nastype = other has not worked. The situation is the same than before. I have also not the possibility to use an other AP.
Berndt On Fri, 2003-08-08 at 13:33, diomedes wrote: > Hi, > Try to put in clients.conf, in the lines of the NAS the following attribute > nastype = other > > I had a similar problem and with that line all goes perfectly ( or nearly) > > Good luck > > Other possibility is to try authenticate with the same configuration but > with other AP, if it's possible. > > Regards. > Omar > > > Sevcik Berndt wrote: > > >I try to authenticate an XP Client via an Enterasys RoamaboutR2 Access > >Point with freeradius. But the client get never authenticated. My > >problem that I have no idea where I should search for the error. I used > >the www.impossiblereflex.xom/8021x/eap-tls-HOWTO.htm Howto for setup. > > > >Output from freeradius -X -A: > >Ready to process requests. > >rad_recv: Access-Request packet from host 10.0.4.14:1205, id=253, > >length=116 > > Message-Authenticator = 0x78a9e48d042ad1f7109083edf2b3146d > > User-Name = "Sevcik Berndt" > > NAS-IP-Address = 10.0.4.14 > > NAS-Port = 2 > > NAS-Port-Type = Wireless-802.11 > > Calling-Station-Id = "00-01-f4-ec-3d-7c" > > EAP-Message = 0x024400120153657663696b204265726e6474 > > Framed-MTU = 1000 > >modcall: entering group authorize > > modcall[authorize]: module "preprocess" returns ok > > rlm_eap: EAP packet type response id 68 length 18 > > rlm_eap: EAP Start not found > > modcall[authorize]: module "eap" returns updated > > rlm_realm: No '@' in User-Name = "Sevcik Berndt", looking up realm > >NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop > > users: Matched DEFAULT at 152 > > users: Matched Sevcik Berndt at 216 > > modcall[authorize]: module "files" returns ok > >modcall: group authorize returns updated > > rad_check_password: Found Auth-Type EAP > >auth: type "EAP" > >modcall: entering group authenticate > > rlm_eap: EAP Identity > > rlm_eap: processing type tls > > rlm_eap_tls: Initiate > > rlm_eap_tls: Start returned 1 > > modcall[authenticate]: module "eap" returns handled > >modcall: group authenticate returns handled > >Sending Access-Challenge of id 253 to 10.0.4.14:1205 > > EAP-Message = 0x014500060d20 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x1c0ccba6d22ad97dab13096d340f0290 > >Finished request 0 > >Going to the next request > >--- Walking the entire request list --- > >Waking up in 6 seconds... > >rad_recv: Access-Request packet from host 10.0.4.14:1205, id=254, > >length=196 > > Message-Authenticator = 0x31199cd93954566ea164f46ce86d6b59 > > User-Name = "Sevcik Berndt" > > State = 0x1c0ccba6d22ad97dab13096d340f0290 > > NAS-IP-Address = 10.0.4.14 > > NAS-Port = 2 > > NAS-Port-Type = Wireless-802.11 > > Calling-Station-Id = "00-01-f4-ec-3d-7c" > > Framed-MTU = 1000 > > EAP-Message = > >0x024500500d800000004616030100410100003d03013f3371da3a9bab75032c2c86afd3288de5d42d63265b6afe930d235a87d1df9a00001600040005000a000900640062000300060013001200630100 > >modcall: entering group authorize > > modcall[authorize]: module "preprocess" returns ok > > rlm_eap: EAP packet type response id 69 length 80 > > rlm_eap: EAP Start not found > > modcall[authorize]: module "eap" returns updated > > rlm_realm: No '@' in User-Name = "Sevcik Berndt", looking up realm > >NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop > > users: Matched DEFAULT at 152 > > users: Matched Sevcik Berndt at 216 > > modcall[authorize]: module "files" returns ok > >modcall: group authorize returns updated > > rad_check_password: Found Auth-Type EAP > >auth: type "EAP" > >modcall: entering group authenticate > > rlm_eap: Request found, released from the list > > rlm_eap: EAP_TYPE - tls > > rlm_eap: processing type tls > > rlm_eap_tls: Authenticate > > rlm_eap_tls: processing TLS > >rlm_eap_tls: Length Included > > eaptls_verify returned 11 > >undefined: before/accept initialization > >TLS_accept: before/accept initialization > > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello > >TLS_accept: SSLv3 read client hello A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello > >TLS_accept: SSLv3 write server hello A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length 063c], Certificate > >TLS_accept: SSLv3 write certificate A > > rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a0], CertificateRequest > >TLS_accept: SSLv3 write certificate request A > >TLS_accept: SSLv3 flush data > >TLS_accept:error in SSLv3 read client certificate A > >rlm_eap_tls: SSL_read Error > > Error code is ..... 2 > > SSL Error ..... 2 > >In SSL Handshake Phase > >In SSL Accept mode > > eaptls_process returned 13 > > modcall[authenticate]: module "eap" returns handled > >modcall: group authenticate returns handled > >Sending Access-Challenge of id 254 to 10.0.4.14:1205 > > EAP-Message = > >0x0146040a0dc000000735160301004a0200004603013f3371d4fe8d552850335d9175f699f43cd56559f163ff0b5ff946dacb6a1374206ca02c80ec917fa450bd683bec1717b4a30e22a02f22c4415966534ce01d79ab000400160301063c0b0006380006350002a8308202a43082020da003020102020101300d06092a864886f70d010104050030818e310b3009060355040613024154310f300d060355040813065669656e6e613121301f060355040a131854474d202d20536368756c652064657220546563686e696b31133011060355040b130a49542d53657276696365311830160603550403130f54474d20576972656c657373204341311c30 > > EAP-Message = > >0x1a06092a864886f70d010901160d6974734074676d2e61632e6174301e170d3033303830383039323630335a170d3034303830373039323630335a308187310b3009060355040613024154310f300d060355040813065669656e6e613121301f060355040a131854474d202d20536368756c652064657220546563686e696b31133011060355040b130a49542d536572766963653111300f060355040313084954535465737431311c301a06092a864886f70d010901160d6974734074676d2e61632e617430819f300d06092a864886f70d010101050003818d0030818902818100cb0ef8ea95aa5b79098016fbdee45140e91cfed8e305ce95a5269b > > EAP-Message = > >0x22fbb3918de0a0704e252054bcd7291c30e0746857da821c0824e91662e783d3854f384a8a16dbfa5e5b4391e11865491db3b48ace72895234de2f1b5bec0a17f72ae8dc0ea6014ae02df3d6edb7bcef7ee9c1275140d4b6f92de97d7ef47416a0c55975f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181006e96446ff593c6fec170c5aa95d2c2ed8ce02f1cd31b2773f1c2b857fed8b0832aa440901e04bb2cd81676aa51165ac9b3fec3e4037548f534c8764d61f506eae7654c65f50f66746ffa444553c1050839610d878da2a8ac12cb47e1925644f65db017c6205680 > > EAP-Message = > >0x1bfaa7a27a984f7df5a2f5e19240fdc9c44ad6ac98ca8be46800038730820383308202eca003020102020100300d06092a864886f70d010104050030818e310b3009060355040613024154310f300d060355040813065669656e6e613121301f060355040a131854474d202d20536368756c652064657220546563686e696b31133011060355040b130a49542d53657276696365311830160603550403130f54474d20576972656c657373204341311c301a06092a864886f70d010901160d6974734074676d2e61632e6174301e170d3033303830383039323532305a170d3033303930373039323532305a30818e310b300906035504061302415431 > > EAP-Message = 0x0f300d060355040813065669656e6e613121301f0603 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x0560864af2ffaf209e093f6ad07a9f47 > >Finished request 1 > >Going to the next request > >Waking up in 6 seconds... > >--- Walking the entire request list --- > >Cleaning up request 0 ID 253 with timestamp 3f3371d4 > >Cleaning up request 1 ID 254 with timestamp 3f3371d4 > >Nothing to do. Sleeping until we see a request. > > > > > >Output from radius.log: > >ri Aug 8 10:52:28 2003 : Info: rlm_eap_tls: Length Included > >Fri Aug 8 10:52:28 2003 : Error: TLS_accept:error in SSLv3 read client > >certificate A > >Fri Aug 8 10:52:28 2003 : Info: rlm_eap_tls: SSL_read Error > >Fri Aug 8 10:52:28 2003 : Error: Error code is ..... 2 > >Fri Aug 8 10:52:28 2003 : Error: SSL Error ..... 2 > > > >Thanks > > > >Berndt > > > > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Diese Message wurde erstellt mit freundlicher Unterstuetzung eines freilaufenden Pinguins aus artgerechter Freilandhaltung. Sie ist garantiert frei von Microsoftschen Viren. ----------------------------------------- TGM - Die Schule der Technik IT-Service A-1200 Wien, Wexstr. 19-23 Tel. +43(1)33126/316 Fax: +43(1)33126/154 E-Mail: [EMAIL PROTECTED] ----------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
