Problem with EAP-TTLS+AEGIS Client

Kostas Kalevras Sun, 09 Nov 2003 18:14:13 -0800

Hello, we are facing a problem when trying to test EAP-TTLS with the
Meetinghouse AEGIS Client


We are using a Cisco 2950 as an AP (EAPOL authentication) with recent IOS.

freeradius latest cvs (two or three days old)
Aegis 2.1.0
OpenSSL 0.9.7c

Unfortunately we haven't been able to find a sniffer capable of reporting the
TLS traffic within an EAP-TTLS (or EAP-TLS for that matter) conversation.
So I am mostly speculating what the problem is.

As can be seen from the radiusd -X -xxx output after sending a TLS Hello with
the server certificate the client returns with a TLS ACK. I am guessing that one
TLS fragment got to the client and it is ACKing for another. Though the eap_tls
module seems to not accept that ACK.
>From what i 've found the eaptls_ack_handler() never seems to be called. If it
is an openssl or rlm_eap_tls module problem i don't know. From the documentation
on openssl.org it seems that the handler will only be called if the received
packet is ok so it can just be that the packet is malformed somehow.
In any case I don't really know where to go from here. One thing that would help
would be if someone confirmed that eap-ttls works with such a configuration.

                tls {
                        private_key_password = ""
                        private_key_file = /etc/1x/private.pem
                        certificate_file = /etc/1x/cert.pem
                        CA_file = /etc/1x/CA.pem
                        dh_file = /etc/1x/DH
                        random_file = /etc/1x/random
                        fragment_size = 1024
                #               include_length = no
                }

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

rad_recv: Access-Request packet from host 147.102.247.20:1812, id=45, length=102
        NAS-IP-Address = 147.102.247.20
        NAS-Port-Type = Async
        User-Name = "papage"
        Service-Type = Framed-User
        Framed-MTU = 1500
        Calling-Station-Id = "00-00-86-33-52-43"
        EAP-Message = 0x020e000b01706170616765
        Message-Authenticator = 0x33b1b4adac3a64f2951c083441512065
Sun Nov  9 21:52:25 2003 : Debug: modcall: entering group authorize for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling preprocess 
(rlm_preprocess) for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from preprocess 
(rlm_preprocess) for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "preprocess" returns ok 
for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling chap (rlm_chap) for 
request 40
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from chap 
(rlm_chap) for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "chap" returns noop for 
request 40
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling eap (rlm_eap) for 
request 40
Sun Nov  9 21:52:25 2003 : Debug:   rlm_eap: EAP packet type response id 14 length 11
Sun Nov  9 21:52:25 2003 : Debug:   rlm_eap: No EAP Start, assuming it's an on-going 
EAP conversation
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from eap (rlm_eap) 
for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "eap" returns updated 
for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling suffix (rlm_realm) 
for request 40
Sun Nov  9 21:52:25 2003 : Debug:     rlm_realm: No '@' in User-Name = "papage", 
looking up realm NULL
Sun Nov  9 21:52:25 2003 : Debug:     rlm_realm: No such realm "NULL"
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from suffix 
(rlm_realm) for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "suffix" returns noop 
for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling files (rlm_files) 
for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from files 
(rlm_files) for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "files" returns 
notfound for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling mschap (rlm_mschap) 
for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from mschap 
(rlm_mschap) for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "mschap" returns noop 
for request 40
Sun Nov  9 21:52:25 2003 : Debug: modcall: group authorize returns updated for request 
40
Sun Nov  9 21:52:25 2003 : Debug:   rad_check_password:  Found Auth-Type EAP
Sun Nov  9 21:52:25 2003 : Debug: auth: type "EAP"
Sun Nov  9 21:52:25 2003 : Debug: modcall: entering group authenticate for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authenticate]: calling eap (rlm_eap) for 
request 40
Sun Nov  9 21:52:25 2003 : Debug:   rlm_eap: EAP Identity
Sun Nov  9 21:52:25 2003 : Debug:   rlm_eap: processing type md5
Sun Nov  9 21:52:25 2003 : Info: rlm_eap_md5: Issuing Challenge
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authenticate]: returned from eap 
(rlm_eap) for request 40
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authenticate]: module "eap" returns 
handled for request 40
Sun Nov  9 21:52:25 2003 : Debug: modcall: group authenticate returns handled for 
request 40
Sending Access-Challenge of id 45 to 147.102.247.20:1812
        EAP-Message = 0x010f00160410718bb30056f5f9a6401c0046d09da6ee
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x1c705eef7d6dcada354477e8b66972a0
Sun Nov  9 21:52:25 2003 : Debug: Finished request 40
Sun Nov  9 21:52:25 2003 : Debug: Going to the next request
Sun Nov  9 21:52:25 2003 : Debug: --- Walking the entire request list ---
Sun Nov  9 21:52:25 2003 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 147.102.247.20:1812, id=46, length=115
        NAS-IP-Address = 147.102.247.20
        NAS-Port-Type = Async
        User-Name = "papage"
        Service-Type = Framed-User
        Framed-MTU = 1500
        Calling-Station-Id = "00-00-86-33-52-43"
        State = 0x1c705eef7d6dcada354477e8b66972a0
        EAP-Message = 0x020f00060315
        Message-Authenticator = 0x14b883fd5b7b27ff9932d52df98c3cef
Sun Nov  9 21:52:25 2003 : Debug: modcall: entering group authorize for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling preprocess 
(rlm_preprocess) for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from preprocess 
(rlm_preprocess) for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "preprocess" returns ok 
for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling chap (rlm_chap) for 
request 41
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from chap 
(rlm_chap) for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "chap" returns noop for 
request 41
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling eap (rlm_eap) for 
request 41
Sun Nov  9 21:52:25 2003 : Debug:   rlm_eap: EAP packet type response id 15 length 6
Sun Nov  9 21:52:25 2003 : Debug:   rlm_eap: No EAP Start, assuming it's an on-going 
EAP conversation
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from eap (rlm_eap) 
for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "eap" returns updated 
for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling suffix (rlm_realm) 
for request 41
Sun Nov  9 21:52:25 2003 : Debug:     rlm_realm: No '@' in User-Name = "papage", 
looking up realm NULL
Sun Nov  9 21:52:25 2003 : Debug:     rlm_realm: No such realm "NULL"
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from suffix 
(rlm_realm) for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "suffix" returns noop 
for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling files (rlm_files) 
for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from files 
(rlm_files) for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "files" returns 
notfound for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: calling mschap (rlm_mschap) 
for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authorize]: returned from mschap 
(rlm_mschap) for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authorize]: module "mschap" returns noop 
for request 41
Sun Nov  9 21:52:25 2003 : Debug: modcall: group authorize returns updated for request 
41
Sun Nov  9 21:52:25 2003 : Debug:   rad_check_password:  Found Auth-Type EAP
Sun Nov  9 21:52:25 2003 : Debug: auth: type "EAP"
Sun Nov  9 21:52:25 2003 : Debug: modcall: entering group authenticate for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authenticate]: calling eap (rlm_eap) for 
request 41
Sun Nov  9 21:52:25 2003 : Debug:   rlm_eap: Request found, released from the list
Sun Nov  9 21:52:25 2003 : Debug:   rlm_eap: EAP NAK
Sun Nov  9 21:52:25 2003 : Debug:  rlm_eap: EAP-NAK asked for EAP-Type/ttls
Sun Nov  9 21:52:25 2003 : Debug:   rlm_eap: processing type tls
Sun Nov  9 21:52:25 2003 : Debug:   rlm_eap_tls: Initiate
Sun Nov  9 21:52:25 2003 : Debug:   rlm_eap_tls: Start returned 1
Sun Nov  9 21:52:25 2003 : Debug:   modsingle[authenticate]: returned from eap 
(rlm_eap) for request 41
Sun Nov  9 21:52:25 2003 : Debug:   modcall[authenticate]: module "eap" returns 
handled for request 41
Sun Nov  9 21:52:25 2003 : Debug: modcall: group authenticate returns handled for 
request 41
Sending Access-Challenge of id 46 to 147.102.247.20:1812
        EAP-Message = 0x011000061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xe74c66dc22d38a2941bfd2b46afae21d
Sun Nov  9 21:52:25 2003 : Debug: Finished request 41
Sun Nov  9 21:52:25 2003 : Debug: Going to the next request
Sun Nov  9 21:52:25 2003 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 147.102.247.20:1812, id=47, length=209
        NAS-IP-Address = 147.102.247.20
        NAS-Port-Type = Async
        User-Name = "papage"
        Service-Type = Framed-User
        Framed-MTU = 1500
        Calling-Station-Id = "00-00-86-33-52-43"
        State = 0xe74c66dc22d38a2941bfd2b46afae21d
        EAP-Message = 
0x0210006415800000005a16030100550100005103013fae98ce7d7e6f50ed0747e22ac746d56a048dea0c4de80c43fab2aa6f0c189c00002a00160013000a0066000700050004006500640063006200610060001500120009001400110008000600030100
        Message-Authenticator = 0xce33c4923c5cd43349626b69319c9217
Sun Nov  9 21:52:26 2003 : Debug: modcall: entering group authorize for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling preprocess 
(rlm_preprocess) for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from preprocess 
(rlm_preprocess) for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "preprocess" returns ok 
for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling chap (rlm_chap) for 
request 42
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from chap 
(rlm_chap) for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "chap" returns noop for 
request 42
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling eap (rlm_eap) for 
request 42
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap: EAP packet type response id 16 length 100
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap: No EAP Start, assuming it's an on-going 
EAP conversation
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from eap (rlm_eap) 
for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "eap" returns updated 
for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling suffix (rlm_realm) 
for request 42
Sun Nov  9 21:52:26 2003 : Debug:     rlm_realm: No '@' in User-Name = "papage", 
looking up realm NULL
Sun Nov  9 21:52:26 2003 : Debug:     rlm_realm: No such realm "NULL"
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from suffix 
(rlm_realm) for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "suffix" returns noop 
for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling files (rlm_files) 
for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from files 
(rlm_files) for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "files" returns 
notfound for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling mschap (rlm_mschap) 
for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from mschap 
(rlm_mschap) for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "mschap" returns noop 
for request 42
Sun Nov  9 21:52:26 2003 : Debug: modcall: group authorize returns updated for request 
42
Sun Nov  9 21:52:26 2003 : Debug:   rad_check_password:  Found Auth-Type EAP
Sun Nov  9 21:52:26 2003 : Debug: auth: type "EAP"
Sun Nov  9 21:52:26 2003 : Debug: modcall: entering group authenticate for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authenticate]: calling eap (rlm_eap) for 
request 42
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap: Request found, released from the list
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap: EAP_TYPE - ttls
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap: processing type ttls
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap_ttls: Authenticate
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap_tls: processing TLS
Sun Nov  9 21:52:26 2003 : Info: rlm_eap_tls:  Length Included
Sun Nov  9 21:52:26 2003 : Debug:   eaptls_verify returned 11 
Sun Nov  9 21:52:26 2003 : Info: undefined: before/accept initialization 
Sun Nov  9 21:52:26 2003 : Info: TLS_accept: before/accept initialization 
Sun Nov  9 21:52:26 2003 : Info: TLS_accept: SSLv3 read client hello A 
Sun Nov  9 21:52:26 2003 : Info: TLS_accept: SSLv3 write server hello A 
Sun Nov  9 21:52:26 2003 : Info: TLS_accept: SSLv3 write certificate A 
Sun Nov  9 21:52:26 2003 : Info: TLS_accept: SSLv3 write server done A 
Sun Nov  9 21:52:26 2003 : Info: TLS_accept: SSLv3 flush data 
Sun Nov  9 21:52:26 2003 : Error: TLS_accept:error in SSLv3 read client certificate A 
Sun Nov  9 21:52:26 2003 : Debug: In SSL Handshake Phase 
Sun Nov  9 21:52:26 2003 : Debug: In SSL Accept mode  
Sun Nov  9 21:52:26 2003 : Debug:   eaptls_process returned 13 
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authenticate]: returned from eap 
(rlm_eap) for request 42
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authenticate]: module "eap" returns 
handled for request 42
Sun Nov  9 21:52:26 2003 : Debug: modcall: group authenticate returns handled for 
request 42
Sending Access-Challenge of id 47 to 147.102.247.20:1812
        EAP-Message = 
0x0111040a15c0000008ca160301004a0200004603013fae9afabb104b4509ff6590eba28a3bdd731358bae97cd3242113201788ec9a203819c81204e31f5d6bd8c336ed1d64b74c829e87ec69c4d5821ec7c97ad76eaf000a00160301086d0b000869000866000367308203633082024ba003020102020139300d06092a864886f70d0101050500304d310b3009060355040613026772310d300b060355040a13046e747561310d300b060355040313046e7475613120301e06092a864886f70d01090116116373696174406e6f632e6e7475612e6772301e170d3033313130343130333630365a170d3034313130333130333630365a305b310f300d06
        EAP-Message = 
0x0355040b1306536572766572311f301d06035504031316646576696c2e746573742e6e6f632e6e7475612e6772310b3009060355040613024752310d300b060355040a13044e545541310b3009060355040513023537305c300d06092a864886f70d0101010500034b003048024100eae1bbb494160e400a94e4e0349193b9bc3c6379b0c11118b1bf608aca99d974e4d3af45ea0a66e0c8b58ed1ec7e0befb9a69e57d363ab77eb75c64257c183df0203010001a38201063082010230090603551d1304023000301106096086480186f8420101040403020640300b0603551d0f0404030205e0302106096086480186f842010d0414161256504e2053
        EAP-Message = 
0x6572766572206f66204e545541301d0603551d0e04160414af725a6daede4dc17bae0305149ba7524610f9eb30750603551d23046e306c8014f612f47b54c5fb8d943e9a4933d65b41cc8ee73ea151a44f304d310b3009060355040613026772310d300b060355040a13046e747561310d300b060355040313046e7475613120301e06092a864886f70d01090116116373696174406e6f632e6e7475612e6772820100301c0603551d120415301381116373696174406e6f632e6e7475612e6772300d06092a864886f70d010105050003820101002d2aaacade1ed13ce7b0a643f3ddc1213d2e6a76d196a0a40132e6c53fbc84c96d2ee62ced321476
        EAP-Message = 
0xc36681d8379adfdbf1da19973c00f53f5ef4de342d23736629bb353ebbfddee2ab02556f919742f2eb2f0da811bf467b321d329adb230a7193c83f4e89cc7f477486568ed2028769a1158bdfa4bfb89634bae1c5d67d7daaea0c5b3e4098cb61426cb8dbf551da2cea9ed810a78cd464291a81419b3b821b14e97d1e28ca0bc4a995c34c5d5034eddd266789008f4da56006cc4d700c0d8217d6ad2cf15b9733126e9f6fb96909621fd215c80bfdc6bda6cc99c0d2910875423a6b3e59be64328c8bc9c9e39fbafdd4d1709dab9c330b5e6c14ad559b9ed00004f9308204f5308203dda003020102020100300d06092a864886f70d0101050500304d31
        EAP-Message = 0x0b3009060355040613026772310d300b060355040a13
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x047138b17ce3bb5c8ac09fcd8b0ff672
Sun Nov  9 21:52:26 2003 : Debug: Finished request 42
Sun Nov  9 21:52:26 2003 : Debug: Going to the next request
Sun Nov  9 21:52:26 2003 : Debug: --- Walking the entire request list ---
Sun Nov  9 21:52:26 2003 : Debug: Waking up in 5 seconds...
rad_recv: Access-Request packet from host 147.102.247.20:1812, id=48, length=115
        NAS-IP-Address = 147.102.247.20
        NAS-Port-Type = Async
        User-Name = "papage"
        Service-Type = Framed-User
        Framed-MTU = 1500
        Calling-Station-Id = "00-00-86-33-52-43"
        State = 0x047138b17ce3bb5c8ac09fcd8b0ff672
        EAP-Message = 0x021100061500
        Message-Authenticator = 0xb29745f604b2e02c6819965d0ed9d41a
Sun Nov  9 21:52:26 2003 : Debug: modcall: entering group authorize for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling preprocess 
(rlm_preprocess) for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from preprocess 
(rlm_preprocess) for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "preprocess" returns ok 
for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling chap (rlm_chap) for 
request 43
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from chap 
(rlm_chap) for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "chap" returns noop for 
request 43
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling eap (rlm_eap) for 
request 43
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap: EAP packet type response id 17 length 6
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap: No EAP Start, assuming it's an on-going 
EAP conversation
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from eap (rlm_eap) 
for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "eap" returns updated 
for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling suffix (rlm_realm) 
for request 43
Sun Nov  9 21:52:26 2003 : Debug:     rlm_realm: No '@' in User-Name = "papage", 
looking up realm NULL
Sun Nov  9 21:52:26 2003 : Debug:     rlm_realm: No such realm "NULL"
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from suffix 
(rlm_realm) for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "suffix" returns noop 
for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling files (rlm_files) 
for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from files 
(rlm_files) for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "files" returns 
notfound for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: calling mschap (rlm_mschap) 
for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authorize]: returned from mschap 
(rlm_mschap) for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authorize]: module "mschap" returns noop 
for request 43
Sun Nov  9 21:52:26 2003 : Debug: modcall: group authorize returns updated for request 
43
Sun Nov  9 21:52:26 2003 : Debug:   rad_check_password:  Found Auth-Type EAP
Sun Nov  9 21:52:26 2003 : Debug: auth: type "EAP"
Sun Nov  9 21:52:26 2003 : Debug: modcall: entering group authenticate for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authenticate]: calling eap (rlm_eap) for 
request 43
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap: Request found, released from the list
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap: EAP_TYPE - ttls
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap: processing type ttls
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap_ttls: Authenticate
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap_tls: processing TLS
Sun Nov  9 21:52:26 2003 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Sun Nov  9 21:52:26 2003 : Error: rlm_eap_tls: Unexpected ACK received
Sun Nov  9 21:52:26 2003 : Debug:   eaptls_verify returned 4 
Sun Nov  9 21:52:26 2003 : Debug:   eaptls_process returned 4 
Sun Nov  9 21:52:26 2003 : Debug:  rlm_eap: Handler failed in EAP type 21
Sun Nov  9 21:52:26 2003 : Debug:   rlm_eap: Failed in EAP select
Sun Nov  9 21:52:26 2003 : Debug:   modsingle[authenticate]: returned from eap 
(rlm_eap) for request 43
Sun Nov  9 21:52:26 2003 : Debug:   modcall[authenticate]: module "eap" returns 
invalid for request 43
Sun Nov  9 21:52:26 2003 : Debug: modcall: group authenticate returns invalid for 
request 43
Sun Nov  9 21:52:26 2003 : Debug: auth: Failed to validate the user.
Sun Nov  9 21:52:26 2003 : Auth: Login incorrect: [papage] (from client eap-switch 
port 0 cli 00-00-86-33-52-43)
Sun Nov  9 21:52:26 2003 : Debug: Delaying request 43 for 1 seconds
Sun Nov  9 21:52:26 2003 : Debug: Finished request 43
Sun Nov  9 21:52:26 2003 : Debug: Going to the next request
Sun Nov  9 21:52:26 2003 : Debug: Waking up in 5 seconds...
rad_recv: Access-Request packet from host 147.102.247.20:1812, id=48, length=115
Sending Access-Reject of id 48 to 147.102.247.20:1812
        EAP-Message = 0x04110004
        Message-Authenticator = 0x00000000000000000000000000000000
Sun Nov  9 21:52:31 2003 : Debug: --- Walking the entire request list ---
Sun Nov  9 21:52:31 2003 : Debug: Cleaning up request 40 ID 45 with timestamp 3fae9af9
Sun Nov  9 21:52:31 2003 : Debug: Cleaning up request 41 ID 46 with timestamp 3fae9af9
Sun Nov  9 21:52:31 2003 : Debug: Waking up in 1 seconds...
Sun Nov  9 21:52:32 2003 : Debug: --- Walking the entire request list ---
Sun Nov  9 21:52:32 2003 : Debug: Cleaning up request 42 ID 47 with timestamp 3fae9afa
Sun Nov  9 21:52:32 2003 : Debug: Cleaning up request 43 ID 48 with timestamp 3fae9afa
Sun Nov  9 21:52:32 2003 : Debug: Nothing to do.  Sleeping until we see a request.

Problem with EAP-TTLS+AEGIS Client

Reply via email to