Hello,
I'm trying to authenticate my WinXPsp1 PC by 802.1x functions of
Catalyst2950 and EAP-PEAP(MSCHAPv2) with FreeRADIUS.
software versions: freeradius-snapshot-20040331
openssl-0.9.7d
config of Cat.2950 (related part only):
aaa new-model
aaa authentication dot1x default group radius
radius-server host 192.168.132.17 auth-port 1812 acct-port 1813 key KEY
radius-server retransmit 3
interface FastEthernet0/24
switchport mode access
dot1x port-control auto
My 'users' file includes following line:
KAMAO-TP\\kamao Auth-Type := EAP, User-Password == "password"
and output from radiusd -X is:
# VERY LONG... 512 lines
1: # /usr/local/radiusd/sbin/radiusd -X
2: Starting - reading configuration files ...
3: reread_config: reading radiusd.conf
4: Config: including file: /usr/local/radiusd/etc/raddb/proxy.conf
5: Config: including file: /usr/local/radiusd/etc/raddb/clients.conf
6: Config: including file: /usr/local/radiusd/etc/raddb/snmp.conf
7: Config: including file: /usr/local/radiusd/etc/raddb/sql.conf
8: main: prefix = "/usr/local/radiusd"
9: main: localstatedir = "/usr/local/radiusd/var"
10: main: logdir = "/usr/local/radiusd/var/log/radius"
11: main: libdir = "/usr/local/radiusd/lib"
12: main: radacctdir = "/usr/local/radiusd/var/log/radius/radacct"
13: main: hostname_lookups = no
14: main: max_request_time = 30
15: main: cleanup_delay = 5
16: main: max_requests = 1024
17: main: delete_blocked_requests = 0
18: main: port = 0
19: main: allow_core_dumps = no
20: main: log_stripped_names = no
21: main: log_file = "/usr/local/radiusd/var/log/radius/radius.log"
22: main: log_auth = yes
23: main: log_auth_badpass = yes
24: main: log_auth_goodpass = no
25: main: pidfile = "/usr/local/radiusd/var/run/radiusd/radiusd.pid"
26: main: user = "kamao"
27: main: group = "kamao"
28: main: usercollide = no
29: main: lower_user = "no"
30: main: lower_pass = "no"
31: main: nospace_user = "no"
32: main: nospace_pass = "no"
33: main: checkrad = "/usr/local/radiusd/sbin/checkrad"
34: main: proxy_requests = no
35: proxy: retry_delay = 5
36: proxy: retry_count = 3
37: proxy: synchronous = no
38: proxy: default_fallback = yes
39: proxy: dead_time = 120
40: proxy: post_proxy_authorize = yes
41: proxy: wake_all_if_all_dead = no
42: security: max_attributes = 200
43: security: reject_delay = 1
44: security: status_server = no
45: main: debug_level = 0
46: read_config_files: reading dictionary
47: read_config_files: reading naslist
48: Using deprecated naslist file. Support for this will go away soon.
49: read_config_files: reading clients
50: Using deprecated clients file. Support for this will go away soon.
51: read_config_files: reading realms
52: Using deprecated realms file. Support for this will go away soon.
53: radiusd: entering modules setup
54: Module: Library search path is /usr/local/radiusd/lib
55: Module: Loaded exec
56: exec: wait = yes
57: exec: program = "(null)"
58: exec: input_pairs = "request"
59: exec: output_pairs = "(null)"
60: exec: packet_type = "(null)"
61: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
62: Module: Instantiated exec (exec)
63: Module: Loaded expr
64: Module: Instantiated expr (expr)
65: Module: Loaded MS-CHAP
66: mschap: use_mppe = yes
67: mschap: require_encryption = yes
68: mschap: require_strong = yes
69: mschap: with_ntdomain_hack = yes
70: mschap: passwd = "(null)"
71: mschap: authtype = "MS-CHAP"
72: Module: Instantiated mschap (mschap)
73: Module: Loaded eap
74: eap: default_eap_type = "peap"
75: eap: timer_expire = 60
76: eap: ignore_unknown_eap_types = yes
77: eap: cisco_accounting_username_bug = no
78: tls: rsa_key_exchange = no
79: tls: dh_key_exchange = yes
80: tls: rsa_key_length = 512
81: tls: dh_key_length = 512
82: tls: verify_depth = 0
83: tls: CA_path = "(null)"
84: tls: pem_file_type = yes
85: tls: private_key_file = "/usr/local/radiusd/etc/raddb/certs/rad-priv.pem"
86: tls: certificate_file = "/usr/local/radiusd/etc/raddb/certs/rad-cert.pem"
87: tls: CA_file = "/usr/local/radiusd/etc/raddb/certs/cacert.pem"
88: tls: private_key_password = "(null)"
89: tls: dh_file = "/usr/local/radiusd/etc/raddb/certs/dh2048.pem"
90: tls: random_file = "/dev/urandom"
91: tls: fragment_size = 1024
92: tls: include_length = yes
93: tls: check_crl = no
94: rlm_eap: Loaded and initialized type tls
95: peap: default_eap_type = "mschapv2"
96: peap: copy_request_to_tunnel = yes
97: peap: use_tunneled_reply = yes
98: peap: proxy_tunneled_request_as_eap = yes
99: rlm_eap: Loaded and initialized type peap
100: mschapv2: with_ntdomain_hack = no
101: rlm_eap: Loaded and initialized type mschapv2
102: Module: Instantiated eap (eap)
103: Module: Loaded preprocess
104: preprocess: huntgroups = "/usr/local/radiusd/etc/raddb/huntgroups"
105: preprocess: hints = "/usr/local/radiusd/etc/raddb/hints"
106: preprocess: with_ascend_hack = no
107: preprocess: ascend_channels_per_line = 23
108: preprocess: with_ntdomain_hack = no
109: preprocess: with_specialix_jetstream_hack = no
110: preprocess: with_cisco_vsa_hack = no
111: Module: Instantiated preprocess (preprocess)
112: Module: Loaded files
113: files: usersfile = "/usr/local/radiusd/etc/raddb/users"
114: files: acctusersfile = "/usr/local/radiusd/etc/raddb/acct_users"
115: files: preproxy_usersfile = "/usr/local/radiusd/etc/raddb/preproxy_users"
116: files: compat = "no"
117: Module: Instantiated files (files)
118: Module: Loaded realm
119: realm: format = "suffix"
120: realm: delimiter = "@"
121: realm: ignore_default = no
122: realm: ignore_null = no
123: Module: Instantiated realm (suffix)
124: Module: Loaded Acct-Unique-Session-Id
125: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre
126: ss, NAS-Port"
127: Module: Instantiated acct_unique (acct_unique)
128: Module: Loaded detail
129: detail: detailfile = "/usr/local/radiusd/var/log/radius/radacct/%{Client-IP-Add
130: ress}/detail-%Y%m%d"
131: detail: detailperm = 384
132: detail: dirperm = 493
133: detail: locking = no
134: Module: Instantiated detail (detail)
135: Module: Loaded System
136: unix: cache = no
137: unix: passwd = "(null)"
138: unix: shadow = "(null)"
139: unix: group = "(null)"
140: unix: radwtmp = "/usr/local/radiusd/var/log/radius/radwtmp"
141: unix: usegroup = no
142: unix: cache_reload = 600
143: Module: Instantiated unix (unix)
144: Module: Loaded radutmp
145: radutmp: filename = "/usr/local/radiusd/var/log/radius/radutmp"
146: radutmp: username = "%{User-Name}"
147: radutmp: case_sensitive = yes
148: radutmp: check_with_nas = yes
149: radutmp: perm = 384
150: radutmp: callerid = yes
151: Module: Instantiated radutmp (radutmp)
152: Listening on IP address *, ports 1812/udp and 1813/udp.
153: Ready to process requests.
154:
155:
156:
157: rad_recv: Access-Request packet from host 192.168.132.171:1812, id=71, length=12
158: 4
159: NAS-IP-Address = 192.168.132.171
160: NAS-Port = 50005
161: NAS-Port-Type = Ethernet
162: User-Name = "KAMAO-TP\kamao"
163: Calling-Station-Id = "08-00-46-45-A9-1C"
164: Service-Type = Framed-User
165: Framed-MTU = 1500
166: EAP-Message = 0x02010013014b414d414f2d54505c6b616d616f
167: Message-Authenticator = 0x8714ef8f13f0567355bcbd62845c98ed
168: Processing the authorize section of radiusd.conf
169: modcall: entering group authorize for request 0
170: modcall[authorize]: module "preprocess" returns ok for request 0
171: users: Matched KAMAO-TPkamao at 161
172: modcall[authorize]: module "files" returns ok for request 0
173: modcall: group authorize returns ok for request 0
174: rad_check_password: Found Auth-Type EAP
175: auth: type "EAP"
176: Processing the authenticate section of radiusd.conf
177: modcall: entering group authenticate for request 0
178: rlm_eap: EAP Identity
179: rlm_eap: processing type tls
180: rlm_eap_tls: Initiate
181: rlm_eap_tls: Start returned 1
182: modcall[authenticate]: module "eap" returns handled for request 0
183: modcall: group authenticate returns handled for request 0
184: Sending Access-Challenge of id 71 to 192.168.132.171:1812
185: EAP-Message = 0x010200061920
186: Message-Authenticator = 0x00000000000000000000000000000000
187: State = 0xa677e1a2bc657c978fe275da86cbd03f
188: Finished request 0
189: Going to the next request
190: --- Walking the entire request list ---
191: Waking up in 6 seconds...
192: rad_recv: Access-Request packet from host 192.168.132.171:1812, id=72, length=20
193: 3
194: NAS-IP-Address = 192.168.132.171
195: NAS-Port = 50005
196: NAS-Port-Type = Ethernet
197: User-Name = "KAMAO-TP\kamao"
198: Calling-Station-Id = "08-00-46-45-A9-1C"
199: Service-Type = Framed-User
200: Framed-MTU = 1500
201: State = 0xa677e1a2bc657c978fe275da86cbd03f
202: EAP-Message = 0x0202005019800000004616030100410100003d0301406c0b21a2e593
203: 306b075a9afeab84cd4bb8eeee8087ba4c5b60e3026df1dea100001600040005000a000900640062
204: 000300060013001200630100
205: Message-Authenticator = 0xf43d800324b7f0b99e6f0dbbe76a1c8c
206: Processing the authorize section of radiusd.conf
207: modcall: entering group authorize for request 1
208: modcall[authorize]: module "preprocess" returns ok for request 1
209: users: Matched KAMAO-TPkamao at 161
210: modcall[authorize]: module "files" returns ok for request 1
211: modcall: group authorize returns ok for request 1
212: rad_check_password: Found Auth-Type EAP
213: auth: type "EAP"
214: Processing the authenticate section of radiusd.conf
215: modcall: entering group authenticate for request 1
216: rlm_eap: Request found, released from the list
217: rlm_eap: EAP/peap
218: rlm_eap: processing type peap
219: rlm_eap_peap: Authenticate
220: rlm_eap_tls: processing TLS
221: rlm_eap_tls: Length Included
222: eaptls_verify returned 11
223: (other): before/accept initialization
224: TLS_accept: before/accept initialization
225: TLS_accept: SSLv3 read client hello A
226: TLS_accept: SSLv3 write server hello A
227: TLS_accept: SSLv3 write certificate A
228: TLS_accept: SSLv3 write server done A
229: TLS_accept: SSLv3 flush data
230: TLS_accept:error in SSLv3 read client certificate A
231: In SSL Handshake Phase
232: In SSL Accept mode
233: eaptls_process returned 13
234: rlm_eap_peap: EAPTLS_HANDLED
235: modcall[authenticate]: module "eap" returns handled for request 1
236: modcall: group authenticate returns handled for request 1
237: Sending Access-Challenge of id 72 to 192.168.132.171:1812
238: EAP-Message = 0x0103040a19c0000008ef160301004a020000460301406c0b1a49f762
239: 7ece35fb689212b2dbe0367d2517816ff5c28edf74abdb4fef20facf41312da6ab67c9eb513ff5a5
240: f89d12a5d91231ea8364ab9f1403cdad83f200040016030108920b00088e00088b0004523082044e
241: 30820336a003020102020101300d06092a864886f70d01010405003072310b300906035504061302
242: 4a503110300e0603550408130746756b756f6b613110300e0603550407130746756b756f6b613113
243: 3011060355040a130a4b414d414f20496e632e310f300d060355040b13064b797573687531193017
244: 060355040313104b617473756e6f7269204b616d616461301e
245: EAP-Message = 0x170d3034303430313132313631325a170d3035303430313132313631
246: 325a3066310b3009060355040613024a503110300e0603550408130746756b756f6b613113301106
247: 0355040a130a4b414d414f20496e632e310f300d060355040b13064b7975736875311f301d060355
248: 040313166b616d616f2e6b79757368752e69696a2e61642e6a7030820122300d06092a864886f70d
249: 01010105000382010f003082010a0282010100de6ae42ce16d4c8eb13b2c9d1d1eb4be8b8af511bd
250: 550ac8d93c8446c3bc5fe1dd51fb827043234680742bd2e36e646cfc6479badb76b1717cd82fb877
251: 35cb9d535f5064cfaf75b44825da5f3c2b2f1e73eb15fdff3a
252: EAP-Message = 0x87242bcaf70d3601caf8ca04f891ce571bdedf9843466ff5e465ea70
253: 84c2516be2564df9a8504876296dd4e49d89659ee609db669e1615d2cb189213d98221f925d5085f
254: 2646c640b896386c70f0407b9d0a0eb312e94f5b142b92ff5bc988ff19af87dd8de989d20d9489e1
255: 9e8c6e16d3fe125522e3d589a78c78458985e52373486dba394dc32629dbb36529214bdc4bc5a9c3
256: 71fffc2b97e7dcbc3801ed498731655c96f0549118810203010001a381fa3081f730090603551d13
257: 04023000302c06096086480186f842010d041f161d4f70656e53534c2047656e6572617465642043
258: 65727469666963617465301d0603551d0e04160414a2c10cfc
259: EAP-Message = 0x3f48077d0cce1561f04adcb48e9e9fc830819c0603551d2304819430
260: 8191801406c69b970e7a3476ec2084e579ce070b3989b59ba176a4743072310b3009060355040613
261: 024a503110300e0603550408130746756b756f6b613110300e0603550407130746756b756f6b6131
262: 133011060355040a130a4b414d414f20496e632e310f300d060355040b13064b7975736875311930
263: 17060355040313104b617473756e6f7269204b616d616461820100300d06092a864886f70d010104
264: 0500038201010085df18a75bba8cc09efa11f713c8d0268c4d7b327b9b4ef0caa1f7e62e8eda7817
265: f47c436b022b74572ca48c943a5bd9dd23ba52c8dca2e95c11
266: EAP-Message = 0x009dbb811c7447bc0dab404323ad0bf75cfefdc5e8d7
267: Message-Authenticator = 0x00000000000000000000000000000000
268: State = 0x6e80b536dc18362eb4eee365442b9cdf
269: Finished request 1
270: Going to the next request
271: Waking up in 6 seconds...
272: rad_recv: Access-Request packet from host 192.168.132.171:1812, id=73, length=12
273: 9
274: NAS-IP-Address = 192.168.132.171
275: NAS-Port = 50005
276: NAS-Port-Type = Ethernet
277: User-Name = "KAMAO-TP\kamao"
278: Calling-Station-Id = "08-00-46-45-A9-1C"
279: Service-Type = Framed-User
280: Framed-MTU = 1500
281: State = 0x6e80b536dc18362eb4eee365442b9cdf
282: EAP-Message = 0x020300061900
283: Message-Authenticator = 0x6e6a456e858d558196d796203c9f13d9
284: Processing the authorize section of radiusd.conf
285: modcall: entering group authorize for request 2
286: modcall[authorize]: module "preprocess" returns ok for request 2
287: users: Matched KAMAO-TPkamao at 161
288: modcall[authorize]: module "files" returns ok for request 2
289: modcall: group authorize returns ok for request 2
290: rad_check_password: Found Auth-Type EAP
291: auth: type "EAP"
292: Processing the authenticate section of radiusd.conf
293: modcall: entering group authenticate for request 2
294: rlm_eap: Request found, released from the list
295: rlm_eap: EAP/peap
296: rlm_eap: processing type peap
297: rlm_eap_peap: Authenticate
298: rlm_eap_tls: processing TLS
299: rlm_eap_tls: Received EAP-TLS ACK message
300: rlm_eap_tls: No SSL info available. Waiting for more SSL data.
301: eaptls_verify returned 1
302: eaptls_process returned 13
303: rlm_eap_peap: EAPTLS_HANDLED
304: modcall[authenticate]: module "eap" returns handled for request 2
305: modcall: group authenticate returns handled for request 2
306: Sending Access-Challenge of id 73 to 192.168.132.171:1812
307: EAP-Message = 0x010404061940f8c72b2db1a9ceb225cfd054ee075a5e4f1fea55087e
308: 044de349db65f146fb5b7e5b0aedaea32e9896e3b7c9f5b2f73da55db0b5edf2b9e94bb3ae8d597f
309: 8cdf384444717963666f5ab540a255e38156de0486ef1878aa72a4d20918b6216e97680d6ab34d10
310: a6b995d5211df10203caa1fb9501a022c550d02198a836593dd2999d6b2e326c9c2163ee5aaab662
311: ac02d75e9ae2f26f009da34bd2f91a4970c3f14cb8e5bd3598f9049354406ce3b09e000433308204
312: 2f30820317a003020102020100300d06092a864886f70d01010405003072310b3009060355040613
313: 024a503110300e0603550408130746756b756f6b613110300e
314: EAP-Message = 0x0603550407130746756b756f6b6131133011060355040a130a4b414d
315: 414f20496e632e310f300d060355040b13064b797573687531193017060355040313104b61747375
316: 6e6f7269204b616d616461301e170d3034303430313132313135385a170d30343035303131323131
317: 35385a3072310b3009060355040613024a503110300e0603550408130746756b756f6b613110300e
318: 0603550407130746756b756f6b6131133011060355040a130a4b414d414f20496e632e310f300d06
319: 0355040b13064b797573687531193017060355040313104b617473756e6f7269204b616d61646130
320: 820122300d06092a864886f70d01010105000382010f003082
321: EAP-Message = 0x010a0282010100c7fd0f7e2a349750a8a45af467071b7aaf380c8839
322: 920d5e5f5f66f199294b1f0db2ed25c39fafaa8e89f7cd996a2c66b2a1f5c4edf6a006660cd0673d
323: 089dfb0529cf25e70dadcc40fb20ebda75e6c44b230c0a955147d6d922f0c3ffea5024eb3bb7d68b
324: def60361b21a6d50a4ef35982acc00017d1e5181224b3116efa4dfc6ad981651b6040401dbce61e4
325: ac9033961d371a9d85356f92509d44acee9f95e6c75a0be6eeed6dac134685df4dca334d0d53b425
326: f95987fee986fdd5dce00c1af066bb38a327ecb395bf5d71fdca643ea56e17800ef5a99a8cbfc359
327: f3f914688dbb3f9559704139cf310cd773ef7f124e53fc1dde
328: EAP-Message = 0x455c69a24530bdd0bde90203010001a381cf3081cc301d0603551d0e
329: 0416041406c69b970e7a3476ec2084e579ce070b3989b59b30819c0603551d230481943081918014
330: 06c69b970e7a3476ec2084e579ce070b3989b59ba176a4743072310b3009060355040613024a5031
331: 10300e0603550408130746756b756f6b613110300e0603550407130746756b756f6b613113301106
332: 0355040a130a4b414d414f20496e632e310f300d060355040b13064b797573687531193017060355
333: 040313104b617473756e6f7269204b616d616461820100300c0603551d13040530030101ff300d06
334: 092a864886f70d010104050003820101009628e832150257bd
335: EAP-Message = 0xece95c7725c5a4b506b1481e53d6083df79e
336: Message-Authenticator = 0x00000000000000000000000000000000
337: State = 0x25bfc6b08c3ba5129be5ca6461a9c38c
338: Finished request 2
339: Going to the next request
340: --- Walking the entire request list ---
341: Waking up in 5 seconds...
342: rad_recv: Access-Request packet from host 192.168.132.171:1812, id=74, length=12
343: 9
344: NAS-IP-Address = 192.168.132.171
345: NAS-Port = 50005
346: NAS-Port-Type = Ethernet
347: User-Name = "KAMAO-TP\kamao"
348: Calling-Station-Id = "08-00-46-45-A9-1C"
349: Service-Type = Framed-User
350: Framed-MTU = 1500
351: State = 0x25bfc6b08c3ba5129be5ca6461a9c38c
352: EAP-Message = 0x020400061900
353: Message-Authenticator = 0xfac4de609518d67d531b461bcdb3a671
354: Processing the authorize section of radiusd.conf
355: modcall: entering group authorize for request 3
356: modcall[authorize]: module "preprocess" returns ok for request 3
357: users: Matched KAMAO-TPkamao at 161
358: modcall[authorize]: module "files" returns ok for request 3
359: modcall: group authorize returns ok for request 3
360: rad_check_password: Found Auth-Type EAP
361: auth: type "EAP"
362: Processing the authenticate section of radiusd.conf
363: modcall: entering group authenticate for request 3
364: rlm_eap: Request found, released from the list
365: rlm_eap: EAP/peap
366: rlm_eap: processing type peap
367: rlm_eap_peap: Authenticate
368: rlm_eap_tls: processing TLS
369: rlm_eap_tls: Received EAP-TLS ACK message
370: rlm_eap_tls: No SSL info available. Waiting for more SSL data.
371: eaptls_verify returned 1
372: eaptls_process returned 13
373: rlm_eap_peap: EAPTLS_HANDLED
374: modcall[authenticate]: module "eap" returns handled for request 3
375: modcall: group authenticate returns handled for request 3
376: Sending Access-Challenge of id 74 to 192.168.132.171:1812
377: EAP-Message = 0x010500f51900a9a9c51808efa2cf1c6f051304ab7c8187502dd631d6
378: 0f17d9472ccd2dcdc10c926f9800cd1328db91c10881237bffce877bb48a2b0f02b049273e0de8c5
379: 88d7eff87db2d5a4bb3755b6cb6ae4c4eb59b00e8796b0b392736427a32344fa7e9098a665a4c83b
380: bc75198104d2f1f03ea38fe023d5ee591fe78d61cc9b9c1203a8e863f08700e680a06e0bb1ac07b3
381: ca473ee586a9090d063a2eea4738d72755222b49f6cd29d78acb8a2f8ab27a9f7f940dd3a2aff9e8
382: db2d0339ad8771957113040135db2c63b9507f6234beed14d4452dd3be6d748fef6a97c1f594c3cb
383: dc42f8bd81e455ee16030100040e000000
384: Message-Authenticator = 0x00000000000000000000000000000000
385: State = 0xc70c207682ca01c6fea958909c5b75b6
386: Finished request 3
387: Going to the next request
388: Waking up in 5 seconds...
389: rad_recv: Access-Request packet from host 192.168.132.171:1812, id=75, length=44
390: 5
391: NAS-IP-Address = 192.168.132.171
392: NAS-Port = 50005
393: NAS-Port-Type = Ethernet
394: User-Name = "KAMAO-TP\kamao"
395: Calling-Station-Id = "08-00-46-45-A9-1C"
396: Service-Type = Framed-User
397: Framed-MTU = 1500
398: State = 0xc70c207682ca01c6fea958909c5b75b6
399: EAP-Message = 0x02050140198000000136160301010610000102010045c31cf6fb7719
400: f884bce149d43165c189fa183b7d7ca0f6f33efca84d61af07fb8fe09cea0cc3c2ef2df7e795d06f
401: 96b4678bd84003adbe2f615545a77c361f7282d1cf36b977dc4dc872b58b2347f6dfb8b025bba620
402: 9b6fd5de981a1c2d70af190a13680b795353c5cd11a6f9a7606e9afa6b9039d808ee74e43a1b051b
403: 25654366bb0973c7377206de25d98540bc7f46eb8c5f292a7e0ee427bd46fd3b92abdff1752f71bc
404: 22478944474ed8471ae93928f2e4314317ea16c318075fc72efebc9ff5a0908aa44ee08b0293a105
405: 1bad9e53ab1b9a9f8bb683261ebc9a26f50ab75f245fe4cc1f
406: EAP-Message = 0x9172d6c17f718d4ce97a32582033b9342923b35195082b8314030100
407: 010116030100201fea4850706adc0afcb343748622373e5c4873b56171393c5fd09e338c8101ab
408: Message-Authenticator = 0xcae0534fd5d0ffb2b0dd5b1cd7e2a695
409: Processing the authorize section of radiusd.conf
410: modcall: entering group authorize for request 4
411: modcall[authorize]: module "preprocess" returns ok for request 4
412: users: Matched KAMAO-TPkamao at 161
413: modcall[authorize]: module "files" returns ok for request 4
414: modcall: group authorize returns ok for request 4
415: rad_check_password: Found Auth-Type EAP
416: auth: type "EAP"
417: Processing the authenticate section of radiusd.conf
418: modcall: entering group authenticate for request 4
419: rlm_eap: Request found, released from the list
420: rlm_eap: EAP/peap
421: rlm_eap: processing type peap
422: rlm_eap_peap: Authenticate
423: rlm_eap_tls: processing TLS
424: rlm_eap_tls: Length Included
425: eaptls_verify returned 11
426: TLS_accept: SSLv3 read client key exchange A
427: TLS_accept: SSLv3 read finished A
428: TLS_accept: SSLv3 write change cipher spec A
429: TLS_accept: SSLv3 write finished A
430: TLS_accept: SSLv3 flush data
431: (other): SSL negotiation finished successfully
432: SSL Connection Established
433: eaptls_process returned 13
434: rlm_eap_peap: EAPTLS_HANDLED
435: modcall[authenticate]: module "eap" returns handled for request 4
436: modcall: group authenticate returns handled for request 4
437: Sending Access-Challenge of id 75 to 192.168.132.171:1812
438: EAP-Message = 0x010600311900140301000101160301002065eddfbfb11e660eca3ef6
439: c347034a689fe5c81bbd83cfc652897d003b78b37b
440: Message-Authenticator = 0x00000000000000000000000000000000
441: State = 0x7c64804dc730af446e485b8f9308f2df
442: Finished request 4
443: Going to the next request
444: Waking up in 5 seconds...
445: rad_recv: Access-Request packet from host 192.168.132.171:1812, id=76, length=15
446: 6
447: NAS-IP-Address = 192.168.132.171
448: NAS-Port = 50005
449: NAS-Port-Type = Ethernet
450: User-Name = "KAMAO-TP\kamao"
451: Calling-Station-Id = "08-00-46-45-A9-1C"
452: Service-Type = Framed-User
453: Framed-MTU = 1500
454: State = 0x7c64804dc730af446e485b8f9308f2df
455: EAP-Message = 0x020600211980000000171503010012fe18b14a7e59cd8fb50901c0c4
456: 217a7daff7
457: Message-Authenticator = 0xceb225038e54f7f181fe61a015404898
458: Processing the authorize section of radiusd.conf
459: modcall: entering group authorize for request 5
460: modcall[authorize]: module "preprocess" returns ok for request 5
461: users: Matched KAMAO-TPkamao at 161
462: modcall[authorize]: module "files" returns ok for request 5
463: modcall: group authorize returns ok for request 5
464: rad_check_password: Found Auth-Type EAP
465: auth: type "EAP"
466: Processing the authenticate section of radiusd.conf
467: modcall: entering group authenticate for request 5
468: rlm_eap: Request found, released from the list
469: rlm_eap: EAP/peap
470: rlm_eap: processing type peap
471: rlm_eap_peap: Authenticate
472: rlm_eap_tls: processing TLS
473: rlm_eap_tls: Length Included
474: eaptls_verify returned 11
475: eaptls_process returned 7
476: rlm_eap_peap: EAPTLS_OK
477: rlm_eap_peap: Session established. Decoding tunneled attributes.
478: TLS Alert read:fatal:unknown
479: rlm_eap_peap: No data inside of the tunnel.
480: rlm_eap: Handler failed in EAP/peap
481: rlm_eap: Failed in EAP select
482: modcall[authenticate]: module "eap" returns invalid for request 5
483: modcall: group authenticate returns invalid for request 5
484: auth: Failed to validate the user.
485: Login incorrect: [KAMAO-TP\kamao/<no User-Password attribute>] (from client cat
486: 2950 port 50005 cli 08-00-46-45-A9-1C)
487: Delaying request 5 for 1 seconds
488: Finished request 5
489: Going to the next request
490: Waking up in 5 seconds...
491: --- Walking the entire request list ---
492: Cleaning up request 0 ID 71 with timestamp 406c0b1a
493: Cleaning up request 1 ID 72 with timestamp 406c0b1a
494: Sending Access-Reject of id 76 to 192.168.132.171:1812
495: EAP-Message = 0x04060004
496: Message-Authenticator = 0x00000000000000000000000000000000
497: Waking up in 1 seconds...
498: rad_recv: Access-Request packet from host 192.168.132.171:1812, id=76, length=15
499: 6
500: Sending duplicate reply to client cat2950:1812 - ID: 76
501: Re-sending Access-Reject of id 76 to 192.168.132.171:1812
502: EAP-Message = 0x04060004
503: Message-Authenticator = 0x00000000000000000000000000000000
504: Cleaning up request 2 ID 73 with timestamp 406c0b1b
505: Cleaning up request 3 ID 74 with timestamp 406c0b1b
506: Cleaning up request 4 ID 75 with timestamp 406c0b1b
507: rl_next: returning NULL
508: Cleaning up request 5 ID 76 with timestamp 406c0b1b
509: rl_next: returning NULL
510: Waking up in 1 seconds...
511: --- Walking the entire request list ---
512: Nothing to do. Sleeping until we see a request.
Something bad occured at line 478, but I have no idea.
Please give me some ideas.
Regards.
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
