> From: "Artur Hecker" <[EMAIL PROTECTED]> > the evident decision would be to downgrade to the earlier version. > Yes, that would be the right thing to do. Unfortunately, I'm not certain I can get those RPM's again. I think I'm going to have to get it working with the current versions.
> but the background would be interesting. what does it say? it should > work with newer versions. > For more background, I am using a Windows XP supplicant with DLink hardware, configured per the instructions in http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm. I have the following OpenSSL RPM's installed on my Redhat 8.0 box: openssl-perl-0.9.7a-1 openssl096b-0.9.6b-3 openssl096-0.9.6-15 openssl095a-0.9.5a-19 openssl-devel-0.9.7a-1 openssl-0.9.7a-1 Here are selected parts from my radius log (there is more, but it all looks very similar): ... Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/1x/setera.gotdns.org.pem" tls: certificate_file = "/etc/1x/setera.gotdns.org.pem" tls: CA_file = "/etc/1x/root.pem" tls: private_key_password = "xxxxx" tls: dh_file = "/etc/1x/DH" tls: random_file = "/etc/1x/random" tls: fragment_size = 1024 tls: include_length = yes rlm_eap_tls: conf N ctx stored rlm_eap: Loaded and initialized the type tls Module: Instantiated eap (eap) .... Listening on IP address 192.168.0.1, ports 1812/udp and 1813/udp. Ready to process requests. rad_recv: Access-Request packet from host 192.168.0.50:1213, id=50, length=145 User-Name = "Craig Setera" NAS-IP-Address = 192.168.0.50 NAS-Port = 0 Called-Station-Id = "00-40-05-CA-6D-42" Calling-Station-Id = "00-40-05-BA-B1-1F" NAS-Identifier = "DWL-900AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\001\000\021\001Craig Setera" Message-Authenticator = 0x38e4f6b93cef4c6605dc338029f490bf modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "Craig Setera", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched Craig Setera at 90 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: processing type tls modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 50 to 192.168.0.50:1213 EAP-Message = "\001\002\000\006\r " Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5d41d5819515295f4ea4ed5873d8ff3103f56b3e716b743ebc4f72dffed2a3839f085e94 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1213, id=51, length=246 User-Name = "Craig Setera" NAS-IP-Address = 192.168.0.50 NAS-Port = 0 Called-Station-Id = "00-40-05-CA-6D-42" Calling-Station-Id = "00-40-05-BA-B1-1F" NAS-Identifier = "DWL-900AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\002\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001>k\36 4\374f,[\264\004\n\261\245\273\001Z\351W\030Bs\337|HM\203\344;\351X]\336[\00 0\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\ 022\000c\001" State = 0x5d41d5819515295f4ea4ed5873d8ff3103f56b3e716b743ebc4f72dffed2a3839f085e94 Message-Authenticator = 0x428ac404d4bce1cdf47fc4ed1a54e4dc modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "Craig Setera", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched Craig Setera at 90 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Length Included undefined: before/accept initialization TLS_accept: before/accept initialization <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A >>> TLS 1.0 Handshake [length 06e8], Certificate TLS_accept: SSLv3 write certificate A >>> TLS 1.0 Handshake [length 00c1], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap_tls: SSL_read Error Error code is ..... 2 SSL Error ..... 2 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 51 to 192.168.0.50:1213 EAP-Message = "\001\003\004\n\r\300\000\000\010\002\026\003\001\000J\002\000\000F\003\001> k\365\003.\262\363a\3631\020l\031\242\310c\204r\363\t\334\312\3075G]\305\27 4\316I \310\243mt\344\331C/-\202*E\226\205\240&\005E"\327D\235|\375\003\366\365\247 P\371\367\350\000\004\000\026\003\001\006\350\013\000\006\344\000\006\341\00 0\002\3570\202\002\3530\202\002T\240\003\002\001\002\002\001\0010\r\006\t*\2 06H\206\367\r\001\001\004\005\0000\201\2571\0130\t\006\003U\004\006\023\002U S1\0220\020\006\003U\004\010\023\tMinnesota1\022" EAP-Message = "\003\023\023Setera Household [EMAIL PROTECTED] 7\r030207020702Z\027\r040207020702Z0\201\2551\0130\t\006\003U\004\006\023\00 2US1\0220\020\006\003U\004\010\023\tMinnesota1\0220\020\006\003U\004\007\023 \tRochester1\0310\027\006\003U\004\n\023\020Setera Household1\0300\026\006\003U\004\013\023\017Setera Wireless1\0320\030\006\003U\004\003\023\021setera.gotdns.org1%0#\006\t*\206H \206\367\r\001\t\001\026\026seter" EAP-Message = "[EMAIL PROTECTED] \201\215\0000\201\211\002\201\201\000\235>\3572\013\226\315\024\251|L\207*\3 43O\t\364\212F\222\256C\322P\304s\333\307E\320:*\323\301+|\000\030\345\221\0 10%Gy,X\033E\360\332TI+3E\304M\300\275\271\210<\024O\005.\205\032T\235{\030\ 242\t\364n\364\245;[EMAIL PROTECTED] \035\231X\216\027_\244\t\3057\335\030T\325\016\250iJ\240(\320\255\377\r8\367 O\211V\347\002\003\001\000\001\243\0270\0250\023\006\003U" EAP-Message = "[EMAIL PROTECTED]:H\245\263\267'x\2 14\210'\257\2379\\k!\225\034\230\263\026\227\233g\336\342\215z\343\016\337<\ 362B<A]b\211\004~\331\317\r\224R3\355!D\206Q\030\232\253=\022-\202\356\360\2 24\264\014po\312\371\317\331\303\313\344\007\227\000\003\3540\202\003\3500\2 02\003Q\240\003\002\001\002\002\001\0000\r\006\t*\206H\206\367\r\001\001\004 \005\0000\201\2571\0130\t\006\003U\004\006\023\002US1\0220\020\006\003U\004\ 010\023\tMinnesota1\0220\020\006\003U\004\007\023\tRoch" EAP-Message = "\023Setera Household CA1%0#\006\t" Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6c4f1e36792bae17c5ce9993983ab9e903f56b3ee8324b319acee87372315c68f2aeeb57 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1213, id=52, length=172 User-Name = "Craig Setera" NAS-IP-Address = 192.168.0.50 NAS-Port = 0 Called-Station-Id = "00-40-05-CA-6D-42" Calling-Station-Id = "00-40-05-BA-B1-1F" NAS-Identifier = "DWL-900AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\003\000\006\r" State = 0x6c4f1e36792bae17c5ce9993983ab9e903f56b3ee8324b319acee87372315c68f2aeeb57 Message-Authenticator = 0x0b29861cbfd4d8f6349c2955c569e635 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "Craig Setera", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched Craig Setera at 90 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Received EAP-TLS ACK message modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 52 to 192.168.0.50:1213 EAP-Message = "\001\004\004\n\r\300\000\000\010\002*\206H\206\367\r\001\t\001\026\026seter [EMAIL PROTECTED] t\006\003U\004\006\023\002US1\0220\020\006\003U\004\010\023\tMinnesota1\0220 \020\006\003U\004\007\023\tRochester1\0310\027\006\003U\004\n\023\020Setera Household1\0300\026\006\003U\004\013\023\017Setera Wireless1\0340\032\006\003U\004\003\023\023Setera Household [EMAIL PROTECTED]" EAP-Message = "t0\201\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\20 1\211\002\201\201\000\254\306`\314\334\332\274\305Y+5\212\205\216o\217\014\3 47\376!\254Zg\201G\332j#\234\027\235!\350\321\354\005\303a\005\321\370\3645e \332\261\325\005\033\310F\031g9\200\032\3157h:\271TH\036l2\204\355\354\373\3 276n\236\\a\304\311\311\351\317!\223\265O\376(\001U\016M\246\017\237Pw{_\251 \366\276/\317\352+3u\234\030\271\250\024|[EMAIL PROTECTED] 373n\211\222u\002\003\001\000\001\243\202\001\0200\202\001" EAP-Message = "\003U\004\006\023\002US1\0220\020\006\003U\004\010\023\tMinnesota1\0220\020 \006\003U\004\007\023\tRochester1\0310\027\006\003U\004\n\023\020Setera Household1\0300\026\006\003U\004\013\023\017Setera Wireless1\0340\032\006\003U\004\003\023\023Setera Household [EMAIL PROTECTED] \0000\014\006\003U\035\023\004\0050\003\001\001\3770\r\006\t*\206H\206\367\r \001\001\004\005\000\003\201\201\000A\336\235\014;\205~\026*\233~~\013~l\33 5\374\341\006\201'\256XO" EAP-Message = "\376\340\255\360\023\337{\005\317\214a\373\212~\335\312\211aU\233QGnt\302\3 25\305?2s4\207\034[\027\356\255\233L\254\036`\310%\206X\226\356\344\253\375c M\013*\026\3557\371k\r\023$:\332\311\304\221\034\360H\265\211\026\214\351\0 25W\251v\021\026\003\001\000\301\r\000\000\271\002\001\002\000\264\000\2620\ 201\2571\0130\t\006\003U\004\006\023\002US1\0220\020\006\003U\004\010\023\tM innesota1\0220\020\006\003U\004\007\023\tRochester1\0310\027\006\003U\004\n\ 023\020Setera Household1\0300\026\006\003U\004\013\023\017" EAP-Message = "[EMAIL PROTECTED]" Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcacb35f0627646fd6fc441d94929ef8703f56b3e64dc2d8f9ec3845498b35721405c400d Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.50:1213, id=53, length=172 User-Name = "Craig Setera" NAS-IP-Address = 192.168.0.50 NAS-Port = 0 Called-Station-Id = "00-40-05-CA-6D-42" Calling-Station-Id = "00-40-05-BA-B1-1F" NAS-Identifier = "DWL-900AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\004\000\006\r" State = 0xcacb35f0627646fd6fc441d94929ef8703f56b3e64dc2d8f9ec3845498b35721405c400d Message-Authenticator = 0xdca11c7b36e7e244cc7530505d072f7e modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "Craig Setera", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched Craig Setera at 90 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls .... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
