hi,
thanks for looking at the matter, Artur.
> in fact, unless you shortened your post, there seems to be two requests
> one after another or am i wrong? because radius actually doesn't do
> anything about the wrong request. it denies the next one... well, it's
> perhaps normal.
well strange is (or is it a normal retry?), that it has two rad_recv of id=95. one at
(*A*) and than the other one at (*B*).
then he is sending the reject message on the line (*E*) to id=95, but it is not clear
to which.
However, I think the problem really is between line (*C*) and (*D*) which prevents me
from getting an Access-Accept
This error seems to happen from time to time, I've found another post in the mailing
list (http://www.mail-archive.com/[email protected]/msg11598.html).
But there isn't a solution (or even a guess, as to where it comes from) around.
Advice is appreciated.
david
rad_recv: Access-Request packet from host 10.56.56.201:6001, id=95, length=180
(*A*)
User-Name = "Hera"
NAS-IP-Address = 10.56.56.201
Called-Station-Id = "00-02-2d-48-6d-89"
Calling-Station-Id = "00-05-3c-06-6e-61"
NAS-Identifier = "hercules"
State =
0xcbc90276b2c75bcf69c846a00bbb35e62f922b3ea0b9afaf4605a59f14b2fa8fc483abdc
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
"\002\007\000!\r\200\000\000\000\027\025\003\001\000\022^\333$,\363"\275\010\010\374\234\204y\337\306U-g"
Message-Authenticator = 0x9095e69b06f47161b67f54139c32e1ef
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "Hera", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched Hera at 98
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
<<< TLS 1.0 Alert [length 0002], fatal access_denied
(*C*)
TLS Alert read:fatal:access denied
2727:error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access
denied:s3_pkt.c:1037:SSL alert number 49
rlm_eap_tls: SSL_read Error
Error code is ..... 6
SSL Error ..... 6
rlm_eap_tls: BIO_read Error
Error code is ..... 5
Error in SSL ..... 5
(*D*)
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Delaying request 10 for 1 seconds
Finished request 10
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.56.56.201:6001, id=95, length=180 (*B*)
Sending Access-Reject of id 95 to 10.56.56.201:6001
(*E*)
EAP-Message = "\004\007\000\004"
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 91 with timestamp 3e2b922e
Cleaning up request 7 ID 92 with timestamp 3e2b922e
Cleaning up request 8 ID 93 with timestamp 3e2b922e
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 94 with timestamp 3e2b922f
Cleaning up request 10 ID 95 with timestamp 3e2b922f
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
