I'm using freeRadius with a Netgear ME103 wireless access point. I have
the latest CVS build (as of Aug 8 afternoon). I first get an
Access-Accept, and then it just seems to keep sending challenges. I
can't find any errors in the log, so I don't know what to search for
through the archives. Does anyone have any idea what's going on? After
the first Access-Accept, the access point seems to claim all is well,
but then a little while later (10 seconds maybe), the Access Point says
there was a timeout with the RADIUS server. I'm using Windows XP on the
client laptop, which eventually says "can't log on" to wireless. Thanks
for your help, sorry for the long post.
Debug output:
rad_recv: Access-Request packet from host 10.0.0.7:1812, id=66,
length=150
User-Name = "coutej"
Cisco-AVPair = "ssid=DAVISON213"
NAS-IP-Address = 10.0.0.7
Framed-MTU = 1400
Called-Station-Id = "00095B516AEC"
Calling-Station-Id = "00053C03E2EC"
NAS-Identifier = "WIRELESS"
NAS-Port = 37
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = 0x0201000b01636f7574656a
Message-Authenticator = 0x6d797d4da8dca9cd9d58fa69af87d7a3
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_eap: EAP packet type response id 1 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated
users: Matched coutej at 76
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled
modcall: group authenticate returns handled
Sending Access-Challenge of id 66 to 10.0.0.7:1812
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x211a2de1ffaa6b4aafc99b9c27e35cac
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.7:1812, id=67,
length=237
User-Name = "coutej"
Cisco-AVPair = "ssid=DAVISON213"
NAS-IP-Address = 10.0.0.7
Framed-MTU = 1400
Called-Station-Id = "00095B516AEC"
Calling-Station-Id = "00053C03E2EC"
NAS-Identifier = "WIRELESS"
NAS-Port = 37
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message =
0x020200500d800000004616030100410100003d03013f345ae0bd130eb2efb24267d47f
c5d1fa6fdf0edcf2de1bf82a643fb22709f600
001600040005000a000900640062000300060013001200630100
State = 0x211a2de1ffaa6b4aafc99b9c27e35cac
Message-Authenticator = 0xcb64222364557ca5e901b315cafeb637
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated
users: Matched coutej at 76
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
undefined: before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 069a], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 00b3], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_tls: SSL_read Error
Error code is ..... 2
SSL Error ..... 2
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled
modcall: group authenticate returns handled
Sending Access-Challenge of id 67 to 10.0.0.7:1812
EAP-Message =
0x0103040a0dc0000007a6160301004a0200004603013f345b39d7e0de3c8b14a6e79906
8be57fb7f50738b9a16fcdba9867a1008ade20
9b34ccb09832b0f85b482e1e33ba3020361f021f65a9d9ce52a589e95e6ae7c000040016
0301069a0b0006960006930002cf308202cb30820234a003020102020101
300d06092a864886f70d01010405003081a0310b30090603550406130255533111300f06
0355040813084e657720596f726b310d300b0603550407130454726f7931
1a3018060355040a13114a61736f6e20436f757465726d617273683111300f060355040b
1308576972656c657373311a3018060355040313114a61736f6e20436f75
74
EAP-Message =
0x65726d617273683124302206092a864886f70d01090116156a61736f6e636f75744062
6967666f6f742e636f6d301e170d3033303730
353136303133375a170d3034303730343136303133375a30819c310b3009060355040613
0255533111300f060355040813084e657720596f726b310d300b06035504
07130454726f79311a3018060355040a13114a61736f6e20436f757465726d6172736831
11300f060355040b1308576972656c657373311630140603550403130d6a
61736f6e636f75742e636f6d3124302206092a864886f70d01090116156a61736f6e636f
757440626967666f6f742e636f6d30819f300d06092a864886f70d010101
05
EAP-Message =
0x0003818d0030818902818100aa117c52863e9330936fdf6eb524e7e0b232694d66b43f
76e87c3d8d5cd091d0b5a81c0b4b883762825f
0ecadf9601baf22517a7f62e50e045399be7acc4bc0df1c0f234b7000ac64f5616394149
20b413b21f4cae537608db6b17806c49ad9092d577c21379227a04304061
e7fcda8869816dd72870fa4f1cd24c8f518f98bb0203010001a317301530130603551d25
040c300a06082b06010505070301300d06092a864886f70d010104050003
8181002a07b3377ddcec827182442fbb3543fe923eca9f678c78edbb86b910fee6e0e3af
ac59e5c2b621ac798d8fba8f564ff939edc89e60d8f137dd0773472c55a6
60
EAP-Message =
0x44923b20247af399925485aacb57524133f83f5fe0ba735c2bf949b7d7776b7dea23d7
69b19d4cc55e86a5e18c3bacc292309fd9a2f7
206b52b04b76b86b9a830003be308203ba30820323a003020102020100300d06092a8648
86f70d01010405003081a0310b30090603550406130255533111300f0603
55040813084e657720596f726b310d300b0603550407130454726f79311a301806035504
0a13114a61736f6e20436f757465726d617273683111300f060355040b13
08576972656c657373311a3018060355040313114a61736f6e20436f757465726d617273
683124302206092a864886f70d01090116156a61736f6e636f7574406269
67
EAP-Message = 0x666f6f742e636f6d301e170d30333037303531353534
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc3e1cd488299d588886af8ede591b0d9
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.7:1812, id=68,
length=163
User-Name = "coutej"
Cisco-AVPair = "ssid=DAVISON213"
NAS-IP-Address = 10.0.0.7
Framed-MTU = 1400
Called-Station-Id = "00095B516AEC"
Calling-Station-Id = "00053C03E2EC"
NAS-Identifier = "WIRELESS"
NAS-Port = 37
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = 0x020300060d00
State = 0xc3e1cd488299d588886af8ede591b0d9
Message-Authenticator = 0x3cde80213d57ed29b5b3fc1292e34686
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated
users: Matched coutej at 76
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled
modcall: group authenticate returns handled
Sending Access-Challenge of id 68 to 10.0.0.7:1812
EAP-Message =
0x010403b00d80000007a633355a170d3033303830343135353433355a3081a0310b3009
0603550406130255533111300f060355040813
084e657720596f726b310d300b0603550407130454726f79311a3018060355040a13114a
61736f6e20436f757465726d617273683111300f060355040b1308576972
656c657373311a3018060355040313114a61736f6e20436f757465726d61727368312430
2206092a864886f70d01090116156a61736f6e636f757440626967666f6f
742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100af22
284b518e8357919d0cfd293ff4f0314a301f8d0db6ae7fe18665d0637901
82
EAP-Message =
0x37d6a29b3552b1f4086273773f9d04a0926531f536fe6cc2084bfea4f737b9eb15c604
d8a6b69270f56bbb6bbc84ffdf544c923dfaad
a2e964be6cb3ac59e46bdc037ef0035b198406451d477a0564862d34f11aa04d8bcb2171
8397db36c10203010001a38201003081fd301d0603551d0e04160414966f
21319eac78454b20a7aa79b79444e8f3b8013081cd0603551d230481c53081c28014966f
21319eac78454b20a7aa79b79444e8f3b801a181a6a481a33081a0310b30
090603550406130255533111300f060355040813084e657720596f726b310d300b060355
0407130454726f79311a3018060355040a13114a61736f6e20436f757465
72
EAP-Message =
0x6d617273683111300f060355040b1308576972656c657373311a301806035504031311
4a61736f6e20436f757465726d617273683124
302206092a864886f70d01090116156a61736f6e636f757440626967666f6f742e636f6d
820100300c0603551d13040530030101ff300d06092a864886f70d010104
0500038181002658b82082229fbca075e51678767bff9531ef6626deb8dc4289622fe94a
15fe127bd61ff2db390237907283aa43fcca235356b6a2284881cf7aa0cb
32ed2e624e9ddceb8a5475be7a36c0cea98b29c5b648f5bf8f86765e78fd6b006497dac6
69d9b77c1f82f9a8fa126f91827c126d568a4edfe98335182bd4a4922225
c4
EAP-Message =
0xdb16030100b30d0000ab0301020500a500a33081a0310b300906035504061302555331
11300f060355040813084e657720596f726b31
0d300b0603550407130454726f79311a3018060355040a13114a61736f6e20436f757465
726d617273683111300f060355040b1308576972656c657373311a301806
0355040313114a61736f6e20436f757465726d617273683124302206092a864886f70d01
090116156a61736f6e636f757440626967666f6f742e636f6d0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80ebc9127ff2883c4ccaa1cb95f3ee47
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.7:1812, id=69,
length=163
User-Name = "coutej"
Cisco-AVPair = "ssid=DAVISON213"
NAS-IP-Address = 10.0.0.7
Framed-MTU = 1400
Called-Station-Id = "00095B516AEC"
Calling-Station-Id = "00053C03E2EC"
NAS-Identifier = "WIRELESS"
NAS-Port = 37
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = 0x020400060d00
State = 0x80ebc9127ff2883c4ccaa1cb95f3ee47
Message-Authenticator = 0xba5803d95a8ac72175cb9f6317e1a1c8
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated
users: Matched coutej at 76
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns handled
modcall: group authenticate returns handled
Sending Access-Accept of id 69 to 10.0.0.7:1812
MS-MPPE-Recv-Key =
0xc104a7aaa95dac30a8b08ef4dddcf0328ef07b483f22c1ca4a5b975dbab7d9e6
MS-MPPE-Send-Key =
0xed9555e959e1d06ef6976f25245f5b3a29ec7c8687f5edaf7716bc48ab7e8665
EAP-Message = 0x03040004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "coutej"
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 66 with timestamp 3f345b39
Cleaning up request 1 ID 67 with timestamp 3f345b39
Cleaning up request 2 ID 68 with timestamp 3f345b39
Cleaning up request 3 ID 69 with timestamp 3f345b39
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.0.0.7:1812, id=70,
length=150
User-Name = "coutej"
Cisco-AVPair = "ssid=DAVISON213"
NAS-IP-Address = 10.0.0.7
Framed-MTU = 1400
Called-Station-Id = "00095B516AEC"
Calling-Station-Id = "00053C03E2EC"
NAS-Identifier = "WIRELESS"
NAS-Port = 37
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = 0x0205000b01636f7574656a
Message-Authenticator = 0xfb84a506ea929d5ed78cb798e4e64c68
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_eap: EAP packet type response id 5 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated
users: Matched coutej at 76
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled
modcall: group authenticate returns handled
Sending Access-Challenge of id 70 to 10.0.0.7:1812
EAP-Message = 0x010600060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe9f791ada40bd74e9902df605c44d445
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 70 with timestamp 3f345b57
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.0.0.7:1812, id=71,
length=150
User-Name = "coutej"
Cisco-AVPair = "ssid=DAVISON213"
NAS-IP-Address = 10.0.0.7
Framed-MTU = 1400
Called-Station-Id = "00095B516AEC"
Calling-Station-Id = "00053C03E2EC"
NAS-Identifier = "WIRELESS"
NAS-Port = 37
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = 0x0207000b01636f7574656a
Message-Authenticator = 0xc068b936f756bc23cb110adb25980991
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_eap: EAP packet type response id 7 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated
users: Matched coutej at 76
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled
modcall: group authenticate returns handled
Sending Access-Challenge of id 71 to 10.0.0.7:1812
EAP-Message = 0x010800060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3c69dd813af01225603db7edf4a4f071
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 71 with timestamp 3f345b65
Nothing to do. Sleeping until we see a request.
Jason Coutermarsh
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
