Dear all,
Here I have successed to run freeradius on mips platform. But it seems cannot
process eap-tls transaction. I use the same server cert, key, cacert, client cert,
client key on X86 and mips. But X86 can accept the transaction and mips cannot. And
show the following messages.
rad_recv: Access-Request packet from host 192.10.10.250:1026, id=192, length=68
User-Name = "jeffery"
NAS-Identifier = "zyxel"
EAP-Message = "\002\001\000\014\001jeffery"
Message-Authenticator = 0x71b60b1e9eb24ef14e3ace707e73eff3
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "jeffery", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched jeffery at 4
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 192 to 192.10.10.250:1026
EAP-Message = "\001\002\000\006\r "
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xbed6a06f6ca920c3e070b796f2c3c3440f446d380696856941f5bcca6a2796f66ec5b3c5
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.10.10.250:1026, id=193, length=174
User-Name = "jeffery"
NAS-Identifier = "zyxel"
EAP-Message =
"\002\002\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001>\201r\303\276\224V,\255\335\001\227\247\007\372\271
+\273\275\263\331f\001\025\350\003\236\274\263\345E\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001"
State =
0xbed6a06f6ca920c3e070b796f2c3c3440f446d380696856941f5bcca6a2796f66ec5b3c5
Message-Authenticator = 0x1612bfb916218eccee3b3e27cd627fcc
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "jeffery", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched jeffery at 4
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
<<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
>>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
>>> TLS 1.0 Handshake [length 0740], Certificate
TLS_accept: SSLv3 write certificate A
>>> TLS 1.0 Handshake [length 00d6], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_tls: SSL_read Error
Error code is ..... 2
SSL Error ..... 2
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 193 to 192.10.10.250:1026
EAP-Message =
"\001\003\004\n\r\300\000\000\010o\026\003\001\000J\002\000\000F\003\0018mD\017=B\007\234\225\363\307\027\214\t\257zI\250\275\016\000\026\343\200=\346\262\236W\2310{
\201\307 [EMAIL
PROTECTED]<\000\0079\000\003\0100\202\003\0040\202\002m\240\003\002\001\002\002\001\0020\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\3041\0130\t\006\003U\004\006\023\002TW1\0170\r\006\003U\004\010\023\006Taiwan1\0170\r\006\003U\004"
EAP-Message = "lopement1&0$\006\003U\004\003\023\035iMining Certificate
Authority1 [EMAIL PROTECTED] Technology Co., Ltd.1"0 \006\003U\004\013\023\031Research
and Developement1\0170\r\006\003U\004\003\023\006ra"
EAP-Message = "dius1$0"[EMAIL
PROTECTED],x\250\246\007x1\326NY\rj\306V\215\034n\357\3657\214\007\331\222\314tdI\033^\307\036\205\013\341p\267\254^\372}4\025.E\202jf.\230\330?Fx\263\250s\246\316\201\335\020\207\023\271\347\010\244\221^\227\014V\216\333>\227\2221\224Ggp31\375\335\376\035]\223iC\257\303\242\241\274"
EAP-Message =
"\344\277\343b\372\002C\324i\347\360\224\016F\334\226\336\t\264\271\003n5\265\235S<0\330rc\025\237D\206\244'\201Zi\337i\363Z\363\244\375=rX\033U\247,\016\\\352\237\345\033\0102\312\351\266\346\014\t\227\346\372\243c\033;"\0320\225\264#\337\372\301\024\3208\214\345\003\355\3775m\355\360\375\313
I\033\006\3002:M\227w/\002c>`\324\235-\342+\017\273\305v\205\261\000\004+0\202\004'0\202\003\220\240\003\002\001\002\002\001\0000\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\3041\0130\t\006\003U\004\006\023\002T"
EAP-Message = "\003U\004\013\023\031Research and Develop"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x5152fd0c52caac6769d1e62a6dcd445d0f446d38683a2ed97c738cd0a089599c7ab89ccd
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.10.10.250:1026, id=194, length=100
User-Name = "jeffery"
NAS-Identifier = "zyxel"
EAP-Message = "\002\003\000\006\r"
State =
0x5152fd0c52caac6769d1e62a6dcd445d0f446d38683a2ed97c738cd0a089599c7ab89ccd
Message-Authenticator = 0x09194d7786f66226867690011016c2dc
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "jeffery", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched jeffery at 4
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 194 to 192.10.10.250:1026
EAP-Message =
"\001\004\004\n\r\300\000\000\010oement1&0$\006\003U\004\003\023\035iMining
Certificate Authority1 [EMAIL PROTECTED] Technology Co., Ltd.1"0
\006\003U\004\013\023\031Research and Developement1&0$\006\003"
EAP-Message = "U\004\003\023\035iMining Certificate Authority1 [EMAIL
PROTECTED](\033M*\036\032\220\363&\237H\034\353~\272\367<\345\363\371e=\205|\\y\360\263)l\313\267I\215{\006\010\201X\003i\301x\366\n\356N\t\312s}\356\336\250\031\372|[EMAIL
PROTECTED]"
EAP-Message =
"{\345H4\014\227<\215~8$\230}\257\r\350\2760\201\361\006\003U\035#\004\201\3510\201\346\200\024\002{\263{\345H4\014\227<\215~8$\230}\257\r\350\276\241\201\312\244\201\3070\201\3041\0130\t\006\003U\004\006\023\002TW1\0170\r\006\003U\004\010\023\006Taiwan1\0170\r\006\003U\004\007\023\006Taipei1%0#\006\003U\004\n\023\034iMining
Technology Co., Ltd.1"0 \006\003U\004\013\023\031Research and
Developement1&0$\006\003U\004\003\023\035iMining Certificate Authority1 [EMAIL
PROTECTED]"
EAP-Message =
"com.tw\202\001\0000\014\006\003U\035\023\004\0050\003\001\001\3770\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000t\377\217r0\225\234\333\340\002*\t\316\3576\336at\303&\351\004\315\003\200\033\276\207rT\313\275(>\370\014\216\372mc\372\323\317\304\211\314\203e\205\203K5C\340\244V].\036\336X\362\327M\332\275\247Q\263\371BD\327j\323,m\354\312?:)\0102G\325\302\252;\353n\036zFV\254\270\0365Z\304\033~\203E\264!\356\300a\213\340\256u\260'\2019\254:\254o\261\356\0228\335\026\003\001\000\326\r\000\000"
EAP-Message = "ng Technology Co., Ltd.1"0"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x8aa2c473e3b18af6e4f917791a52242c0f446d38de6f930e32a52540c3243edcc111b1fb
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.10.10.250:1026, id=195, length=100
User-Name = "jeffery"
NAS-Identifier = "zyxel"
EAP-Message = "\002\004\000\006\r"
State =
0x8aa2c473e3b18af6e4f917791a52242c0f446d38de6f930e32a52540c3243edcc111b1fb
Message-Authenticator = 0x7115e3d69d8457d8196e7a6ad78be6b4
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "jeffery", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched jeffery at 4
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 195 to 192.10.10.250:1026
EAP-Message = "\001\005\000y\r\200\000\000\010o
\006\003U\004\013\023\031Research and Developement1&0$\006\003U\004\003\023\035iMining
Certificate Authority1 [EMAIL PROTECTED]"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xcf4b8d386b1398a46ece1611c4e6bc220f446d38217beffc3c824322f3ca2e91f31bfe23
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.10.10.250:1026, id=196, length=1216
User-Name = "jeffery"
NAS-Identifier = "zyxel"
EAP-Message = "\002\005\004Z\r\200\000\000\004P\026\003\001\004
\013\000\003\020\000\003\r\000\003\n0\202\003\0060\202\002o\240\003\002\001\002\002\001\0030\r\006\t*\206H\206\367\r\001\001\004\005\0000\201\3041\0130\t\006\003U\004\006\023\002TW1\0170\r\006\003U\004\010\023\006Taiwan1\0170\r\006\003U\004\007\023\006Taipei1%0#\006\003U\004\n\023\034iMining
Technology Co., Ltd.1"0 \006\003U\004\013\023\031Research and
Developement1&0$\006\003U\004\003\023\035iMining Certificate Authority1
0\036\006\t*\206H\206\367\r\001\t\001"
EAP-Message =
"tw0\036\027\r030326070122Z\027\r040325070122Z0\201\2631\0130\t\006\003U\004\006\023\002TW1\0170\r\006\003U\004\010\023\006Taiwan1\0170\r\006\003U\004\007\023\006Taipei1%0#\006\003U\004\n\023\034iMining
Technology Co., Ltd.1"0 \006\003U\004\013\023\031Research and [EMAIL PROTECTED]"
EAP-Message = "\236\300\205W\032c'Pf\273\256\211\376>\300sB
/1\267\036\223)\311W\310\223\002\300\241\343\330\312I\230D&\025$\024\300\344<\n\266`q\330;\346\211`\237'\307\223\305w\323\224\310.G\220\322\037#\336\014\273\315<I\333\216\004\372\220\350\225\rf\223\020\221j\203$]\227|\250\250\275\327\005-\01441\220"\264$0f\356\375\300\200\203i\354b\210kp\031\002\003\001\000\001\243\0270\0250\023\006\003U\035%\004\0140\n\006\010+\006\001\005\005\007\003\0020\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000.n\226\350\262"
EAP-Message = "\245\\\3728rd\205F\323>\001\211
j\266\0053\022}`\317*\257\265\255\227\374l\237\260\205n)[EMAIL
PROTECTED];\0331\371{\350\350\037\331\216\341\034X\031\352\311GDA\220\243\221G\300\355[*\223\340\032\336\317\233\226A\021\243\300LZ
\263\001P\256\034\026l`RA\323\304n`\363\373*g\351\202\tm\372>\355\230`\300\356n6\207|\344\257\347\240\313\2547<\355\323\030jA5\301N\3075R5\256\373h\307+1\256$\274\343\r\020\000\324\370\007\001"
EAP-Message =
"\351\367\233A\006*\362\324\213\220!\357F\324C\336\374#bo\342\304\367\203#\211\024dc\305\215+\276B\033\273\316C\327\366\265PAX\347\t\2760p\303U%\327)\224u\365\246\024\003\001\000\001\001\026\003\001\000
\343qp\313Pn]\226)\347\256\310\222\017\331\006K\237\314J\370|\251(\350\270\274O\312\227\214\223"
State =
0xcf4b8d386b1398a46ece1611c4e6bc220f446d38217beffc3c824322f3ca2e91f31bfe23
Message-Authenticator = 0x3942f8757954e686c81690b6a18fac65
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "jeffery", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched jeffery at 4
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Multiple EAP_Message attributes found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
<<< TLS 1.0 Handshake [length 0314], Certificate
--> verify error:num=9:certificate is not yet valid
notBefore=
chain-depth=1,
error=9
--> User-Name = jeffery
--> BUF-Name = iMining Certificate Authority
--> subject = /C=TW/ST=Taiwan/L=Taipei/O=iMining Technology Co., Ltd./OU=Research and
Developement/CN=iMining Certificate Authority/[EMAIL PROTECTED]
--> issuer = /C=TW/ST=Taiwan/L=Taipei/O=iMining Technology Co., Ltd./OU=Research and
Developement/CN=iMining Certificate Authority/[EMAIL PROTECTED]
--> verify return:0
>>> TLS 1.0 Alert [length 0002], fatal bad_certificate
TLS Alert write:fatal:bad certificate
TLS_accept:error in SSLv3 read client certificate B
rlm_eap_tls: SSL_read Error
Error code is ..... 5
Error in SSL ..... 5
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 196 to 192.10.10.250:1026
EAP-Message = "\001\006\000\021\r\200\000\000\000\007\025\003\001\000\002\002*"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x27bbf578199b8e6c829211382614755a0f446d387aead88c668f83c5498f07d61236fa1c
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.10.10.250:1026, id=197, length=100
User-Name = "jeffery"
NAS-Identifier = "zyxel"
EAP-Message = "\002\006\000\006\r"
State =
0x27bbf578199b8e6c829211382614755a0f446d387aead88c668f83c5498f07d61236fa1c
Message-Authenticator = 0xac8e7e624f493f9c7c5b1d8ba34f9590
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "jeffery", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched jeffery at 4
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Delaying request 8 for 1 seconds
Finished request 8
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 192 with timestamp 386d440f
Cleaning up request 4 ID 193 with timestamp 386d440f
Cleaning up request 5 ID 194 with timestamp 386d440f
Cleaning up request 6 ID 195 with timestamp 386d440f
Cleaning up request 7 ID 196 with timestamp 386d440f
Sending Access-Reject of id 197 to 192.10.10.250:1026
EAP-Message = "\004\006\000\004"
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 8 ID 197 with timestamp 386d440f
Nothing to do. Sleeping until we see a request.
Does anyone know why? Please kindly help me to resolve it.
���b��?���r��{�����r��y'���i��0���z����(�����ǫ��f�������������������������������������
