EAP/TLS with DLink900 AP+

MuLa_oMaR Sat, 19 Jul 2003 11:47:49 -0700

Hi,
Fiest, sorry for my english.
I have configurated Freeradius with eap/tls and Windows XP as client.
This was my first configuration:
Server: Debian 3.0 with the steps of this document:
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
Acces point: Cisco 350
Client: Windows XP.

With this configuration all is OK, but when I´ve tried with a Dlink 900 AP+ as Access Point , it doesn´t go. It seems like that doesn´tt finish the full protocol. I have tried with the firmware 2.5 and 2.57 of Dlink I have tried too, to change the value of fragment_size to 1500, 750 , 250 but nothing.


Please, helpme.
This is the log:

thanks you
Regards

Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: servers_per_realm = 15 security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/1x/servidor.pem" tls: certificate_file = "/etc/1x/servidor.pem" tls: CA_file = "/etc/1x/root.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc/1x/dh" tls: random_file = "/etc/1x/random" tls: fragment_size = 1024 tls: include_length = yes rlm_eap_tls: conf N ctx stored rlm_eap: Loaded and initialized the type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests.

rad_recv: Access-Request packet from host 192.168.0.100:1213, id=13, length=137 User-Name = "cliente2" NAS-IP-Address = 192.168.0.100 NAS-Port = 0 Called-Station-Id = "00-80-C8-03-48-69" Calling-Station-Id = "00-02-2D-52-39-85" NAS-Identifier = "DWL-900AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\001\000\r\001cliente2" Message-Authenticator = 0xef8302fc290223482cc4926139f9a077 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "cliente2", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched cliente2 at 100 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: processing type tls modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 13 to 192.168.0.100:1213 EAP-Message = "\001\002\000\006\r " Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbcf6597eb4aee054aa8f6d169498fe9c137e193fcf3d7a2648173d7ed7aeaac6fedbddf6 Finished request 0 Going to the next request --- Walking the entire request list ---

Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.100:1213, id=14, length=242 User-Name = "cliente2" NAS-IP-Address = 192.168.0.100 NAS-Port = 0 Called-Station-Id = "00-80-C8-03-48-69" Calling-Station-Id = "00-02-2D-52-39-85" NAS-Identifier = "DWL-900AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\002\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001?\031qu\305m\332gAT\341W-\241\336\371wq\362\316<O\354=\331\007(\231ia\212\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001" State = 0xbcf6597eb4aee054aa8f6d169498fe9c137e193fcf3d7a2648173d7ed7aeaac6fedbddf6 Message-Authenticator = 0xc0b83ef748455b3243d4350fca4cd1d7 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "cliente2", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched cliente2 at 100 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Length Included undefined: before/accept initialization TLS_accept: before/accept initialization <<< TLS 1.0 Handshake [length 0041], ClientHello

TLS_accept: SSLv3 read client hello A
>>> TLS 1.0 Handshake [length 004a], ServerHello

TLS_accept: SSLv3 write server hello A
>>> TLS 1.0 Handshake [length 054c], Certificate

TLS_accept: SSLv3 write certificate A
>>> TLS 1.0 Handshake [length 0069], CertificateRequest

TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap_tls: SSL_read Error Error code is ..... 2 SSL Error ..... 2 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 14 to 192.168.0.100:1213 EAP-Message = "\001\003\004\n\r\300\000\000\006\016\026\003\001\000J\002\000\000F\003\001?\031~\023\246\225\025[Od\315aU\250r\325\262\334\356\\u\031\321\036mA7\233;\277\326\340 \244E\2009[!#a\212E{e\033Y\376\315\312\250\023\034\365\202.\216#\004\227\006\262\000j\364\000\004\000\026\003\001\005L\013\000\005H\000\005E\000\002e0\202\002a0\202\001\312\240\003\002\001\002\002\001\0010\r\006\t*\206H\206\367\r\001\001\004\005\0000W1\0130\t\006\003U\004\006\023\002ES1\0230\021\006\003U\004\010\023\nPais Vasco1\0350\033\006\003U" EAP-Message = "906Z0}1\0130\t\006\003U\004\006\023\002ES1\0230\021\006\003U\004\010\023\nPais Vasco1\0210\017\006\003U\004\007\023\010Legazpia1\0350\033\006\003U\004\n\023\024Bellota Herramientas1\0240\022\006\003U\004\013\023\013Informatica1\0210\017\006\003U\004\003\023\010servidor0\201\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\273]j\241\272aS\215vX:#\3377R\243\024\341\240T\022\326\021\210\014\256\210!Q\251G\217g\355\260X\313 Z\013\323\366\353\357\2429?`\nsf'Z\250\201\236" EAP-Message = "\003\025 <Fmn\277\357\336x9\024\362\240\345\213\255A\257\237\226\320\355|n,+\364\231S\342s2\355\002\003\001\000\001\243\0270\0250\023\006\003U\035%\004\0140\n\006\010+\006\001\005\005\007\003\0010\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000%>\366\367T\232\205\353W&\251\020\355i\022\276\206b\202\353\346\275+'mzk\304\341\227\270\030\256\ts\255Be\037\266\313,\355\252\251\n\341O{\243\330da\347\300\206\311\366,i\026,\271\260s\345\366 lW\330)\210f\035\223\257W0\2179\324,\033\337\223n\261\007\206" EAP-Message = "\t\006\003U\004\006\023\002ES1\0230\021\006\003U\004\010\023\nPais Vasco1\0350\033\006\003U\004\n\023\024Bellota Herramientas1\0240\022\006\003U\004\013\023\013Informatica0\036\027\r030719152353Z\027\r030818152353Z0W1\0130\t\006\003U\004\006\023\002ES1\0230\021\006\003U\004\010\023\nPais Vasco1\0350\033\006\003U\004\n\023\024Bellota Herramientas1\0240\022\006\003U\004\013\023\013Informatica0\201\2370\r\006\t*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\312\354x2\362T\370\366" EAP-Message = "\311\272[B\240\237\312\001z([EMAIL PROTECTED]" Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcd1298363a82ddd6319038bb4105d280137e193fe8aa405fca217e0102b1a0ef7570ac82 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.100:1213, id=15, length=168 User-Name = "cliente2" NAS-IP-Address = 192.168.0.100 NAS-Port = 0 Called-Station-Id = "00-80-C8-03-48-69" Calling-Station-Id = "00-02-2D-52-39-85" NAS-Identifier = "DWL-900AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\003\000\006\r" State = 0xcd1298363a82ddd6319038bb4105d280137e193fe8aa405fca217e0102b1a0ef7570ac82 Message-Authenticator = 0x20b6c8e303a33b2ab86d566e71511b91 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "cliente2", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched cliente2 at 100 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Received EAP-TLS ACK message modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 15 to 192.168.0.100:1213 EAP-Message = "\001\004\002\030\r\200\000\000\006\016\251\277\375\213y\235A\340o\273T\277\021\252\203\366\007\322\365\024\010b\301m\004\025\224\336>\262\367\335\026\275\226*\002z\244u\317\346\231\346\305\310\023Q]\343s\212\213c\021\303sr\254\365E\356\3714\326h\354\225\263\304\243/\346\326\231Kn\013\322\024\267\007\002\003\001\000\001\243\201\2610\201\2560\035\006\003U\035\016\004\026\004\024\036\325\220\302\225US\002^\253\026\255\036\231\361'\357r\317\2460\006\003U\035#\004x0v\200\024\036\325\220\302\225US\002^\253\026" EAP-Message = "nformatica\202\001\0000\014\006\003U\035\023\004\0050\003\001\001\3770\r\006\t*\206H\206\367\r\001\001\004\005\000\003\201\201\000r\266B\336\370a\315e\204\267\321Zz\032\340\325\006E:\262p#O|\230\347-\013\253D\357\201A`5\253\357P\231\276\3526\317\32553\376\300\342E\365\375D\3073\337 \302\332G\372\2358 VB\246\314\tY\200qD\032\362[\334nw\266\242:\036\2728\234j\334a{g-m\336q!\376\343j\256\001\320]\300JU4}\234\331\377\340\010J\311\321\033\343A\264\316\373\3015\001:f\354\026\003\001\000i\r\000\000a\003\001\002\005" EAP-Message = "ientas1\0240\022\006\003U\004\013\023\013Informatica\016\000\000" Message-Authenticator = 0x00000000000000000000000000000000 State = 0x516b751715ee9daf694e364d449d56a3137e193f679e56ca9ec4ea2eae46751d9f331716 Finished request 2 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 13 with timestamp 3f197e13 Cleaning up request 1 ID 14 with timestamp 3f197e13 Cleaning up request 2 ID 15 with timestamp 3f197e13 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.0.100:1213, id=16, length=137 User-Name = "cliente2" NAS-IP-Address = 192.168.0.100 NAS-Port = 0 Called-Station-Id = "00-80-C8-03-48-69" Calling-Station-Id = "00-02-2D-52-39-85" NAS-Identifier = "DWL-900AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\005\000\r\001cliente2" Message-Authenticator = 0x37bd92db86b6ca0f5a1a618ca017f739 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "cliente2", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched cliente2 at 100 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: processing type tls modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 16 to 192.168.0.100:1213 EAP-Message = "\001\006\000\006\r " Message-Authenticator = 0x00000000000000000000000000000000 State = 0x66a0c7ff28036bd47733360059812050327e193f1419b99e8bad5aa83200bf6788542144 Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.100:1213, id=17, length=242 User-Name = "cliente2" NAS-IP-Address = 192.168.0.100 NAS-Port = 0 Called-Station-Id = "00-80-C8-03-48-69" Calling-Station-Id = "00-02-2D-52-39-85" NAS-Identifier = "DWL-900AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\006\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001?\031q\224\347\364\350im\347\002\026>\301\266l\251\222B;\000`\267\3455\325r\205A\005Z\031\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\001" State = 0x66a0c7ff28036bd47733360059812050327e193f1419b99e8bad5aa83200bf6788542144 Message-Authenticator = 0x2b6bcdb50b1a97915670d1e983a88054 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "cliente2", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched cliente2 at 100 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Length Included undefined: before/accept initialization TLS_accept: before/accept initialization <<< TLS 1.0 Handshake [length 0041], ClientHello

TLS_accept: SSLv3 read client hello A
>>> TLS 1.0 Handshake [length 004a], ServerHello

TLS_accept: SSLv3 write server hello A
>>> TLS 1.0 Handshake [length 054c], Certificate

TLS_accept: SSLv3 write certificate A
>>> TLS 1.0 Handshake [length 0069], CertificateRequest

THANKS YOU
REGARDS


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP/TLS with DLink900 AP+

Reply via email to