hi
excuse my question, my did you or did you not put the autosigned CA
certificate of the CA which issues/signs the client certificate in the
root.pem file of your freeradius server?
ciao
artur
wsy wrote:
>
> Dear all,
>
> This question is about implementing a WLAN environment which supports
> 802.1X.
>
> I'm using:
> - Authentication Server: Linux 2.4.19 + FreeRADIUS 0.8.1 + OpenSSL 0.9.7
> - Authenticator: Cisco Aironet 350 Access Point
> - Supplicant: Windows XP SP1 + ORiNOCO PC Card(Gold)
>
> I tried to use eap-tls to authenticate user, but failed.
> Here is the major error message:
> ------------------------------
> >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
>
> TLS Alert write:fatal:unknown CA
> TLS_accept:error in SSLv3 read client certificate B
> rlm_eap_tls: SSL_read Error
> Error code is ..... 5
> Error in SSL ..... 5
> ------------------------------
>
> I found the explanation of this error from RFC 2246 (The TLS Protocol):
> #############################
> unknown_ca
> A valid certificate chain or partial chain was received, but the
> certificate was not accepted because the CA certificate could not
> be located or couldn`t be matched with a known, trusted CA. This
> message is always fatal.
> ##############################
>
> But I still don't know how to solve this problem.
> Does anyone have any idea about this?
> The whole dump message is attatched below.
>
> Thanks in advance,
> Kenny
>
> ***** dump msg from "radiusd -X -A" *****
> Starting - reading configuration files ...
> reread_config: reading radiusd.conf
> Config: including file: /usr/local/etc/raddb/proxy.conf
> Config: including file: /usr/local/etc/raddb/clients.conf
> Config: including file: /usr/local/etc/raddb/snmp.conf
> Config: including file: /usr/local/etc/raddb/sql.conf
> main: prefix = "/usr/local"
> main: localstatedir = "/usr/local/var"
> main: logdir = "/usr/local/var/log/radius"
> main: libdir = "/usr/local/lib"
> main: radacctdir = "/usr/local/var/log/radius/radacct"
> main: hostname_lookups = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 0
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_file = "/usr/local/var/log/radius/radius.log"
> main: log_auth = no
> main: log_auth_badpass = no
> main: log_auth_goodpass = no
> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
> main: user = "(null)"
> main: group = "(null)"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: checkrad = "/usr/local/sbin/checkrad"
> main: proxy_requests = yes
> proxy: retry_delay = 5
> proxy: retry_count = 3
> proxy: synchronous = no
> proxy: default_fallback = yes
> proxy: dead_time = 120
> proxy: servers_per_realm = 15
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
> read_config_files: reading dictionary
> read_config_files: reading naslist
> read_config_files: reading clients
> read_config_files: reading realms
> radiusd: entering modules setup
> Module: Library search path is /usr/local/lib
> Module: Loaded expr
> Module: Instantiated expr (expr)
> Module: Loaded System
> unix: cache = no
> unix: passwd = "(null)"
> unix: shadow = "(null)"
> unix: group = "(null)"
> unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
> unix: usegroup = no
> unix: cache_reload = 600
> Module: Instantiated unix (unix)
> Module: Loaded eap
> eap: default_eap_type = "tls"
> eap: timer_expire = 60
> tls: rsa_key_exchange = no
> tls: dh_key_exchange = yes
> tls: rsa_key_length = 512
> tls: dh_key_length = 512
> tls: verify_depth = 0
> tls: CA_path = "(null)"
> tls: pem_file_type = yes
> tls: private_key_file = "/usr/local/CA/mykey.pem"
> tls: certificate_file = "/usr/local/CA/mycert.pem"
> tls: CA_file = "/usr/local/CA/cacert.pem"
> tls: private_key_password = "capasswd"
> tls: dh_file = "/usr/local/CA/DH"
> tls: random_file = "/usr/local/CA/random"
> tls: fragment_size = 1024
> tls: include_length = yes
> rlm_eap_tls: conf N ctx stored
> rlm_eap: Loaded and initialized the type tls
> Module: Instantiated eap (eap)
> Module: Loaded preprocess
> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
> preprocess: hints = "/usr/local/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded realm
> realm: format = "suffix"
> realm: delimiter = "@"
> Module: Instantiated realm (suffix)
> Module: Loaded files
> files: usersfile = "/usr/local/etc/raddb/users"
> files: acctusersfile = "/usr/local/etc/raddb/acct_users"
> files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
> files: compat = "no"
> Module: Instantiated files (files)
> Module: Loaded Acct-Unique-Session-Id
> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port-Id"
> Module: Instantiated acct_unique (acct_unique)
> Module: Loaded detail
> detail: detailfile =
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
> Module: Instantiated detail (detail)
> Module: Loaded radutmp
> radutmp: filename = "/usr/local/var/log/radius/radutmp"
> radutmp: username = "%{User-Name}"
> radutmp: perm = 384
> radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
> 1814/udp.
> Ready to process requests.
> rad_recv: Access-Request packet from host 192.168.88.146:1169, id=145,
> length=173
> User-Name = "Speed Wireless CA"
> Cisco-AVPair = "ssid=tsunami"
> NAS-IP-Address = 192.168.88.146
> Called-Station-Id = "0040965ae262"
> Calling-Station-Id = "0060b370f1fc"
> NAS-Identifier = "AP350-5ae262"
> NAS-Port = 37
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> Service-Type = Login-User
> EAP-Message = "\002P\000\026\001Speed Wireless CA"
> Message-Authenticator = 0x0c9fe70faa294e059af74b78d168d291
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "eap" returns updated
> rlm_realm: No '@' in User-Name = "Speed Wireless CA", looking up
> realm NULL
> rlm_realm: No such realm NULL
> modcall[authorize]: module "suffix" returns noop
> users: Matched Speed Wireless CA at 90
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: processing type tls
> modcall[authenticate]: module "eap" returns ok
> modcall: group authenticate returns ok
> Sending Access-Challenge of id 145 to 192.168.88.146:1169
> EAP-Message = "\001Q\000\006\r "
> Message-Authenticator = 0x00000000000000000000000000000000
> State =
> 0x68138bd5e35a8b5b47bd7e7db22ffe3a57d2363e7340add532ce3aa8cc2e41b8791a1b
> b3
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 192.168.88.146:1170, id=146,
> length=269
> User-Name = "Speed Wireless CA"
> Cisco-AVPair = "ssid=tsunami"
> NAS-IP-Address = 192.168.88.146
> Called-Station-Id = "0040965ae262"
> Calling-Station-Id = "0060b370f1fc"
> NAS-Identifier = "AP350-5ae262"
> NAS-Port = 37
> Framed-MTU = 1400
> State =
> 0x68138bd5e35a8b5b47bd7e7db22ffe3a57d2363e7340add532ce3aa8cc2e41b8791a1b
> b3
> NAS-Port-Type = Wireless-802.11
> Service-Type = Login-User
> EAP-Message =
> "\002Q\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001>6\3
> 21P\365s\353o\304e\224=\017hR@Z>\301>\337s2Y*\013\216\366\344O\357\000\
> 000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\00
> 0\022\000c\001"
> Message-Authenticator = 0xbbb964fc243fc29a864b0276f9a26a96
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "eap" returns updated
> rlm_realm: No '@' in User-Name = "Speed Wireless CA", looking up
> realm NULL
> rlm_realm: No such realm NULL
> modcall[authorize]: module "suffix" returns noop
> users: Matched Speed Wireless CA at 90
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP_TYPE - tls
> rlm_eap: processing type tls
> rlm_eap_tls: Length Included
> undefined: before/accept initialization
> TLS_accept: before/accept initialization
> <<< TLS 1.0 Handshake [length 0041], ClientHello
>
> TLS_accept: SSLv3 read client hello A
> >>> TLS 1.0 Handshake [length 004a], ServerHello
>
> TLS_accept: SSLv3 write server hello A
> >>> TLS 1.0 Handshake [length 03c7], Certificate
>
> TLS_accept: SSLv3 write certificate A
> >>> TLS 1.0 Handshake [length 00a3], CertificateRequest
>
> TLS_accept: SSLv3 write certificate request A
> TLS_accept: SSLv3 flush data
> TLS_accept:error in SSLv3 read client certificate A
> rlm_eap_tls: SSL_read Error
> Error code is ..... 2
> SSL Error ..... 2
> modcall[authenticate]: module "eap" returns ok
> modcall: group authenticate returns ok
> Sending Access-Challenge of id 146 to 192.168.88.146:1170
> EAP-Message =
> "\001R\004\n\r\300\000\000\004\303\026\003\001\000J\002\000\000F\003\001
> >6\322W9<\346\336a}\276\272:\226\t\201\3378\3746S\335\370\351\256\262e\3
> 56\322\217\260Y
> \261\264\304Y\374\032\205\005\301L\2360\360\314\033(\277@(\200\320\217\3
> 57\315\226\253\263=m\3375\215\000\004\000\026\003\001\003\307\013\000\00
> 3\303\000\003\300\000\003\2750\202\003\2710\202\003"\240\003\002\001\002
> \002\001\0010\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2211\0130
> \t\006\003U\004\006\023\002TW1\0170\r\006\003U\004\010\023\006T"
> EAP-Message =
> "\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036\027\r030128
> 153956Z\027\r040128153956Z0\201\2211\0130\t\006\003U\004\006\023\002TW1\
> 0170\r\006\003U\004\010\023\006Taiwan1\0200\016\006\003U\004\007\023\007
> Hsinchu1\r0\013\006\003U\004\n\023\004NCTU1\0160\014\006\003U\004\013\02
> 3\005SPEED1\0320\030\006\003U\004\003\023\021Speed Wireless
> CA1$0"\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201
> \2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\2
> 11\002\201\201\000\342"
> EAP-Message = "\204Gc
> a\211f\352\001\375N\275\311\3311\355\365\211\341\200\256\311\255Zx\3274\
> 267JE:XitX\253\362\n\304\3068\247\024pF\260/\354>\0064)}\004\022\260\242
> \313\362\261#\351\264\306\202>\204V\210\214
> \241\001\020b\334lc\200\017\257\317\033E\263\215n=\371\306\333\322\253~b
> \235<\014\271\263\212\345P\247\250\243\220\r\232\n[\351PTZ\367\002\003\0
> 01\000\001\243\202\001\0350\202\001\0310\t\006\003U\035\023\004\0020\000
> 0,\006\t`\206H\001\206\370B\001\r\004\037\026\035OpenSSL Generated
> Certificate0\035\006\003U\035\016"
> EAP-Message =
> "Y\241\201\227\244\201\2240\201\2211\0130\t\006\003U\004\006\023\002TW1\
> 0170\r\006\003U\004\010\023\006Taiwan1\0200\016\006\003U\004\007\023\007
> Hsinchu1\r0\013\006\003U\004\n\023\004NCTU1\0160\014\006\003U\004\013\02
> 3\005SPEED1\0320\030\006\003U\004\003\023\021Speed Wireless
> CA1$0"\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\202\
> 001\0000\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000|\26
> 0<\305\2143c98\262=\332\262\247\364&\321\3471wd]T\235\230h\202'1i\037\27
> 1N\345\330,70\313m\331"
> EAP-Message =
> "q\352w\237\r\204\314\255\000u\021\347\321vXI\262\210\321E\0237\023\003\
> 252N"
> Message-Authenticator = 0x00000000000000000000000000000000
> State =
> 0x2c27cac7c27545e3452eb20426bfab5757d2363e955614df0fd918e1319fae7f7b5848
> 00
> Finished request 1
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 192.168.88.146:1171, id=147,
> length=195
> User-Name = "Speed Wireless CA"
> Cisco-AVPair = "ssid=tsunami"
> NAS-IP-Address = 192.168.88.146
> Called-Station-Id = "0040965ae262"
> Calling-Station-Id = "0060b370f1fc"
> NAS-Identifier = "AP350-5ae262"
> NAS-Port = 37
> Framed-MTU = 1400
> State =
> 0x2c27cac7c27545e3452eb20426bfab5757d2363e955614df0fd918e1319fae7f7b5848
> 00
> NAS-Port-Type = Wireless-802.11
> Service-Type = Login-User
> EAP-Message = "\002R\000\006\r"
> Message-Authenticator = 0xb979120ef5f031ecb603a0bd0978edf6
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "eap" returns updated
> rlm_realm: No '@' in User-Name = "Speed Wireless CA", looking up
> realm NULL
> rlm_realm: No such realm NULL
> modcall[authorize]: module "suffix" returns noop
> users: Matched Speed Wireless CA at 90
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP_TYPE - tls
> rlm_eap: processing type tls
> rlm_eap_tls: Received EAP-TLS ACK message
> modcall[authenticate]: module "eap" returns ok
> modcall: group authenticate returns ok
> Sending Access-Challenge of id 147 to 192.168.88.146:1171
> EAP-Message =
> "\001S\000\315\r\200\000\000\004\303G|!\364\317\264\031vj+\266\027\224r\
> 025\033l;\277\307\t\352xCH\361\307\026\003\001\000\243\r\000\000\233\002
> \001\002\000\226\000\2240\201\2211\0130\t\006\003U\004\006\023\002TW1\01
> 70\r\006\003U\004\010\023\006Taiwan1\0200\016\006\003U\004\007\023\007Hs
> inchu1\r0\013\006\003U\004\n\023\004NCTU1\0160\014\006\003U\004\013\023\
> 005SPEED1\0320\030\006\003U\004\003\023\021Speed Wireless
> CA1$0"\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\016\
> 000\000"
> Message-Authenticator = 0x00000000000000000000000000000000
> State =
> 0xd20de44fbec027d9db97be50b181dec357d2363e651670d37ec86534be276063bfed4d
> 4a
> Finished request 2
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 192.168.88.146:1172, id=148,
> length=1543
> User-Name = "Speed Wireless CA"
> Cisco-AVPair = "ssid=tsunami"
> NAS-IP-Address = 192.168.88.146
> Called-Station-Id = "0040965ae262"
> Calling-Station-Id = "0060b370f1fc"
> NAS-Identifier = "AP350-5ae262"
> NAS-Port = 37
> Framed-MTU = 1400
> State =
> 0xd20de44fbec027d9db97be50b181dec357d2363e651670d37ec86534be276063bfed4d
> 4a
> NAS-Port-Type = Wireless-802.11
> Service-Type = Login-User
> EAP-Message =
> "\002S\005@\r\200\000\000\0056\026\003\001\005\006\013\000\003\366\000\0
> 03\363\000\003\3600\202\003\3540\202\003U\240\003\002\001\002\002\001\00
> 10\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\2421\0130\t\006\003U
> \004\006\023\002TW1\0170\r\006\003U\004\010\023\006Taiwan1\0200\016\006\
> 003U\004\007\023\007Hsinchu1\0370\035\006\003U\004\n\023\026High Speed
> Network
> Lab1\r0\013\006\003U\004\013\023\004WLAN1\0320\030\006\003U\004\003\023\
> 021Speed Wireless
> CA1$0"\006\t*\206H\206\367\r\001\t\001\026\025sywen@ci"
> EAP-Message =
> "0\201\2421\0130\t\006\003U\004\006\023\002TW1\0170\r\006\003U\004\010\0
> 23\006Taiwan1\0200\016\006\003U\004\007\023\007Hsinchu1\0370\035\006\003
> U\004\n\023\026High Speed Network
> Lab1\r0\013\006\003U\004\013\023\004WLAN1\0320\030\006\003U\004\003\023\
> 021Speed Wireless
> CA1$0"\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201
> \2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\2
> 11\002\201\201\000\250{V\273\353!6\241!\374\2418\276\232\213;\270%\267&e
> (\334D\021\340\262I\223\222"
> EAP-Message =
> "\267\361K\0245\265\\\317A\230i\r\377\332N\326\250\311\215(\212x\251A+\0
> 36\324\001\005"Q\314Y\021\007\375&\t\360\372\376Y\372\307\201\201\036{!\
> 2306c\201nkb\320\rE=\033\362\351{\314\241Jh\227\002\003\001\000\001\243\
> 202\001.0\202\001*0\t\006\003U\035\023\004\0020\0000,\006\t`\206H\001\20
> 6\370B\001\r\004\037\026\035OpenSSL Generated
> Certificate0\035\006\003U\035\016\004\026\004\024\006Y)\034\306\262B\302
> \003\207\200\200\376\364\252
> q'B\2170\201\317\006\003U\035#\004\201\3070\201\304\200\024sB\333l\360Nv
> }H\343"
> EAP-Message = "\007\023\007Hsinchu1\0370\035\006\003U\004\n\023\026High
> Speed Network
> Lab1\r0\013\006\003U\004\013\023\004WLAN1\0320\030\006\003U\004\003\023\
> 021Speed Wireless
> CA1$0"\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\202\
> 001\0000\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\0002\22
> 0\353\301\214\000\270\350\213Q\302>\025\377\272N\256\316\207j\353\220\24
> 1\241Cu\256m\222;\037=k\220\342]\n<g\273A\006\3257I\357
> Jk?\252\216=P\207\264}q\323U\3015\371\251\036\373\376\271f\026\006:\314g
> \213\315"
> EAP-Message =
> "$EL2\370\022\243?J$~\333t6\365\304\205^\3323\307\020\000\000\202\000\20
> 0vI\020]\257V\256\211[u
> `\314\236l\024+p\360\354vG\222\354\230\315\357\350_\366\036_\242cD@Z\00
> 1\221E\325\2127.>R\370W8\323F\311B\261\034\\Q\020\345F"\355\306\320\300\
> 0226\3414$;^\203S\336L\200\260^.M\273\020i\203\275\001\354\005\021\267Xz
> [\302T\212\336P\227n\3144\321L\352\2731\313\206F\303\321\332!E{\017\275\
> 232\222\264K\344\322\325\216\017\000\000\202\000\200\2270\331\370\212\01
> 4\370\214><\210\300\216\304C\237$\207\247\303\010A\201i"
> EAP-Message =
> "\36331x\224\263W\227\t\353\334\270\310\242\032\n\310\364\013\244P\342\3
> 74\306\337\203\361\232q\266#\234\342N{\025\024\003\001\000\001\001\026\0
> 03\001\000
> \235\356\\3&\022w\017\272Ht\373>\017lk@C\035\220\227y\326i\372\001\344\0
> 02\227\364\304\250"
> Message-Authenticator = 0xcdaff583a0799084e5c6c9f20d1cf8d0
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "eap" returns updated
> rlm_realm: No '@' in User-Name = "Speed Wireless CA", looking up
> realm NULL
> rlm_realm: No such realm NULL
> modcall[authorize]: module "suffix" returns noop
> users: Matched Speed Wireless CA at 90
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: Multiple EAP_Message attributes found
> rlm_eap: Request found, released from the list
> rlm_eap: EAP_TYPE - tls
> rlm_eap: processing type tls
> rlm_eap_tls: Length Included
> <<< TLS 1.0 Handshake [length 03fa], Certificate
>
> --> verify error:num=20:unable to get local issuer certificate
> chain-depth=0,
> error=20
> --> User-Name = Speed Wireless CA
> --> BUF-Name = Speed Wireless CA
> --> subject = /C=TW/ST=Taiwan/L=Hsinchu/O=High Speed Network
> Lab/OU=WLAN/CN=Speed Wireless [EMAIL PROTECTED]
> --> issuer = /C=TW/ST=Taiwan/L=Hsinchu/O=High Speed Network
> Lab/OU=WLAN/CN=Speed Wireless [EMAIL PROTECTED]
> --> verify return:0
> >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
>
> TLS Alert write:fatal:unknown CA
> TLS_accept:error in SSLv3 read client certificate B
> rlm_eap_tls: SSL_read Error
> Error code is ..... 5
> Error in SSL ..... 5
> modcall[authenticate]: module "eap" returns ok
> modcall: group authenticate returns ok
> Sending Access-Challenge of id 148 to 192.168.88.146:1172
> EAP-Message =
> "\001T\000\021\r\200\000\000\000\007\025\003\001\000\002\0020"
> Message-Authenticator = 0x00000000000000000000000000000000
> State =
> 0x88f197752c33aeaf0b534e6575d8a07757d2363eadb28426705eb822c860e40bd52b89
> 24
> Finished request 3
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 192.168.88.146:1173, id=149,
> length=195
> User-Name = "Speed Wireless CA"
> Cisco-AVPair = "ssid=tsunami"
> NAS-IP-Address = 192.168.88.146
> Called-Station-Id = "0040965ae262"
> Calling-Station-Id = "0060b370f1fc"
> NAS-Identifier = "AP350-5ae262"
> NAS-Port = 37
> Framed-MTU = 1400
> State =
> 0x88f197752c33aeaf0b534e6575d8a07757d2363eadb28426705eb822c860e40bd52b89
> 24
> NAS-Port-Type = Wireless-802.11
> Service-Type = Login-User
> EAP-Message = "\002T\000\006\r"
> Message-Authenticator = 0xb136f55d1c9465ef1aa87645a4429fd5
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "eap" returns updated
> rlm_realm: No '@' in User-Name = "Speed Wireless CA", looking up
> realm NULL
> rlm_realm: No such realm NULL
> modcall[authorize]: module "suffix" returns noop
> users: Matched Speed Wireless CA at 90
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP_TYPE - tls
> rlm_eap: processing type tls
> rlm_eap_tls: Received EAP-TLS ACK message
> modcall[authenticate]: module "eap" returns ok
> modcall: group authenticate returns ok
> Delaying request 4 for 1 seconds
> Finished request 4
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 192.168.88.146:1173, id=149,
> length=195
> Sending Access-Reject of id 149 to 192.168.88.146:1173
> EAP-Message = "\004T\000\004"
> Message-Authenticator = 0x00000000000000000000000000000000
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 145 with timestamp 3e36d257
> Cleaning up request 1 ID 146 with timestamp 3e36d257
> Cleaning up request 2 ID 147 with timestamp 3e36d257
> Cleaning up request 3 ID 148 with timestamp 3e36d257
> Cleaning up request 4 ID 149 with timestamp 3e36d257
> Nothing to do. Sleeping until we see a request.
> ***** dump msg ends here *****
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Artur Hecker
artur[at]hecker.info
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
