Hi,
I am presently testing on eap-tls with XP as client.The FR server breaks down after its sends the Access Challenge message.
I dont know if the problem is with opennsl in establishing a carring a TLS handshake.
I see the following libraries when i do a : ldd radiusd
I am presently testing on eap-tls with XP as client.The FR server breaks down after its sends the Access Challenge message.
I dont know if the problem is with opennsl in establishing a carring a TLS handshake.
I see the following libraries when i do a : ldd radiusd
libcrypt.so.1 => /lib/libcrypt.so.1 (0x4002a000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40057000)
libresolv.so.2 => /lib/libresolv.so.2 (0x4006c000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x4007e000)
libradius-0.8.1.so => /usr/local/lib/libradius-0.8.1.so (0x4008b000)
libltdl.so.3 => /usr/lib/libltdl.so.3 (0x4009b000)
libdl.so.2 => /lib/libdl.so.2 (0x400a2000)
libc.so.6 => /lib/tls/libc.so.6 (0x42000000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
OR if the problem is with my clients.conf file. I have included the The IP-Adresses of my laptop and AP in the clients.conf.
I have used the following document to set up the eap -tls
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
the following is the output when I test my setup:
Listening on IP address *, ports 1812/udp and
1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host
129.237.234.235:1036, id=9, length=166
User-Name = "eap-tlstestclient"
Cisco-AVPair = "ssid=NTS-TEST"
NAS-IP-Address = 129.237.234.235
Called-Station-Id = "00409632fa5e"
Calling-Station-Id = "00062542c804"
NAS-Identifier = "NTS Test 1"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
"\002\000\000\026\001eap-tlstestclient"
Message-Authenticator =
0x08eecc1c0137c392e769bef2fc0e5ea8
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password
attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name =
"eap-tlstestclient", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched eap-tlstestclient at 79
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 9 to
129.237.234.235:1036
EAP-Message = "\001\001\000\006\r "
Message-Authenticator =
0x00000000000000000000000000000000
State =
0x7d4e36e518e1c78c3ce9274986a8261a44ccd43ebb82daaabf40cde63a36204439f090b0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
129.237.234.235:1037, id=10, length=262
User-Name = "eap-tlstestclient"
Cisco-AVPair = "ssid=NTS-TEST"
NAS-IP-Address = 129.237.234.235
Called-Station-Id = "00409632fa5e"
Calling-Station-Id = "00062542c804"
NAS-Identifier = "NTS Test 1"
NAS-Port = 37
Framed-MTU = 1400
State =
0x7d4e36e518e1c78c3ce9274986a8261a44ccd43ebb82daaabf40cde63a36204439f090b0
NAS-Port-Type = Wireless-802.11
EAP-Message =
"\002\001\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001>\324\3132\010\037${]\326B06\\\310\201o\347\r\235\220\022x\354\033s_(r\0062\300\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001"
Message-Authenticator =
0x5aa6ec538191655ad157223d30a35f27
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password
attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name =
"eap-tlstestclient", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched eap-tlstestclient at 79
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
Segmentation fault
Thanks,
libnsl.so.1 => /lib/libnsl.so.1 (0x40057000)
libresolv.so.2 => /lib/libresolv.so.2 (0x4006c000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x4007e000)
libradius-0.8.1.so => /usr/local/lib/libradius-0.8.1.so (0x4008b000)
libltdl.so.3 => /usr/lib/libltdl.so.3 (0x4009b000)
libdl.so.2 => /lib/libdl.so.2 (0x400a2000)
libc.so.6 => /lib/tls/libc.so.6 (0x42000000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
OR if the problem is with my clients.conf file. I have included the The IP-Adresses of my laptop and AP in the clients.conf.
I have used the following document to set up the eap -tls
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
the following is the output when I test my setup:
Listening on IP address *, ports 1812/udp and
1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host
129.237.234.235:1036, id=9, length=166
User-Name = "eap-tlstestclient"
Cisco-AVPair = "ssid=NTS-TEST"
NAS-IP-Address = 129.237.234.235
Called-Station-Id = "00409632fa5e"
Calling-Station-Id = "00062542c804"
NAS-Identifier = "NTS Test 1"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
"\002\000\000\026\001eap-tlstestclient"
Message-Authenticator =
0x08eecc1c0137c392e769bef2fc0e5ea8
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password
attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name =
"eap-tlstestclient", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched eap-tlstestclient at 79
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 9 to
129.237.234.235:1036
EAP-Message = "\001\001\000\006\r "
Message-Authenticator =
0x00000000000000000000000000000000
State =
0x7d4e36e518e1c78c3ce9274986a8261a44ccd43ebb82daaabf40cde63a36204439f090b0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
129.237.234.235:1037, id=10, length=262
User-Name = "eap-tlstestclient"
Cisco-AVPair = "ssid=NTS-TEST"
NAS-IP-Address = 129.237.234.235
Called-Station-Id = "00409632fa5e"
Calling-Station-Id = "00062542c804"
NAS-Identifier = "NTS Test 1"
NAS-Port = 37
Framed-MTU = 1400
State =
0x7d4e36e518e1c78c3ce9274986a8261a44ccd43ebb82daaabf40cde63a36204439f090b0
NAS-Port-Type = Wireless-802.11
EAP-Message =
"\002\001\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001>\324\3132\010\037${]\326B06\\\310\201o\347\r\235\220\022x\354\033s_(r\0062\300\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001"
Message-Authenticator =
0x5aa6ec538191655ad157223d30a35f27
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password
attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name =
"eap-tlstestclient", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched eap-tlstestclient at 79
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
Segmentation fault
Thanks,
Pankaj.
Do you Yahoo!?
Free online calendar with sync to Outlook(TM).
