I thought I'd make this a new e-mail as my last one is too far back in the list for anyone to notice... But this is a continuation of my last post.
I have implimented the change to the "users" file and was able to get a little further in the authentication process. However, I am still encountering an error which prevents me from authenticating with EAP/TLS.
This one appears to be an "SSL Error ...2" What does a #2 error mean and how do I correct it? A snippet is below which identifies where in the authentication process this error occurs.
Aswell, I have verified that the version of SSL I have is the same version as was used to created the keys. And that, that version of SSL is being loaded into memory to handle encrypted functions as I was able to get EAP/MD5 to work ;)
----------------------snippet below-------------------------
...
rlm_realm: Authentication realm is LOCAL.
rlm_realm: auth_port is not set. proxy cancelled
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
<<< TLS 1.0 Handshake [length 0055], ClientHelloTLS_accept: SSLv3 read client hello A >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A >>> TLS 1.0 Handshake [length 07aa], Certificate
TLS_accept: SSLv3 write certificate A >>> TLS 1.0 Handshake [length 00b0], CertificateRequest
TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap_tls: SSL_read Error Error code is ..... 2 SSL Error ..... 2 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 9 to 192.168.0.253:1033
...(then it gives a few HUGE EAP messages but never authenticates the user) ---------------------------------------------------------
Any further help would be greatly appreciated.
L. Jacob
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
