hi Ian
comments inline:
As requested, here is the debug output from something working (a Cisco against Freeradius) and something not working (A Buffalo against Freeradius). I will also see what I can pull up from the IAS logs for the Buffalo if that's of interest? Although I haven't tried getting the Cisco running against IAS.The problem with these logs is that there is no problem so far: what you give is the log of a freeradius server which perfectly works with both cisco AND buffalo meaning that there are no errors recognized by a piece of software which presumably works correctly (=freeradius).
The Cisco output begins with a line with ***Cisco Start*** and ends with a line ***Cisco End*** and, entertainingly enough, the Buffalo one begins with ***Buffalo Start*** and ends with ***Buffalo End*** - they're both in the order of 130 lines so quite long. The Buffalo one is first.
I'd be interested to hear what your opinion is.
Namely, at the end of your buffalo log, the server sends a challenge and never gets a response. Only buffalo may know (hihi) why there is no response to this challenge OR, alternatively, your supplicant at the other end. The latter is however less probable presuming that you use exactly the same supplicant machine with both cisco and buffalo.
So, what you need is a kind of report from your buffalo. What doesn't it like? That's the question. Since this feature could simply be missed at the buffalo AP, you could try to find it out indirectly, e.g. by inspecting the other interface: is anything forwarded to the supplicant after the last freeradius challenge present in your log? if yes, what? if no, why nothing?
i think nobody can help you based on the present input, sorry. there are no errors whatsoever if we agree that freeradius works correctly.
ciao
artur
***Buffalo Start***
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.8.201:1118, id=3, length=124
User-Name = "IanP"
NAS-Identifier = "AirStation Pro"
NAS-IP-Address = 192.168.0.1
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00022d73663b"
Calling-Station-Id = "00022d1f7774"
Framed-MTU = 1400
EAP-Message = "\002\001\000\t\001IanP"
Message-Authenticator = 0x1363968ebca6ca2fd7223400f7cdb4e1
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "IanP", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
modcall: entering group post-auth
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 19 bytes for a total of 19 bytes in EAP message
rlm_perl: returning EAP message of len 19
rlm_perl: leaving perl_store_eapvps
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 22 bytes for a total of 22 bytes in EAP message
rlm_perl: returning EAP message of len 22
rlm_perl: leaving perl_store_eapvps
rlm_perl: rlm_perl:: postauth function entered
modcall[post-auth]: module "perl" returns ok
modcall: group post-auth returns ok
Sending Access-Challenge of id 3 to 192.168.8.201:1118
EAP-Message = "\001\002\000\006\r "
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd18f980ac8a1fa20c45f508efdb63fb6a9dc1d3eb451d1594378e2639b3a8ae23307d727
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.8.201:1119, id=4, length=233
User-Name = "IanP"
NAS-Identifier = "AirStation Pro"
NAS-IP-Address = 192.168.0.1
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
Called-Station-Id = "00022d73663b"
Calling-Station-Id = "00022d1f7774"
Framed-MTU = 1400
EAP-Message =
"\002\002\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001>\035\334\250\240\231\372k\232\3
66\013\314\010d\266\265\306\271\220\036l\357\032\001|v\254\361U\240w\334\000\000\026\000\004\000\005\000\
n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001"
State = 0xd18f980ac8a1fa20c45f508efdb63fb6a9dc1d3eb451d1594378e2639b3a8ae23307d727
Message-Authenticator = 0xa3deebe639157bb741e4d7c9eaac0bf8
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "IanP", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
<<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
TLS 1.0 Handshake [length 004a], ServerHelloTLS_accept: SSLv3 write server hello ATLS 1.0 Handshake [length 0579], CertificateTLS_accept: SSLv3 write certificate ATLS_accept: SSLv3 write certificate request ATLS 1.0 Handshake [length 007a], CertificateRequest
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_tls: SSL_read Error
Error code is ..... 2
SSL Error ..... 2
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
modcall: entering group post-auth
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 513 bytes for a total of 513 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 512 bytes for a total of 1025 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 513 bytes for a total of 1538 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 514 bytes for a total of 2052 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 5 bytes for a total of 2057 bytes in EAP message
rlm_perl: returning EAP message of len 2057
rlm_perl: leaving perl_store_eapvps
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 265 bytes for a total of 265 bytes in EAP message
rlm_perl: returning EAP message of len 265
rlm_perl: leaving perl_store_eapvps
rlm_perl: rlm_perl:: postauth function entered
modcall[post-auth]: module "perl" returns ok
modcall: group post-auth returns ok
Sending Access-Challenge of id 4 to 192.168.8.201:1119
EAP-Message =
"\001\003\003\362\r\300\000\000\006L\026\003\001\000J\002\000\000F\003\001>\035\334\252\2707\034v\034B\
330\013\250\211]v\026>\227\300}\316\344\264\233^F\334}\352\302\333
Dg\n\331>)\266\253E\363\024\371\022\005\374\211~\206f\0338\002H\376\027\366Nyc\374\032\036\000\004\000\
026\003\001\005y\013\000\005u\000\005r\000\002\\0\202\002X0\202\001\301\240\003\002\001\002\002\001\0010
\r\006\t*\206H\206\367\r\001\001\004\005\0000h1\0130\t\006\003U\004\006\023\002na1\0130\t\006\003U\004\01
0\023\002na1\0130\t\006\003U\004"
EAP-Message =
"72900Z\027\r040102172900Z0c1\0130\t\006\003U\004\006\023\002na1\0130\t\006\003U\004\010\023\002na1\0
130\t\006\003U\004\007\023\002na1\0140\n\006\003U\004\n\023\003F111\0140\n\006\003U\004\003\023\003f111
\0360\034\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201\2370\r\006\t*\206H\206\367\r\00
1\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\332\325l0\221\376W\363\337\375\252\207\316\33
2\225z\302\224\036\034\231\215-\212?\256H\337\310/z\037\341\000\007i\306\271'gXUT\rf,\272\370>\370\r\005"
EAP-Message =
"\314'K3}\213\232%\020\2514\277r\306?\223\325\224\255\231\204\000\335\356\223R\241\002\003\001\000\001
\243\0270\0250\023\006\003U\035%\004\0140\n\006\010+\006\001\005\005\007\003\0010\r\006\t*\206H\206\367
\r\001\001\004\005\000\003\201\201\000\201\267x0\215\262\327\243\203\307\254\250/Q\273\201\251\341\254\26
4O\264Z\333\221\275\233\277\216\304\007"\263\224\216\214\244\023\203\025\220\300\307O(Iw\307\264\207\27
5N\305\223\342g\246\004\211\341\215\014\202\026\252\2511\336\351\214>\025Nb\212l\223\n\275K\367:?\025"
EAP-Message =
"a1\0130\t\006\003U\004\010\023\002na1\0130\t\006\003U\004\007\023\002na1\0140\n\006\003U\004\n\023\003
F111\0210\017\006\003U\004\003\023\010TESTCA1\0360\034\006\t*\206H\206\367\r\001\t\001\026\017groober
@foobar.com0\036\027\r030102172722Z\027\r030201172722Z0h1\0130\t\006\003U\004\006\023\002na1\0130\t\
006\003U\004\010\023\002na1\0130\t\006\003U\004\007\023\002na1\0140\n\006\003U\004\n\023\003F111\0210\
017\006\003U\004\003\023\010F11DTMCA1\0360\034\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]
0\201"
EAP-Message = "0\201"
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x140c3689544a37231959770dc870840baadc1d3e392cfdfda743ec979efe76b868580b94
Finished request 1
Going to the next request
Waking up in 5 seconds...
***Buffalo End***
***Cisco Start***
rad_recv: Access-Request packet from host 192.168.4.201:2784, id=68, length=146
User-Name = "at"
Cisco-AVPair = "ssid=pritch2"
NAS-IP-Address = 192.168.4.201
Called-Station-Id = "0040965af4b6"
Calling-Station-Id = "00078591f6b8"
NAS-Identifier = "AP350-5af4b6"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = "\002\t\000\007\001at"
Message-Authenticator = 0x7611728f9f128604ca486ff7e488d902
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "at", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
modcall: entering group post-auth
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 17 bytes for a total of 17 bytes in EAP message
rlm_perl: returning EAP message of len 17
rlm_perl: leaving perl_store_eapvps
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 20 bytes for a total of 20 bytes in EAP message
rlm_perl: returning EAP message of len 20
rlm_perl: leaving perl_store_eapvps
rlm_perl: rlm_perl:: postauth function entered
modcall[post-auth]: module "perl" returns ok
modcall: group post-auth returns ok
Sending Access-Challenge of id 68 to 192.168.4.201:2784
EAP-Message = "\001\n\000\006\r "
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0bcbbc61dcc610657d1269a3bd7b97e0428a243ed89104f660d0f82a0fe3e8dba82a1db1
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.4.201:2785, id=69, length=289
User-Name = "at"
Cisco-AVPair = "ssid=pritch2"
NAS-IP-Address = 192.168.4.201
Called-Station-Id = "0040965af4b6"
Calling-Station-Id = "00078591f6b8"
NAS-Identifier = "AP350-5af4b6"
NAS-Port = 37
Framed-MTU = 1400
State = 0x0bcbbc61dcc610657d1269a3bd7b97e0428a243ed89104f660d0f82a0fe3e8dba82a1db1
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = "\002\n\000p\r\200\000\000\000f\026\003\001\000a\001\000\000]\003\001>$\212"\215\353x\236\245~8;&\221(\261\356\323g\221\207\217\354"\031k\367\201\017\266\000q \262\016\234\363W\360\240\263\377\225\261\352C\274-\246-\017T\335E\275VS\270\302\312\204\245\034\331o\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001"
Message-Authenticator = 0xb51ac5f2dbd44a383122cc5579d63f3c
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "at", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
<<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
TLS 1.0 Handshake [length 004a], ServerHelloTLS_accept: SSLv3 write server hello ATLS 1.0 Handshake [length 0579], CertificateTLS_accept: SSLv3 write certificate ATLS_accept: SSLv3 write certificate request ATLS 1.0 Handshake [length 007a], CertificateRequest
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_tls: SSL_read Error
Error code is ..... 2
SSL Error ..... 2
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
modcall: entering group post-auth
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 514 bytes for a total of 514 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 512 bytes for a total of 1026 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 513 bytes for a total of 1539 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 514 bytes for a total of 2053 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 5 bytes for a total of 2058 bytes in EAP message
rlm_perl: returning EAP message of len 2058
rlm_perl: leaving perl_store_eapvps
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 346 bytes for a total of 346 bytes in EAP message
rlm_perl: returning EAP message of len 346
rlm_perl: leaving perl_store_eapvps
rlm_perl: rlm_perl:: postauth function entered
modcall[post-auth]: module "perl" returns ok
modcall: group post-auth returns ok
Sending Access-Challenge of id 69 to 192.168.4.201:2785
EAP-Message = "\001\013\003\362\r\300\000\000\006L\026\003\001\000J\002\000\000F\003\001>$\212B\t\257\234\2412mN\231\264?\272;")\230jJk\224t\251\304\272\317C\257*\365 <\370\310\010\007\332\236\030G\253\350Ip\005N*\331\n\204\246xZ\003\251\233\263F\223\223\335\254.\000\004\000\026\003\001\005y\013\000\005u\000\005r\000\002\\0\202\002X0\202\001\301\240\003\002\001\002\002\001\0010\r\006\t*\206H\206\367\r\001\001\004\005\0000h1\0130\t\006\003U\004\006\023\002na1\0130\t\006\003U\004\010\023\002na1\0130\t\006\003U\004\007\023"
EAP-Message = "72900Z\027\r040102172900Z0c1\0130\t\006\003U\004\006\023\002na1\0130\t\006\003U\004\010\023\002na1\0130\t\006\003U\004\007\023\002na1\0140\n\006\003U\004\n\023\003F111\0140\n\006\003U\004\003\023\003f111\0360\034\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\332\325l0\221\376W\363\337\375\252\207\316\332\225z\302\224\036\034\231\215-\212?\256H\337\310/z\037\341\000\007i\306\271'gXUT\rf,\272\370>\370\r\005"
EAP-Message = "\314'K3}\213\232%\020\2514\277r\306?\223\325\224\255\231\204\000\335\356\223R\241\002\003\001\000\001\243\0270\0250\023\006\003U\035%\004\0140\n\006\010+\006\001\005\005\007\003\0010\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000\201\267x0\215\262\327\243\203\307\254\250/Q\273\201\251\341\254\264O\264Z\333\221\275\233\277\216\304\007"\263\224\216\214\244\023\203\025\220\300\307O(Iw\307\264\207\275N\305\223\342g\246\004\211\341\215\014\202\026\252\2511\336\351\214>\025Nb\212l\223\n\275K\367:?\025"
EAP-Message = "a1\0130\t\006\003U\004\010\023\002na1\0130\t\006\003U\004\007\023\002na1\0140\n\006\003U\004\n\023\003F111\0210\017\006\003U\004\003\023\010TESTCA1\0360\034\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036\027\r030102172722Z\027\r030201172722Z0h1\0130\t\006\003U\004\006\023\002na1\0130\t\006\003U\004\010\023\002na1\0130\t\006\003U\004\007\023\002na1\0140\n\006\003U\004\n\023\003F111\0210\017\006\003U\004\003\023\010F11DTMCA1\0360\034\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201"
EAP-Message = "0\201"
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa21eab5f1492231ef52ed2a1fea6c4c6428a243eba83346a4e8d62c79df71f7eb2229e90
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.4.201:2786, id=70, length=183
User-Name = "at"
Cisco-AVPair = "ssid=pritch2"
NAS-IP-Address = 192.168.4.201
Called-Station-Id = "0040965af4b6"
Calling-Station-Id = "00078591f6b8"
NAS-Identifier = "AP350-5af4b6"
NAS-Port = 37
Framed-MTU = 1400
State = 0xa21eab5f1492231ef52ed2a1fea6c4c6428a243eba83346a4e8d62c79df71f7eb2229e90
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = "\002\013\000\006\r"
Message-Authenticator = 0xabcfc066e7169e8a1decbd1e01da5501
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "at", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
modcall: entering group post-auth
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 511 bytes for a total of 511 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 513 bytes for a total of 1024 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 287 bytes for a total of 1311 bytes in EAP message
rlm_perl: returning EAP message of len 1311
rlm_perl: leaving perl_store_eapvps
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 18 bytes for a total of 18 bytes in EAP message
rlm_perl: returning EAP message of len 18
rlm_perl: leaving perl_store_eapvps
rlm_perl: rlm_perl:: postauth function entered
modcall[post-auth]: module "perl" returns ok
modcall: group post-auth returns ok
Sending Access-Challenge of id 70 to 192.168.4.201:2786
EAP-Message = "\001\014\002n\r\200\000\000\006L\211\002\201\201\000\236\362\241\026\313$'\0009r)\303\363*1\004\003\212\366\031\234\326\031y\001{\2038\034\261\333}\\\222i\340?\357/\272`\250\303\334DI\233@L\305\214\026\037m1\372\204\206TO\252\313\220N\316u\212\321\341J0\330\216\374\220\247\201\372!{\314\263\220S\001-s\343t?\211D\345A\322\370!.\314um\202\036\304\007\202\213\023\302\331/u\030\371\277R\036\323+d\277\003\303\3350\017\250\313\002\003\001\000\001\243\201\3050\201\3020\035\006\003U\035\016\004\026\004\024vw?\233"
EAP-Message = "a1\0130\t\006\003U\004\007\023\002na1\0140\n\006\003U\004\n\023\003F111\0210\017\006\003U\004\003\023\010TESTCA1\0360\034\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\202\001\0000\014\006\003U\035\023\004\0050\003\001\001\3770\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000\212\255\312X\311g\244F`{\234\300\322\251\363\272\302BY\247A+\271\300\300=\315\022\301\365?\245r\303\030\277\314a\223t c\227\343\n\357\334g\210\377\272\251w)\017\330\377\207\032\010vY5\002i\377\313\347n\251G\212\322"
EAP-Message = "\003\001\002\005\000l\000j0h1\0130\t\006\003U\004\006\023\002na1\0130\t\006\003U\004\010\023\002na1\0130\t\006\003U\004\007\023\002na1\0140\n\006\003U\004\n\023\003F111\0210\017\006\003U\004\003\023\010TESTCA1\0360\034\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\016\000\000"
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfb10f43e0207370a27c623b983a75b8c428a243e21fce5cb5ffd1e4bff18feac6dbbf036
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.4.201:2787, id=71, length=1122
User-Name = "at"
Cisco-AVPair = "ssid=pritch2"
NAS-IP-Address = 192.168.4.201
Called-Station-Id = "0040965af4b6"
Calling-Station-Id = "00078591f6b8"
NAS-Identifier = "AP350-5af4b6"
NAS-Port = 37
Framed-MTU = 1400
State = 0xfb10f43e0207370a27c623b983a75b8c428a243e21fce5cb5ffd1e4bff18feac6dbbf036
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = "\002\014\003\253\r\200\000\000\003\241\026\003\001\003q\013\000\002a\000\002^\000\002[0\202\002W0\202\001\300\240\003\002\001\002\002\001\0020\r\006\t*\206H\206\367\r\001\001\004\005\0000h1\0130\t\006\003U\004\006\023\002na1\0130\t\006\003U\004\010\023\002na1\0130\t\006\003U\004\007\023\002na1\0140\n\006\003U\004\n\023\003F111\0210\017\006\003U\004\003\023\010TESTCA1\0360\034\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036\027\r030102173036Z\027\r040102173036Z0b1\0130\t\006\003U\004\006\023\002"
EAP-Message = "\006\003U\004\003\023\002at1\0360\034\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\232Y\033I)N3K\304\3779\037`\303D\212\000<tZ\326b(\207\376\031\372\007\201\240\276\376\201\316\361:\332\037hX\223\275y\363\3562R\253\033\275\303^fS\001J\350\002\310\331o\371\005\027\363\nY>f_Q<\202TJ\210\233\232\346b\340PF\2262$,\006\377R\241-\277\301\301_I\3214\037To\325\346aC\343\376N\335\235\204%\340\2634\354_\274\364\355"
EAP-Message = "\314K\022\216p\301\272\327m\\\327\312?[\277*\347\033\006s\264f\254\204{\231\003\\\327\364O3\236\036\354\215\241\025P(\364~\204.oZ\330\t\310\303\344u\344.\031X\252n\351\203\346\236nz\253\032#\310\335\014\236\034\007\005 \233%\362J\0203N\023u\3505\242\241,\013]# y\002y\2757\242\016\331\341L\212\260\254>\376r\250\327\335\223\023\215\303`x\22682\001\020\000\000\202\000\200\246\205\210\220\010s\342`\n\003\353\023{\305\004\017iH;P\251\037\010$}v\003\032\231\366\305\243:9\377\327\325\026\202[\233n\001h`\321}\213"
EAP-Message = "\350\217\315\017\000\000\202\000\200+\212\352\022\r\274\353\220?W\265\245\027I\320\213\3435\265\224\023s\363\363_a$\255\210\363\277t\304|L\376^\336\210B\312\204:!\025<\036\323x\341h\267\273\203\2249\254\217\355JE\215vx\005\276\331&jCM\314\005\035\234c\273\013\027\270?C\216G\r\313U\317\254\0171\331\323\327#\274\254\372\341\3779aN\251\223\312\325\002N\274\265\370~8\313\030%\013\221\314Z\002M\371l[\027a\024\003\001\000\001\001\026\003\001\000 K\211\260\377\004(\200\t\251\214|.\244)\201^Oi\021\340X\344C\204\210"
Message-Authenticator = 0x50c2a589068d59db8674a7b847d06dd7
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "at", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Multiple EAP_Message attributes found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
<<< TLS 1.0 Handshake [length 0265], Certificate
chain-depth=1,
error=0
--> User-Name = at
--> BUF-Name = TESTCA
--> subject = [EMAIL PROTECTED]
--> issuer = [EMAIL PROTECTED]
--> verify return:1
chain-depth=0,
error=0
--> User-Name = at
--> BUF-Name = at
--> subject = [EMAIL PROTECTED]
--> issuer = [EMAIL PROTECTED]
--> verify return:1
TLS_accept: SSLv3 read client certificate A
<<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
<<< TLS 1.0 Handshake [length 0086], CertificateVerify
TLS_accept: SSLv3 read certificate verify A
<<< TLS 1.0 ChangeCipherSpec [length 0001]
<<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
TLS 1.0 ChangeCipherSpec [length 0001]TLS_accept: SSLv3 write change cipher spec ATLS_accept: SSLv3 write finished ATLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 flush data
undefined: SSL negotiation finished successfully
rlm_eap_tls: SSL_read Error
Error code is ..... 2
SSL Error ..... 2
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
modcall: entering group post-auth
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 161 bytes for a total of 161 bytes in EAP message
rlm_perl: returning EAP message of len 161
rlm_perl: leaving perl_store_eapvps
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 513 bytes for a total of 513 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 513 bytes for a total of 1026 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 511 bytes for a total of 1537 bytes in EAP message
rlm_perl: new EAP-Message found
rlm_perl: assembled 512 bytes for a total of 2049 bytes in EAP message
rlm_perl: returning EAP message of len 2049
rlm_perl: leaving perl_store_eapvps
rlm_perl: rlm_perl:: postauth function entered
modcall[post-auth]: module "perl" returns ok
modcall: group post-auth returns ok
Sending Access-Challenge of id 71 to 192.168.4.201:2787
EAP-Message = "\001\r\0005\r\200\000\000\000+\024\003\001\000\001\001\026\003\001\000 \274\010\0049\220\276\311\021k\\p\353\305\352\312}~\367\037X\236eB\301nQ\001A\250\200\2545"
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x58b5f95306fa4833c7a53445687b1d7b438a243ea46be5152b471892ba62bb5568e93eae
Finished request 3
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.4.201:2788, id=72, length=183
User-Name = "at"
Cisco-AVPair = "ssid=pritch2"
NAS-IP-Address = 192.168.4.201
Called-Station-Id = "0040965af4b6"
Calling-Station-Id = "00078591f6b8"
NAS-Identifier = "AP350-5af4b6"
NAS-Port = 37
Framed-MTU = 1400
State = 0x58b5f95306fa4833c7a53445687b1d7b438a243ea46be5152b471892ba62bb5568e93eae
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = "\002\r\000\006\r"
Message-Authenticator = 0x580620830a073d68d95d15a319bd290a
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "at", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
modcall: entering group post-auth
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 14 bytes for a total of 14 bytes in EAP message
rlm_perl: returning EAP message of len 14
rlm_perl: leaving perl_store_eapvps
rlm_perl: perl_store_eapvps called
rlm_perl: new EAP-Message found
rlm_perl: assembled 16 bytes for a total of 16 bytes in EAP message
rlm_perl: returning EAP message of len 16
rlm_perl: leaving perl_store_eapvps
rlm_perl: rlm_perl:: postauth function entered
modcall[post-auth]: module "perl" returns ok
modcall: group post-auth returns ok
Sending Access-Accept of id 72 to 192.168.4.201:2788
MS-MPPE-Recv-Key = 0xe781038cba2ef898391c4245e383eb16100a4162b22eed021364f05163844e3c92c260c6b27f2a7e8a88c4ae9da1e0780f78
MS-MPPE-Send-Key = 0xe782954df769d8dc60946497db362cd84f5a5ff0efc3000b1febe622a8e1e291a7305403082a3a26681c302b3b1865390d2b
EAP-Message = "\003\r\000\004"
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 4
***Cisco End***
_________________________________________________________________
Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Artur Hecker Groupe Acc�s et Mobilit�
hecker[at]enst[dot]fr D�partement Informatique et R�seaux
+33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr ENST Paris
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
