882e8
7e88cccb76db43c8ab86a10203010001a317301530130603551d25040c300a06082b0601
0505070301300d06092a864886f70d01010405000381810088b1aa9ba826acc6168cf85e
7491ff9876b54a607ee2c443a9daf9226e0184348c88be0d35a911f7387b3cac2e80d5f4
6242
EAP-Message =
0x967fd45b2f71bc0f5b60a5e01a40f68a4977be6d30f71b4246e952ed781e58bd306c6b
0728fc4d2b646c8373c26c814b658a8cdc746a474c67d9f8092e918d1c5c7144eb9049eb
4b7e5cc561fa8e0003c8308203c43082032da003020102020100300d06092a864886f70d
01010405003081a3310b30090603550406130243413110300e060355040813074f6e7461
72696f3111300f0603550407130857617465726c6f6f311d301b060355040a1314546865
204261726f6e2053742e204d6174726978311a3018060355040b13114469676974616c20
576f726b2053686f70311430120603550403130b4a6f686e204675726d616e311e301c06
092a
EAP-Message = 0x864886f70d010901160f6a6f686e4066
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xa89eb29be3afe1308aff59713662ea3bb424c43ff54c10a60c1ec2a3b0dd89df110cfe
19
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.28.1.2:32804, id=6,
length=182
User-Name = "jfurman"
NAS-IP-Address = 172.28.1.2
Called-Station-Id = "00-04-E2-7A-E3-3F:photonic"
Calling-Station-Id = "00-90-4B-16-66-0A"
NAS-Identifier = "gandalf-wl"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State =
0xa89eb29be3afe1308aff59713662ea3bb424c43ff54c10a60c1ec2a3b0dd89df110cfe
19
EAP-Message = 0x020600060d00
Message-Authenticator = 0x1814370217223b14ff685eefa66fe8a2
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
rlm_eap: EAP packet type notification id 6 length 6
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 3
rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
users: Matched jfurman at 101
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 3
rlm_eap: EAP packet type notification id 6 length 6
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok for request 3
modcall: group authenticate returns ok for request 3
Login OK: [jfurman] (from client gandalf-SMC port 29 cli
00-90-4B-16-66-0A)
Sending Access-Challenge of id 6 to 172.28.1.2:32804
EAP-Message =
0x0107020a0dc0000007c675726d616e2e6e6574301e170d303331313236303332313435
5a170d3033313232363033323134355a3081a3310b30090603550406130243413110300e
060355040813074f6e746172696f3111300f0603550407130857617465726c6f6f311d30
1b060355040a1314546865204261726f6e2053742e204d6174726978311a301806035504
0b13114469676974616c20576f726b2053686f70311430120603550403130b4a6f686e20
4675726d616e311e301c06092a864886f70d010901160f6a6f686e406675726d616e2e6e
657430819f300d06092a864886f70d010101050003818d0030818902818100bfddd47040
520d
EAP-Message =
0x8c7fc48b34025b9776e472a0d724270bb5c21059e1e3f0588e3fe0161e21ebd49102d4
39d9b9a817f23b97b8aa70a0dec4e6004132d6bcab310081e670fdcd5ea42b2c3f7ef516
543910702ce5b8f07f77ee381bd5f12f5de856abc6c47d5ceb953e25dfb6a7b51d7748ef
6633ad192eac8e0cf30b922945230203010001a382010430820100301d0603551d0e0416
04144ee96822f8daeb3f3e4a4d286439ebdde51ac9433081d00603551d230481c83081c5
80144ee96822f8daeb3f3e4a4d286439ebdde51ac943a181a9a481a63081a3310b300906
03550406130243413110300e060355040813074f6e746172696f3111300f060355040713
0857
EAP-Message = 0x617465726c6f6f311d301b060355040a
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x3e72fdcbe8347fa2b5ea91270c722b2fb424c43f5551d4902c7806714f5dda64aeea04
59
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.28.1.2:32805, id=7,
length=182
User-Name = "jfurman"
NAS-IP-Address = 172.28.1.2
Called-Station-Id = "00-04-E2-7A-E3-3F:photonic"
Calling-Station-Id = "00-90-4B-16-66-0A"
NAS-Identifier = "gandalf-wl"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State =
0x3e72fdcbe8347fa2b5ea91270c722b2fb424c43f5551d4902c7806714f5dda64aeea04
59
EAP-Message = 0x020700060d00
Message-Authenticator = 0x2a2bede34876c9f2a5c665d6167dd8a0
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
rlm_eap: EAP packet type notification id 7 length 6
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 4
rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
users: Matched jfurman at 101
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 4
rlm_eap: EAP packet type notification id 7 length 6
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok for request 4
modcall: group authenticate returns ok for request 4
Login OK: [jfurman] (from client gandalf-SMC port 29 cli
00-90-4B-16-66-0A)
Sending Access-Challenge of id 7 to 172.28.1.2:32805
EAP-Message =
0x010801d00d80000007c61314546865204261726f6e2053742e204d6174726978311a30
18060355040b13114469676974616c20576f726b2053686f70311430120603550403130b
4a6f686e204675726d616e311e301c06092a864886f70d010901160f6a6f686e40667572
6d616e2e6e6574820100300c0603551d13040530030101ff300d06092a864886f70d0101
04050003818100b384d95f067fb36265b9d538171886c9809a5df2cbb8eafd92b27f36e1
42e893db682394c465c2aa2ca4d9a8a8a4a633f1a7ef01acc65699adcf3c61c233ad2833
b39a551b5637a467aa5da3e82cc01d3d854c1ee48d28e7a5f1b3e1ab0e6b08dcc03f8106
5c17
EAP-Message =
0xf4866794daa7c7a883e18d6ddeb24dec8ef0a9239a9ecdd3c016030100b50d0000ad02
010200a800a63081a3310b30090603550406130243413110300e060355040813074f6e74
6172696f3111300f0603550407130857617465726c6f6f311d301b060355040a13145468
65204261726f6e2053742e204d6174726978311a3018060355040b13114469676974616c
20576f726b2053686f70311430120603550403130b4a6f686e204675726d616e311e301c
06092a864886f70d010901160f6a6f686e406675726d616e2e6e65740e000000
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xdf049e84facb017230b9603e60148fbab424c43fc126f34100aa954f5a248962519f65
e9
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.28.1.2:32806, id=8,
length=1184
User-Name = "jfurman"
NAS-IP-Address = 172.28.1.2
State =
0xdf049e84facb017230b9603e60148fbab424c43fc126f34100aa954f5a248962519f65
e9
EAP-Message =
0x0208043b0d800000043116030102e30b0002df0002dc0002d9308202d53082023ea003
020102020102300d06092a864886f70d01010405003081a3310b30090603550406130243
413110300e060355040813074f6e746172696f3111300f0603550407130857617465726c
6f6f311d301b060355040a1314546865204261726f6e2053742e204d6174726978311a30
18060355040b13114469676974616c20576f726b2053686f70311430120603550403130b
4a6f686e204675726d616e311e301c06092a864886f70d010901160f6a6f686e40667572
6d616e2e6e6574301e170d3033313132363033323335325a170d31333131323330333233
3532
EAP-Message =
0x5a3081a3310b30090603550406130243413110300e060355040813074f6e746172696f
3111300f0603550407130857617465726c6f6f311d301b060355040a1314546865204261
726f6e2053742e204d6174726978311a3018060355040b13114469676974616c20576f72
6b2053686f70311430120603550403130b4a6f686e204675726d616e311e301c06092a86
4886f70d010901160f6a6f686e406675726d616e2e6e657430819f300d06092a864886f7
0d010101050003818d0030818902818100a9fd3ecf95d14f9ba6949ce368727cb2592964
8cc7ddc63d454d877f7a52a0e43e4beb5c4008c7c3f8733b5afd8a41ff16256c2c491737
d27a
EAP-Message =
0xc2615554dd2cbff2ebce2e81c0e188011abe0111fd40b17525ba602ca6941e7bce1832
51b11ed6b9b060e5006a9a1339fc1915bfd033ab5b54451d968dd612014ad7f73cc151d9
0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a86
4886f70d01010405000381810094c61bcb3927b2fab9dca2e0ba87a90d46ed0d87cfb9e5
10af1ab65ca9077cf17377dca0473b4e132fe5a040b46dc873982c52439a584959bb323e
13d1f9fa33015e615e9bc1d865f58c02d62a61a26cadb23a3069cb5a156452459b30405d
7c10f58c8c7b72ebd9f420588f2f645aaf63089286ae7820cafa2c521ce3062f6c160301
0086
EAP-Message =
0x100000820080c6f3c75b00bb3e4c3650ef244cc94cc02cf3b219ce51910552dd46648d
ce427edf67877678e2c417b0bf296e40e856c7d547e3b56d82c7bc565e731b048ef68253
dafc78cf4c68bf8f3e2dd23b4b88dac1f3bd48dde3fcbb74575e170c5ad2d587225e38e1
8a74eae1e358f89001f777ec741e4d622d5fa28a0ee171cd8e898916030100860f000082
0080676a9d694657cfc750f19794175fb37c7c755c82e6c8226f2e5d39766b0756b2f18f
197277cc2ee36afa8ba6de2cc2b151912bf27eb9ce2a1e75636f18539e6c05a65d5616d1
b994c92a797fcfb30ccd454e1039aa7128ab8ac4708a9f9ff272ac6585b8578a5408f012
f3b0
EAP-Message =
0xb471c078bd58d695080828fb9131a8cb388497c014030100010116030100280d5d92d1
412eb3d3bc97cb1bac51d34fc86e72ef8330d2c79dcf0b3611e83638996af62020ef1227
Message-Authenticator = 0xffbad49fddab0937a09d292bb5fef198
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
rlm_eap: EAP packet type notification id 8 length 1083
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 5
rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
users: Matched jfurman at 101
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 5
rlm_eap: EAP packet type notification id 8 length 1083
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: Length Included
rlm_eap_tls: <<< TLS 1.0 Handshake [length 02e3], Certificate
--> verify error:num=18:self signed certificate
chain-depth=0,
error=18
--> User-Name = jfurman
--> BUF-Name = John Furman
--> subject = /C=CA/ST=Ontario/L=Waterloo/O=The Baron St.
Matrix/OU=Digital Work Shop/CN=John Furman/[EMAIL PROTECTED]
--> issuer = /C=CA/ST=Ontario/L=Waterloo/O=The Baron St.
Matrix/OU=Digital Work Shop/CN=John Furman/[EMAIL PROTECTED]
--> verify return:0
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap_tls: SSL_read Error
14485:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned:s3_srvr.c:1987:
Error code is ..... 5
Error in SSL ..... 5
modcall[authenticate]: module "eap" returns ok for request 5
modcall: group authenticate returns ok for request 5
Login OK: [jfurman] (from client gandalf-SMC port 0)
Sending Access-Challenge of id 8 to 172.28.1.2:32806
EAP-Message = 0x010900110d800000000715030100020230
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xaa06941ccbefba80f1610a7bcbb13e3cb524c43ff671c9a40334808de0326a4aec127e
b6
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.28.1.2:32807, id=9,
length=182
User-Name = "jfurman"
NAS-IP-Address = 172.28.1.2
Called-Station-Id = "00-04-E2-7A-E3-3F:photonic"
Calling-Station-Id = "00-90-4B-16-66-0A"
NAS-Identifier = "gandalf-wl"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State =
0xaa06941ccbefba80f1610a7bcbb13e3cb524c43ff671c9a40334808de0326a4aec127e
b6
EAP-Message = 0x020900060d00
Message-Authenticator = 0x445e8e2c362db6017d01e367d2e66b2f
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
rlm_eap: EAP packet type notification id 9 length 6
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 6
rlm_realm: No '@' in User-Name = "jfurman", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
users: Matched jfurman at 101
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 6
rlm_eap: EAP packet type notification id 9 length 6
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 6
modcall: group authenticate returns ok for request 6
Login OK: [jfurman] (from client gandalf-SMC port 29 cli
00-90-4B-16-66-0A)
Delaying request 6 for 1 seconds
Finished request 6
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.28.1.2:32807, id=9,
length=182
Sending Access-Reject of id 9 to 172.28.1.2:32807
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 3 with timestamp 3fc424b4
Cleaning up request 1 ID 4 with timestamp 3fc424b4
Cleaning up request 2 ID 5 with timestamp 3fc424b4
Cleaning up request 3 ID 6 with timestamp 3fc424b4
Cleaning up request 4 ID 7 with timestamp 3fc424b4
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 8 with timestamp 3fc424b5
Cleaning up request 6 ID 9 with timestamp 3fc424b5
Nothing to do. Sleeping until we see a request.
========================
Regards,
--
John Furman
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
