Hi,
I am presently testing on eap-tls with XP as client and Cisco 340 AP.The FR server breaks down after its sends the Access Challenge message.
The TLS Handshake does not start off ? Please help me.
I dont know if the problem is with opennsl in establishing a TLS handshake.
i'm using the openssl version 0.9.7a-2.
I am presently testing on eap-tls with XP as client and Cisco 340 AP.The FR server breaks down after its sends the Access Challenge message.
The TLS Handshake does not start off ? Please help me.
I dont know if the problem is with opennsl in establishing a TLS handshake.
i'm using the openssl version 0.9.7a-2.
I have used the following document to set up the eap -tls
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
the following is the output when I test my setup:
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 129.237.234.235:2713, id=24, length=166
User-Name = "eap-tlstestclient"
Cisco-AVPair = "ssid=NTS-TEST"
NAS-IP-Address = 129.237.234.235
Called-Station-Id = "00409632fa5e"
Calling-Station-Id = "00062542c804"
NAS-Identifier = "NTS Test 1"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = "\002\000\000\026\001eap-tlstestclient"
Message-Authenticator = 0x788f215e63955ec62db1e0eb4022e7bf
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "eap-tlstestclient", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched eap-tlstestclient at 79
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 24 to 129.237.234.235:2713
EAP-Message = "\001\001\000\006\r "
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb475994be3f518263e495678659aa195ae8ad73e4d6647cc6f2fe085906f7a02b6f25a08
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 129.237.234.235:2714, id=25, length=262
User-Name = "eap-tlstestclient"
Cisco-AVPair = "ssid=NTS-TEST"
NAS-IP-Address = 129.237.234.235
Called-Station-Id = "00409632fa5e"
Calling-Station-Id = "00062542c804"
NAS-Identifier = "NTS Test 1"
NAS-Port = 37
Framed-MTU = 1400
State = 0xb475994be3f518263e495678659aa195ae8ad73e4d6647cc6f2fe085906f7a02b6f25a08
NAS-Port-Type = Wireless-802.11
EAP-Message = "\002\001\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001>\327\211{\356\tPq\232\323\214^#F\003\237\352<\354O_}y\255n\330\213n?6Ve\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001"
Message-Authenticator = 0x8e9e62d0edd59ba2b57f384a6f7cf2a6
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "eap-tlstestclient", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched eap-tlstestclient at 79
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
Segmentation fault
when i use gdb i to get the ERROR:
Ready to process requests.
rad_recv: Access-Request packet from host 129.237.234.235:2713, id=24, length=166
User-Name = "eap-tlstestclient"
Cisco-AVPair = "ssid=NTS-TEST"
NAS-IP-Address = 129.237.234.235
Called-Station-Id = "00409632fa5e"
Calling-Station-Id = "00062542c804"
NAS-Identifier = "NTS Test 1"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = "\002\000\000\026\001eap-tlstestclient"
Message-Authenticator = 0x788f215e63955ec62db1e0eb4022e7bf
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "eap-tlstestclient", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched eap-tlstestclient at 79
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 24 to 129.237.234.235:2713
EAP-Message = "\001\001\000\006\r "
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb475994be3f518263e495678659aa195ae8ad73e4d6647cc6f2fe085906f7a02b6f25a08
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 129.237.234.235:2714, id=25, length=262
User-Name = "eap-tlstestclient"
Cisco-AVPair = "ssid=NTS-TEST"
NAS-IP-Address = 129.237.234.235
Called-Station-Id = "00409632fa5e"
Calling-Station-Id = "00062542c804"
NAS-Identifier = "NTS Test 1"
NAS-Port = 37
Framed-MTU = 1400
State = 0xb475994be3f518263e495678659aa195ae8ad73e4d6647cc6f2fe085906f7a02b6f25a08
NAS-Port-Type = Wireless-802.11
EAP-Message = "\002\001\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001>\327\211{\356\tPq\232\323\214^#F\003\237\352<\354O_}y\255n\330\213n?6Ve\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001"
Message-Authenticator = 0x8e9e62d0edd59ba2b57f384a6f7cf2a6
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "eap-tlstestclient", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched eap-tlstestclient at 79
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
Segmentation fault
when i use gdb i to get the ERROR:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1076222624 (LWP 12196)]
cbtls_msg (write_p=0, version=0, content_type=22, buf=0x811cfc8, len=0,
ssl=0x81031a8, arg=0x0) at cb.c:159
159 state->info.origin = (unsigned char)write_p;
(gdb) where
#0 cbtls_msg (write_p=0, version=0, content_type=22, buf=0x811cfc8, len=0,
ssl=0x81031a8, arg=0x0) at cb.c:159
#1 0x40121df4 in ssl3_get_message () from /lib/libssl.so.0.9.7a
#2 0x40117d5b in ssl3_accept () from /lib/libssl.so.0.9.7a
#3 0x401175e2 in ssl3_accept () from /lib/libssl.so.0.9.7a
#4 0x4012111f in ssl3_read_bytes () from /lib/libssl.so.0.9.7a
#5 0x4011e6a9 in ssl3_write () from /lib/libssl.so.0.9.7a
#6 0x4011e737 in ssl3_read () from /lib/libssl.so.0.9.7a
#7 0x40126dbb in SSL_read () from /lib/libssl.so.0.9.7a
#8 0x402a13f8 in tls_handshake_recv (ssn=0x0) at tls.c:294
#9 0x402a0abb in eaptls_operation (eaptls_packet=0x8113b78,
status=EAPTLS_LENGTH_INCLUDED, handler=0x8101e50) at eap_tls.c:586
#10 0x402a0245 in eaptls_authenticate (arg=0x80f8cf0, handler=0x8101e50)
at rlm_eap_tls.c:201
#11 0x4026df30 in eaptype_call (eap_type=13, action=""
type_list=0x80bc3d0, handler=0x8101e50) at eap.c:205
#12 0x4026e061 in eaptype_select (type_list=0x80bc3d0, handler=0x8101e50,
conftype=0x80bbd40 "tls") at eap.c:280
#13 0x4026d9f8 in eap_authenticate (instance=0x80ca6e8, request=0x81138c8)
at rlm_eap.c:200
#14 0x08054a1c in module_post_auth ()
#15 0x08054acf in modcall ()
#16 0x08054a55 in module_post_auth ()
#17 0x08054b30 in modcall ()
#18 0x080546e7 in module_authenticate ()
#19 0x08051a48 in rad_check_password ()
---Type <return> to continue, or q <return> to quit---
#20 0x08051e0c in rad_authenticate ()
#21 0x0804d213 in rad_respond ()
#22 0x0804cdbd in rad_process ()
#23 0x0804c959 in main ()
[Switching to Thread 1076222624 (LWP 12196)]
cbtls_msg (write_p=0, version=0, content_type=22, buf=0x811cfc8, len=0,
ssl=0x81031a8, arg=0x0) at cb.c:159
159 state->info.origin = (unsigned char)write_p;
(gdb) where
#0 cbtls_msg (write_p=0, version=0, content_type=22, buf=0x811cfc8, len=0,
ssl=0x81031a8, arg=0x0) at cb.c:159
#1 0x40121df4 in ssl3_get_message () from /lib/libssl.so.0.9.7a
#2 0x40117d5b in ssl3_accept () from /lib/libssl.so.0.9.7a
#3 0x401175e2 in ssl3_accept () from /lib/libssl.so.0.9.7a
#4 0x4012111f in ssl3_read_bytes () from /lib/libssl.so.0.9.7a
#5 0x4011e6a9 in ssl3_write () from /lib/libssl.so.0.9.7a
#6 0x4011e737 in ssl3_read () from /lib/libssl.so.0.9.7a
#7 0x40126dbb in SSL_read () from /lib/libssl.so.0.9.7a
#8 0x402a13f8 in tls_handshake_recv (ssn=0x0) at tls.c:294
#9 0x402a0abb in eaptls_operation (eaptls_packet=0x8113b78,
status=EAPTLS_LENGTH_INCLUDED, handler=0x8101e50) at eap_tls.c:586
#10 0x402a0245 in eaptls_authenticate (arg=0x80f8cf0, handler=0x8101e50)
at rlm_eap_tls.c:201
#11 0x4026df30 in eaptype_call (eap_type=13, action=""
type_list=0x80bc3d0, handler=0x8101e50) at eap.c:205
#12 0x4026e061 in eaptype_select (type_list=0x80bc3d0, handler=0x8101e50,
conftype=0x80bbd40 "tls") at eap.c:280
#13 0x4026d9f8 in eap_authenticate (instance=0x80ca6e8, request=0x81138c8)
at rlm_eap.c:200
#14 0x08054a1c in module_post_auth ()
#15 0x08054acf in modcall ()
#16 0x08054a55 in module_post_auth ()
#17 0x08054b30 in modcall ()
#18 0x080546e7 in module_authenticate ()
#19 0x08051a48 in rad_check_password ()
---Type <return> to continue, or q <return> to quit---
#20 0x08051e0c in rad_authenticate ()
#21 0x0804d213 in rad_respond ()
#22 0x0804cdbd in rad_process ()
#23 0x0804c959 in main ()
#24 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6
(gdb)
I see the following libraries when i do a : ldd radiusd
ldd /usr/local/sbin/radiusd
/lib/libcrypto.so.0.9.7a => /lib/libcrypto.so.0.9.7a (0x40017000)
/lib/libssl.so.0.9.7a => /lib/libssl.so.0.9.7a (0x40108000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40150000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4017d000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40192000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x401a5000)
libradius-0.8.1.so => /usr/local/lib/libradius-0.8.1.so (0x401b2000)
libltdl.so.3 => /usr/lib/libltdl.so.3 (0x401c1000)
libdl.so.2 => /lib/libdl.so.2 (0x401c8000)
libc.so.6 => /lib/tls/libc.so.6 (0x42000000)
libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x401cb000)
libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x401df000)
libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x4023d000)
libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x4024d000)
libz.so.1 => /usr/lib/libz.so.1 (0x4024f000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
Thanks,
Pankaj.
(gdb)
I see the following libraries when i do a : ldd radiusd
ldd /usr/local/sbin/radiusd
/lib/libcrypto.so.0.9.7a => /lib/libcrypto.so.0.9.7a (0x40017000)
/lib/libssl.so.0.9.7a => /lib/libssl.so.0.9.7a (0x40108000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40150000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4017d000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40192000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x401a5000)
libradius-0.8.1.so => /usr/local/lib/libradius-0.8.1.so (0x401b2000)
libltdl.so.3 => /usr/lib/libltdl.so.3 (0x401c1000)
libdl.so.2 => /lib/libdl.so.2 (0x401c8000)
libc.so.6 => /lib/tls/libc.so.6 (0x42000000)
libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x401cb000)
libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x401df000)
libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x4023d000)
libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x4024d000)
libz.so.1 => /usr/lib/libz.so.1 (0x4024f000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
Thanks,
Pankaj.
Do you Yahoo!?
Free online calendar with sync to Outlook(TM).
