> Have you looked at the "make" output from the compile to see if there are
> any error or warning messages?
yep it was my fault i have openssl 0.9.6 and 0.9.7 installed for certificate
generation, and of course i forgot to link freeradius-cvs against 0.9.7 =) works
much better now, at least radiusd is launching.
But, still have a prob during TLS init (i'm trying to setup a TTLS connection):
The client (Aegis - WinXP) is configured in TTLS Auth + MS-CHAP-V2 tunneled
protocol. Seems like i got a problem with certificates, but i don't understand
why since i'm not supposed to have one on the client-side ..
Here is the output, sorry if a bit long:
rad_recv: Access-Request packet from host 192.168.6.3:1794, id=79, length=242
NAS-IP-Address = 192.168.6.3
NAS-Port-Type = Wireless-802.11
NAS-Port = 5
Framed-MTU = 1400
User-Name = "arnauld.dravet"
Calling-Station-Id = "00904b625711"
Called-Station-Id = "000d54fc1807"
NAS-Identifier = "EPSI AP1"
State = 0xfdd7e79f9bbab3286563325da5e5199a
EAP-Message =
0x0203006a158000000060160301005b01000057030140d9772aeddf802406fe3f32167240a335e4
99126e92bb2f0423691ebb49fad900003000390038003500160013000a00330032002f0066000500
040065006400630062006000150012000900140011000800030100
Message-Authenticator = 0xfdb7fe56ea406a82a82906e64a1951a2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "arnauld.dravet", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 3 length 106
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
modcall[authorize]: module "files" returns notfound for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for arnauld.dravet
radius_xlat: '(&(objectclass=posixAccount)(uid=arnauld.dravet))'
radius_xlat: 'ou=Users,dc=mtp,dc=epsi,dc=fr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users,dc=mtp,dc=epsi,dc=fr, with filter
(&(objectclass=posixAccount)(uid=arnauld.dravet))
rlm_ldap: Added password {CRYPT}$16x5hPKP/.1c in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21
rlm_ldap: Adding ntPassword as NT-Password, value
EFAC11B52777F8D7A34BDC1A0F89228D & op=21
rlm_ldap: Adding lmPassword as LM-Password, value
136BE46417241D68AAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user arnauld.dravet authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
TLS_accept: SSLv3 read client hello A
TLS_accept: SSLv3 write server hello A
TLS_accept: SSLv3 write certificate A
TLS_accept: SSLv3 write key exchange A
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 79 to 192.168.6.3:1794
EAP-Message =
0x0104040a15c000000761160301004a02000046030140d97726d7480866aec454ff67f74505234d
669e72f26ff753fef0269dcb813e20bcf69fe6863b9922dec0ccf8b178896627f9e78227c3b38356
951ec41fafef6000160016030105f20b0005ee0005eb00028e3082028a308201f3a0030201020201
02300d06092a864886f70d0101040500307f310b30090603550406130246523110300e0603550408
130748657261756c74311430120603550407130b4d6f6e7470656c6c6965723111300f060355040a
130845505349204d5450311330110603550403130a776973686d61737465723120301e06092a8648
86f70d010901161161646d696e40
EAP-Message =
0x6d74702e657073692e6672301e170d3034303632323136303934335a170d303530363232313630
3934335a307e310b30090603550406130246523110300e0603550408130748657261756c74311430
120603550407130b4d6f6e7470656c6c6965723111300f060355040a130845505349204d54503110
300e06035504031307736d75726669653122302006092a864886f70d0109011613736d7572666965
406d74702e657073692e667230819f300d06092a864886f70d010101050003818d00308189028181
00c4a3f1a3dc9e47a45bca931537ff4f77a2e77beaf261e14214d3c30b539ccc4bb22b6988594f81
043c6f0f8a61b9f2bac47185fa05
EAP-Message =
0xa33aa4f2e0dc38b1adfa45e789b3c21061525a4c8a9794c770687017f983b7b57706bdc7cdba2e
fc575fbae4b1d70e5b8efb6a9ceb1ad550fe96674bcfff7b07c1eed34512fffd2697d09902030100
01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405
000381810074361731afc4ce970f4eee17c775dee7dabb38a17f62ec5341b2c39cc3f39f95b5a007
757fbffc0f5ca5f160c2134eda35d4e4934486d4eda5227fce42f7454a2aaa7418f17856d730a0ae
0c55b4fdd83c72d834f12d971b87aa1d6fd47bc6b1ba1d652079850fa2d9c4eb211fa0b00b22eb29
15aa09e2a593b0ce9ea5a6094100
EAP-Message =
0x035730820353308202bca003020102020100300d06092a864886f70d0101040500307f310b3009
0603550406130246523110300e0603550408130748657261756c74311430120603550407130b4d6f
6e7470656c6c6965723111300f060355040a130845505349204d5450311330110603550403130a77
6973686d61737465723120301e06092a864886f70d010901161161646d696e406d74702e65707369
2e6672301e170d3034303632323136303635395a170d3036303632323136303635395a307f310b30
090603550406130246523110300e0603550408130748657261756c74311430120603550407130b4d
6f6e7470656c6c6965723111300f
EAP-Message = 0x060355040a130845505349204d545031133011060355
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe02853fdd6c7f24f5247285b43b09481
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.6.3:1795, id=80, length=142
NAS-IP-Address = 192.168.6.3
NAS-Port-Type = Wireless-802.11
NAS-Port = 5
Framed-MTU = 1400
User-Name = "arnauld.dravet"
Calling-Station-Id = "00904b625711"
Called-Station-Id = "000d54fc1807"
NAS-Identifier = "EPSI AP1"
State = 0xe02853fdd6c7f24f5247285b43b09481
EAP-Message = 0x020400061500
Message-Authenticator = 0x24a008ef0366b721e181dd062314f0ce
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "arnauld.dravet", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall[authorize]: module "files" returns notfound for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for arnauld.dravet
radius_xlat: '(&(objectclass=posixAccount)(uid=arnauld.dravet))'
radius_xlat: 'ou=Users,dc=mtp,dc=epsi,dc=fr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users,dc=mtp,dc=epsi,dc=fr, with filter
(&(objectclass=posixAccount)(uid=arnauld.dravet))
rlm_ldap: Added password {CRYPT}$16x5hPKP/.1c in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21
rlm_ldap: Adding ntPassword as NT-Password, value
EFAC11B52777F8D7A34BDC1A0F89228D & op=21
rlm_ldap: Adding lmPassword as LM-Password, value
136BE46417241D68AAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user arnauld.dravet authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: No SSL info available. Waiting for more SSL data.
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 80 to 192.168.6.3:1795
EAP-Message =
0x0105036b1580000007610403130a776973686d61737465723120301e06092a864886f70d010901
161161646d696e406d74702e657073692e667230819f300d06092a864886f70d010101050003818d
0030818902818100a669eecaaa772141bbfbf79c08c7b5ce4a037c209db5aa556ad8a68b8359caf8
1a45e5c0339e293829e5a5fa7b2d1fd64454355be829d26d16000893bb65c9d5c390947c4870908e
081cdab5e63cacdcc372705185ed3ff9de55c59cdca20bc6a8f0274cea77b3b0ebfe0a3b3620efd8
2b970e1b1d2991fbca901a83bfb911210203010001a381de3081db301d0603551d0e041604141a88
5f46e45cc423780c47a4cdb67677
EAP-Message =
0xd0879f883081ab0603551d230481a33081a080141a885f46e45cc423780c47a4cdb67677d0879f
88a18184a48181307f310b30090603550406130246523110300e0603550408130748657261756c74
311430120603550407130b4d6f6e7470656c6c6965723111300f060355040a130845505349204d54
50311330110603550403130a776973686d61737465723120301e06092a864886f70d010901161161
646d696e406d74702e657073692e6672820100300c0603551d13040530030101ff300d06092a8648
86f70d010104050003818100a314c893a467130abe28e4dcf23ac11faad0a2573d062c89c4026849
ed123b4ec51ad69af8e631543c24
EAP-Message =
0x303d252ee4bcdc1b86503a228344543139cf66c83c6af9eb70d533cd0862fece62228a82bfbbc6
3adae2613331f5f87ee1bb33157891c3c7c7a7bd0f6e7520e36612a91e03c9af99d647f3cd8c2bec
45f22b262218e3160301010d0c0001090040d2712a69f110be8995c41d6318f42b7431ea531ba482
cfdbfef206f81615a23958ca49c577017588af07868507e1d61ba6bfece2c0ef6b009618c30cd102
8d630001050040ce7b6d3f1be04296ca2b649d087f8c7b8631fde574e33a248847939db133fe6c14
6fc27ec649c76515e27fda61c9e74e74b6c8ad5c0032b406932d2f20c27ead00809287420b499379
afcb7d5fa1ce22e5d44507002017
EAP-Message =
0xc76dc1173e5603eb6959bbf7888003db19ee09c5fdbe93d33f762f6e74f72f4c07bf8534e91877
84d10c7dd245ca3116668698d46d3b16a7cdb6aff091822916a21a0c368e313877b98c097e5f043c
cd53b572aa440af4faa07713192d0132149c362e03b694b0f08575f116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc23be259cc210d064ca36d99bdfd0341
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.6.3:1796, id=81, length=153
NAS-IP-Address = 192.168.6.3
NAS-Port-Type = Wireless-802.11
NAS-Port = 5
Framed-MTU = 1400
User-Name = "arnauld.dravet"
Calling-Station-Id = "00904b625711"
Called-Station-Id = "000d54fc1807"
NAS-Identifier = "EPSI AP1"
State = 0xc23be259cc210d064ca36d99bdfd0341
EAP-Message = 0x0205001115800000000715030100020230
Message-Authenticator = 0x0ac4f69914c15bc5e851c225bdde5884
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "arnauld.dravet", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 5 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall[authorize]: module "files" returns notfound for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for arnauld.dravet
radius_xlat: '(&(objectclass=posixAccount)(uid=arnauld.dravet))'
radius_xlat: 'ou=Users,dc=mtp,dc=epsi,dc=fr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users,dc=mtp,dc=epsi,dc=fr, with filter
(&(objectclass=posixAccount)(uid=arnauld.dravet))
rlm_ldap: Added password {CRYPT}$16x5hPKP/.1c in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21
rlm_ldap: Adding ntPassword as NT-Password, value
EFAC11B52777F8D7A34BDC1A0F89228D & op=21
rlm_ldap: Adding lmPassword as LM-Password, value
136BE46417241D68AAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user arnauld.dravet authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
9539:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.
c:1046:SSL alert number 48
9539:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:
837:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 4
modcall: group authenticate returns reject for request 4
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 77 with timestamp 40d97726
Cleaning up request 1 ID 78 with timestamp 40d97726
Cleaning up request 2 ID 79 with timestamp 40d97726
Cleaning up request 3 ID 80 with timestamp 40d97726
Sending Access-Reject of id 81 to 192.168.6.3:1796
EAP-Message = 0x04050004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 4 ID 81 with timestamp 40d97726
Nothing to do. Sleeping until we see a request.
--
Arnauld Dravet
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
