eap-tls error (unknown_ca)

wsy Tue, 28 Jan 2003 11:37:09 -0800

Dear all,

This question is about implementing a WLAN environment which supports
802.1X.


I'm using:
- Authentication Server: Linux 2.4.19 + FreeRADIUS 0.8.1 + OpenSSL 0.9.7
- Authenticator: Cisco Aironet 350 Access Point
- Supplicant: Windows XP SP1 + ORiNOCO PC Card(Gold)

I tried to use eap-tls to authenticate user, but failed.
Here is the major error message:
------------------------------
>>> TLS 1.0 Alert [length 0002], fatal unknown_ca

TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap_tls: SSL_read Error
 Error code is ..... 5
 Error in SSL ..... 5
------------------------------

I found the explanation of this error from RFC 2246 (The TLS Protocol):
#############################
   unknown_ca
       A valid certificate chain or partial chain was received, but the
       certificate was not accepted because the CA certificate could not
       be located or couldn`t be matched with a known, trusted CA.  This
       message is always fatal.
##############################

But I still don't know how to solve this problem.
Does anyone have any idea about this?
The whole dump message is attatched below.

Thanks in advance,
Kenny

***** dump msg from "radiusd -X -A" *****
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: servers_per_realm = 15
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded System
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "(null)"
 unix: group = "(null)"
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = "tls"
 eap: timer_expire = 60
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/usr/local/CA/mykey.pem"
 tls: certificate_file = "/usr/local/CA/mycert.pem"
 tls: CA_file = "/usr/local/CA/cacert.pem"
 tls: private_key_password = "capasswd"
 tls: dh_file = "/usr/local/CA/DH"
 tls: random_file = "/usr/local/CA/random"
 tls: fragment_size = 1024
 tls: include_length = yes
rlm_eap_tls: conf N ctx stored
rlm_eap: Loaded and initialized the type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
 preprocess: hints = "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/usr/local/etc/raddb/users"
 files: acctusersfile = "/usr/local/etc/raddb/acct_users"
 files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
 detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename = "/usr/local/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.88.146:1169, id=145,
length=173
 User-Name = "Speed Wireless CA"
 Cisco-AVPair = "ssid=tsunami"
 NAS-IP-Address = 192.168.88.146
 Called-Station-Id = "0040965ae262"
 Calling-Station-Id = "0060b370f1fc"
 NAS-Identifier = "AP350-5ae262"
 NAS-Port = 37
 Framed-MTU = 1400
 NAS-Port-Type = Wireless-802.11
 Service-Type = Login-User
 EAP-Message = "\002P\000\026\001Speed Wireless CA"
 Message-Authenticator = 0x0c9fe70faa294e059af74b78d168d291
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "Speed Wireless CA", looking up
realm NULL
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched Speed Wireless CA at 90
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 145 to 192.168.88.146:1169
 EAP-Message = "\001Q\000\006\r "
 Message-Authenticator = 0x00000000000000000000000000000000
 State =
0x68138bd5e35a8b5b47bd7e7db22ffe3a57d2363e7340add532ce3aa8cc2e41b8791a1b
b3
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.88.146:1170, id=146,
length=269
 User-Name = "Speed Wireless CA"
 Cisco-AVPair = "ssid=tsunami"
 NAS-IP-Address = 192.168.88.146
 Called-Station-Id = "0040965ae262"
 Calling-Station-Id = "0060b370f1fc"
 NAS-Identifier = "AP350-5ae262"
 NAS-Port = 37
 Framed-MTU = 1400
 State =
0x68138bd5e35a8b5b47bd7e7db22ffe3a57d2363e7340add532ce3aa8cc2e41b8791a1b
b3
 NAS-Port-Type = Wireless-802.11
 Service-Type = Login-User
 EAP-Message =
"\002Q\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001>6\3
21P\365s\353o\304e\224=\017hR@Z>\301>\337s2Y*\013\216\366\344O\357\000\
000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\00
0\022\000c\001"
 Message-Authenticator = 0xbbb964fc243fc29a864b0276f9a26a96
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "Speed Wireless CA", looking up
realm NULL
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched Speed Wireless CA at 90
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls:  Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
<<< TLS 1.0 Handshake [length 0041], ClientHello

TLS_accept: SSLv3 read client hello A
>>> TLS 1.0 Handshake [length 004a], ServerHello

TLS_accept: SSLv3 write server hello A
>>> TLS 1.0 Handshake [length 03c7], Certificate

TLS_accept: SSLv3 write certificate A
>>> TLS 1.0 Handshake [length 00a3], CertificateRequest

TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_tls: SSL_read Error
 Error code is ..... 2
 SSL Error ..... 2
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 146 to 192.168.88.146:1170
 EAP-Message =
"\001R\004\n\r\300\000\000\004\303\026\003\001\000J\002\000\000F\003\001
>6\322W9<\346\336a}\276\272:\226\t\201\3378\3746S\335\370\351\256\262e\3
56\322\217\260Y
\261\264\304Y\374\032\205\005\301L\2360\360\314\033(\277@(\200\320\217\3
57\315\226\253\263=m\3375\215\000\004\000\026\003\001\003\307\013\000\00
3\303\000\003\300\000\003\2750\202\003\2710\202\003"\240\003\002\001\002
\002\001\0010\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2211\0130
\t\006\003U\004\006\023\002TW1\0170\r\006\003U\004\010\023\006T"
 EAP-Message =
"\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036\027\r030128
153956Z\027\r040128153956Z0\201\2211\0130\t\006\003U\004\006\023\002TW1\
0170\r\006\003U\004\010\023\006Taiwan1\0200\016\006\003U\004\007\023\007
Hsinchu1\r0\013\006\003U\004\n\023\004NCTU1\0160\014\006\003U\004\013\02
3\005SPEED1\0320\030\006\003U\004\003\023\021Speed Wireless
CA1$0"\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201
\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\2
11\002\201\201\000\342"
 EAP-Message = "\204Gc
a\211f\352\001\375N\275\311\3311\355\365\211\341\200\256\311\255Zx\3274\
267JE:XitX\253\362\n\304\3068\247\024pF\260/\354>\0064)}\004\022\260\242
\313\362\261#\351\264\306\202>\204V\210\214
\241\001\020b\334lc\200\017\257\317\033E\263\215n=\371\306\333\322\253~b
\235<\014\271\263\212\345P\247\250\243\220\r\232\n[\351PTZ\367\002\003\0
01\000\001\243\202\001\0350\202\001\0310\t\006\003U\035\023\004\0020\000
0,\006\t`\206H\001\206\370B\001\r\004\037\026\035OpenSSL Generated
Certificate0\035\006\003U\035\016"
 EAP-Message =
"Y\241\201\227\244\201\2240\201\2211\0130\t\006\003U\004\006\023\002TW1\
0170\r\006\003U\004\010\023\006Taiwan1\0200\016\006\003U\004\007\023\007
Hsinchu1\r0\013\006\003U\004\n\023\004NCTU1\0160\014\006\003U\004\013\02
3\005SPEED1\0320\030\006\003U\004\003\023\021Speed Wireless
CA1$0"\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\202\
001\0000\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000|\26
0<\305\2143c98\262=\332\262\247\364&\321\3471wd]T\235\230h\202'1i\037\27
1N\345\330,70\313m\331"
 EAP-Message =
"q\352w\237\r\204\314\255\000u\021\347\321vXI\262\210\321E\0237\023\003\
252N"
 Message-Authenticator = 0x00000000000000000000000000000000
 State =
0x2c27cac7c27545e3452eb20426bfab5757d2363e955614df0fd918e1319fae7f7b5848
00
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.88.146:1171, id=147,
length=195
 User-Name = "Speed Wireless CA"
 Cisco-AVPair = "ssid=tsunami"
 NAS-IP-Address = 192.168.88.146
 Called-Station-Id = "0040965ae262"
 Calling-Station-Id = "0060b370f1fc"
 NAS-Identifier = "AP350-5ae262"
 NAS-Port = 37
 Framed-MTU = 1400
 State =
0x2c27cac7c27545e3452eb20426bfab5757d2363e955614df0fd918e1319fae7f7b5848
00
 NAS-Port-Type = Wireless-802.11
 Service-Type = Login-User
 EAP-Message = "\002R\000\006\r"
 Message-Authenticator = 0xb979120ef5f031ecb603a0bd0978edf6
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "Speed Wireless CA", looking up
realm NULL
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched Speed Wireless CA at 90
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 147 to 192.168.88.146:1171
 EAP-Message =
"\001S\000\315\r\200\000\000\004\303G|!\364\317\264\031vj+\266\027\224r\
025\033l;\277\307\t\352xCH\361\307\026\003\001\000\243\r\000\000\233\002
\001\002\000\226\000\2240\201\2211\0130\t\006\003U\004\006\023\002TW1\01
70\r\006\003U\004\010\023\006Taiwan1\0200\016\006\003U\004\007\023\007Hs
inchu1\r0\013\006\003U\004\n\023\004NCTU1\0160\014\006\003U\004\013\023\
005SPEED1\0320\030\006\003U\004\003\023\021Speed Wireless
CA1$0"\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\016\
000\000"
 Message-Authenticator = 0x00000000000000000000000000000000
 State =
0xd20de44fbec027d9db97be50b181dec357d2363e651670d37ec86534be276063bfed4d
4a
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.88.146:1172, id=148,
length=1543
 User-Name = "Speed Wireless CA"
 Cisco-AVPair = "ssid=tsunami"
 NAS-IP-Address = 192.168.88.146
 Called-Station-Id = "0040965ae262"
 Calling-Station-Id = "0060b370f1fc"
 NAS-Identifier = "AP350-5ae262"
 NAS-Port = 37
 Framed-MTU = 1400
 State =
0xd20de44fbec027d9db97be50b181dec357d2363e651670d37ec86534be276063bfed4d
4a
 NAS-Port-Type = Wireless-802.11
 Service-Type = Login-User
 EAP-Message =
"\002S\005@\r\200\000\000\0056\026\003\001\005\006\013\000\003\366\000\0
03\363\000\003\3600\202\003\3540\202\003U\240\003\002\001\002\002\001\00
10\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2421\0130\t\006\003U
\004\006\023\002TW1\0170\r\006\003U\004\010\023\006Taiwan1\0200\016\006\
003U\004\007\023\007Hsinchu1\0370\035\006\003U\004\n\023\026High Speed
Network
Lab1\r0\013\006\003U\004\013\023\004WLAN1\0320\030\006\003U\004\003\023\
021Speed Wireless
CA1$0"\006\t*\206H\206\367\r\001\t\001\026\025sywen@ci"
 EAP-Message =
"0\201\2421\0130\t\006\003U\004\006\023\002TW1\0170\r\006\003U\004\010\0
23\006Taiwan1\0200\016\006\003U\004\007\023\007Hsinchu1\0370\035\006\003
U\004\n\023\026High Speed Network
Lab1\r0\013\006\003U\004\013\023\004WLAN1\0320\030\006\003U\004\003\023\
021Speed Wireless
CA1$0"\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201
\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\2
11\002\201\201\000\250{V\273\353!6\241!\374\2418\276\232\213;\270%\267&e
(\334D\021\340\262I\223\222"
 EAP-Message =
"\267\361K\0245\265\\\317A\230i\r\377\332N\326\250\311\215(\212x\251A+\0
36\324\001\005"Q\314Y\021\007\375&\t\360\372\376Y\372\307\201\201\036{!\
2306c\201nkb\320\rE=\033\362\351{\314\241Jh\227\002\003\001\000\001\243\
202\001.0\202\001*0\t\006\003U\035\023\004\0020\0000,\006\t`\206H\001\20
6\370B\001\r\004\037\026\035OpenSSL Generated
Certificate0\035\006\003U\035\016\004\026\004\024\006Y)\034\306\262B\302
\003\207\200\200\376\364\252
q'B\2170\201\317\006\003U\035#\004\201\3070\201\304\200\024sB\333l\360Nv
}H\343"
 EAP-Message = "\007\023\007Hsinchu1\0370\035\006\003U\004\n\023\026High
Speed Network
Lab1\r0\013\006\003U\004\013\023\004WLAN1\0320\030\006\003U\004\003\023\
021Speed Wireless
CA1$0"\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\202\
001\0000\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\0002\22
0\353\301\214\000\270\350\213Q\302>\025\377\272N\256\316\207j\353\220\24
1\241Cu\256m\222;\037=k\220\342]\n<g\273A\006\3257I\357
Jk?\252\216=P\207\264}q\323U\3015\371\251\036\373\376\271f\026\006:\314g
\213\315"
 EAP-Message =
"$EL2\370\022\243?J$~\333t6\365\304\205^\3323\307\020\000\000\202\000\20
0vI\020]\257V\256\211[u
`\314\236l\024+p\360\354vG\222\354\230\315\357\350_\366\036_\242cD@Z\00
1\221E\325\2127.>R\370W8\323F\311B\261\034\\Q\020\345F"\355\306\320\300\
0226\3414$;^\203S\336L\200\260^.M\273\020i\203\275\001\354\005\021\267Xz
[\302T\212\336P\227n\3144\321L\352\2731\313\206F\303\321\332!E{\017\275\
232\222\264K\344\322\325\216\017\000\000\202\000\200\2270\331\370\212\01
4\370\214><\210\300\216\304C\237$\207\247\303\010A\201i"
 EAP-Message =
"\36331x\224\263W\227\t\353\334\270\310\242\032\n\310\364\013\244P\342\3
74\306\337\203\361\232q\266#\234\342N{\025\024\003\001\000\001\001\026\0
03\001\000
\235\356\\3&\022w\017\272Ht\373>\017lk@C\035\220\227y\326i\372\001\344\0
02\227\364\304\250"
 Message-Authenticator = 0xcdaff583a0799084e5c6c9f20d1cf8d0
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "Speed Wireless CA", looking up
realm NULL
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched Speed Wireless CA at 90
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Multiple EAP_Message attributes found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls:  Length Included
<<< TLS 1.0 Handshake [length 03fa], Certificate

--> verify error:num=20:unable to get local issuer certificate
chain-depth=0,
error=20
--> User-Name = Speed Wireless CA
--> BUF-Name = Speed Wireless CA
--> subject = /C=TW/ST=Taiwan/L=Hsinchu/O=High Speed Network
Lab/OU=WLAN/CN=Speed Wireless [EMAIL PROTECTED]
--> issuer  = /C=TW/ST=Taiwan/L=Hsinchu/O=High Speed Network
Lab/OU=WLAN/CN=Speed Wireless [EMAIL PROTECTED]
--> verify return:0
>>> TLS 1.0 Alert [length 0002], fatal unknown_ca

TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
rlm_eap_tls: SSL_read Error
 Error code is ..... 5
 Error in SSL ..... 5
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 148 to 192.168.88.146:1172
 EAP-Message =
"\001T\000\021\r\200\000\000\000\007\025\003\001\000\002\0020"
 Message-Authenticator = 0x00000000000000000000000000000000
 State =
0x88f197752c33aeaf0b534e6575d8a07757d2363eadb28426705eb822c860e40bd52b89
24
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.88.146:1173, id=149,
length=195
 User-Name = "Speed Wireless CA"
 Cisco-AVPair = "ssid=tsunami"
 NAS-IP-Address = 192.168.88.146
 Called-Station-Id = "0040965ae262"
 Calling-Station-Id = "0060b370f1fc"
 NAS-Identifier = "AP350-5ae262"
 NAS-Port = 37
 Framed-MTU = 1400
 State =
0x88f197752c33aeaf0b534e6575d8a07757d2363eadb28426705eb822c860e40bd52b89
24
 NAS-Port-Type = Wireless-802.11
 Service-Type = Login-User
 EAP-Message = "\002T\000\006\r"
 Message-Authenticator = 0xb136f55d1c9465ef1aa87645a4429fd5
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "eap" returns updated
    rlm_realm: No '@' in User-Name = "Speed Wireless CA", looking up
realm NULL
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched Speed Wireless CA at 90
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.88.146:1173, id=149,
length=195
Sending Access-Reject of id 149 to 192.168.88.146:1173
 EAP-Message = "\004T\000\004"
 Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 145 with timestamp 3e36d257
Cleaning up request 1 ID 146 with timestamp 3e36d257
Cleaning up request 2 ID 147 with timestamp 3e36d257
Cleaning up request 3 ID 148 with timestamp 3e36d257
Cleaning up request 4 ID 149 with timestamp 3e36d257
Nothing to do.  Sleeping until we see a request.
***** dump msg ends here *****


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

eap-tls error (unknown_ca)

Reply via email to